SPONSORED POST
Confidential computing powered by AMD EPYC™ processors
Shrink a potential security gap in virtualized environments and the cloud, with confidential computing. It helps protect data in use. Confidential computing can be enabled by AMD Infinity Guard, a suite of advanced security features built into AMD EPYC™ processors.[1]
AMD Infinity Guard includes Secure Encrypted Virtualization (SEV), which encrypts virtual machines (VMs) using an encryption key known only to the processor.
Challenge: Data in use can be vulnerable to snooping
Unencrypted data in use can open the door for bad actors to peer into a VM. This point of exposure is especially risky when your business depends on a high level of privacy.
- Financial Services: Must mitigate the risk of disclosure or alteration of financial data.
- Healthcare Required: to defend patient records against unauthorized access.
- Retail: Expected to secure customer data, including transactions.
- Manufacturing: Needs to automate confidently across on-premises and cloud infrastructures.
Solution: Shrink the privacy gap with confidential computing
Confidential computing helps keep data private while it’s in use. In the past, data remained undefended while it was being processed virtually or in the cloud. Confidential computing on AMD EPYC™ processors can be enabled using built-in security features like Secure Encrypted Virtualization (SEV), which helps protect data in use.[1]
- SEV helps ensure data privacy from bare metal to the cloud. It encrypts VMs with a unique encryption key known only to the processor.
- SEV-Encrypted State (SEV-ES) helps prevent the hypervisor from seeing data actively being used by a VM.
- SEV-Secure Nested Paging (SEV-SNP) adds strong memory integrity protection capabilities to help prevent attack by a malicious hypervisor.
Deep Dive: SEV with AMD EPYC™ Processors
A technical guide for virtualization developers, firmware engineers, and performance teams, covering server configuration, BIOS access, and secure deployment best practices.
Encrypt data in use
Encrypt data while its being processed. Help isolate it from malicious users, the hypervisor, even admins.
Migrate easily
Efficiently move current x86 instances to AMD EPYC™ powered instances. Little to no code rewrites required.
Don’t compromise performance
Enjoy advanced security features with virtually zero impact to performance.
Partners: Confidential computing solutions
Take advantage of confidential computing in the cloud and virtualized environments when you select VM instances powered by AMD EPYC™ processors with SEV enabled.
Cloud Platform and Kubernetes Engine
VMware® vSphere 7.0U1
Azure Confidential VMs
There are also a variety of independent software vendors (ISVs) supporting SEV to help secure bare metal public cloud providers and hosts utilizing AMD EPYC™ processors.
AMD Data Center Solutions
We are the market leader in CPU technology at a time when many businesses are modernizing their data centers. That’s a responsibility we take seriously. It’s why AMD is strengthening its commitment to drive data center innovation now and into the future. Our solutions are backed by long-term roadmaps for continuous technological advancement and ongoing optimization of your IT investment.
AMD is the ideal partner today and tomorrow. We deliver more choice and outstanding value with future-ready solutions that offer high performance, easy scalability, and advanced security features.
Five reasons to use AMDsev for confidential computing
AMD Secure Encrypted Virtualization (SEV) is a field-tested, proven approach for confidential computing that uses hardware to help virtual machines (VMs) protect workloads and data in use, on demand.
A component of AMD Infinity Guard,[2] AMD SEV is built into AMD EPYC™ 7000, 8000, and 9000-series Server CPU-based platforms.
1) Protect data in use today — and support your zero-trust security goals
In the cloud or on premises, AMD SEV is ready to run whenever you need it. It’s based on the “never trust, always verify” principles of zero-trust security and is designed to help protect the VM tenant’s data from other VMs, applications, hypervisors, and administrators.
- AMD SEV extends zero-trust principles to the hypervisor so that guests no longer have to trust the hypervisor by default.
2) Enhance vm and container security, with no code changes
It’s easy to deploy workloads with AMD SEV. Simply spin up a VM or container on a supported cloud instance or OEM platform to establish a Trusted Execution Environment (TEE). The TEE isolates the VM’s guest OS, applications, and data from the host OS, hardware, and hypervisors — no coding, tuning, or tweaking required.
- AMD SEV supports up to 1006 individual keys.[3]
SEV memory encryption can cover the whole host memory, including CXL® memory expansion.
3) Build a secure foundation for confidential ai
With confidential VMs that enable entirely encrypted AI workflows, even industries with highly sensitive and regulated data, like healthcare and finance, can take advantage of AI and drive innovation.
