Today, we are announcing the public preview of Azure DCasv5/ECasv5 confidential virtual machines (VMs) powered by 3rd Gen AMD EPYC™ processors with SEV-SNP.
These hardware-encrypted virtual machines feature integrity-protected full state encryption and advanced hardware security based on the AMD advanced security feature Secure Encrypted Virtualization (SEV), and particularly Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).
These features harden guest protections to deny the hypervisor and other host management code access to VM memory and state, protecting against cloud operator access. Combined with Azure full-disk encryption and Azure Managed HSM, customer code and data are encrypted in use, in transit, and at rest using encryption keys which are protected and can be controlled by the customer. The VM in its entirety benefits from a strong hardware-enforced boundary.
You can get going right away with Azure AMD EPYC CPU-based confidential VMs in both West US and North Europe regions. You can deploy them using Azure Portal and ARM APIs. Supported OS images include Windows Server 2019, Windows Server 2022, and Ubuntu 20.04.