Civo creates ultra-high performance Kubernetes on Intel SGX

11 months ago 84

Civo is a cloud-native service provider powered only by Kubernetes, a state of being that enables the company (by its own classification) to call itself a pure-play cloud player.

The company, in collaboration with Intel Corporation, has now unveiled the alpha version of a Kubernetes system operating in a secure enclave – a development that is said to be a world first.

This news all forms part of Civo’s Confidential Computing offering of a hardware-based security solution designed to help protect data in use via application-isolation technology. 

Using 4th generation Intel Xeon Scalable Processors, previously codenamed Sapphire Rapids and Intel Software Guard Extensions (Intel SGX), Civo deployed a Kubernetes API within the secure enclave. 

The Kubernetes API ran in a highly-secure encrypted environment. 

Verification at start-up

Once in the enclave, hardware-enforced access controls meant that the Kubernetes API process was verified at start-up and remained unmodified and validated during runtime. In addition to this, the data in the enclave was encrypted and unable to be accessed by anyone, running separately from the operating system and virtual machine management layer. 

Intel SGX is widely lauded as a vital component of data protection and for its ability to provide confidential computing. 

Civo will make the solution available on both its public cloud and edge computing services, with users able to purchase whole racks of servers secured by Intel SGX and deploy them into their own environment. 

Ultra-high performance Kubernetes

The 4th Gen Intel Xeon Scalable Processors contain purpose-built workload accelerators that enable greater speed and power efficiency, allowing more resources to be used by end users. Intel SGX offers users granular control and protection of their data security, using hardware-based memory encryption to isolate specific application code and data in memory.

“The ethos around Civo Navigate was to innovate and educate, and part of that involves exploring new ways of doing things. We’re always looking to push the boundaries with concepts not available from other cloud providers, and an area we’re seeing increased demand is for improved Kubernetes security,” ...

Read Entire Article