Running sensitive workloads in cloud environments often means operating on infrastructure that isn’t fully under your control. Even when data is encrypted at rest and in transit, the runtime environment can still expose critical information if the underlying hypervisor must be trusted.

What Is Confidential Computing?

Confidential Computing addresses this challenge by protecting data while it is in use. By leveraging hardware-assisted secure virtualization, workloads run with encrypted memory, ensuring that sensitive information remains inaccessible even to the host system itself. This approach is particularly relevant in regulated environments, cross-border deployments, or shared cloud infrastructures.

To enable this, the hypervisor’s CPU must support dedicated security extensions. AMD processors rely on Secure Encrypted Virtualization (SEV), while Intel platforms use Trusted Domain Extensions (TDX). These features must be enabled in the system BIOS and properly exposed through the virtualization stack.

Implementing Confidential Workloads with OpenNebula

The environment demonstrated consists of an OpenNebula Frontend managing two KVM hypervisors configured with SEV support and the necessary libvirt permissions. Confidential workloads are deployed across two geographically distributed cloud environments—one in Madrid and the other in Berlin—leveraging CPU-level security features to provide strong runtime isolation.

Confidential workloads are deployed using a dedicated virtual machine template that defines a launch security policy, allocates the additional memory required by SEV-enabled guests, exposes SEV flags by using host-passthrough CPU model , and uses UEFI with the machine type. Scheduling ensures that these workloads are instantiated only on compatible hosts.

Native Confidential Computing support will be introduced in OpenNebula 7.2. Until then, the required configuration is applied using a RAW template snippet.

Once deployed, confidential and standard virtual machines can run side by side on the same hypervisors. The demo validates Confidential Computing by verifying encrypted memory support inside the confidential guest and showing that this memory remains inaccessible from the host, while memory from standard virtual machines is visible. This demonstrates how hardware-assisted memory encryption enforces runtime isolation without requiring trust in the hypervisor.

Watch the Full Demo: Distributed Confidential Cloud Computing

The demo walks through the full configuration and validation process, from identifying SEV-capable hosts to deploying and verifying confidential workloads.

In the demo, you’ll see how to:

• Identify hypervisors that support Virtual Machine memory encryption.
• Configure a virtual machine template for secure workloads
• Deploy confidential and standard virtual machines in parallel
• Verify encrypted memory support and runtime isolation

More screencasts are available here.

Confidential Computing enables sensitive workloads to run securely even in environments where the underlying infrastructure cannot be fully trusted. By combining hardware-assisted memory encryption with centralized management, OpenNebula provides a practical foundation for deploying confidential workloads across distributed cloud environments.

---

---