Written byMark Russinovich, Chief Technology Officer and Technical Fellow, Microsoft Azure
Microsoft continues to be thecloud leader in confidential computing, and the Azure team is excited to continue our leadership by partnering with Intel to offer confidential computing on 4th Gen Intel Xeon Scalable processors with Intel Trusted Domain Extensions (Intel TDX) later this year, enabling organizations in highly regulated industries to lift and shift their workloads that handle sensitive data to scale in the cloud. Intel TDX meets the Confidential Computing Consortium (CCC) standard for hardware-enforced memory protection not controlled by the cloud provider, all while delivering minimal performance impact with no code changes.
Azure and Intel enable innovative use cases
Across industries,Microsoft Azurecustomers use confidential computing with Intel processors to achieve higher levels of data privacy and mitigate risks associated with unauthorized access to sensitive data or intellectual property. They are leveraging innovative solutions such as data clean rooms to accelerate the development of new healthcare therapies, and privacy-preserving digital asset management solutions for the financial industry. These scenarios and more are in production today, leveraging 3rd Gen Intel Xeon Scalable processors with Intel Software Guard Extensions (Intel SGX), a foundational technology of the Azure confidential computing portfolio. In fact, Azure was the first major cloud provider to offer confidential computing in the cloud with virtual machines (VMs) enabled with Intel SGX application isolation. As founding members of the CCC, Microsoft and Intel work with numerous othermember organizationsto define and accelerate adoption of confidential computing. This effort includes contributions toseveral open source projects. The Azure team looks forward to extending this collaboration by bringing to market Intel TDX–based services in Azure.
Today, Azure’s DCsv3 VMs offer application isolation using Intel SGX, delivering the smallest trust boundary of any confidential computing technology today. The addition of Intel TDX expands our portfolio to offer isolation at the VM, container or application levels to meet the diversity of customer needs. Azure is the only major cloud provider committed to offering both VM-level and application-level confidential computing offerings. Both are supported by Intel’s hardware root of trust and address the attestation requirements that meet the confidential computing industry standard. Both Intel TDX and Intel SGX technologies provide capabilities that help remove the cloud operator’s access to data, including removing the hypervisor from the trust boundary.