This article provides answers to some of the most common questions about running confidential computing workloads on Intel SGX Azure virtual machines.
If your Azure issue is not addressed in this article, visit the Azure forums on MSDN and Stack Overflow. You can post your issue in these forums, or post to @AzureSupport on Twitter. You can also submit an Azure support request. To submit a support request, on the Azure support page, select Get support.
How can I deploy DCsv2 series VMs on Azure?
Here are some ways you can deploy a DCsv2 VM:
How can I deploy DCsv3 or DCdsv3 series VMs on Azure?
The v3 Intel SGX VMs currently in preview. You can deploy them the same way you can deploy a v2 Intel SGX VM:
Will all OS images work with Intel SGX virtual machines?
No. The virtual machines can only be deployed on Generation 2 operating machines with Ubuntu Server 18.04, Ubuntu Server 20.04, and Windows Server 2019 Datacenter. Read more about Gen 2 VMs on Linux and Windows
Intel SGX virtual machines are grayed out in the portal and I can't select one
Based on the information bubble next to the VM, there are different actions to take:
- UnsupportedGeneration: Change the generation of the virtual machine image to “Gen2”.
- NotAvailableForSubscription: The region isn't yet available for your subscription. Select an available region.
- InsufficientQuota: Create a support request to increase your quota. Free trial subscriptions don't have quota for some confidential computing VMs.
Intel SGX virtual machines don't show up when I try to search for them in the portal size selector
Make sure you've selected an available region. Also make sure you select “clear all filters” in the size selector.
Can I enable Accelerated Networking with Intel SGX on Azure confidential computing?
It depends. - Accelerated Networking isn't supported on DC-Series or DCsv2-Series virtual machines. Accelerated Networking cannot be enabled for confidential computing virtual machine deployment or Azure Kubernetes Service cluster deployment running on these VM sizes. - Accelerated networking is supported on DCdsv3-Series and DCsv3-Series VMs through CLI provisioning and ARM templates only.
Can I use Azure Dedicated Host with these machines?
Azure Dedicated Host support DCsv2-series virtual machines. Azure Dedicated Host provides a single-tenant physical server to run your virtual machines on. Users usually use Azure Dedicated Host to address compliance requirements around physical security, data integrity, and monitoring.
I get an Azure Resource Manager template deployment failure error: "Operation could not be completed as it results in exceeding approved standard DC Family Cores Quota"
Create a support request to increase your quota. Free trial subscriptions don't have quota for some confidential computing VMs.
What’s the difference between DCsv2-Series, DC-Series, DCdsv3-Series and DCsv3-Series VMs?
- DC-Series VMs run on older 6-core Intel Processors with Intel SGX and have less total memory, less Enclave Page Cache (EPC) memory, and are available in only two regions (US East and Europe West in Standard_DC2s and Standard_DC4s sizes). There are no plans to make these VMs Generally Available and they are not recommended for production use. To deploy these VMs, use the Confidential Compute DC-Series VM [Preview] Marketplace instance.
- DCsv2-Series VMs run on 8-core Intel Processors and have more total memory, EPC sizes, and are available in more regions. These machines are generally available.
- DCsv3-Series and DCdsv3-Series VMs are the latest generation of Intel SGX machines. In this generation, CPU Cores have increased 6x (up to a maximum of 48 cores), Encrypted Memory (EPC) has increased 1500x to 256GB, Regular Memory has increased 12x to 384GB. All these changes substantially improve the performance gen-on-gen and unlock entirely new scenarios. These VMs also support Intel Total Memory Encryption (TME). As of November 1st, 2021, these VMs are still in public preview and are not suitable for production use.
- DCdsv3-Series VMs are different from DCsv3-Series VMs because they have local disk support.
Are Intel SGX virtual machines available globally?
No. At this time, these virtual machines are only available in select regions. Check the products by regions page for the latest available regions.
Is hyper-threading OFF on these machines?
Hyper-threading is disabled for all Azure confidential computing Intel SGX machines.