From Open Source Project to Secure Enterprise Solution

Confidential Containers is an open source sandbox project of the Cloud Native Computing Foundation that enables cloud-native confidential computing. Confidential Containers builds on hardware security technologies and combines them with new software frameworks to increase the security of the user data used. As part of the project, confidential computing was standardized at container level and its use in Kubernetes was simplified.

This allows Kubernetes users to deploy secure container workloads with familiar workflows and tools without extensive knowledge of confidential computing technologies. Renowned providers have supported the project from the outset. Red Hat offers the OpenShift Confidential Containers feature based on Red Hat OpenShift Sandboxed Containers. It extends the security functions of OpenShift. This enables companies to provide and manage confidential workloads with improved data protection.

OpenShift Confidential Containers is now also generally available on Microsoft Azure. This enables companies to reliably protect their sensitive applications and data on Azure. Security is significantly increased as the workloads are isolated in a hardware-protected, trusted execution environment and the data is protected from external access and remains encrypted even during processing.

A key feature of Confidential Containers is the integration of the Trusted Execution Environment infrastructure into the cloud-native world. A TEE is a hardware-based, isolated environment with increased security. It also forms the basis for OpenShift Confidential Containers in combination with a special virtual machine called "Confidential Virtual Machine" (CVM), which is executed within the TEE. The solution uses CVMs to run pods, creating a confidential container for the secure execution of workloads.

Another important feature of Confidential Containers is attestation, a process for checking whether the target TEE on which the workloads are to be executed is actually trustworthy. By combining TEE and attestation, Confidential Containers provides a secure environment and protects code and data from access by privileged users such as administrators. Remote attestation is used here to separate the responsibility of the cloud operator and the attestation, thus further increasing security.

The technological complexity has no impact on the user, as all functions are provided automatically via OpenShift Confidential Containers.
Typical use cases for the use of confidential containers can be found in a wide range of industries. The same applies to the SAP integration of business-critical, containerized processes with high security and privacy requirements. Confidential containers are the ideal environment for secure AI model training with confidential data.

Support for bare metal servers

The OpenShift Confidential Containers solution is under continuous development and Red Hat plans to support additional environments, including bare metal servers, additional public clouds and managed services. New features will also be introduced, such as support for Confidential GPUs, with a particular focus on joint attestation of the CPU and GPU.

Overall, however, the open source project Confidential Containers and the rapid deployment of curated solutions such as OpenShift Confidential Containers or Confidential Containers on Microsoft Azure already make one thing abundantly clear today: open source should not be missing from any enterprise architecture and platform decision or modernization strategy in terms of future-proofing.

Continue to the partner entry: