Confidential containers on Microsoft Azure with Red Hat OpenShift Sandboxed Containers 1.10 and Red Hat Build of Trustee

Red Hat OpenShift sandboxed containers 1.10 has been released, bringing enhanced security and isolation capabilities to your Red Hat OpenShift environments. This marks the general availability of confidential containers on Microsoft Azure, and introduces the new Red Hat build of Trustee, which provides attestation services so your confidential workloads can run with integrity in the cloud. 

OpenShift sandboxed containers delivers a lightweight and powerful way to run workloads in isolation. Confidential containers add an additional layer for hardware-protected environments, leveraging Trusted Execution Environments (TEE) to enable containerized confidential computing. With version 1.10, we continue our commitment to helping organizations protect sensitive data in use, improve workload isolation, and meet stringent compliance requirements, all while embracing the flexibility of cloud-native applications and multi-cloud deployments.

A new era of trusted execution

Additionally, Red Hat build of Trustee is now generally available. This is a new product built on the innovative upstream Trustee project, providing progressive solutions for TEE, and is a key part of Red Hat's confidential computing effort to protect customer data while in use.

Red Hat build of Trustee offers a comprehensive solution for applications requiring strong integrity and confidentiality guarantees, extending the security posture of your deployments. By leveraging the principles of the Trustee project, you can run sensitive workloads with increased confidence, knowing your data is protected even while it's being processed. 

Together, the Red Hat build of Trustee and confidential containers on OpenShift form a robust solution to more securely isolate workloads, even in untrusted environments.

What's new in confidential containers with Red Hat OpenShift sandboxed containers 1.10

This release introduces several key improvements and new functionalities both for confidential containers and for Red Hat build of Trustee:

• Integrity protection: Prevents unauthorized changes to the confidential virtual machine (CVM) disk by verifying its integrity, even when accessed outside the secure environment. This helps ensure sensitive workloads remain trusted and uncompromised, helping protect your business from advanced threats, maintain compliance, and safeguard operational continuity
• Secure workload initialization: Allows you to provide trusted configuration data at startup, ensuring that each confidential container is launched with verified, tamper-proof settings
• Sealed secrets: Sensitive data is encapsulated and only made available inside a trusted execution environment (TEE) after verifying its integrity. This protects sensitive data from unauthorized access, reduces risk, and supports compliance in untrusted environments
• Secure cloud bursting: Extend your on-premises OpenShift cluster to run confidential workloads in Azure while maintaining data protection and compliance in the cloud. This enables flexible, scalable use of public cloud resources for sensitive workloads, without compromising security or trust

For a complete list of features and additional technical information, read Deploy sensitive workloads with Confidence: OpenShift confidential containers.

Support for confidential containers on Microsoft Azure

You can now confidently run your most sensitive, containerized workloads on Microsoft Azure with the general availability of confidential containers capabilities on OpenShift. This powerful feature, previously in technology preview, enables data to stay encrypted and isolated even during processing, reducing risk and supporting compliance in the cloud. Soon, this capability will also be fully supported for managed OpenShift customers through Azure Red Hat OpenShift, making it even easier to protect your workloads at scale.

Unlock the value of confidential computing

It's time to explore OpenShift sandboxed containers 1.10, the Red Hat build of Trustee, and confidential containers on OpenShift for Azure, to find out how they can protect your most sensitive workloads and strengthen your cloud strategy. Stay tuned for additional in-depth resources and documentation coming soon. Start unlocking the power of confidential computing today, and speak with your Red Hat representative or try it now at try.openshift.com.