When you’re handling sensitive data that requires strict confidentiality guarantees—whether it’s patient health records, financial transactions, or proprietary AI models—traditional public cloud environments can create unacceptable risks. The shared infrastructure, limited visibility into security controls, and lack of hardware-level isolation make it difficult to maintain the level of control that regulated industries require. Private cloud for confidential computing solves this challenge by combining dedicated infrastructure with hardware-based security technologies that protect data even while it’s being processed.
In this post, we’ll explore how private cloud infrastructure provides the foundation for confidential computing workloads, why hardware isolation matters for sensitive data, and how OpenMetal’s bare metal approach gives you the control needed to build truly secure environments for your most critical applications.
What Makes Private Cloud Essential for Confidential Computing
The Confidential Computing Consortium defines confidential computing as “the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment”1. While this hardware-based protection is the core technology, the infrastructure that supports it makes the difference between a secure system and a truly controlled environment.
Private cloud infrastructure addresses three fundamental requirements that confidential computing workloads demand: complete tenant isolation, predictable performance, and full control over the security stack.
Complete Tenant Isolation: No Shared Resources
OpenMetal runs on bare metal dedicated servers, so nothing is shared with other tenants. That makes it easier to build environments where sensitive data is fully controlled by the organization using it. Confidential computing depends on this level of isolation, and we designed our private cloud around it.
This physical separation eliminates an entire class of potential attack vectors. Multiple academic and security research groups have demonstrated architectural and side-channel attacks against CPU-based TEEs based on a variety of approaches. These include page faults, caching, and the memory bus. When you control the entire physical server, you eliminate shared infrastructure that could be exploited through these side-channel attacks.
Hardware-Level Security with Intel TDX
Our current v4 servers support Intel Trust Domain Extensions (TDX). This allows workloads to run inside hardware-based trust domains that are protected from the hypervisor and other software layers. Remote attestation and measured boot are included so you can confirm the system is running the way it should before handling sensitive workloads.
Intel TDX uses hardware extensions for managing and encrypting memory and protects both the confidentiality and integrity of the TD CPU state from non-SEAM mode. Unlike traditional virtualization approaches, TDX isolates entire VMs from the underlying physical hardware and infrastructure, including the operating system, hypervisor, and other VMs running on the same hardware.
This creates what Intel calls a Trust Domain (TD)—a completely isolated environment where even the infrastructure provider cannot access your data while it’s being processed.
The Network Security Foundation: 20 Gbps Private Networking
Networking is built in as part of the deployment. Each server includes both public and private connections. The private side gives you 20 Gbps per server for east-west traffic, so things like replication, Kubernetes services, or internal APIs stay on fast, unmetered links. You can also segment networks, apply firewall rules, or set up VPNs directly inside your environment without relying on an outside provider.
For confidential computing workloads, this network architecture provides several advantages over public cloud networking:
Dedicated Network Paths: Your sensitive traffic never travels over shared network infrastructure. Multi-tenant blockchain validators, distributed AI training clusters, or healthcare applications can communicate without exposure to other tenants’ network traffic.
Zero Egress Charges: Because our pricing is tied to the physical hardware instead of usage, you don’t run into variable costs like egress charges. You know what the infrastructure will cost each month, even if workloads grow. For teams moving sensitive workloads out of public cloud, this predictable pricing model makes planning much easier.
Complete Network Control: Traditional cloud providers limit your ability to implement custom security policies or deploy specialized network security appliances. With private cloud infrastructure, you can implement zero-trust networking, deploy hardware security modules directly in your network path, or configure custom firewall rules without vendor restrictions.
Hardware Flexibility for Specialized Workloads
There are options for tailoring the hardware too. Most systems ship with Micron 7500 NVMe drives, and you can add more storage or memory if workloads require it. GPU clusters and Ceph storage clusters can also be part of a deployment, which is useful for AI, blockchain, or other data-intensive workloads that also need to remain confidential.
This hardware flexibility becomes critical when you’re running workloads that have specific performance or security requirements:
AI and Machine Learning: Confidential AI safeguards your AI data and models by providing robust isolation, integrity, and confidentiality. GPU clusters with direct PCIe passthrough to TDX-protected VMs give you both the compute power needed for training and the confidentiality guarantees required for sensitive datasets.
Blockchain Infrastructure: Validator nodes handling high-value transactions need both high-performance networking and secure key management. Private cloud infrastructure lets you deploy hardware security modules directly attached to validator nodes while maintaining the network performance needed for consensus participation.
