A confidential VM is a part of a VM instance in GCP Basically, It is used to give an extra layer of security to your VM. It maintains the confidentiality and Integrity of your data while in the process which secures both data in transit and data at rest.
One interesting about confidential VM is that they are Encrypted in memory, Which means even if the host has been hacked, they can't access the data in memory which is more secure.
Also, Confidential VM's are isolated from other tenants means they are dedicated only to that particular VM, not other resources, Which makes it a high level of security.
They have an encryption method which GCP provides KMS(Key management service) which we will talk about in further lessons.
For short KMS is a service which is used to encrypt your data.
To use a Confidential VM, You have to enable the service while creating your VM.
Once you enable confidential computing these settings will be automatically updated,
These are available in certain regions.
Machine series and machine types are limited for now.
C2D
N2D
Currently, only these OS can be used which are listed below:-
CentOS 8
Container-Optimized OS 89 LTS
Container-Optimized OS 93 LTS
Container-Optimized OS 97 LTS
Container-Optimized OS 101 LTS
Red Hat Enterprise Linux 8
SUSE Linux Enterprise Server 15 SP2 x86_64
SUSE Linux Enterprise Server 15 SP3 x86_64
Ubuntu 18.04 LTS
Ubuntu 20.04 LTS
That's it, for now, we will continue further more in next blog.
Hope you liked it. Will see you on the next topic ๐