General availability: Azure confidential VMs (DCasv5/ECasv5-series VMs)
Published date: 20 July, 2022
Today we are announcing the general availability of Azure DCasv5/ECasv5 confidential VMs utilizing 3rd Gen AMD EPYC processors with Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) security features.
Azure confidential VMs are designed to offer a new, hardware-based TEE leveraging SEV-SNP, which hardens guest protections to deny the hypervisor and other host management code access to VM memory and state, protecting against operator access.
DCasv5/ECasv5 confidential VMs run on AMD 3rd Gen EPYCTM 7763v processors with boosted maximum frequency up to 3.5GHz, which provide hardware based VM memory encryption and integrity protection only available through SEV-SNP. Keys used for VM memory encryption are generated by a dedicated secure processor inside of AMD CPUs and cannot be read from software. Integrity protection is an enhanced capability only available with SEV-SNP security feature in AMD 3rd EPYC Gen, which hardens VM-level Isolation and integrity protection.
For latest information of regional availability, please refer to Azure Products by Region. To learn more about Azure confidential VMs (DCasv5/ECasv5), please refer to below links.
- Azure Confidential Computing – Protect Data In Use | Microsoft Azure
- Azure DCasv5 and DCadsv5-series confidential virtual machines - Azure Virtual Machines | Microsoft Docs
- Azure ECasv5 and ECadsv5-series - Azure Virtual Machines | Microsoft Docs
- DCasv5 and ECasv5 series confidential VMs| Microsoft Docs
- Create an Azure AMD-based confidential VM in the Azure portal | Microsoft Docs