New Microsoft Azure confidential virtual machines (VMs) with Intel® Trust Domain Extensions (Intel® TDX), a hardware-based trusted execution environment (TEE), give enterprises confidential computing at the VM level. By offering VMs with Intel TDX, Microsoft is expanding its Azure portfolio to offer isolation at the VM, container, and application levels to meet diverse enterprise needs.
Azure DCesv5-series and ECesv5-series confidential VMs with Intel TDX make it easier to deploy existing applications while providing strong isolation properties. For those already using Azure instances with Intel® Software Guard Extensions (Intel® SGX), which implement confidential computing at a more granular application level, VMs with Intel TDX expand the available options for organizations deploying Confidential Computing.
VM Use Cases
With these confidential VMs, enterprises can implement a range of use cases:
- Migrate sensitive databases and enterprise applications to the cloud without code changes
- Maintain privacy while collaborating on multi-party analysis, which often involves combining data from multiple sources for AI applications
- Strengthen compliance and data sovereignty programs
- Set up hardware-based isolation and access controls
The DCesv5 series offers up to 96 vCPUs and ranges from 4–384 GB of memory. ECesv5 offers up to 128 vCPU and ranges up to 768 GiB of memory.
Adding Value Across Industries
These confidential VMs also deliver value when seen through an industry lens. From AI-powered healthcare to fraud prevention in financial services, these VMs enable businesses to experience more collaboration, insights, and innovation:
- Healthcare organizations can deploy these Azure VMs to handle regulated information or manage confidential multi-party collaborations, such as medical research.
- Financial services firms can use these VMs to handle high volumes of confidential and regulated data.
- Retailers with large databases of confidential customer data can use these VMs for advanced analyses that must be kept private. The movement toward cookie-less advertising technology has also opened new uses for advertisers, who can combine multiple datasets in a privacy-preserving environment to better target customers.
- Governmental organizations with many sensitive applications who face advanced persistent threats might consider deploying Confidential Computing with VMs like these a high priority.
- Industrial and edge deployments might have valuable data or software intellectual property (IP) in distributed locations lacking rigorous physical security, making using these confidential VMs an option.
Intel TDX Role
These Azure VMs run on 4th Gen Intel® Xeon® Scalable processors with Intel TDX. Intel TDX facilitates the deployment of trust domains (TD), which are hardware-isolated VMs designed to protect sensitive data and applications from unauthorized access. Intel TDX is designed to help prevent the hypervisor and other host management code including the cloud admins, from accessing the VM memory and state. It also helps ensure workload integrity and confidentiality by mitigating software and hardware attacks, including intrusion or inspection by software running in other VMs.
Protect Your Data
Intel’s portfolio of Confidential Computing solutions (Intel® SGX, Intel® TDX and Intel® Trust Authority) enables customers to unleash the power of their data while addressing confidentiality, privacy, integrity, and sovereignty concerns. Azure offers one of the most comprehensive Confidential Computing portfolios in the industry. Start your journey towards Confidential Computing on Azure VM’s with Intel TDX.
Learn more about Azure confidential VMs on Intel CPUs
Learn more about Intel Confidential Computing
Notices and Disclaimers
Performance varies by use, configuration, and other factors. Learn more on the Performance Index site.
Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates. See backup for configuration details. No product or component can be absolutely secure.
Your costs and results may vary.
Intel technologies may require enabled hardware, software, or service activation.
© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.