Aligning with Kata Confidential Containers to achieve zero trust operator deployments with AKS
Confidential containers on Azure Kubernetes Service (AKS) leveraging https://github.com/confidential-containers/confidential containers open-source project are coming soon to Azure. If you would like to be part of the preview, please express your interest here https://aka.ms/cocoakspreviewAnnouncing: Microsoft moves $25 Billion in credit card transactions to Azure confidential computing
Microsoft is proud to showcase that customers in the financial sector can rely on public Azure to add confidentiality to provide secure and compliant payment solutions that meet or exceed industry standards. Microsoft is committed to hosting 100% of our payment services on Azure, just as we would expect our customers to do. Microsoft’s Commerce Financial Services (CFS) has completed a critical milestone by deploying a level 1 Payment Card Industry Data Security Standard (PCI-DSS) compliant credit card processing and vaulting solution, moving $25 Billion in annual credit card transactions to the public Azure cloud.Microsoft introduces preview of confidential containers on Azure Container Instances (ACI)
Microsoft announces a limited preview of confidential containers on Azure Container Instances (ACI) enabling customers to easily lift-and-shift Linux containers on Azure. Confidential containers on ACI are the first in the market serverless offering that helps running Linux containers in a hardware-based trusted execution environment with AMD SEV-SNP technology.Confidential VM node pool with AMD SEV-SNP protection available on AKS in public preview
AKS node pools now support the generally available confidential VM sizes (DCav5/ECav5). Confidential VMs with AMD SEV-SNP support bring a new set of security features to protect date-in-use with full VM memory encryption. This enables confidential VM node pools to target the migration of highly sensitive container workloads to AKS without any code refactoring while benefiting from the full AKS feature support.
Developers guide to Gramine Open-Source Lib OS for running unmodified Linux Apps with Intel SGX
There is a growing trend of moving private computations from on-premises to the public cloud and to the edge. However, many individuals, companies, and organizations consider the public cloud and the edge as untrusted environments and are wary to transfer their confidential data and computations to them. Thus, securing data has become a number one business imperative. To secure data at all stages of its processing, Confidential Computing relies on Trusted Execution Environment (TEE) technologies. One of the prominent TEEs – available as part of the Azure Confidential Computing offering – is the Intel® Software Guard Extensions (Intel SGX) hardware-based technology. Intel SGX provides powerful building blocks for application development. Software developers can port their applications to Intel SGX by putting only the security-critical part of the application into the Intel SGX enclave and leaving the non-critical parts outside of the enclave. However, in many real-world scenarios, it is infeasible to write a new application from scratch or to port an existing application manually. Gramine can help ease this porting burden for developers: Gramine supports the “lift and shift” paradigm for Linux applications, where the whole application is secured in a “push-button” approach, without source-code modification or recompilation. Gramine currently supports many programming languages and frameworks, as well as many kinds of workloads. Gramine supports C/C++, Rust, Google Go, Java, Python, R and other languages, as well as database, AI/ML, webserver and other workloads. In addition, the Gramine project provides the GSC tool to run already-existing Docker images in Gramine SGX enclaves.NLP Inferencing on Confidential Azure Container Instance
Thanks to the advancements in the area of natural language processing using machine learning techniques & highly successful new-age LLMs from OpenAI, Google & Microsoft - NLP based modeling & inferencing are one of the top areas of customer interest. These are being widely used in almost all Microsoft products & there is also a huge demand from our customers to utilize these techniques in their business apps. Similarly, there is a demand for privacy preserving infrastructure to run such apps.
BigDL Privacy Preserving Machine Learning with Occlum OSS on Azure Confidential Computing
This blog introduces you to a confidential computing solution for Privacy-Preserving Machine Learning (PPML) made available by Open-Source Software Occlum Library OS for Intel SGX and BigDL on the Azure cloud. This blog demonstrates the solution using a sample analytics application built for the NYTaxi dataset. This sample application leverages Azure Confidential Computing (ACC) components such as SGX Nodes for Azure Kubernetes Service (AKS), Microsoft Azure Attestation, Azure Key Vault (AKV), etc, as well as Occlum LibOS and BigDL PPML.Confidential Computing is Child's Play with ACI
In this fun example we’ll be using a containerised version of the Minecraft game server to demonstrate how easy it is to take an existing container and deploy it unmodified using Azure Confidential Containers on Azure Container Instances to give you the tools you need to try this with ‘real’ workloads in your environment.
