Maintained with ☕️ by
IcePanel logo

Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX

Share

Services

Today, we’re excited to announce the expansion of our Confidential VM family with the launch of the DCesv5-series and ECesv5-series in preview. Featuring 4th Gen Intel® Xeon® Scalable processors, these VMs are backed by an all-new hardware-based Trusted Execution Environment called [Intel® Trust Domain Extensions](https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html#inpage-nav-2) (TDX). Organizations can use these VMs to seamlessly bring confidential workloads to the cloud without any code changes to their applications. At Azure, we strive to ensure your data is always under your control with the most-comprehensive enterprise compliance and security safeguards. Intel TDX helps harden the virtualized environment to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access. Intel TDX helps assure workload integrity and confidentiality by mitigating a wide range of software and hardware attacks, including intrusion or inspection by software running in other VMs. #### Confidential virtual machines support a broad range of workloads: * DCesv5 series offers up to 96 vCPUs and range between 4 GiBs of memory, up to 384 GiBs * ECesv5 series offers up to 64 vCPUs and range between 8 GiBs of memory, up to 512 GiBs #### New remote attestation capabilities Since organizations will want to attest the environment, we provide capabilities to retrieve hardware evidence for cryptographic verification of the TEE state and third-party root of trust. Organizations will have native support for attestation with [Microsoft Azure Attestation](https://azure.microsoft.com/en-us/products/azure-attestation/), and we’ve worked closely with Intel on support for “[Project Amber](https://www.intel.com/content/www/us/en/security/project-amber.html)”, Intel’s upcoming trust service, helping enterprises that want to enforce operator-independence and separation of duties in deploying Confidential Computing. #### Expanding support for confidentiality with ecosystem partners We collaborated with the [Confidential Computing Consortium](https://confidentialcomputing.io/) to provide a first-class Linux experience for the platform. Throughout the preview, Canonical Ubuntu Server 22.04 LTS, SUSE Linux Enterprise Server 15 SP5 and SUSE Linux Enterprise Server for SAP 15 SP5 are available for testing. [Canonical](https://canonical.com/) and [SUSE](https://www.suse.com/) consistently exhibit reliability and security for enterprise workloads. We are working on adding support for Red Hat Enterprise Linux (RHEL) and Windows support. #### Helpful Links * [Sign up for the preview](https://aka.ms/TDX-signup) * [Register for Microsoft Build - May 23–25, 2023](https://build.microsoft.com/en-US/home) * [Azure Confidential Computing – Protect Data in Use](https://azure.microsoft.com/en-us/solutions/confidential-compute/) * [Azure Confidential Computing – Microsoft Tech Community Blog](https://techcommunity.microsoft.com/t5/azure-confidential-computing/bg-p/AzureConfidentialComputingBlog) * [Learn more about Intel Confidential Computing](https://www.intel.com/confidentialcomputing) * Pricing & Offerings * Regions & Datacenters * Security