It has been an incredible year for Azure confidential computing, working with partners and customers, that has culminated in our confidential computing offerings becoming publicly available. At Ignite, we announced our intent, and I am excited to say that just two weeks later we are delivering on our promise of releasing the DC-series of virtual machines and open sourcing the Open Enclave SDK.

As a quick recap, Azure confidential computing protects your data while it’s in use. It is the final piece to enable data protection through its lifecycle whether at rest, in transit, or in use. It is the cornerstone of our ‘Confidential Cloud’ vision, which aims to make data and code opaque to the cloud provider.

Today, we are excited to announce a public preview of the DC-series of virtual machines in US East and Europe West. Years of work with our silicon vendors have allowed us to bring application isolation technology to hardware in our datacenters to support this new VM family. While these virtual machines may ‘look and feel’ like standard VM sizes from the control plane, they are backed by hardware-based Trusted Execution Environments (TEEs), specifically the latest generation of Intel Xeon Processors with Intel SGX technology. You can now build, deploy, and run applications that protect data confidentiality and integrity in the cloud. To get started, deploy a DC-series VM through the custom deployment flow in Azure Marketplace .

Customers like Christopher Spanton, Senior Architect for Blockchain at T-Mobile, have already started making use of the infrastructural building blocks.

“Leveraging the latest generation of trusted execution environments through Azure confidential computing has been an exciting opportunity for us to increase both the security and efficiency of our solutions. Specifically, we are working to deliver the next-generation of our internal Role-Based Access Control platform (NEXT directory) in the cloud and the Azure confidential computing platform provides a uniquely powerful platform for running blockchain protocols, such as Hyperledger Sawtooth, on which our solution is based. Our three organizations, T-Mobile, Intel, and Microsoft together have the technology, expertise, and commitment to deliver this kind of complex hybrid-architecture blockchain solution.”

Infrastructure is an important building block, but as you may be aware, enclave-based application development is a new programming paradigm. We are therefore excited to announce that we have open sourced the Open Enclave SDK project that provides a consistent API surface and enclaving abstraction for your confidential computing application development.

At its core, we wanted to ensure the Open Enclave SDK was portable across enclave technologies, cross platform cloud, hybrid, edge, or on-premises, and designed with architectural flexibility in mind. The current version of Open Enclave SDK (v0.4), supports Intel SGX technology for C/C++ enclave applications, using mBedTLS. Subsequent versions will bring support for Arm TrustZone, additional runtimes, and windows support. To learn more about the SDK, visit the Open Enclave project webpage and the API documentation .

We are committed to creating a collaborative community to help standardize secure enclave-based application development. Customers and partners in preview have already tested the Open Enclave SDK out and provided initial feedback.

One of those customers was Matthew Gregory, CEO and Founder of Ockam. Matthew shares how the Azure confidential computing platform, combined with Open Enclaves SDK, were able to help improve his organization’s development experience.

“Azure confidential compute uniquely enables Ockam Blockchain Network, a public blockchain, to reside in a public cloud infrastructure and to reap the broad benefits of Azure. The Azure confidential compute platform creates a simple 'as-a-service' developer experience that abstracts away complexity, which accelerates go-to-market time, simplifies ongoing operations, and increases availability. By running Ockam Validator Nodes on the Azure confidential compute platform we can better manage validator keys and verify the chain of trust in a decentralized network."

Whether you are interested in viewing the source code, contributing to the project, or providing feedback on new features and functionality, visit the project’s GitHub repository .

Infrastructure and development environments provide you the building blocks to build enclave-based applications that protect data and code confidentiality and integrity. Based on the feedback from our private preview customers, we have started to invest in higher level scenarios of confidential computing such as confidential querying in databases, creating confidential consortium networks that scale, and secure multiparty machine learning.

Eddy Ortiz, Vice President of Solution Acceleration and Innovation at Royal Bank of Canada is using confidential computing for a few of these scenarios.

“We are always looking to harness the potential of emerging technologies. When we were first introduced to the Azure confidential compute platform, we were intrigued by the possibility of adding a new layer of security and confidentiality to our solutions. We’re currently exploring ways to share and analyze data across different institutions, while maintaining security and confidentiality. We are currently piloting a confidential multiparty data analytics and machine learning pipeline on top of the Azure confidential compute platform, which ensures that participating institutions can be confident that their confidential customer and proprietary data is not visible to other participating institutions, including RBC. So far, the results have been promising.”

We will continue to work on these scenarios across our Azure service offerings and will provide you with more updates over the coming months.

We are excited to be providing you with the building blocks of the next wave of cloud computing.If you have any questions or comments, please reach out to us by posting on our Azure Virtual Machine MSDN forum for the DC-series andfiling an issue on GitHub for the Open Enclave SDK.

Getting started

We recommend getting started by deploying through Azure Marketplace . The custom deployment flow deploys and configures the virtual machine and installs the Open Enclave SDK for linux VMs if selected. Many of the basic VM deployment configurations are supported through the Confidential Computing VM Deployment workflow, including: (1) Windows/Linux VM; (2) New or existing resource group; (3) New or existing VNet; (4) Storage/disk type; (5) Enabled diagnostics, and other properties.

There are a few areas we will continue to improve during public preview, including regions, operating system images, and queryability.

Regions

Regions support has expanded from US East in private preview to also include Europe West in public preview. We are working on expanding our investments into other regions.

Operating system images The DC-series of VMs are the first set of Generation 2 virtual machines. As suc

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

tags: confidential,Azure,our,computing,SDK
分页:12
转载请注明
本文标题:Protect data in use with the public preview of Azure confidential computing
本站链接:https://www.codesec.net/view/604433.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(25)