What are Red Hat Confidential Virtual Machines?
Confidential Virtual Machines (CVMs) are a set of hardware and software technologies which provide additional measures for the confidentiality of the data processed within the VMs. Namely, the data is protected from the physical host which runs the VM at all stages: in transit, at rest and in use. These protections are especially important when the owner of the VM differs from the owner of the infrastructure, e.g. when the workload runs on a public cloud.
Red Hat Enterprise Linux aims to support the emerging CVM use-case by enabling the hardware technologies such as AMD SEV-SNP and Intel TDX as well as adding support to the software stack, making sure the confidentiality guarantees are preserved and that the VM can be attested by the owner to prove its qualities.
Introduction to confidential virtual machines
June 8, 2023 - Vitaly Kuznetsov
In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to better secure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). Read full post
RHEL confidential virtual machines on Azure: A technical deep dive
June 21, 2023 - Vitaly Kuznetsov
The Red Hat Enterprise Linux 9.2 CVM Preview image for Azure confidential VMs has been released, and it represents an important step forward in confidential virtual machines. In this article, I focus on the changes implemented to support the emerging confidential computing use-case, and some of the expected changes in the future. Read full post
How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines
July 26, 2023 - Vitaly Kuznetsov
With the release of Red Hat Enterprise Linux 9.2 (RHEL), it's possible to run the Technology Preview of RHEL on an Azure confidential virtual machine (CVM). In a previous article, I provided the high-level requirements for a Linux operating system to support a CVM use-case, as well as the changes made to the RHEL 9.2 operating system to support the features provided by Azure CVMs to better secure data confidentiality. In this article, I focus on how to get access to the CVM Preview image, and how to launch an Azure CVM using that image. Read full post
Red Hat Enterprise Linux 9.3 on Azure confidential virtual machines: What’s new?
November 15, 2023 - Vitaly Kuznetsov
Previously, Red Hat and Microsoft introduced support for Red Hat Enterprise Linux 9.2 (RHEL) on Azure confidential virtual machines (CVMs). The RHEL9.2 CVM Preview image was available as “private preview” and in How to run Red Hat Enterprise Linux 9.2 on Azure confidential virtual machines, I described how to sign up for the preview and get access to the image. With the release of RHEL 9.3 , RHEL CVM Preview image on Azure became available as “public preview” so no specific sign-up process is required. In this article, I will focus on the changes between RHEL 9.2 and RHEL 9.3 for CVM Preview images. Read full post
Red Hat Enterprise Linux and Secure Boot in the cloud
July 17, 2024 - Vitaly Kuznetsov
In this article, we will focus on how to enable and configure Secure Boot for various Red Hat Enterprise Linux (RHEL) image types in AWS, Google Cloud and Microsoft Azure. Read full post
Extending Red Hat Unified Kernel Images By Using Addons
August 2, 2024 - Emanuele Giuseppe Esposito
With the advent of Confidential Virtual Machines (CVMs) in RHEL, a new challenge has emerged: Extending the Red Hat UKI (Unified Kernel Image) more safely and without compromising its security footprint. Starting with Red Hat 9.4, the systemd package (252-31 and onwards) supports UKI addons, which aim to solve this issue. In this blog, I explore the addons that enable safer extension of the UKI kernel command line. Read full post
Confidential VMs in the cloud - DevConf.CZ 2023
Confidential instance types are the newest addition to public clouds like Microsoft Azure and Google Cloud Platform (GCP) but what does "confidential" really mean? The session will focus on which additional security guarantees are provided and what's required from Linux-based operating systems to make use of these guarantees. Using Azure Confidential VMs as an example, I'll focus on boot process, guest image requirements, Unified Kernel Images (UKIs), full disk encryption with vTPMs and PCR measurements.
저자 소개
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.