Bemærk
Adgang til denne side kræver godkendelse. Du kan prøve at logge på eller ændre mapper.
Adgang til denne side kræver godkendelse. Du kan prøve at ændre mapper.
Azure Confidential Computing (ACC) enables organizations to securely process and collaborate on sensitive data, such as personal data or protected health information (PHI). ACC provides built-in protection against unauthorized access by securing data in use through Trusted Execution Environments (TEEs). This protection enables secure real-time analytics and collaborative machine learning across organizational boundaries.
Understanding the architecture
Azure Database for PostgreSQL flexible server supports Azure Confidential Computing through Trusted Execution Environments (TEEs), which are hardware-based, isolated memory regions within the CPU. The operating system, hypervisor, and other applications can't access data processed inside the TEE.
- Code runs in plaintext within the TEE but remains encrypted outside the enclave.
- Data is encrypted at rest, in transit, and use.
- The operating system, hypervisor, and other applications can't access protected data.
Processors
You enable Azure Confidential Computing in Azure Database for PostgreSQL flexible server by selecting a supported confidential virtual machine (VM) SKU when creating a new server. Only AMD SEV-SNP processors are supported.
Note
Intel TDX processors aren't currently supported for Azure Database for PostgreSQL flexible server.
Virtual machine SKUs
The SKUs that support Azure Confidential Computing (ACC) for Azure Database for PostgreSQL flexible server are:
| SKU Name | Processor | vCores | Memory (GiB) | Max IOPS | Max I/O Bandwidth (MBps) |
|---|---|---|---|---|---|
| Dcadsv5 | AMD SEV-SNP | 2-96 | 8-384 | 3750-80000 | 48-1200 |
| Ecadsv5 | AMD SEV-SNP | 2-96 | 16-672 | 3750-80000 | 48-1200 |
Steps to deploy a server with confidential computing
Using the Azure portal:
Select a region that supports Azure Confidential Computing for Azure Database for PostgreSQL flexible server. Then, in the Compute + storage section, select Configure Server.
Select your Compute tier and Compute processor.
Expand the Compute size and select one of the confidential compute SKUs with an appropriate size to satisfy your needs.
Deploy your server.
Compare
Let's compare Azure Confidential Compute virtual machines and Azure Confidential Computing.
| Feature | Confidential Compute VMs | ACC for Azure Database for PostgreSQL |
|---|---|---|
| Hardware root of trust | Yes | Yes |
| Trusted launch | Yes | Yes |
| Memory isolation and encryption | Yes | Yes |
| Secure key management | Yes | Yes |
| Remote attestation | Yes | No |
Limitations and considerations
Evaluate the limitations carefully before deploying in a production environment.
- Confidential Computing is only available in the following regions: UAE North region, and West Europe.
- Only AMD SEV-SNP processors are supported. Intel TDX processors aren't currently compatible with Azure Database for PostgreSQL flexible server.
- Point-in-time restore (PITR) from nonconfidential compute versions to confidential ones isn't allowed.