- With AMD SEV, multiple parties can share information without exposing their source data, better enabling collaborative AI.
4) Lean on open standards and valuable transparency
AMD SEV is interoperable by design. It aligns with industry APIs and protocols, such as the TEE Device Interface Security Protocol (TDISP), to deliver confidential VMs and trusted I/O.
- To strengthen transparency and community collaboration, AMD published the SEV firmware source in 2023. Developers can find it on GitHub.
5) Run on premises or in the cloud with the industry’s go-to ecosystem for confidential computing
AMD SEV is supported by Alibaba, AWS, Azure, Google Cloud Platform, and Oracle Cloud Infrastructure plus a host of operating systems including Canonical, Fedora, Microsoft, Red Hat, and SUSE, plus virtualization platforms from VMware, Nutanix, OpenStack, and HPE VME.
- AMD SEV is the most mature and broad confidential computing technology available for cloud and on-premises deployments.[4]
Confidential computing starts with AMD SEV on AMD EPYC™SERVER cpus
AMD SEV is built into AMD EPYC™ 7000, 8000, and 9000-series Server CPUs, [5] so you can protect data in use everywhere, from on-premises data centers to the world’s leading cloud providers.
Performance-related information
1.
AMD Infinity Guard features vary by EPYC™ Processor generations. Infinity Guard security features must be enabled by server OEMs and/or Cloud Service Providers to operate. Check with your OEM or provider to confirm support of these features. Learn more about Infinity Guard at https://www.amd.co1m/en/technologies/infinity-guard. GD-183
©2021 Advanced Micro Devices, Inc. all rights reserved. AMD, the AMD arrow, EPYC, and combinations thereof, are trademarks of Advanced Micro Devices, Inc.
2.
AMD Infinity Guard features vary by EPYC™ Processor generations and/or series. Infinity Guard security features must be enabled by server OEMs and/or Cloud Service Providers to operate. Check with your OEM or provider to confirm support of these features. Learn more about Infinity Guard at https://www.amd.com/en/technologies/infinity-guard. (GD-183A).
3.
4th Generation AMD EPYC 8004, 9004, and 9005 processors support up to 1006 keys.
4.
Confidential Computing on EPYC is enabled by the SEV security feature, which was introduced with 1st Generation EPYC in 2017. 2nd Gen EPYC powered the first confidential computing cloud instance in Google Cloud in 2020. EPYC: powers the highest number of confidential VM options available on all major CSP; Supports both host and guest in the Linux Kernel; Is available on all major Linux Distributions; Has support on VMware; supports confidential containers. (EPYC-056).
5.
AMD SEV is not available in 4004 and 4005 series AMD EPYC Server CPUs.
© 2025 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo, EPYC, and combinations thereof are trademarks of Advanced Micro Devices, Inc. in the United States and other countries. Other product names used in this publication are for identification purposes only and may be trademarks of their respective owners.
Andere Nutzer haben auch folgende Artikel gelesen
NIS2 leicht gemacht: Wie unveränderbarer Speicher zur Compliance beiträgt
Die neue NIS2-Richtlinie stellt Unternehmen vor die Herausforderung, ihre Cybersicherheitsmaßnahmen zu verstärken und ihre Datenintegrität zu gewährleisten. Mit unveränderbarem Speicher (Immutable Storage) können sie sicherstellen, dass kritische Daten dauerhaft geschützt sind und nicht manipuliert werden können. Diese Technologie bietet nicht nur erhöhte Sicherheit, sondern erfüllt auch die strengen Anforderungen der NIS2.
Entdecken Sie, wie Immutable Storage auch Ihr Unternehmen bei der Einhaltung der Richtlinie unterstützt und gleichzeitig Ihre sensiblen Informationen absichert.
Successfully implementing AI:
Understand the challenges, seize the opportunities
AI is transforming the business world. However, successfully implementing AI…
Object storage for AI applications:
scalable storage for data-intensive workloads
Artificial intelligence needs data – and vast amounts of it. Traditional…
Europe’s digital sovereignty:
between ideal and business reality
Digital sovereignty is more than just a buzzword: it determines control over…
High performance computing in automotive engineering
In the world of automotive engineering, simulations are a central building…
Foundation for the security of IT ecosystems
In a data-driven world, opportunities and risks are rising equally. AMD…
Big Data management for SMBs and SMEs
‘Big Data’ and the ‘uncontrolled growth of data’ – these buzzwords/phrases…