{"id":61891,"date":"2021-03-15T16:43:40","date_gmt":"2021-03-15T15:43:40","guid":{"rendered":"https:\/\/www.planet3dnow.de\/cms\/?p=61891"},"modified":"2021-03-15T16:43:40","modified_gmt":"2021-03-15T15:43:40","slug":"azure-and-amd-announce-landmark-in-confidential-computing-evolution","status":"publish","type":"post","link":"https:\/\/www.planet3dnow.de\/cms\/61891-azure-and-amd-announce-landmark-in-confidential-computing-evolution\/","title":{"rendered":"Azure and AMD<\/span> announce landmark in confidential computing evolution"},"content":{"rendered":"

Mark Rus\u00adsi\u00adno\u00advich Chief Tech\u00adno\u00adlo\u00adgy Offi\u00adcer and Tech\u00adni\u00adcal Fel\u00adlow, Micro\u00adsoft Azure<\/span><\/p>\n

The pan\u00adde\u00admic has acce\u00adle\u00adra\u00adted digi\u00adtal trans\u00adfor\u00adma\u00adti\u00adon glo\u00adbal\u00adly and the sca\u00adla\u00adbi\u00adli\u00adty and secu\u00adri\u00adty advan\u00adta\u00adges offe\u00adred by Micro\u00adsoft Azu\u00adre have hel\u00adped many cus\u00adto\u00admers move for\u00adward. One key tenet we have in Azu\u00adre is that your data is your data.<\/p>\n

In Azu\u00adre, we take your data secu\u00adri\u00adty serious\u00adly and have built num\u00ade\u00adrous con\u00adtrols around data at rest and data at flight. As a foun\u00adding mem\u00adber of the Con\u00adfi\u00adden\u00adti\u00adal Com\u00adpu\u00adting Con\u00adsor\u00adti\u00adum, we are also an inno\u00adva\u00adtor in con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting<\/a> which extends tho\u00adse pro\u00adtec\u00adtions to data run\u00adning on the pro\u00adces\u00adsor its\u00adelf. For more than 3 years finan\u00adcial ser\u00advices, govern\u00adments, health care pro\u00advi\u00adders, and even mes\u00adsa\u00adging com\u00adpa\u00adnies have been using Azu\u00adre con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting to unlock new sce\u00adna\u00adri\u00ados like mul\u00adti-par\u00adty machi\u00adne lear\u00adning and move their more sen\u00adsi\u00adti\u00adve appli\u00adca\u00adti\u00adons to the cloud.<\/p>\n

Today, I am announ\u00adcing that we are fur\u00adther broa\u00adde\u00adning the con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting opti\u00adons available to Azu\u00adre cus\u00adto\u00admers through our tech\u00adno\u00adlo\u00adgy part\u00adner\u00adship with AMD<\/span>, spe\u00adci\u00adfi\u00adcal\u00adly by being the first major cloud pro\u00advi\u00adder to offer con\u00adfi\u00adden\u00adti\u00adal vir\u00adtu\u00adal machi\u00adne<\/a>s on the new AMD<\/span> EPYC<\/span>\u2122 7003 series pro\u00adces\u00adsors. This new approach com\u00adple\u00adments exis\u00adting Azu\u00adre con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting solu\u00adti\u00adons such as con\u00adfi\u00adden\u00adti\u00adal con\u00adtai\u00adners for Azu\u00adre Kuber\u00adnetes Ser\u00advice and opens the pos\u00adsi\u00adbi\u00adli\u00adty to crea\u00adte new con\u00adfi\u00adden\u00adti\u00adal appli\u00adca\u00adti\u00adons wit\u00adhout requi\u00adring code modi\u00adfi\u00adca\u00adti\u00adons which in turn sub\u00adstan\u00adti\u00adal\u00adly sim\u00adpli\u00adfies the pro\u00adcess of crea\u00adting con\u00adfi\u00adden\u00adti\u00adal applications.<\/p>\n

