On behalf of all Canonical teams, I am happy to announce the general availability of Ubuntu 22.04 Confidential VMs (CVMs) on Microsoft Azure! They are part of the Microsoft Azure DCasv5/ECasv5 series that leverage the latest security extensions of the third generation of AMD CPUs, Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).
As such, Ubuntu 22.04 CVMs can protect your public cloud workloads even against a strong adversary that might compromise the cloud’s privileged system software (hypervisor, host OS, firmware), as well as a potentially malicious or compromised cloud provider administrator with undue access to your VMs.
Confidential computing is an industry-wide effort that requires the cooperation of several stakeholders. On the hardware side, silicon providers have been investing considerable resources into maturing their Trusted Execution Environment (TEEs) offerings. Public cloud providers (PCPs) have been one of the main adopters of such TEEs. In order to make running confidential workloads easy for their users, PCPs have been focusing on enabling a “shift and lift” approach, where entire VMs can run unchanged within the TEE. What this means is that developers neither have to refactor their confidential applications nor rewrite them. What this also means is that the guest operating system needs to be optimised and enabled to support the user applications to leverage the platform’s underlying hardware TEE capabilities, and to further protect the VM while it’s booting, and when it’s at rest.
This is exactly what Canonical Ubuntu has been working on for the past couple of months! Thanks to a close collaboration with Microsoft Azure, Ubuntu 22.04 CVMs on Azure are ready for you, today, to build confidential public cloud workloads.
Ubuntu CVMs achieve such strong security guarantees by securing your VMs throughout their entire lifecycle:
By using Ubuntu 22.04 CVMs, you add an additional layer to your defense-in-depth architecture and reduce the attack surface of your Azure workloads. Ubuntu handles the complex tasks involved, enabling you to achieve this new level of security without friction.
If you are already using the public cloud, you can only benefit from running your VMs as confidential VMs instead! If you have security concerns that are preventing you from using the public cloud, the advances in confidential computing warrant that you re-evaluate your risk assessment, and reach the conclusion that best suits your organisation.
At Canonical, we believe that confidential computing and privacy enhancing technologies will be the default way of doing computing in the future. This is why Canonical Ubuntu confidential VMs are available for free. On Azure, you can always augment your Ubuntu CVMs with Canonical’s Ubuntu Pro services, that offers an extended security maintenance of 10 years, certified and hardened images and kernel livepatch capabilities.
This is just the beginning of Canonical Ubuntu’s confidential computing journey! Come along, and stay tuned for many more exciting announcements about our expanding portfolio.
One of the most critical gaps in traditional Large Language Models (LLMs) is that they…
Canonical is continuously hiring new talent. Being a remote- first company, Canonical’s new joiners receive…
What is patching automation? With increasing numbers of vulnerabilities, there is a growing risk of…
Wouldn’t it be wonderful to wake up one day with a desire to explore AI…
Ubuntu and Ubuntu Pro supports Microsoft’s Azure Cobalt 100 Virtual Machines (VMs), powered by their…
Welcome to the Ubuntu Weekly Newsletter, Issue 870 for the week of December 8 –…