Confidential Computing Performance: How to Balance Security and Speed on Bare Metal

Updated on July 8, 2025 by Jen Royle-Jones

Confidential Computing Performance How to Balance Security and Speed on Bare Metal

Confidential computing helps keep your data safe while it’s being used—not just stored or sent. But how does it impact speed? In this blog, we explore confidential computing performance, what slows things down, and how to keep systems running fast and secure on bare metal.

New tech like Intel TDX helps protect your data without slowing things down too much. This post explains how it works, what can cause delays, and how OpenMetal helps avoid slowdowns using smart infrastructure and tools.

Understanding the Performance Trade-Offs

Confidential computing adds security by encrypting memory and separating your data from the rest of the system. This is great for security, but it can slow things down — especially when your system has to do a lot of input/output (I/O) like reading from a disk or sending data across the network.

With Intel TDX, normal computer tasks like using memory or running calculations might be about 5–15% slower. If your app needs to move a lot of data in and out, it might slow down more — sometimes 20–60% — unless you set it up the right way.

How to Keep Things Fast

  • Pick the right server with enough CPU and memory for your workload.
  • Group work into batches to reduce system slowdowns (called ‘VM exits’).
  • Use fast storage like NVMe and make sure your networking is set up cleanly.
  • If you need a GPU, send data safely and encrypt it before moving it to the GPU.

How OpenMetal Helps

OpenMetal is designed to support high confidential computing performance through optimized hardware, PCIe passthrough for GPUs, and fast NVMe storage. OpenMetal gives you direct access to powerful servers with Intel TDX and fast storage and networking. You can choose from Medium to XXL configurations that use 5th Gen Intel CPUs. 

If you need to run AI or other demanding apps, you can attach an H100 GPU to your virtual machine using PCIe passthrough. You get the GPU power without giving up the memory protection TDX provides. Just remember — GPU memory isn’t protected by TDX, so keep your sensitive data safe before sending it to the GPU. 

Who Should Use Confidential Computing?

  • Healthcare companies that work with private patient data.
  • Banks or finance teams running secure models.
  • AI companies training on sensitive data.
  • Blockchain and crypto teams managing secure keys or wallets.

Table: Security vs. Speed — What Slows Down and How to Fix It

The table below shows common bottlenecks that affect confidential computing performance and how to reduce them using the right infrastructure and configuration.

What It AffectsHow Much It Slows Down

What You Can Do

CPU/Memory5–15% slowerUse high-core CPUs and tune memory settings
Disk I/O20–60% slowerUse NVMe storage and reduce disk chatter
NetworkingCan add delay

Use isolated 10Gbps links and VLANs

GPU WorkloadsGPU memory not protectedEncrypt data before sending it to the GPU

Ready to Try It?

With the right setup, you can improve confidential computing performance without sacrificing security. If you want to test confidential computing for yourself using Intel TDX, check out OpenMetal’s platform. You get full control over your hardware, fast setup, and support for advanced security features. Learn more or contact us today.

Read More on the OpenMetal Blog

Is the OpenMetal Large v5 Right for Your Workload?

The OpenMetal Large v5 is built on Intel’s Granite Rapids architecture with 92% more L3 cache, a 14% higher base clock, and double the RAM and NVMe of the Medium v5. This guide covers the workloads it handles best, how the private cloud and bare metal configurations compare, and where it fits alongside the Medium and XL v5.

Which workloads run best on OpenMetal v5 hosted private cloud, and why

Sometimes you want a cloud, not a server, but on terms you control. A guide to the hosted private cloud workloads that fit OpenMetal v5: VMware migration, multi-team internal IaaS, SaaS platforms, dev and test fleets, Kubernetes on OpenStack, and S3-compatible object storage on Ceph.

Which workloads run best on OpenMetal v5 bare metal servers, and why

Not every workload belongs on a shared cloud instance. A guide to the bare metal workloads that run best on OpenMetal v5, from databases and virtualization to Kubernetes, CPU-based AI inference, analytics, and confidential computing, and why dedicated Xeon 6 hardware makes the difference.

Is the OpenMetal Medium v5 Server Right for Your Workload?

The OpenMetal Medium v5 is built on Intel’s Granite Rapids architecture with 113% more L3 cache and 45% faster memory than the v4. This guide covers the workloads it’s best suited for, how the private cloud and bare metal configurations compare, and where the Medium v5 fits in the broader v5 lineup.

OpenMetal XL v5 vs AWS m7i.metal-48xl — Dedicated vs Cloud Infrastructure

This page compares the OpenMetal XL v5 (2x Intel Xeon 6530P, 1 TB DDR5-6400, 25.6 TB persistent NVMe, bare metal, fixed monthly pricing) against AWS m7i.metal-48xl (96 vCPU, 384 GB

Read More

Hosted Private Cloud — XL v5 — 3-Node OpenStack + Ceph Cluster on Intel Xeon 6530P

The Hosted Private Cloud XL v5 is a three-node OpenStack + Ceph cluster built from OpenMetal’s flagship Granite Rapids bare metal. Each node is an XL v5 — dual Intel

Read More

Bare Metal Server — XL v5 TDX Edition — Intel Xeon 6530P (Granite Rapids), 1TB DDR5, TDX-Active

The XL v5 TDX Edition is the same physical server as the standard XL v5 — two Intel Xeon 6530P processors on Granite Rapids, 1 TB of DDR5-6400, 25.6 TB

Read More

Bare Metal Server — XL v5 — Intel Xeon 6530P (Granite Rapids), 1TB DDR5, Micron 7500 MAX

The XL v5 is OpenMetal’s flagship dual-socket bare metal server, replacing the Emerald Rapids-based XL v4 with Intel’s Granite Rapids platform on the Intel 3 process node. Built around two

Read More