Azure’s secure computing provides a variety of alternatives for developing confidential solutions. The spectrum of options varies from allowing “lift and shift” situations for current applications to providing complete control over several security elements. These features include control over the level of access.

Options Available for Confidential Computing

Customers can choose how they want to build confidential solutions by using technologies like secure enclaves or confidential virtual machines or confidential containers.

  1. Existing applications that don’t have access to the source code may benefit from AMD SEV-SNP-based confidential VMs that make it easy to connect to the Azure confidential computing platform.
  2. Secure application enclave technology may be useful for protecting sophisticated workloads including proprietary code from any trust vector. Cloud providers such as Microsoft provide application enclaves on virtual machines using Intel SGX processors. Intel SGX protects data and code running in memory space that is encrypted by hardware.
  3. Customers seeking a balanced approach to confidentiality may benefit from containerized solutions operating on Azure Kubernetes Service-enabled confidential containers. Existing applications may be packed and deployed in containers with few modifications, while still providing complete security isolation from the cloud service provider and administrators.

Azure confidential computing enables different deployment methods. You pick either IaaS or PaaS deployment type based on requirement. Azure confidential computing enables different deployment methods.

When conducting confidential computing, you have the option of using either Intel Software Guard Extensions (SGX) application enclaves or AMD SEV-SNP technology with virtual machines (VMs). Alternatively, confidential containers may be used in confidential computing. Containers also increase portability of applications, and improve resource usage, by applying the elasticity of the Azure cloud.

Confidential VM OR Confidential Containers

When should you deploy your solution on Confidential VMs?

  • You have legacy apps that can’t be changed or containerized. However, you must still provide data protection in memory while the data is being processed.
  • You’re running many apps on a single piece of infrastructure that need separate operating systems (OS).
  • You wish to emulate a whole computing environment, including all OS resources.
  • You’re moving your existing virtual machines from on-premises to Azure.

When to opt for a confidential container-based approach ?

  • You’re concerned about cost and resource allocation. However, you need a more agile platform for deployment of your proprietary apps and datasets.
  • You’re building a modern cloud-native solution. You also have full control of source code and the deployment process.
  • You need multi-cloud support.

Secure enclaves on Intel SGX OR Confidential VMs on AMD SEV-SNP

The security posture of Confidential VMs running on AMD SEV-SNP and Secure Enclaves running on INTEL SGX is entirely different. Let’s try to figure out what makes these two different.

Secure Enclaves on the INTEL SGX Platform:

  1. Using hardware-based encryption, protects spaces inside the virtual machine.
  2. The security border applies to memory regions inside the VM.
  3. Enclaved data and code is not accessible to users, applications, or services operating within the Intel SGD Powered VM regardless of permission settings.
  4. Application isolation protects data in use.

Virtual machines running on AMD SEV-SNP

  1. Protects the whole virtual machine using Hardware encryption.
  2. The security perimeter applies to the whole Confidential VM.
  3. CSPs with full hypervisor control will not have access to the code and data performed inside the VM.
  4. Offers virtual machine (VM) separation from the hypervisor.
  5. The SEV-SNP model only trusts  AMD Secure processor and VM. It doesn’t trust any other hardware or software, including the hypervisor.


Choosing the proper approach between secure enclaves, confidential VMs, and confidential containers is critical before the solution is implemented. I hope you found this post useful, and if you do, please consider forwarding it to others.


  • Disclaimer

    The views and opinions expressed on this blog are my own and does not reflect the views and opinions of my employer.