Container Service for Kubernetes (ACK) - Releases Public Preview of Confidential Computing Clusters
Jan 31 2020Container Service for Kubernetes (ACK)
Target customers: users who have high requirements for data security, such as financial clients. Features released: based on Intel Software Guard Extensions (SGX), confidential computing clusters are particularly suitable for sensitive data protection and scenarios such as smart contracts in blockchains, user secrets processing, intellectual property protection, genetic computing in bioinformatics, and edge computing. Currently, you can create confidential computing clusters, manually expand clusters, enable auto scaling, and add different types of nodes to clusters. For more information, see https://help.aliyun.com/document_detail/150518.html. For more information about SGX application development, see https://developer.aliyun.com/article/740793. Container Service for Kubernetes also provides open source plug-in sgx-device-plugin to help you deploy SGX applications on Kubernetes clusters. For more information, see https://github.com/AliyunContainerService/sgx-device-plugin. Intel (R) Software Guard Extensions (Intel(R) SGX) is a set of central processing unit (CPU) instruction code developed by Intel. They allow developers to run application code and data in a special execution environment called enclave, which is built on hardware silos and memory encryption technology. Enclaves can also be referred to as Trusted Execution Environment (TEE). No other application, OS Kernel, BIOS, or hardware other than the CPU can access an enclave without verification. All data in enclave memory is encrypted. Users encrypt the code and data in an enclave with their private signing key obtained from Intel. An enclave can only be started after the signature is verified through remote certification service Intel IAS.