Microsoft added virtual machines with AMD’s third-gen Epyc CPU encryption and security features to its Azure confidential computing portfolio.
Third-gen Epyc CPUs use Secure Encrypted Virtualization (SEV) technology to protect a VM’s memory from a hypervisor through encryption. Microsoft now employs the technology in the Azure DCasv5 and ECasv5 series of confidential virtual machines.
Third-gen Epyc CPUs also use SEV-SNP (Secure Nested Paging). The technology increases hardware-based security through memory integrity safeguards against hypervisor-based hacks, such as data replay and memory remapping. The technology blocsk the hypervisor from accessing the VM’s memory or state information.
Microsoft revealed that the private VMs integrate with Azure Managed HSM (Hardware Security Module) and Azure Key Vault services. Customers who utilize them can also remotely check the integrity of software binaries through the Microsoft Azure Attestation (MAA) service.
The VMs are available in a select number of Azure regions. Microsoft maintains an up-to-date overview of availability on its website (see: DCasv5 and ECasv5 series).
A touch of blockchain
Furthermore, Microsoft made Azure Confidential Ledger generally available. The goal is to serve as a managed, decentralized cloud repository for private data. According to Microsoft, it’s rooted in blockchain technology and shares the same immutability and tamper-proofing properties, which makes it perfect for applications where vital metadata records cannot be changed for legal and recordkeeping purposes.