Protecting sensitive workloads in untrusted environments has become a key priority as enterprises continue their digital transformation journeys. From regulated industries like finance and healthcare to defense and critical infrastructure, the demand for confidential computing, where data is protected while in use, not just at rest or in transit, is accelerating.
IBM Hyper Protect Confidential Container (HPCC) for Red Hat OpenShift Container Platform allows businesses to process sensitive workloads in untrusted environments such as public clouds or third-party operated shared data centers, and aids in full data protection. With the introduction of IBM LinuxONE 5 and HPCC for Red Hat OpenShift, businesses can benefit from confidential computing technology, multiparty contract and attestation, and container runtime and OCI image integrity. This integration enables more secure confidential container deployment.
The problem: Data in use is vulnerable
Traditional container runtimes offer a certain degree of isolation, but they still leave sensitive data exposed to the host kernel, hypervisor, or even cloud provider admins. This is a serious concern for highly sensitive workloads, especially when run on shared infrastructure.
Confidential Containers (CoCo) solves this problem by using hardware-based trusted execution environments (TEEs) to protect containerized workloads. However, successfully deploying CoCo in enterprise settings requires tight integration with secure infrastructure and orchestration platforms.
Enter OpenShift sandboxed containers
Red Hat OpenShift sandboxed containers is a hardened and enterprise-supported implementation of Kata Containers, offering enhanced workload isolation using lightweight virtual machines (VMs) for each container. It acts as a bridge to adopt Confidential Containers by integrating seamlessly with the OpenShift application platform.
With OpenShift sandboxed containers, workloads that require high levels of trust can run in a container-native form while achieving VM-level isolation, an ideal fit for confidential computing use cases.
Introducing IBM Hyper Protect Confidential Containers and IBM Secure Execution for Linux
The Hyper Protect product family uses the Confidential Virtual Machine technology IBM Secure Execution for Linux to safeguard the entire data lifecycle. Compared to other confidential computing technologies, IBM Secure Execution for Linux has the unique concept of a third-party certified identity of each system produced and an encrypted image to be deployed as the CVM. The images are always encrypted, so they can only be deployed on a given set of systems.
The IBM LinuxONE 5 system generation introduced additional capabilities tailored for the Confidential Containers: Attestation APIs for a given enclave, as well as the ability to inject secrets through the enclave into a system to enable sealed secrets.
Hyper Protect Confidential Containers also take advantage of the established encrypted contract concept, also called Hyper Protect Contract (HPC). This common value proposition of the Hyper Protect family enables each persona to provide its contribution, while being designed to help ensure through encryption, that none of the other personas can access this data or intellectual property. It enables a multiparty contract to be added and a certification of deployment on Red Hat OpenShift with the sandboxed container add-on. This makes it possible to apply zero trust principles from workload development through deployment.
As multiple personas and legal entities collaborate, it is essential to have a separation of duties and access. The HPCC deployment can be validated by an auditor persona through an attestation record, which is signed and encrypted and designed to help ensure only the auditor has this level of insight. HPCC can obtain and decrypt wrapped or sealed secrets without access to an external key management system. These are provided to a given workload deployed in HPCC, which has an instant workload identity or is able to perform zero-knowledge proofs.
This encrypted contract and attestation record created at deployment enables alternative attestation and zero-knowledge verification beyond the common way to have another Trustee instance. This also applies to the Trustee instance itself if deployed upon Hyper Protect. Through encryption, the workload identity of Trustee, along with any secrets and policies, can be established at deployment to build the trust anchor for such an environment.
Hyper Protect Confidential Container was closely developed with the larger Confidential Computing community (especially the Cloud Native Computing Foundation’s Confidential Containers project) to ensure the seamless integration into the OpenShift sandboxed containers (Figure 1). The HPC is added as an annotation to a given deployment YAML, and as of version 1.8, the add-on is capable of using use a third-party-provided image to be deployed in the Confidential Virtual Machine.
Target personas and their use cases
Here are some examples of how IBM Hyper Protect and OpenShift sandboxed containers address the specific needs of various stakeholders, as illustrated in Figure 2:
- Environment operator: Takes advantage of the ability to consolidate clusters while providing a technically assured separation of the individual services as well as reducing the blast radius and cross-contamination from a security as well as compliance perspective.
- Solution provider on a third-party operated OCP: Deploy a solution while being technically assured that neither the Service Provider nor the Solution User can access your IP or integrated models and secrets beyond the defined interfaces. Take advantage of cloud-native deployment models and sandboxed containers to segregate your larger solution into individually isolated services and pods.
- Workload/service users using a third-party provided solution operated on a multitenant environment: Establish instant trust to a workload based on encryption as it is deployed with an identity and provides attestation evidence. Through the data-in-use protection and the workload concept, it is technically assured that any given pod instance is protected against access by the workload or solution provider as well as the platform administrator.
- Confidential AI: A premier example, where all 3 individual use cases mentioned above and the central concept of an encrypted contract come together for a unique security value proposition.
Final thoughts
For enterprise customers and their chief information security officers, security, and enterprise architects, data security and privacy are paramount.
With increasing regulatory demands and the escalating cost and frequency of data breaches, privacy-enhancing technologies are maturing and being widely adopted by cloud service providers. These technologies assure customers that their data remains protected throughout its lifecycle.
IBM Z and LinuxONE are renowned for their cryptographic capabilities and reliability in regulated industries. With OpenShift sandboxed containers and Hyper Protect Confidential Container on IBM z17 and IBM LinuxONE 5, these cutting-edge technologies can be leveraged as a fully integrated stack. This enables confidential computing to seamlessly participate in the container experience, eliminating the need for a dedicated environment or different deployment model.
We are already seeing adoption in areas like digital assets, data sovereignty, and identity and secrets management. Based on what we've outlined in this blog, we believe that the need for confidential data serving and sharing, extending to confidential AI, will accelerate adoption across more use cases.
Confidential computing is poised to become the default for hybrid cloud platforms such as Red Hat OpenShift. It helps ensure sensitive data and applications remain protected even from system or container platform administrators or service providers.
How to get started
To begin, install the OpenShift sandboxed container add-on on IBM Z and LinuxONE. You can find detailed steps in the Red Hat documentation or on IBM’s Red Hat OpenShift for Linux on IBM Z and LinuxONE page.
For more comprehensive details about IBM’s Hyper Protect Confidential Container product, refer to the IBM documentation. Information on the general Hyper Protect product page for the Red Hat ecosystem is available at IBM Hyper Protect for Red Hat ecosystem.
For any further inquiries, feel free to contact the authors to request a demo, proof of concept (PoC), or trial.
