How to Deploy Confidential Computing Workloads on OpenMetal Infrastructure

Confidential computing workloads on bare metal is a new approach to protecting sensitive data—not just when it’s stored or transmitted, but while it’s actively being used. With growing security concerns and stricter data regulations, more organizations are asking how to make this a practical part of their infrastructure.

In this blog, we’ll break down how you can use OpenMetal’s bare metal servers to support confidential workloads using Intel TDX. Whether you’re working with protected health data, training machine learning models, or handling financial transactions, OpenMetal gives you the tools and control to keep it secure.

For a broader look at the technology, see our overview on Confidential Computing Benefits and Use Cases.

What You Need for Confidential Computing Workloads

To build a confidential computing environment, you’ll need:

  • Hardware-level security features like Intel TDX (Trust Domain Extensions)
  • Trusted Execution Environments (TEEs) that isolate data in memory
  • Operating systems and hypervisors that support those features
  • Full control over the hardware and how it’s configured

Note: Intel® Software Guard Extensions (SGX), Intel® Trust Domain Extensions (TDX), AMD® SEV, and Arm® TrustZone are examples of hardware-based TEEs.

Why OpenMetal Is a Fit for Confidential Computing Workloads

OpenMetal gives teams the flexibility and access they need to deploy secure workloads:

  • Bare Metal Control: Full access to physical servers without shared tenants
  • Intel 5th Gen CPUs with TDX: Available on our Medium V4, Large V4, XL V4, and XXL V4 bare metal configurations. You can also add H100 GPUs to XXL V4 servers for workloads that need acceleration.
  • GPU Support via PCIe Passthrough: You can attach the H100 to Intel TDX-enabled VMs using PCIe passthrough.
  • Fast, Isolated Networking: Redundant 10Gbps with VLAN segmentation
  • Encrypted Storage: Attach encrypted volumes to workloads as needed
  • Open APIs and CLI: Automate secure deployments

A Practical Guide to Deploying Confidential Workloads on OpenMetal

  1. Choose Intel TDX-Ready Hardware: Use OpenMetal’s Medium, Large, XL, or XXL configurations featuring 5th Gen Intel CPUs and optional H100 GPUs on the XXL. These servers come configured to launch TDX-enabled virtual machines.
  2. Deploy Virtual Machines with Intel TDX: Launch TDX-enabled VMs on supported nodes. These VMs benefit from memory and execution isolation from other workloads and the hypervisor.
  3. Attach GPUs with PCIe Passthrough (Optional): If your workload requires a GPU, the H100 can be passed through directly to your TDX-enabled VM using PCIe passthrough. This enables GPU acceleration while keeping CPU and memory data isolated.
  4. Secure Storage and Networking: Use encrypted volumes and VLAN-based network isolation to strengthen your setup. These security layers support the integrity and protection of your environment.
  5. Monitor and Validate: Deploy internal tools or third-party solutions to validate the state of your confidential computing environment. Monitoring configurations and access helps ensure ongoing protection and compliance.

Common Use Cases

  • Healthcare: Analyze PHI while maintaining HIPAA compliance
  • AI/ML: Protect training data and proprietary models
  • Finance: Run encrypted models for fraud detection or trading
  • Web3/Crypto: Safeguard wallet data and blockchain metadata from exposure

 

Final Thoughts 

Confidential computing workloads are already making an impact across real-world production environments. OpenMetal provides a reliable path to deploying secure infrastructure through Intel TDX-enabled hardware and GPU passthrough capabilities.

If you’re ready to explore confidential computing, contact our team to get started.

Read More on the OpenMetal Blog

Private Cloud for Confidential Computing: Building a Controlled Environment for Sensitive Data

Discover how private cloud infrastructure provides the controlled environment needed for confidential computing workloads. Learn about hardware isolation, network security, and why dedicated infrastructure beats public cloud for sensitive data processing.

Ceph Clusters for Blockchain: Scalable Storage for Nodes, State, and Historical Data

Blockchain infrastructure demands storage that scales with validator nodes, terabytes of historical data, and unpredictable state growth. Ceph distributed storage offers a unified solution that handles these challenges while eliminating the unpredictable costs and performance bottlenecks of traditional cloud storage.

Bare Metal Confidential Computing: Why Dedicated Hardware Beats Virtualized Enclaves

Bare metal confidential computing eliminates virtualization overhead, resource constraints, and unpredictable costs. OpenMetal’s dedicated TDX servers deliver consistent performance for sensitive AI, blockchain, and financial workloads where security can’t be compromised.

Micron 7500 MAX: Dual Drive vs Single Drive Architecture on Bare Metal for Mission-Critical Databases

Discover why dual smaller NVMe drives outperform single larger drives for enterprise databases on bare metal infrastructure. Learn about workload separation, parallel I/O, and endurance benefits with Micron 7500 MAX SSDs on OpenMetal’s XLv4 and XXLv4 servers for mission-critical applications.

Deployment and Optimization Strategies for Apache Spark and Hadoop Clusters on OpenMetal

Learn how to deploy and optimize Apache Spark and Hadoop clusters on OpenMetal’s bare metal infrastructure. This comprehensive guide covers deployment strategies, storage architecture, system tuning, and real-world optimization techniques for maximum performance and cost efficiency.

Why Infrastructure Optimization Should Be an Operating Partner KPI

Private equity operating partners are missing a major value creation opportunity by not tracking infrastructure optimization as a KPI. Cloud costs often represent 50% of software companies’ revenue, directly impacting EBITDA and valuations. This guide shows how to make infrastructure efficiency measurable and systematically improve portfolio company margins through predictable, optimized infrastructure strategies.

Architecting an End-to-End AI Storage Pipeline on Ceph: From Model Files to Results

Discover how OpenMetal’s on-demand private cloud with integrated Ceph storage eliminates AI infrastructure bottlenecks. Real customer case study shows 50% cost reduction and seamless scaling from 0.5PB to 1.9PB capacity. Get enterprise-grade performance with predictable pricing.

Dedicated VLANs and VXLANs: The Foundation for Secure Multi-Tenant Environments

Learn how OpenMetal’s dedicated VLAN and VXLAN-ready private cloud architecture provides secure multi-tenant environments with true Layer 2 isolation, unlimited scalability, and unmetered 20 Gbps private networking for compliance-ready deployments.