Imagine a computer system as a nice apartment building. You have multiple layers of locks on the doors (defense-in-depth), security cameras in the hallways and lobby, and a trustworthy building manager. But at the end of the day, the building manager has a master key. They promise not to use it, and you trust them, but the key still exists.
This is how security generally operates for modern computer systems, whether it’s a hypervisor like VMware ESX, or Linux, Microsoft Windows, or a mainframe. The operating system kernel is the building manager and has a key. This model generally works because workloads running on these systems are managed and operated by the same organization, under the same security rules. If you decide you cannot trust our proverbial building manager, such as when a vulnerability is disclosed, you patch it and restore the trust.
Confidential computing changes that dynamic. It’s like having an apartment where even the building manager can’t get in without your permission. Your data stays encrypted even while it’s being processed, with keys that only your workload controls. The hypervisor can still manage resources and keep things running smoothly. It just can’t peek inside.
Why This Matters
VMware introduced confidential computing support five years ago, supporting AMD SEV-ES and Intel SGX. With VMware Cloud Foundation 9.0, we extend that to AMD SEV-SNP and Intel TDX. It’s very easy to use these technologies inside Cloud Foundation, especially with VMware Kubernetes Services (VKS). Since then, interest has grown quite a bit, for three big reasons.
First, multi-tenancy is everywhere. Whether you’re a service provider who hosts customer workloads or an enterprise with different business units sharing infrastructure, the ability to cryptographically isolate workloads from each other (and from the infrastructure itself) transforms your risk profile.
Second, regulations. Industry-specific regulations now explicitly require data isolation and encryption in ways that traditional security controls struggle to satisfy. Confidential computing gives you a strong cryptographic answer to auditor questions.
Third, and perhaps the most important one: the threat landscape has evolved. Organizations are not just worried about external attackers anymore. Supply chain attacks, insider threats, and compromised infrastructure are real concerns. Confidential computing helps protect against threats we haven’t discovered yet, including hardware vulnerabilities, where CPUs, memory controllers, and I/O controllers continue to have flaws that expose data to unauthorized processes.
Confidential Computing in VCF 9.0
In VMware Cloud Foundation 9.0, we’ve introduced support for AMD SEV-SNP and Intel TDX. We often say that security always involves tradeoffs, and that is true here too. AMD SEV-SNP and Intel TDX were designed by AMD and Intel, respectively, to help alleviate some of the biggest issues when using confidential computing technologies. This includes operational concerns. When these technologies are in use and the hypervisor loses visibility into the workload, it also loses the ability to migrate workloads with vMotion, take snapshots, and so on. Encryption also always comes at a cost, measured in CPU cycles, which means performance differences when these technologies are enabled. “How much of a difference?” you might ask. “It depends on the workload,” we’d answer.
As shipped, VCF 9.0 has the same level of workload functionality for AMD SEV-SNP and Intel TDX that we had for AMD SEV-ES and Intel SGX. Our vision for confidential computing in Cloud Foundation is to re-enable those capabilities where it makes sense, so that a confidential, protected virtual machine or container can be protected without sacrificing other aspects of security, like patching or workload resilience.
Organizations should also be able to grow into solutions like this too, both for stepping carefully into this world but also for being able to choose not to use these technologies where they don’t make sense. VMware infrastructure products have always been about being flexible, and this is no different. At the end of the day, security is about reducing risk in practical ways, managing tradeoffs, and having the right tools for the job.
VMware Cloud Foundation 9 is here for that.
For more information, please reach out to your account team. We also maintain security hardening, compliance, and feature-specific Q&A in our GitHub repository: https://brcm.tech/vcf-security
