Microsoft opens Azure confidential containers to public preview

Microsoft has transitioned its confidential containers on Azure Container Instances (ACI) from limited preview to public preview as full general availability moves one step closer.

A Microsoft blog post explains how the service makes use of Secure Encrypted Virtualization and Secure Nested Paging (SEV-SNP) in AMD’s latest chips designed for servers.

ACI Product Manager Peter Pogorski explained how Azure customers are “increasingly turning to cloud-native, container-based applications to support their workloads”, but they continue to demand high levels of data protection.

Azure confidential containers

“This serverless platform allows for running Linux containers within a hardware-based and attested Trusted Execution Environment (TEE), providing the simplicity of a serverless container platform with the enhanced security of confidential computing,” Pogorski summarized.

Data-in-use can be protected in confidential containers by being processed in encrypted memory, which Microsoft has AMD to thank for with its EPYC processors.

Confidential containers are designed to run with verifiable initialization policies meaning that Azure’s customers can also ensure that executed code is trusted and verified, helping to eliminate unintentional data leaks.

For collaboration, guests can also review the attestation report to make sure that they’re happy with an application running in a container group before they commit to sharing sensitive information. 

ACI currently supports things like batch processing, data processing pipelines, and continuous integration, but Microsoft reckons confidential containers will open up its services to even more scenarios.

In its limited preview announcement, Azure Confidential Computing Product Manager Amar Gowda said: 

“We are excited to bring confidential serverless offerings with full lift & shift container support while continuing to innovate in this fast-emerging confidential computing and cloud native space.”

While there has been no official indication of full general availability, the fast-paced development suggests that confidential computing is key for many businesses as they seek to optimize their IT.