Infrastructure
Confidential Cloud is cloud-agnostic. Tower and Inspector are responsible for various aspects of the Life-Cycle Management (LCM) of infrastructure resources.
Confidential Cloud builds atop Confidential Computing to offer state-of-the-art encryption mechanisms. Today, hardware and firmware support for Confidential Computing is only available in several modern lines of hardware platforms offered by a limited range of forward-looking Cloud Service Providers (CSPs).
Supported Hardware
Currently, Confidential Computing is only available on a limited set of microprocessor product lines available in the market. Enterprise vendors offer several Confidential Computing implementations, with varying capabilities and performance limitations, and security trade-offs (Read more).
Confidential Cloud currently supports the following hardware:
AMD SEV-SNP
- Secure Encrypted Virtualization (SEV) - Secure Nested Paging (SNP): https://www.amd.com/en/processors/amd-secure-encrypted-virtualization
Upcoming
- Intel® Trusted Domain Extensions (TDX) - pending hardware availability
https://www.intel.com/content/www/us/en/developer/articles/technical/intel-trust-domain-extensions.html
- ARM® Confidential Compute Architecture (CCA) - pending hardware availability and firmware support
https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture
Decomissioned
- Intel® Software Guard Extension (SGX)
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html
Cloud Service Providers (CSPs)
Confidential Cloud provisions Trusted Execution Environments (TEE) on several hyperscalers and locations.
-
AWS
Europe (🇸🇪 Stockholm) : default
-
Azure
Europe (🇸🇪 Stockholm) : default
-
OVH (Bare-Metal)
Europe (🇩🇪 Frankfurt) : default
-
Openstack
Europe (🇸🇪 Stockholm) : default
Europe (🇮🇹 Italy)
Partnership Programme
Are you a CSP and interested to support Confidential Cloud?
Join our Partnership programme!
On-Prem / Air-gapped
Confidential Cloud can be configured to deploy resouces On-Prem. This allows to support use cases that require operations in a closely controlled domain - or even as an air-gapped setup.
Get in touch for more information!