Confidential VMs
Google Cloud's Confidential VMs enhance security for workloads by leveraging hardware-based memory encryption and trusted execution environments.
| Category | Workload Protection |
|---|---|
| Last page update | 19 days ago |
| Pricing Details | Pricing varies based on machine type and region. |
| Target Audience | Businesses and developers looking for enhanced security for cloud workloads. |
When deploying workloads in Google Cloud, one of the core security challenges is ensuring the confidentiality and integrity of data while it is being processed. Google Cloud's Confidential VMs address this challenge by leveraging hardware-based memory encryption and trusted execution environments (TEEs).
Confidential VMs utilize technologies such as AMD Secure Encrypted Virtualization (SEV) and SEV-SNP, as well as Intel Trust Domain Extensions (TDX), to keep data encrypted in memory and outside the CPU. This approach ensures that even the hypervisor and Google Cloud infrastructure cannot access the encryption keys, which are generated in dedicated hardware and cannot be exported.
The technical architecture involves creating Confidential VM instances, which can be done by simply enabling the "Confidential VM" option during VM creation. This setup integrates with existing Compute Engine infrastructure, including support for various machine types like N2D, which are optimized for different workloads. The transition to Confidential VMs is seamless, requiring no extra code changes to the applications.
Key operational considerations include the choice of CPU platform and machine type, as different technologies (e.g., AMD SEV, SEV-SNP, Intel TDX) offer varying levels of security and performance. For instance, AMD SEV-SNP provides additional security features but can be more resource-intensive, potentially impacting network bandwidth and latency. Additionally, Confidential VMs are currently limited to specific regions and zones, and only certain public images are supported.
From a technical standpoint, Confidential VMs offer attestation capabilities, allowing you to verify the identity and state of the VM to ensure it has not been tampered with. The logs from these VMs, such as the sevLaunchAttestationReportEvent, provide critical security insights, including integrity checks and policy enforcement details.
However, there are limitations to consider, such as the inability to enable Confidential Computing for existing VM instances; instead, you must recreate the VMs with the appropriate configuration. Moreover, certain features like AMD SEV-ES, which encrypts CPU register contents when a VM stops running, are not currently supported.