How to Deploy Confidential Computing Workloads on OpenMetal Infrastructure

Confidential computing workloads on bare metal is a new approach to protecting sensitive data—not just when it’s stored or transmitted, but while it’s actively being used. With growing security concerns and stricter data regulations, more organizations are asking how to make this a practical part of their infrastructure.

In this blog, we’ll break down how you can use OpenMetal’s bare metal servers to support confidential workloads using Intel TDX. Whether you’re working with protected health data, training machine learning models, or handling financial transactions, OpenMetal gives you the tools and control to keep it secure.

For a broader look at the technology, see our overview on Confidential Computing Benefits and Use Cases.

What You Need for Confidential Computing Workloads

To build a confidential computing environment, you’ll need:

  • Hardware-level security features like Intel TDX (Trust Domain Extensions)
  • Trusted Execution Environments (TEEs) that isolate data in memory
  • Operating systems and hypervisors that support those features
  • Full control over the hardware and how it’s configured

Note: Intel® Software Guard Extensions (SGX), Intel® Trust Domain Extensions (TDX), AMD® SEV, and Arm® TrustZone are examples of hardware-based TEEs.

Why OpenMetal Is a Fit for Confidential Computing Workloads

OpenMetal gives teams the flexibility and access they need to deploy secure workloads:

  • Bare Metal Control: Full access to physical servers without shared tenants
  • Intel 5th Gen CPUs with TDX: Available on our Medium V4, Large V4, XL V4, and XXL V4 bare metal configurations. You can also add H100 GPUs to XXL V4 servers for workloads that need acceleration.
  • GPU Support via PCIe Passthrough: You can attach the H100 to Intel TDX-enabled VMs using PCIe passthrough.
  • Fast, Isolated Networking: Redundant 10Gbps with VLAN segmentation
  • Encrypted Storage: Attach encrypted volumes to workloads as needed
  • Open APIs and CLI: Automate secure deployments

A Practical Guide to Deploying Confidential Workloads on OpenMetal

  1. Choose Intel TDX-Ready Hardware: Use OpenMetal’s Medium, Large, XL, or XXL configurations featuring 5th Gen Intel CPUs and optional H100 GPUs on the XXL. These servers come configured to launch TDX-enabled virtual machines.
  2. Deploy Virtual Machines with Intel TDX: Launch TDX-enabled VMs on supported nodes. These VMs benefit from memory and execution isolation from other workloads and the hypervisor.
  3. Attach GPUs with PCIe Passthrough (Optional): If your workload requires a GPU, the H100 can be passed through directly to your TDX-enabled VM using PCIe passthrough. This enables GPU acceleration while keeping CPU and memory data isolated.
  4. Secure Storage and Networking: Use encrypted volumes and VLAN-based network isolation to strengthen your setup. These security layers support the integrity and protection of your environment.
  5. Monitor and Validate: Deploy internal tools or third-party solutions to validate the state of your confidential computing environment. Monitoring configurations and access helps ensure ongoing protection and compliance.

Common Use Cases

  • Healthcare: Analyze PHI while maintaining HIPAA compliance
  • AI/ML: Protect training data and proprietary models
  • Finance: Run encrypted models for fraud detection or trading
  • Web3/Crypto: Safeguard wallet data and blockchain metadata from exposure

 

Final Thoughts 

Confidential computing workloads are already making an impact across real-world production environments. OpenMetal provides a reliable path to deploying secure infrastructure through Intel TDX-enabled hardware and GPU passthrough capabilities.

If you’re ready to explore confidential computing, contact our team to get started.

Read More on the OpenMetal Blog

Why MEV Block Building Infrastructure Is Moving to TDX Bare Metal

The operator trust problem in MEV block building has a hardware solution. This article explains why Intel TDX has become the substrate of choice for confidential block building, and what bare metal adds that cloud TDX doesn’t.

OpenMetal XL v5 vs XL v4 — Same 64 Cores, Different Generation: How to Choose

OpenMetal XL v5 vs XL v4: same 64 cores, but v5 adds 33% memory bandwidth, more PCIe lanes and drive bays, and CPU-side AI; v4 keeps more L3 cache.

What HIPAA Requires from the Infrastructure Running Your Healthcare AI Workloads

Healthcare AI workloads carry the same HIPAA obligations as any system touching PHI. This article covers what the 2026 Security Rule update requires from AI infrastructure, why vector embeddings count as PHI, and how dedicated private cloud simplifies the compliance documentation burden.

How the H200 Is Built for Memory-Bound AI Workloads

The H200 is a memory upgrade on the Hopper architecture, not a new compute platform. This article covers why bandwidth matters as much as VRAM capacity, where the 141GB floor changes what fits on a single GPU, and how the NVL PCIe variant differs from the SXM5 for dedicated private infrastructure.

Why 96GB VRAM Changes the Economics of Private LLM Inference

The RTX PRO 6000’s 96GB VRAM fits 70B models at FP8 on a single card with real KV cache headroom. This article covers what that unlocks, how dedicated fixed-cost GPU infrastructure compares structurally to cloud rental, and where the H200 is the better choice.

OpenMetal GPU Clusters — Dedicated Multi-GPU Infrastructure for AI Training and Inference

OpenMetal GPU clusters: dedicated single-tenant multi-GPU infrastructure. All-RP6000, all-H200, or mixed on a private 40 Gbps mesh, fixed monthly pricing.

When Managed Kubernetes Gets Expensive Enough to Justify Running Your Own

The control plane fee is the smallest part of your managed Kubernetes bill. This article breaks down what EKS, GKE, and AKS actually charge across egress, storage, cross-zone transfer, and multi-cluster overhead, and where self-managed on dedicated bare metal makes the math work better.

What DORA’s ICT Concentration Risk Requirements Mean for EU Financial Infrastructure

DORA has been in force since January 2025, and the third-party ICT risk requirements are where infrastructure decisions land hardest. This article breaks down what Articles 28–30 require, why hyperscaler concentration is now a documented regulatory problem, and how private cloud in the EU changes the risk picture.