Confidential Containers for vSphere Pods on AMD

With the advent of vSphere 7 Update 2 a new capability to further secure Kubernetes and applications under vSphere with Tanzu is available. This capability uses AMD’s SEV-ES functionality in second- and the recently announced third-generation AMD EPYC CPUs to create what we've called "Confidential Containers."

AMD SEV-ES support was announced as part of vSphere 7 Update 1 in October 2020, and provides deep hardware-based data-in-use security protections for workloads running inside vSphere. For more information about SEV-ES watch the introduction video on the vSphere YouTube channel.

With a simple annotation to a Kubernetes YAML file, you can now run a vSphere Pod that uses AMD SEV-ES to encrypt its memory and CPU register contents. SEV-ES ensures the memory used by each Pod is uniquely encrypted and undecipherable by the hypervisor or any other process or method. This enhances the security of vSphere Pods and the containers that they run by helping to protect CPU registers and memory from leaking guest information into the hypervisor. 

You’ll see in the image below how this works:

A link to the full documentation on how to configure and use this capability is under "Deploy a Confidential Container." Pay attention to the prerequisites! You will need a second- or third-generation AMD EPYC based system (code name "Rome" or “Milan”), as well as some BIOS configurations to set up the hardware to run the number of vSphere Pods and VMs you plan to enable AMD SEV-ES on.

If you’d like to see how this works in a demo, check out this video:

This feature is just another way of how vSphere continues to address the security needs of our customers. Incorporating this into vSphere with Tanzu means customers using Kubernetes to run modern workloads can easily extend their applications to take advantage of these new & advanced security capabilities on their AMD EPYC-based servers.