Azure Confidential Computing on 4th Gen Intel Xeon Scalable Processors with Intel TDX
Microsoft continues to be the cloud leader in confidential computing, and the Azure team is excited to continue our leadership by partnering with Intel to offer confidential computing on 4th Gen Intel Xeon Scalable processors with Intel Trusted Domain Extensions (Intel TDX) later this year, enabling organizations in highly regulated industries to lift and shift their workloads that handle sensitive data to scale in the cloud. Intel TDX meets the Confidential Computing Consortium (CCC) standard for hardware-enforced memory protection not controlled by the cloud provider, all while delivering minimal performance impact with no code changes.
Azure and Intel enable innovative use cases
Across industries, Microsoft Azure customers use confidential computing with Intel processors to achieve higher levels of data privacy and mitigate risks associated with unauthorized access to sensitive data or intellectual property. They are leveraging innovative solutions such as data clean rooms to accelerate the development of new healthcare therapies, and privacy-preserving digital asset management solutions for the financial industry. These scenarios and more are in production today, leveraging 3rd Gen Intel Xeon Scalable processors with Intel Software Guard Extensions (Intel SGX), a foundational technology of the Azure confidential computing portfolio. In fact, Azure was the first major cloud provider to offer confidential computing in the cloud with virtual machines (VMs) enabled with Intel SGX application isolation. As founding members of the CCC, Microsoft and Intel work with numerous other member organizations to define and accelerate adoption of confidential computing. This effort includes contributions to several open source projects. The Azure team looks forward to extending this collaboration by bringing to market Intel TDX–based services in Azure.
Intel TDX extends Azure's existing confidential computing offerings
Today, Azure’s DCsv3 VMs offer application isolation using Intel SGX, delivering the smallest trust boundary of any confidential computing technology today. The addition of Intel TDX expands our portfolio to offer isolation at the VM, container or application levels to meet the diversity of customer needs. Azure is the only major cloud provider committed to offering both VM-level and application-level confidential computing offerings. Both are supported by Intel’s hardware root of trust and address the attestation requirements that meet the confidential computing industry standard. Both Intel TDX and Intel SGX technologies provide capabilities that help remove the cloud operator’s access to data, including removing the hypervisor from the trust boundary.
Removing trust in the hypervisor
While Azure has engineered our hypervisor to be very secure, we are seeing a growing number of customers seeking further protections to meet data sovereignty and regulatory compliance. These customers require increased isolation and protection of their workloads to reduce the risk of unauthorized data access. As such, Microsoft leverages hardware control over hypervisors to protect customer data. With Intel-based confidential computing solutions on Azure, altering the hypervisor does not allow Azure operators to read or alter customer data in memory.
Establishing trust via attestation
Attestation is a critical concept of confidential computing. It allows customers to verify the third-party hardware root of trust and software stack prior to allowing any code to access and process data. With Intel TDX, the attestation is done against the entire VM or container, each with a unique hardware key to keep memory protected. With Intel TDX, we will offer attestation support with Microsoft Azure Attestation as standard and will also partner closely with Intel on their upcoming trust service, code-named "Project Amber," to meet the security requirements of customers.
Confidential computing takes off
Many Azure confidential computing customers can attest to the value they receive from our existing Intel confidential computing offerings.
Novartis Biome uses BeeKeeperAI’s EscrowAI confidential clean room solution on Azure confidential computing for the training and validation of algorithms to predict instances of a rare childhood condition using real patient data from health records, while maintaining privacy and compliance.
“Rare diseases are often challenging to diagnose and if left untreated, they can significantly diminish a patient’s quality of life. With BeeKeeperAI, our scientists were able to securely access a large gold standard dataset that enabled us to improve the predictive capabilities of our algorithm, bringing us much closer to identifying patients early in the disease course and to improving their outcomes.” —Robin Roberts, Co-founder and Chief Operating Officer, Novartis Biome
Fireblocks provides enterprise-grade secure infrastructure for moving, storing, and issuing digital assets. They use Intel confidential computing technology on Azure to hold one of the keys to its wallets.
"Some of the biggest cryptocurrency businesses, financial institutions, and enterprises in the world trust Fireblocks software and APIs to provide digital custody solutions, manage treasury operations, access DeFi, mint and burn tokens, and manage their digital asset operations. We leverage Azure to hold one of the keys to our wallets due to Azure Confidential Computing … " —Michael Shaulov, CEO and Co-founder, Fireblocks
"Carbon Asset Solutions is a world-first precision measurement, recording, and verification platform focused on atmospheric carbon removal through soil carbon sequestration. With Azure, we deliver higher integrity Carbon Credits than any other method." —Sara Saeidi, Chief Operating Officer, Carbon Asset Solutions
Azure’s vision for the confidential cloud
We see a future where confidential computing is standard and pervasive both in the cloud and at the edge within all Azure service offerings. Customers will be able to more confidently use the cloud for their most sensitive data workloads while verifying the environment and staying in full control of data access. We look forward to the launch of 4th Gen Intel Xeon Scalable processors and offering Intel TDX–enabled instances with VM-level data protection and performance improvements later this year, continuing our partnership with Intel to help transition Azure to the confidential cloud.
Sign up for early access to Intel TDX confidential VMs coming later this year.
Current Azure confidential computing–based services featuring Intel technology:
- Foundational infrastructure as a service (IaaS) elements utilizing Intel SGX such as Virtual Machines with Application Enclaves and Intel SGX based confidential computing nodes on Azure Kubernetes Service.
- Azure first-party confidential computing software as a service (SaaS) such as Microsoft Azure Attestation, Azure confidential ledger, Azure Managed Confidential Consortium Framework (preview), and Azure Key Vault Managed HSM.
- Various third-party confidential computing SaaS, many of which are captured in this webinar series.
Open source tools for developing Intel-based confidential computing apps on Azure:
- The Open Enclave (OE) Software Development Kit (SDK)
- The EGo SDK
- The Intel SGX SDK
- The Confidential Consortium Framework (CCF)
Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.