How to Deploy Confidential Computing Workloads on OpenMetal Infrastructure

Updated on August 11, 2025 by Jen Royle-Jones

How to Deploy Confidential Computing Workloads on OpenMetal Infrastructure

Confidential computing workloads on bare metal is a new approach to protecting sensitive data—not just when it’s stored or transmitted, but while it’s actively being used. With growing security concerns and stricter data regulations, more organizations are asking how to make this a practical part of their infrastructure.

In this blog, we’ll break down how you can use OpenMetal’s bare metal servers to support confidential workloads using Intel TDX. Whether you’re working with protected health data, training machine learning models, or handling financial transactions, OpenMetal gives you the tools and control to keep it secure.

For a broader look at the technology, see our overview on Confidential Computing Benefits and Use Cases.

What You Need for Confidential Computing Workloads

To build a confidential computing environment, you’ll need:

  • Hardware-level security features like Intel TDX (Trust Domain Extensions)
  • Trusted Execution Environments (TEEs) that isolate data in memory
  • Operating systems and hypervisors that support those features
  • Full control over the hardware and how it’s configured

Note: Intel® Software Guard Extensions (SGX), Intel® Trust Domain Extensions (TDX), AMD® SEV, and Arm® TrustZone are examples of hardware-based TEEs.

Why OpenMetal Is a Fit for Confidential Computing Workloads

OpenMetal gives teams the flexibility and access they need to deploy secure workloads:

  • Bare Metal Control: Full access to physical servers without shared tenants
  • Intel 5th Gen CPUs with TDX: Available on our Medium V4, Large V4, XL V4, and XXL V4 bare metal configurations. You can also add H100 GPUs to XXL V4 servers for workloads that need acceleration.
  • GPU Support via PCIe Passthrough: You can attach the H100 to Intel TDX-enabled VMs using PCIe passthrough.
  • Fast, Isolated Networking: Redundant 10Gbps with VLAN segmentation
  • Encrypted Storage: Attach encrypted volumes to workloads as needed
  • Open APIs and CLI: Automate secure deployments

A Practical Guide to Deploying Confidential Workloads on OpenMetal

  1. Choose Intel TDX-Ready Hardware: Use OpenMetal’s Medium, Large, XL, or XXL configurations featuring 5th Gen Intel CPUs and optional H100 GPUs on the XXL. These servers come configured to launch TDX-enabled virtual machines.
  2. Deploy Virtual Machines with Intel TDX: Launch TDX-enabled VMs on supported nodes. These VMs benefit from memory and execution isolation from other workloads and the hypervisor.
  3. Attach GPUs with PCIe Passthrough (Optional): If your workload requires a GPU, the H100 can be passed through directly to your TDX-enabled VM using PCIe passthrough. This enables GPU acceleration while keeping CPU and memory data isolated.
  4. Secure Storage and Networking: Use encrypted volumes and VLAN-based network isolation to strengthen your setup. These security layers support the integrity and protection of your environment.
  5. Monitor and Validate: Deploy internal tools or third-party solutions to validate the state of your confidential computing environment. Monitoring configurations and access helps ensure ongoing protection and compliance.

Common Use Cases

  • Healthcare: Analyze PHI while maintaining HIPAA compliance
  • AI/ML: Protect training data and proprietary models
  • Finance: Run encrypted models for fraud detection or trading
  • Web3/Crypto: Safeguard wallet data and blockchain metadata from exposure

 

Final Thoughts 

Confidential computing workloads are already making an impact across real-world production environments. OpenMetal provides a reliable path to deploying secure infrastructure through Intel TDX-enabled hardware and GPU passthrough capabilities.

If you’re ready to explore confidential computing, contact our team to get started.

Read More on the OpenMetal Blog

Confidential Computing as Regulators Tighten Cross-Border Data Transfer Rules

Cross-border data transfer regulations are tightening globally. Confidential computing provides enterprises with verifiable, hardware-backed protection for sensitive workloads during processing. Learn how CTOs and CISOs use Intel TDX, regional infrastructure, and isolated networking to meet GDPR, HIPAA, and PCI-DSS requirements.

Why Blockchain Validators Are Moving from Public Cloud to Bare Metal

Blockchain validators demand millisecond precision and unthrottled performance. Public cloud throttling, unpredictable costs, and resource sharing are driving operators to bare metal infrastructure. Learn why dedicated hardware with isolated networking eliminates the risks that shared environments create.

Big Data for Fraud Detection: A Guide for Financial Services and E-commerce

Discover how big data analytics combined with dedicated bare metal infrastructure enables real-time fraud detection systems that analyze millions of transactions with sub-100ms latencies, eliminating the performance variability and unpredictable costs of public clouds while achieving 30-60% infrastructure savings.

How to Build a High-Performance Time-Series Database on OpenMetal

Discover how to build production-grade time-series databases on OpenMetal’s dedicated bare metal infrastructure. This comprehensive guide covers time-series fundamentals, popular open-source options like ClickHouse and TimescaleDB, and provides a detailed deployment blueprint with infrastructure optimization strategies.

Fixed-Cost Infrastructure: Why PE Firms Prefer Predictable Capex Over Variable Cloud Spend

Private equity firms are replacing variable cloud costs with fixed-cost infrastructure to improve EBITDA predictability and portfolio valuations. Learn how transparent, hardware-based pricing creates financial advantages for PE-backed SaaS companies.

Optimizing Latency and Egress Costs for Globally Distributed Workloads

Discover how OpenMetal’s strategically positioned data centers eliminate the “data tax” on globally distributed applications. Free east-west traffic between regions plus predictable 95th percentile bandwidth billing lets you architect for performance instead of cost avoidance, with typical savings of 30-60% versus public cloud.

A Private Cloud with Full Root Access for DevOps Teams

DevOps teams need more than restricted cloud access. OpenMetal provides full root access to dedicated bare metal infrastructure, enabling complete control over hardware and software stacks. Deploy custom configurations, implement infrastructure as code, and optimize performance without vendor limitations, all in 45 seconds.

Bare Metal Resilience: Designing Validator Infrastructure to Withstand Network Spikes

Network spikes test validator infrastructure beyond normal limits. Discover how bare metal servers deliver the consistent performance, predictable costs, and operational control needed to maintain validator operations during high-stress network events while maximizing rewards.