Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Launching Your Ubuntu Confidential VM with Intel® TDX on Google Cloud: A Guide to Enhanced Security

Hugo Huang

on 2 October 2024

In the world of cloud computing, we rely on abstraction layers to manage complex systems. While this simplifies development, it also creates vulnerabilities for sensitive data. Traditionally, privileged software within the cloud has access to your data, and could pose a significant security risk, if not managed properly.

But there’s a new way to protect your data: confidential computing. This technology utilizes hardware-based Trusted Execution Environments (TEEs) to secure data “in use,” ensuring it cannot be accessed or modified by unauthorized parties, including the cloud provider itself.

Intel® Trust Domain Extensions (Intel® TDX) is a key player in this field, offering a hardware-based isolation layer for virtual machines (VMs) running on Intel processors. This technology has been integrated into Google Cloud, and with Ubuntu’s comprehensive support, it’s easier than ever to run your workloads securely.

Here’s how to launch your Ubuntu Confidential VM with Intel® TDX on Google Cloud:

  1. Choose the Right Machine: Select the C3 machine series in Google Compute Engine, which utilizes 4th Gen Intel® Xeon Scalable CPUs and supports Intel® TDX technology.
  2. Use the Google Cloud CLI: In the Google Cloud CLI, utilize the instance create subcommand and specify –confidential-compute-type=TDX to enable Intel® TDX for your VM.

Example Command:

gcloud compute instances create INSTANCE_NAME \
  --machine-type MACHINE_TYPE --zone us-central1-a \
  --confidential-compute-type=TDX \
  --on-host-maintenance=TERMINATE \
  --image-family=IMAGE_FAMILY_NAME \
  --image-project=IMAGE_PROJECT \
  --project PROJECT_NAME

Where:

  • MACHINE_TYPE is the C3 machine type to use.
  • IMAGE_FAMILY_NAME is the name of the Confidential VM-supported image family to use, such as Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.04 LTS Pro Server.
  • IMAGE_PROJECT is the project where the image resides.
  • PROJECT_NAME is your Google Cloud project.

Benefits of Ubuntu Pro with Intel® TDX:

  • Enhanced Security: Ubuntu Pro offers features like live kernel patching, ensuring continuous uptime and security.
  • Extended Support: You get ten years of long-term support (LTS) for your Ubuntu Pro installation, providing stability and reliability for your workloads.
  • Compliance: Ubuntu Pro meets stringent security standards like FIPS and CIS, making it ideal for highly regulated environments.

Get Started Today:

Embrace the latest advancements in security technology and enjoy peace of mind knowing your data is protected with Intel® TDX. Launch your Ubuntu Confidential VM on Google Cloud today!

Additional Resources:

By leveraging the power of confidential computing with Ubuntu and Google Cloud, you can unlock a new level of data security and trust in your cloud deployments.

Talk to us today

Interested in running Ubuntu in your organisation?

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

Start your Ubuntu Confidential VM with Intel® TDX on Google Cloud

Confidential computing directly addresses the question of trust between cloud providers and their customers, with guarantees of data security for guest...

Canonical and Intel’s strategic collaboration brings you confidential computing with Intel® TDX on Ubuntu

Ensuring data security at run-time has long been an open computing challenge and a tough problem to solve. This gap arises because data must be decrypted in...

Intel® TDX 1.0 technology preview available on Ubuntu 23.10

Today’s security landscape faces a significant challenge: the lack of adequate protection for data in active use. Data breaches can happen at runtime (that...