What are Confidential Containers?
Confidential Containers (CoCo) is a new sandbox project of the Cloud Native Computing Foundation (CNCF) that enables cloud-native confidential computing by taking advantage of a variety of hardware platforms and technologies. The project brings together software and hardware companies including Alibaba-cloud, AMD, ARM, IBM, Intel, Microsoft, Red Hat, Rivos and others.
The CoCo project builds on existing and emerging hardware security technologies such as Intel SGX, Intel TDX, AMD SEV and IBM Z Secure Execution, in combination with new software frameworks to help better secure user data in use. This will establish a new level of confidentiality, which does not rely on trust in the cloud providers and their employees, but on hardware-level cryptography. CoCo will support multiple environments including public clouds, on-premise and edge computing.
The goal of the CoCo project is to standardize confidential computing at the container level and simplify its consumption in Kubernetes. This is in order to enable Kubernetes users to deploy confidential container workloads using familiar workflows and tools without extensive knowledge of underlying confidential computing technologies.
A blog series on various forms of attestation for Confidential Computing use cases.
A blog series on Confidential Virtual Machines (CVMs) which are a set of hardware and software technologies providing additional measures for the confidentiality of the data processed within the VMs.
What is the Confidential Containers project?
October 7, 2022 - Pradipta Banerjee, Christophe de Dinechin, Ariel Adam, Jochen Schroder, Martin Tessun
Confidential Containers (CoCo) is a new sandbox project of the Cloud Native Computing Foundation (CNCF) that enables cloud-native confidential computing by taking advantage of a variety of hardware platforms and technologies…Read full post
Understanding the Confidential Containers Attestation Flow
December 2, 2022 - Pradipta Banerjee, Samuel Ortiz
This article describes the hardware-based attestation flows and processes that the Confidential Containers project is built upon. With hardware-based attestation, a confidential computing processor generates cryptographic evidence for a workload-running environment. Provided that the workload owner trusts that piece of hardware, they can then remotely verify that evidence and decide if the workload’s execution environment is trustworthy or not…Read full post
How to use Confidential Containers without confidential hardware
March 6, 2023 - Wainer dos Santos Moschetta, Steve Horsman
The CoCo community recognizes that not every developer has access to TEE-capable machines and we don't want this to be a blocker for contributions. So version 0.1.0 and later come with a custom runtime that lets developers play with CoCo on either a simple virtual or bare-metal machine. In this tutorial you will learn: How to install CoCo and create a simple confidential pod on Kubernetes, and the main features that keep your pod confidential…Read full post
Deploying confidential containers on the public cloud
April 14, 2023 - Jens Freimann, Suraj Deshmukh, Amar Gowda, Ariel Adam, Pradipta Banerjee
In this article we will describe how Microsoft and Red Hat are collaborating in the open source community to show how Red Hat OpenShift can be deployed on Azure Confidential Computing for providing confidential container capabilities to its users...Read full post
Confidential Containers on Azure with OpenShift: A technical deep dive
May 22, 2023 - Magnus Kulke, Pradipta Banerjee, Suraj Deshmukh, Jens Freimann
In this blog, we're focusing on the specifics of the CoCo components. We'll break down the major elements, delve into the remote attestation process, secure key release for the application and highlight the role of Azure Confidential VM's (CVM) virtual Trusted Platform Module (vTPM) with AMD SEV-SNP protection...Read full post
Confidential containers on Azure with OpenShift: setup guide
June 8, 2023 - Pradipta Banerjee, Snir Sheriber, Suraj Deshmukh, Jens Freimann, Magnus Kulke
In this blog post, you will learn how to set up OpenShift sandboxed containers with confidential containers support on an OpenShift cluster hosted on Azure, using AMD SEV-SNP technology. You will also see how to create and run a confidential container that can process confidential data more securely and efficiently....Read full post
Confidential containers with AMD SEV
June 19, 2023 - Wainer dos Santos Moschetta, Ryan Savino
This blog demonstrates how to prepare an EPYC™ CPU-powered machine for SEV and CoCo, how to install CoCo using a Kubernetes operator, and how to create an encrypted image and start a container pod that uses CoCo SEV....Read full post
Protecting your intellectual property and AI models using Confidential Containers
October 26, 2023 - Ariel Adam, Tanay Baswa, Pradipta Banerjee, Suraj Deshmukh, Jens Freimann, Magnus Kulke, Prashanth Harshangi
Protecting intellectual property and proprietary artificial intelligence (AI) models has become increasingly important in today's business landscape. Unauthorized access can have disastrous consequences with respect to competitiveness, compliance and other vital factors, making it essential to implement leading security measures...Read full post
Confidential containers for enhancing AI workload security in the public cloud
November 3, 2023 - Ariel Adam, Malini Bhandaru, Pradipta Banerjee, Eric Adams, Fabiano Fidêncio, Suraj Deshmukh, Sean Pryor
Workloads that handle sensitive or regulated information such as medical, financial, location data or high value IP such as machine learning models require additional security. This includes memory encryption, integrity tracking, access control from privileged processes and more...Read full post
Confidential Containers for Financial Services on Public Cloud
March 8, 2024 - Axel Sass, Malini Bhandaru, Eric Adams, Jens Freimann, Emanuele Giuseppe Esposito, Ariel Adam, Benny Fuhry, Magnus Kulke, Suraj Deshmukh
Public clouds provide geo resilience in addition to being cost-effective when compared to on-premise deployments. Regulated industries such as the Financial Services Industry (FSI) traditionally have been unable to take advantage of public clouds since FSI is highly regulated from a security and resiliency standpoint...Read full post
Introducing Confidential Containers Trustee: Attestation Services Solution Overview and Use Cases
April 4, 2024 - Ariel Adam, Pradipta Banerjee
We begin by introducing the RATS model and its components. After that, we discuss the Trustee project, its various components, and how they relate to the RATS model. Finally, we present a few use cases that demonstrate the usage of the CoCo Trustee and guest-components project....Read full post
Confidential Containers with OpenShift on Azure
This demo shows a spark workload deployed as confidential containers using the OpenShift sandboxed containers peer-pods approach. The confidential containers are using Azure Confidential Virtual Machine (CVM)
Securing AI Models with Intel TDX-based Containers on Red Hat OpenShift for Azure
This video demonstrates decrypting a sample LLM and running the inference using OpenShift AI inside an Intel TDX Trusted Execution Environment with OpenShift confidential containers on Azure
Red Hat OpenShift confidential containers environment on Azure
Overview of components constituting a confidential containers solution on OpenShift
Red Hat OpenShift confidential containers key retrieval demo
Key retrieval by a "hello-world" application deployed as confidential containers on Openshift in Azure
Deploying a confidential container having an encrypted container image
Deploying a confidential container having encrypted container image on Openshift. Shows image decryption key retrieval from the Key Broker Service, after successful verification of the claims sent by the trusted execution environment.
Confidential Containers for financial services on public cloud
Demonstrates usage of Red Hat OpenShift confidential containers with Intel TDX to protect financial services workload in public cloud.
저자 소개
유사한 검색 결과
채널별 검색
오토메이션
기술, 팀, 환경을 포괄하는 자동화 플랫폼에 대한 최신 정보
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
클라우드 서비스
관리형 클라우드 서비스 포트폴리오에 대해 더 보기
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.