Key tech\u00adno\u00adlo\u00adgy enablers to the AMD-cen\u00adte\u00adred solu\u00adti\u00adon include the advan\u00adced secu\u00adri\u00adty fea\u00adture cal\u00adled Secu\u00adre Encrypt\u00aded Vir\u00adtua\u00adliza\u00adti\u00adon-Secu\u00adre Nes\u00adted Paging, or SEV-SNP<\/span>. SEV-SNP<\/span> enables pro\u00adtec\u00adtion of vir\u00adtu\u00adal machi\u00adnes by crea\u00adting a trus\u00adted exe\u00adcu\u00adti\u00adon envi\u00adron\u00adment and has been sub\u00adstan\u00adti\u00adal\u00adly enhan\u00adced in the 3rd Gen AMD<\/span> EPYC<\/span> processor.<\/p>\n

The\u00adse AMD<\/span> EPYC-CPU<\/span> powered Azu\u00adre VMs are ful\u00adly encrypt\u00aded at run\u00adtime, ful\u00adfil\u00adling the pro\u00admi\u00adse of con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting by pro\u00adtec\u00adting your data even when it is in use. The encryp\u00adti\u00adon keys used for VM<\/span> encryp\u00adti\u00adon are gene\u00adra\u00adted, and safe\u00adguard\u00aded, by a dedi\u00adca\u00adted secu\u00adre pro\u00adces\u00adsor on the EPYC<\/span> CPU<\/span>. This helps ensu\u00adre that no one, even cloud administrators\u2014and by exten\u00adsi\u00adon the workloads, apps, or data in the VMs\u2014have access to the\u00adse encryp\u00adti\u00adon keys.<\/p>\n

Bey\u00adond the hard\u00adware, Azu\u00adre pro\u00advi\u00addes a set of important ser\u00advices, inclu\u00adding the Azu\u00adre Atte\u00adsta\u00adti\u00adon ser\u00advice and trus\u00adted launch, to fur\u00adther help our cus\u00adto\u00admers. The Azu\u00adre Atte\u00adsta\u00adti\u00adon ser\u00advice coll\u00adects evi\u00addence that the hard\u00adware envi\u00adron\u00adment is cor\u00adrect and then pro\u00advi\u00addes a cryp\u00adto\u00adgra\u00adphic signal to Azu\u00adre Key Vault to secu\u00adre\u00adly release the decryp\u00adti\u00adon key for the vir\u00adtu\u00adal machi\u00adne image only if the envi\u00adron\u00adment is in a known good sta\u00adte. Sub\u00adse\u00adquent\u00adly, the decrypt\u00aded vir\u00adtu\u00adal machi\u00adne boot pro\u00adcess is sub\u00adjec\u00adted to trus\u00adted launch to defend against boot\u00adkits, root\u00adkits, and ker\u00adnel-level mal\u00adwa\u00adre. In this step, trus\u00adted launch mea\u00adsu\u00adres the inte\u00adgri\u00adty of the vir\u00adtu\u00adal machi\u00adne image against infor\u00adma\u00adti\u00adon stored in the vTPM befo\u00adre con\u00adti\u00adnuing boot processes.<\/p>\n

Cus\u00adto\u00admers can also bring a ful\u00adly encrypt\u00aded disk image to Azu\u00adre, ensu\u00adring that the image is never available in plain text to the Azu\u00adre envi\u00adron\u00adment. In this sce\u00adna\u00adrio, the cus\u00adto\u00admer pre\u00adpa\u00adres the disk image in their local envi\u00adron\u00adment using their own keys and then uploads the image to Azu\u00adre while pla\u00adcing the keys in Azure\u2019s sin\u00adgle ten\u00adant FIPS<\/span> level 3 com\u00adpli\u00adance mana\u00adged HSM<\/span>.<\/p>\n

In summary<\/h2>\n

With the 3rd Gen AMD<\/span> EPYC<\/span> CPU-backed con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting VMs, Azu\u00adre con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting now enables cus\u00adto\u00admers to encrypt enti\u00adre VMs con\u00adfi\u00adden\u00adti\u00adal\u00adly, enable con\u00adfi\u00adden\u00adtia\u00adli\u00adty wit\u00adhout recom\u00adpi\u00adling code, and bene\u00adfit from a host of Azu\u00adre-spe\u00adci\u00adfic enhance\u00adments. Today you can deli\u00adver con\u00adfi\u00adden\u00adti\u00adal workloads on Azu\u00adre with the broa\u00addest choice of hard\u00adware as well as resour\u00adces span\u00adning vir\u00adtu\u00adal machi\u00adnes, con\u00adtai\u00adners, SQL<\/span>, and beyond.<\/p>\n