Healthcare and Financial Services: Privacy and compliance strengthen data confidentiality and regulatory compliance. Industries with strict regulatory requirements can implement custom compliance monitoring, deploy specialized encryption hardware, or configure audit logging systems without public cloud provider limitations.
Use Cases: Where Private Cloud Confidential Computing Excels
Multi-Party Computation and Data Collaboration
Confidential computing makes it possible for different organizations to combine data sets for analysis without accessing each other’s data. For example, a retailer and credit card company could cross-check customer and transaction data for potential fraud without giving the other party access to the original data2.
Private cloud infrastructure makes these scenarios practical by providing the network isolation and performance needed for secure multi-party protocols. Organizations can establish dedicated network connections between their private clouds, implement custom key exchange protocols, and maintain full audit trails of data access.
Financial Services: Transaction Processing and Risk Analysis
Banks and financial institutions need to process sensitive transaction data while maintaining regulatory compliance. Traditional public cloud environments create compliance challenges because of shared infrastructure and limited visibility into security controls.
Private cloud confidential computing addresses these challenges by providing:
- Complete audit trails of who has access to systems and when
- Dedicated infrastructure that doesn’t require trusting public cloud security models
- The ability to implement custom compliance monitoring and reporting tools
- Hardware-level attestation that systems are running approved software configurations
Healthcare: Medical AI and Patient Data Processing
Healthcare organizations developing AI models on patient data face strict privacy requirements under regulations like HIPAA. The main objective of confidential computing involves providing companies with a greater sense of confidence in the security of their data and protecting customer data.
Private cloud infrastructure enables healthcare organizations to:
- Train AI models on sensitive patient data without exposing it to third parties
- Collaborate with research institutions while maintaining patient privacy
- Deploy custom compliance monitoring and data governance tools
- Maintain complete control over data residency and processing locations
Technical Implementation: Building Your Confidential Computing Environment
Memory and Storage Configuration
Proper hardware configuration is essential for confidential computing performance. TDX requires memory to be installed evenly across all memory channels, and you need at least 1TB of total RAM. These are hardware requirements to make sure there’s enough protected memory available for secure workloads, while still leaving room for regular workloads to run well.
Our Intel TDX performance benchmarks show that properly configured systems can run confidential workloads with minimal performance overhead—typically 3-5% for CPU-intensive tasks and 5-15% for I/O-intensive applications.
Network Segmentation and Security
Network segmentation becomes critical when you’re running multiple confidential workloads on the same infrastructure. Private cloud networking gives you the tools to implement proper isolation:
VLAN Isolation: Separate different workloads or tenants using dedicated VLANs that prevent cross-contamination of sensitive traffic.
Firewall Integration: Deploy next-generation firewalls directly in your private cloud environment to inspect and filter traffic between trust domains.
VPN and Encryption: Implement site-to-site VPNs or custom encryption protocols for communication between geographically distributed confidential computing nodes.
Attestation and Monitoring
Remote attestation confirms that hardware and software configurations and policies are as expected and provides assurance to the workload owner that the server is trustworthy. Private cloud infrastructure gives you the flexibility to implement custom attestation workflows that meet your specific security requirements.
This might include:
- Automated attestation checks before deploying sensitive workloads
- Integration with existing security information and event management (SIEM) systems
- Custom monitoring dashboards that track the security posture of confidential computing environments
- Automated incident response workflows that can quarantine compromised systems
Performance Considerations and Optimization
Understanding TDX Overhead
With CPU/memory intensive workloads, we tend to observe up to 5% performance difference with confidential guests according to Intel’s testing on 4th generation Xeon processors. SPECrate 2017 Integer and SPECrate 2017 floating point (FP) experience 3% performance drop, while SPC JBB (a memory latency sensitive workload) performance drops up to 4.5%.
The key factor is having sufficient CPU headroom in your system design. When workloads are already CPU-constrained, TDX transitions compete for cycles and performance can drop more significantly.
I/O Optimization for Confidential Workloads
For I/O intensive workloads generally, we observe that the workloads with a higher number of I/O transactions and bytes of data transfer rate, experience lower Intel TDX performance. This is expected due to the increased number of Intel TDX transitions and the use of bounce-buffers outside the Intel TDX protected memory space.
