TDX VMs on OpenMetal Large v5 Hosted Private Cloud

Posted on May 15, 2026 by Sash Ghosh

Q: Can I run TDX-protected VMs on an OpenMetal Large v5 Hosted Private Cloud cluster?

No — Intel TDX is supported on OpenMetal bare metal Large v5 servers only, not on Hosted Private Cloud clusters; for confidential VM workloads, deploy bare metal Large v5 TDX servers alongside your HPC cluster over the 20 Gbps private mesh.

Explore bare metal dedicated servers

The hybrid pattern is straightforward to deploy and is the standard OpenMetal architecture for customers with a confidential-workload minority alongside general virtualization. Order a 3-node Large v5 Hosted Private Cloud for the general workloads (OpenStack + Ceph, Day 2 ops included) and one or more bare metal Large v5 TDX servers for the confidential workloads (TDX-active, 1 TB DDR5-6400, hardware-isolated Trust Domains). Both halves sit on the same OpenMetal private network with VLAN isolation, customer-controlled routing, and no per-GB east-west traffic charges.

Hybrid deployment diagram showing bare metal Large v5 TDX servers on the left with confidential VMs inside a trust domain boundary, paired with a Large v5 Hosted Private Cloud cluster on the right running general VMs with SGX, connected by a private 20 Gbps VLAN.

Workload placement follows the security boundary: TDX-protected guest VMs run on the bare metal Large v5 TDX servers under a KVM hypervisor that the customer controls, with Trust Domains protecting guest memory from the host. General workloads — tenant VMs, internal services, build infrastructure, multi-tenant SaaS layers that don’t require hardware-isolated memory — run on the HPC cluster under OpenStack. Cross-tier traffic uses standard network paths; if confidential workloads need to interact with HPC-hosted services (databases, object storage, telemetry), traffic flows over the private VLAN with end-to-end TLS terminating inside the TD.

Intel SGX is enabled by default on every Large v5 HPC node (128 GB EPC per CPU, 256 GB per node), so application-level enclave workloads can run inside tenant VMs on the HPC cluster without needing the bare metal hybrid. Use SGX inside HPC tenant VMs for narrow, high-value secrets (key derivation, signing, software-HSM emulation); use bare metal Large v5 TDX servers when the trust requirement is “the host operator cannot read my VM memory.” Contact OpenMetal to size the hybrid deployment against your confidential-to-general workload ratio.

Some Recommended Configurations from our Catalog

Cloud Core – Medium v4

CPU: 2x Intel Xeon Silver 4510
RAM: 256 GB DDR5
Storage: 6.4 TB NVMe SSD
Bandwidth: 2 Gbps
Monthly Price: Contact for pricing

View Pricing

Cloud Core – Large v4

CPU: 2x Intel Xeon Gold 6526Y
RAM: 512 GB DDR5
Storage: 12.8 TB NVMe SSD
Bandwidth: 4 Gbps
Monthly Price: Contact for pricing

View Pricing

Interested in OpenMetal Products?

Contact Us

We’re available to answer questions and provide information.

Reach Out

Schedule a Consultation

Get a deeper assessment and discuss your unique requirements.

Schedule Consultation

Try It Out

Take a peek under the hood of our cloud platform or launch a trial.

Trial Options