Sign up for Pri\u00adva\u00adte Pre\u00adview of Azu\u00adre Con\u00adfi\u00adden\u00adti\u00adal VMs<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Mark Rus\u00adsi\u00adno\u00advich<\/a> Chief Tech\u00adno\u00adlo\u00adgy Offi\u00adcer and Tech\u00adni\u00adcal Fel\u00adlow, Micro\u00adsoft Azure<\/span><\/p>\n

The pan\u00adde\u00admic has acce\u00adle\u00adra\u00adted digi\u00adtal trans\u00adfor\u00adma\u00adti\u00adon glo\u00adbal\u00adly and the sca\u00adla\u00adbi\u00adli\u00adty and secu\u00adri\u00adty advan\u00adta\u00adges offe\u00adred by Micro\u00adsoft Azu\u00adre have hel\u00adped many cus\u00adto\u00admers move for\u00adward. One key tenet we have in Azu\u00adre is that your data is your data. <\/p>\n

In Azu\u00adre, we take your data secu\u00adri\u00adty serious\u00adly and have built num\u00ade\u00adrous con\u00adtrols around data at rest and data at flight. As a foun\u00adding mem\u00adber of the Con\u00adfi\u00adden\u00adti\u00adal Com\u00adpu\u00adting Con\u00adsor\u00adti\u00adum, we are also an inno\u00adva\u00adtor in con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting<\/a> which extends tho\u00adse pro\u00adtec\u00adtions to data run\u00adning on the pro\u00adces\u00adsor its\u00adelf. For more than 3 years finan\u00adcial ser\u00advices, govern\u00adments, health care pro\u00advi\u00adders, and even mes\u00adsa\u00adging com\u00adpa\u00adnies have been using Azu\u00adre con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting to unlock new sce\u00adna\u00adri\u00ados like mul\u00adti-par\u00adty machi\u00adne lear\u00adning and move their more sen\u00adsi\u00adti\u00adve appli\u00adca\u00adti\u00adons to the cloud.<\/p>\n

Today, I am announ\u00adcing that we are fur\u00adther broa\u00adde\u00adning the con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting opti\u00adons available to Azu\u00adre cus\u00adto\u00admers through our tech\u00adno\u00adlo\u00adgy part\u00adner\u00adship with AMD<\/span>, spe\u00adci\u00adfi\u00adcal\u00adly by being the first major cloud pro\u00advi\u00adder to offer con\u00adfi\u00adden\u00adti\u00adal vir\u00adtu\u00adal machi\u00adne<\/a>s on the new AMD<\/span> EPYC<\/span>\u2122 7003 series pro\u00adces\u00adsors. This new approach com\u00adple\u00adments exis\u00adting Azu\u00adre con\u00adfi\u00adden\u00adti\u00adal com\u00adpu\u00adting solu\u00adti\u00adons such as con\u00adfi\u00adden\u00adti\u00adal con\u00adtai\u00adners for Azu\u00adre Kuber\u00adnetes Ser\u00advice and opens the pos\u00adsi\u00adbi\u00adli\u00adty to crea\u00adte new con\u00adfi\u00adden\u00adti\u00adal appli\u00adca\u00adti\u00adons wit\u00adhout requi\u00adring code modi\u00adfi\u00adca\u00adti\u00adons which in turn sub\u00adstan\u00adti\u00adal\u00adly sim\u00adpli\u00adfies the pro\u00adcess of crea\u00adting con\u00adfi\u00adden\u00adti\u00adal applications.
\n (\u2026) Wei\u00adter\u00adle\u00adsen \u00bb<\/a><\/p>\n","protected":false},"author":593,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"ngg_post_thumbnail":0,"footnotes":""},"categories":[22],"tags":[966,1403,2324],"class_list":["post-61891","post","type-post","status-publish","format-standard","hentry","category-pressemitteilungen","tag-amd","tag-azure","tag-epyc-7003","entry"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/61891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/users\/593"}],"replies":[{"embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/comments?post=61891"}],"version-history":[{"count":1,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/61891\/revisions"}],"predecessor-version":[{"id":61892,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/posts\/61891\/revisions\/61892"}],"wp:attachment":[{"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/media?parent=61891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/categories?post=61891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.planet3dnow.de\/cms\/wp-json\/wp\/v2\/tags?post=61891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}