Microsoft has moved its confidential containers on Azure Container Instances (ACI) from limited preview to public preview as it moves closer to full general availability.
A Microsoft blog post (opens in new tab) explains how the service uses Secure Encrypted Virtualization and Secure Nested Paging (SEV-SNP) in AMD’s latest chips designed for servers.
ACI product manager Peter Pogorski explained how Azure customers are “increasingly moving to cloud-native, container-based applications to support their workloads,” but they continue to demand high levels of data protection.
Azure confidential containers
“This serverless platform enables Linux containers to run within a hardware-based and certified Trusted Execution Environment (TEE), providing the simplicity of a serverless container platform with the enhanced security of confidential computing,” summarized Pogorski.
Data-in-use can be protected in confidential containers by processing it in encrypted memory, which Microsoft owes to AMD with its EPYC processors.
Confidential containers are designed to run with verifiable initialization policies, meaning Azure’s customers can also ensure that running code is trusted and verified, preventing accidental data leaks.
For collaboration, guests can also view the attestation report to ensure they are happy with an application running in a container group before committing to share sensitive information.
ACI currently supports things like batch processing, data processing pipelines, and continuous integration, but Microsoft believes confidential containers will open up its services to even more scenarios.
In its limited preview announcement (opens in new tab)said Azure Confidential Computing product manager Amar Gowda:
“We are excited to provide confidential serverless offerings with full lift & shift container support as we continue to innovate in this rapidly emerging confidential computing and cloud native space.”
While there is no official indication of full general availability, the rapid development suggests that confidential computing is critical for many companies in optimizing their IT.