Choosing container compute offerings for confidential computing

Azure confidential computing offers multiple types of containers with varying tiers of confidentiality. You can use these containers to support data integrity and confidentiality, and code integrity.

Confidential containers also help with code protection through encryption. You can create hardware-based assurances and hardware root of trust. You can also lower your attack surface area with confidential containers.

The diagram below will guide different offerings in this portfolio

Choosing offerings with confidential containers.

Azure Container Instances with Confidential containers (AMD SEV_SNP) are the first serverless offering that helps protect your container deployments with confidential computing through AMD SEV-SNP technology. Read more on the product here.

There are two programming and deployment models on Azure Kubernetes Service (AKS).

Unmodified containers support higher programming languages on Intel SGX through the Azure Partner ecosystem of OSS projects. For more information, see the unmodified containers deployment flow and samples.

Enclave-aware containers use a custom Intel SGX programming model. For more information, see the the enclave-aware containers deployment flow and samples.

Learn more