We are excited to announce that the Anjuna Confidential Computing Platform now supports Azure confidential computing powered by AMD SEV-SNP. First announced in July 2022, Azure confidential computing based on AMD SEV-SNP introduced a new confidential computing infrastructure building block option, alongside Intel SGX. Anjuna was among the first confidential computing software providers to support SGX on Azure, and we are now the first to provide a container-based solution on AMD SEV-SNP.
Our primary objective is to make confidential computing infrastructure more accessible to customers, enabling them to achieve complete security and data privacy. By combining Anjuna with Azure confidential computing, our customers can maximize operational efficiency and security posture by reducing the trust boundaries of the confidential computing environment to the essential minimal unit: the application.
Before diving into the technical details, let's take a broader look at Azure's range of confidential computing offerings.
Azure confidential computing building blocks: Intel SGX and AMD SEV-SNP
When evaluating confidential computing approaches, customers must consider different threat and risk profiles associated with various solutions, along with the accompanying complexities. For example, a traditional Application Enclave on Intel SGX provides high levels of isolation from threats, but is complex to use without a solution like Anjuna. Confidential VMs provide memory encryption, but for the whole VM, which does not provide the strongest granular isolation over a container running in the VM.
- Application enclaves based on Intel SGX allow the highest levels of data isolation through secure enclaves that create compartments within the hardware’s processor and memory, providing strong protection for individual processes. However, implementing Intel SGX requires additional engineering efforts to re-architect and optimize these processes.
- Confidential VMs based on AMD SEV-SNP enable effortless "lift and shift" of enterprise applications through the use of confidential VMs. While this approach allows for easy migration to the cloud, it also introduces a larger trust boundary and attack surface: an entire VM.
Here at Anjuna, our approach is to ensure customers have the best of both worlds, facilitating Confidential Containers that offer the isolation benefits of application enclaves, but with the simplicity of the Azure confidential VM chassis. With this in mind, now let’s take a closer look at the Anjuna implementation, how we enhance security and trust above and beyond the native functionality, and understand its benefits.
How Anjuna supports Azure confidential computing powered by AMD SEV-SNP
Anjuna takes you from zero to a fully protected container running in Azure AMD-based confidential computing in two simple steps that take no time and effort:
Anjuna simplifies operations by automating the build and attestation processes
Azure makes it easy to lift and shift applications to Azure confidential computing infrastructure. With just a few clicks from the Azure dashboard, you can select a VM type, a guest OS image, and configure storage, networking, management, and more. The result is a live VM with memory encryption. At this stage, you would then have to set up and configure attestation and secret management.
Attestation is critical for validating that the code you deploy is indeed trustworthy and has not been tampered with. Memory encryption alone is insufficient and remains vulnerable to malicious code. This blog post by Thomas Van Laere outlines the steps required to set up attestation and secure key release when working with Azure confidential VMs.
Our key goal is to build on the core capabilities of Azure to achieve maximum trust and security with minimal operational complexity, ultimately lowering the barrier to adoption of confidential computing for any organization. When using Anjuna with Azure, the enclave’s measurement is automatically computed during the build process without requiring additional work. By measuring at build time, we can guarantee the runtime integrity of the VM configurations, such as disk, networking, and instructions for loading secrets. This is also critical for establishing trust and harnessing the full isolation power of confidential computing.
Applications also need to start securely - with secrets and secure configuration without the risk of leakage. Building a complete attestation and secrets automation system is complex, especially when ensuring end-to-end security and independence from the cloud service provider. Anjuna also simplifies the secure distribution of secrets to applications with the Anjuna Policy Manager (APM). The APM is an attestation-aware secrets store and broker that facilitates the seamless retrieval and injection of secrets into Anjuna Confidential Containers. The Anjuna Confidential Runtime generates an attestation quote, verifies it with the APM, retrieves the secret, and injects it into the application. Importantly, this process happens seamlessly, abstracted away from the application, without the need for any modifications to the application. Customers can also use the APM to interface with their own key management systems.
Anjuna boosts security by minimizing trust boundaries
Azure confidential VMs offer robust protection against threats outside the VM, such as the hypervisor, host, cloud infrastructure operators, and other customers' VMs hosted on the same infrastructure.
With Anjuna, applications are automatically deployed as Anjuna Confidential Containers. This approach maintains the simplicity of "lift and shift" deployment while adding an extra layer of isolation and protection from threats that could arise from the guest OS, VM misconfigurations, other applications running within the same VM, and even the VM administrator in your own organization. The Anjuna Confidential Container offers a minimal attack surface by eliminating unnecessary OS services and restricting administrative access. Additionally,Iit reduces the blast radius by defaulting to a single confidential container per confidential VM. This approach ensures the integrity and confidentiality of each container, mitigating the risk of one compromised container affecting others.
When it comes to implementing remote attestation, Anjuna includes it out-of-the-box at the container level. In combination with our Confidential Containers, Anjuna allows customers to achieve precise, granular application-level remote attestation, enabling secure delivery of keys and secrets to designated workloads and maximizing trust.
At Anjuna, we firmly believe that Confidential Computing should be the foundational fabric of the cloud, fostering secure and reliable operations for organizations of all types. Through our collaboration with Microsoft Azure, we are dedicated to delivering solutions that transform security into a business enabler, offering simplified adoption without compromising on protection. We are excited about our new capabilities that enhance our customers’ advanced security needs, reduce risks, and support data-in-use compliance strategies.
We encourage you to access the Anjuna Platform directly through the Azure Marketplace. Additionally, we invite you to join us for an engaging live demo, where you can experience firsthand how Anjuna can revolutionize your confidential computing journey.