Microsoft Expands Previews of Azure Confidential Computing and DC-Series VMs

Microsoft on Wednesday announced a public preview of Azure confidential computing, which previously had been at the more restricted "Early Access" preview stage about a year ago.

Azure confidential computing is part of Microsoft's "Confidential Cloud" security approach. This approach aims to gain the trust of organizations to use Microsoft's Azure datacenter infrastructure ("the cloud") for their operations. The new confidential computing preview adds security while Azure customer data is in use. Microsoft already provides security for Azure customer data while in transit and "at rest."

Azure confidential computing represents "the final piece to enable data protection through its lifecycle whether at rest, in transit, or in use," explained Christine Avanessians, a principal program manager for Azure, in Microsoft's announcement.

Azure DC-Series
Avanessians simultaneously announced a public preview of the Azure DC-Series virtual machines in "US East and Europe West" Azure regions. The DC-Series virtual machines are related to Azure confidential computing because they support "hardware-based Trusted Execution Environments" (TEEs), specifically right now using Intel Xeon processors with Intel's Software Guard Extensions (SGX) protection. TEEs, also called "enclaves," are a key element because they are used to prevent outside parties from seeing data stored on Azure infrastructure.

The previews of the Azure DC-Series are "the first set of Generation 2 virtual machines" available on Azure, Avanessians noted. Microsoft worked with its partners to enable support for Ubuntu Server 16.04 and Windows Server 2016 Datacenter with these Generation-2 VMs, she added. Custom images aren't supported yet.

Testers get access to these Azure DC-Series VMs though the Azure Marketplace, according to a description by Aidan Finn, a Microsoft Most Valuable Professional. He outlined that approach in a blog post.

In addition to the hardware-based TEEs, Microsoft offers a software version for use with Azure confidential computing. The software version, based on the Hyper-V hypervisor, is called "Virtualization Based Security" (formerly known as "Virtual Secure Mode"), as Microsoft has previously explained.

Open Enclave SDK
On top of the Azure confidential computing and DC-Series VM previews, Avanessians announced that Microsoft has published its Open Enclave software development kit (SDK) as open source code on GitHub. Developers can use the APIs in the Open Enclave SDK, currently at version 0.4, to build "enclave applications." The SDK currently supports "Intel SGX technology for C/C++ applications, using mBedTLS," she indicated. The SDK will get future support for Arm TrustZone, Windows and "additional runtimes," she promised.

The aim of the Open Enclave SDK is to support building TEE-based applications across platforms.

"As TEE technology matures and as different implementations arise, the Open Enclave SDK is committed to supporting an API set that allows developers to build once and deploy on multiple technology platforms, different environments from cloud to hybrid to edge, and for both Linux and Windows," the Open Enclave's landing page explained.

Microsoft's announcement described some early partner-built applications that are leveraging the Azure confidential computing platform. The Royal Bank of Canada is testing the ability to "share and analyze data across different institutions, while maintaining security and confidentiality." The company Ockam is using Azure confidential computing capabilities to support a public blockchain solution.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.