Private cloud infrastructure helps mitigate these challenges through:
- High-performance NVMe storage that reduces I/O latency
- 20 Gbps networking that provides bandwidth headroom for network-intensive applications
- The ability to configure polling-mode I/O drivers instead of interrupt-driven approaches
- Direct GPU passthrough that eliminates virtualization overhead for AI workloads
Comparing Private Cloud vs. Public Cloud for Confidential Computing
Control and Compliance
Public cloud confidential computing services provide convenience but limit your control over the underlying infrastructure. You’re dependent on the cloud provider’s security implementation, compliance certifications, and incident response procedures.
Private cloud infrastructure gives you:
- Complete visibility into hardware and software configurations
- The ability to implement custom compliance monitoring and reporting
- Direct control over security policies and access controls
- Independence from public cloud provider security models and potential vulnerabilities
Cost Predictability
Public cloud confidential computing typically involves premium pricing for specialized instance types, plus additional charges for network traffic, storage I/O, and data transfer. These variable costs make it difficult to predict monthly expenses for production workloads.
Overall, the goal is to provide a private cloud that supports confidential computing without hidden complexity. You have the hardware, the security features, and the network isolation under your control, all in an environment built for running sensitive workloads.
Performance and Flexibility
Public cloud providers offer limited hardware configurations for confidential computing instances. You’re constrained by their available instance types, networking options, and storage configurations.
Private cloud infrastructure provides:
- Custom hardware configurations optimized for your specific workloads
- Direct access to specialized hardware like GPUs, FPGAs, or custom accelerators
- The ability to implement custom network architectures and security appliances
- Freedom to optimize system configurations for your specific performance requirements
Industry Adoption and Standards
The confidential computing market is growing rapidly as organizations recognize the need for stronger data protection. The CCC brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.
However, some academic researchers have criticized the definition of confidential computing itself, calling it “imprecise, incomplete and even conflicting.” This highlights the importance of choosing infrastructure partners who understand both the technical implementation details and the real-world security requirements of your specific industry.
Open Source and Ecosystem Development
The Confidential Computing Consortium currently supports a handful of open-source projects, including the Intel SGX SDK for Linux, Microsoft’s Open Enclave SDK, and Red Hat’s Enarx. Private cloud infrastructure gives you the flexibility to implement any of these open-source confidential computing frameworks without being locked into a specific vendor’s implementation.
This ecosystem approach becomes particularly valuable as confidential computing technologies continue to evolve. You can evaluate new frameworks, implement custom security policies, or contribute to open-source projects without being constrained by public cloud provider limitations.
Future-Proofing Your Confidential Computing Infrastructure
Next-Generation Hardware Support
Intel has announced several technologies that will improve TDX performance in future generations. Intel will introduce Intel Trust Domain Extensions Connect (Intel TDX Connect) in future Intel CPU generations which enables trusted devices to access TDX-protected memory directly, thereby improving TDX performance related to I/O.
Private cloud infrastructure ensures you can take advantage of these improvements as they become available, without waiting for public cloud providers to support new hardware generations.
Regulatory Evolution
Data protection regulations continue to evolve, with new requirements for data sovereignty, cross-border data transfer restrictions, and stronger technical safeguards. Private cloud infrastructure gives you the agility to adapt to new regulatory requirements without being dependent on public cloud provider compliance timelines.
Getting Started with Private Cloud Confidential Computing
Implementing confidential computing on private cloud infrastructure requires careful planning around hardware requirements, network architecture, and security policies. The key decisions include:
Hardware Sizing: Ensuring sufficient memory and CPU resources to handle TDX overhead while maintaining application performance.
Network Architecture: Designing network segmentation and security policies that protect sensitive data flows.
Attestation and Monitoring: Implementing security monitoring and incident response procedures that meet your compliance requirements.
Application Integration: Modifying applications to take advantage of confidential computing protections while maintaining usability.
For organizations exploring confidential computing infrastructure or evaluating the right infrastructure for privacy-centric applications, private cloud provides the foundation for building truly controlled environments that protect sensitive data throughout its lifecycle.
If you’re considering confidential computing for your organization, our engineering team can help you evaluate hardware requirements, design network architectures, and implement security policies that meet your specific compliance and performance requirements. We understand the challenges of moving from public cloud to private infrastructure and can guide you through the technical and operational considerations that matter most for your workloads.
[1] Intel Corporation. “Intel® Trust Domain Extensions (Intel® TDX).“
Read More on the OpenMetal Blog