Important
Confidential virtual machines (confidential VMs) in Azure Confidential Computing is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
This article provides answers to some of the most common questions about confidential VMs.
What are confidential VMs?
Confidential VMs are IaaS VMs for tenants with especially high security and confidentiality requirements. Confidential VMs offer access to the following technologies and benefits:
- Encryption for "data in use”, including the processor state and the virtual machine’s memory. Keys are generated by the processor and never leave it.
- Host attestation to verify the full health and compliance of the server before initializing a confidential VM.
- Encryption of "data at rest." A Hardware Security Module (HSM) can be used to guards the keys, which the tenant exclusively owns.
- New UEFI boot architecture supporting the guest OS for enhanced security settings and capabilities.
- A dedicated virtual instance of a Trusted Platform Module (TPM). Certifies the health of the VM and provides hardened key management functions. Supports use cases such as BitLocker.
Why should I use confidential VMs?
Confidential VMs address customer concerns about moving sensitive workloads off-premises into the cloud. Confidential VMs provide significantly elevated protections for customer data from the underlying infrastructure and cloud operators. Unlike other approaches and solutions, you don't have to adapt your existing workloads to fit the platform's technical needs.
What are AMD SEV technologies and how do they relate to Azure confidential VMs?
AMD SEV technologies, particularly Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), offer multiple protections. For example, memory encryption, unique CPU keys, encryption for the processor register state, strong integrity protection, firmware rollback prevention, side channel hardening, and restrictions on interrupt and exceptions behavior. Collectively, AMD SEV technologies harden guest protections to deny hypervisor and other host management code access to VM memory and state. Confidential VMs combine AMD SEV with Azure technologies such as full-disk encryption and Azure Key Vault Managed HSM. You can encrypt data in use, in transit, and at rest with keys that you control. With built-in Azure Attestation capabilities, you can independently establish trust in the security health and underlying infrastructure of your confidential VMs.
How can I deploy Azure confidential VMs?
Here are some ways you can deploy a confidential VM on AMD processors:
Do all OS images work with confidential VMs?
To run on a confidential VM, OS images must meet certain security and compatibility requirements. VMs must be securely mounted, attested to, and isolated from the underlying cloud infrastructure. You can use Azure Compute Gallery to modify a confidential VM image, such as by installing applications. Then, you can deploy confidential VMs based on your modified image.
Do I have to use the full-disk encryption scheme? Can I use a standard scheme instead?
The optional full-disk encryption scheme is Azure's most secure and meets the Confidential Computing principles. However, you can also use other disk encryption schemes along with or instead of full-disk encryption. If you use multiple disk encryption schemes, double encryption might negatively affect performance.
Can I enable or disable the new full-disk encryption scheme after VM creation?
No. After you've created a confidential VM, you can't deactivate or reactivate full-disk encryption. Create a new confidential VM instead.
Can I convert a non-confidential VM into a confidential VM?
No. For security reasons, you must create a confidential VM as such from the start.
Why can't I find DCasv5 or ECasv5 VMs in the Azure portal size selector?
Make sure you've selected an available region for confidential VMs. Also make sure to select clear all filters in the size selector.
Can I enable Azure Accelerated Networking on confidential VMs?
No. Confidential VMs don't support Accelerated Networking. You can't enable Accelerated Networking for any confidential VM deployment, or any Azure Kubernetes Service cluster deployment that runs on Confidential Computing.
What does this error mean? "Operation could not be completed as it results in exceeding approved standard DCasV5/ECasv5 Family Cores Quota"
You might receive the error Operation could not be completed as it results in exceeding approved standard DCasv5/ECasv5 Family Cores Quota. This Azure Resource Manager template (ARM template) error means the deployment failed because of a lack of Azure compute cores. Azure free trial subscriptions don't have a large enough core quota for confidential VMs. Create a support request to increase your quota.
What's the difference between DCasv5-series and ECasv5-series VMs?
ECasv5-series are memory-optimized VM sizes, which offer a higher memory-to-CPU ratio. These sizes are especially well-suited for relational database servers, medium to large caches, and in-memory analytics.
Are DCasv5/ECasv5 VMs available globally?
No. At this time, these VMs are only available in select regions. For a current list of available regions, see VM products by region.
What happens if I need Microsoft to help me service or access data on my confidential VM?
Azure doesn't have operating procedures for granting confidential VM access to its employees, even if a customer authorizes the access. As a result, various recovery and support scenarios aren't available for confidential VMs.
Do confidential VMs support virtualization, such as Azure VMware Solution?
No, confidential VMs don't currently support nested virtualization, such as the ability to run a hypervisor inside a VM.
Is there an extra cost for using confidential VMs?
Billing for confidential VMs depends on your usage and storage, and the size and region of the VM. Confidential VMs are available in dedicated sizes, so prices might differ from general-purpose VMs. Confidential VMs use a small encrypted virtual machine guest state (VMGS) disk of several megabytes. VMGS encapsulates the VM security state of components such the vTPM and UEFI bootloader. This disk might result in a monthly storage fee. Starting in 2022, if you choose to enable the optional full-disk encryption, encrypted OS disks will incur higher costs. This change is because encrypted OS disks use more space, and compression isn't possible. For more information on storage fees, see the pricing guide for managed disks. Lastly, for some high security and privacy settings, you might choose to create linked resources, such as a Managed HSM Pool. Azure bills such resources separately from the confidential VM costs.