The Large v5 TDX Edition is the Large v5 bare metal server configured with a 1 TB DDR5-6400 memory upgrade that activates Intel Trust Domain Extensions (TDX) on the dual Xeon 6517P processors. This is not a separate server model — it is the same Granite Rapids hardware with all 16 DIMM slots populated, which is the OpenMetal-defined condition for enabling TDX on this platform. The result is a single-tenant bare metal server with hardware-isolated trust domains protecting VM memory from the host OS, hypervisor, and other tenants, on fixed monthly pricing with no per-instance attestation fees.
Key Takeaways
- Intel TDX active by default in this configuration: All 16 DIMM slots populated with DDR5-6400 to reach 1 TB, the threshold OpenMetal uses to enable TDX on Large-tier servers. Trust Domains are hardware-isolated by the CPU itself, not by software, so a compromised hypervisor cannot read TD memory.
- 2 TB/s memory headroom for TEE workloads: 1 TB of DDR5-6400 across both sockets delivers ~819 GB/s aggregate bandwidth, important for confidential VMs running encrypted memory paths and for workloads with large per-tenant working sets that previously couldn’t fit in a single TDX domain.
- SGX enclaves enabled by default alongside TDX: Application-level enclaves (Intel SGX, up to 128 GB EPC) work in parallel with VM-level Trust Domains. Use SGX for key management and signing inside a sealed enclave, TDX for full guest VMs whose memory is opaque to the host.
- HIPAA BAA on dedicated hardware: OpenMetal offers Business Associate Agreements at the organizational level, deployed on facility-certified infrastructure in Ashburn and Los Angeles. Confidential computing addresses the “insider risk” gap that shared cloud providers cover with policy rather than hardware.
- Fixed monthly pricing — no per-attestation or per-enclave fees: Public cloud confidential VM offerings often add metered charges on top of the underlying instance. The Large v5 TDX is one fixed monthly rate with TDX active and no usage-based add-ons.See deployment options and pricing at the bottom of this page, or view the full bare metal catalog at openmetal.io/bare-metal-pricing.
Server Configuration at a Glance
| Component | Specification |
|---|---|
| Processor | 2x Intel Xeon 6517P (Granite Rapids, Intel 3 process node) |
| Total Cores / Threads | 32 cores / 64 threads |
| Base / Max Turbo Frequency | 3.2 GHz / 4.2 GHz |
| L3 Cache | 72 MB per processor (144 MB total) |
| TDP | 190W per processor |
| UPI | 3 UPI links at 24 GT/s |
| Memory | 1024 GB (1 TB) DDR5-6400 ECC (16 of 16 DIMM slots populated) |
| Boot Storage | 2x 960 GB SSD in RAID 1 (dedicated OS drives) |
| Data Storage | 2x 6.4 TB Micron 7500 MAX NVMe (12.8 TB total) |
| Max Drive Bays | 10 drives |
| Private Bandwidth | 20 Gbps (2x 10 Gbps LACP bonded) |
| Public Bandwidth | 6 Gbps |
| Network SLA | 99.96% base (actual >99.99% since 2022) |
| DDoS Protection | Included, up to 10 Gbps per IP |
| PCIe | PCIe 5.0, 88 lanes per processor (176 total) |
| Remote Management | Full IPMI access (power, console, BIOS, OS install) |
| Confidential Computing | Intel TDX active by default (1 TB threshold met) + Intel SGX (128 GB EPC) |
| Memory Encryption | TME-MK (Total Memory Encryption — Multi-Key) across all DRAM |
| Compliance | HIPAA-eligible (Ashburn, Los Angeles); SOC 1/2, ISO 27001, PCI-DSS (facility-level, varies by location) |
| Pricing | Fixed monthly — see openmetal.io/bare-metal-pricing (Large v5 pricing in preview; contact OpenMetal for current rates) |
Large v5 TDX Edition component architecture
Ready to Deploy a Large v5 TDX Edition?
Tell us about your workload and we’ll help you configure the right deployment — bare metal or Hosted Private Cloud, in any of our four data center regions.
Confidential Computing: Intel TDX on Granite Rapids
Intel Trust Domain Extensions (TDX) on the Xeon 6517P creates Trust Domains — hardware-isolated VM environments whose memory and CPU state are encrypted with per-domain keys generated and held inside the CPU. The host OS, hypervisor (KVM, in OpenMetal’s reference architecture), and other tenants cannot read TD memory, and any access attempt from outside the TD is intercepted by the CPU and either blocked or returns ciphertext.
This is the critical structural difference from software isolation: TDX places the trust boundary at the silicon, not at the kernel. A compromised hypervisor, a malicious privileged user on the host, or a misbehaved sibling tenant cannot reach into a TD. Trust requires verifying the CPU’s signed attestation, not trusting the operator’s runbook.
OpenMetal ships the Large v5 TDX Edition with all 16 DIMM slots populated for 1 TB of DDR5-6400. This is the OpenMetal-defined threshold for activating TDX on Large-tier servers and follows the same policy applied across the v4 and v5 lineups. Customers running base-RAM Large v5 servers can upgrade in-place to reach the 1 TB threshold and switch to TDX-active operation; contact OpenMetal to schedule the upgrade on a deployed Large v5.
Intel SGX enclaves alongside TDX
The Xeon 6517P also exposes Intel SGX, enabled by default on every Large v5 with up to 128 GB of EPC (Enclave Page Cache). SGX and TDX are complementary, not redundant:
- TDX isolates entire guest VMs from the host. Use it when you want to run a workload as a confidential VM and treat the OpenMetal-managed host as untrusted infrastructure.
- SGX isolates specific application regions (enclaves) inside a process. Use it for narrow, high-value secrets — key signing, certificate authority operations, license attestation, secure HSM emulation — where the cost of porting code to enclave-aware libraries is justified by the value of the secret.
Most regulated deployments combine the two: TDX-protected guest VMs for general workload isolation, with SGX enclaves inside those guests for the specific secrets that warrant a second isolation boundary.
TME-MK across all memory
Total Memory Encryption — Multi-Key (TME-MK) is active across all 1 TB of DDR5 regardless of TDX status, encrypting DRAM contents with per-key separation. TME-MK protects against physical memory-extraction attacks (cold boot, bus snooping, DIMM removal) and provides cryptographic separation between TDs.
Hardware integrity features
The Granite Rapids platform includes additional hardware integrity protections that complement TDX:
- Boot Guard: Cryptographic verification of firmware integrity during boot. A rootkit cannot persist in the firmware path without invalidating the measured boot chain.
- Control-Flow Enforcement Technology (CET): Hardware-enforced shadow stack and indirect-branch tracking that defeats common ROP/JOP exploitation primitives.
- AES-NI and Crypto Acceleration: Hardware paths for AES, SHA, and asymmetric crypto, used by TDX/SGX attestation flows and by TLS-heavy workloads inside TDs.
- QuickAssist Technology (QAT): Offload paths for cryptographic and compression workloads, particularly useful for TLS termination at TD edges.
For implementation details and the exact enablement steps, see the Enabling Intel SGX and TDX guide page.
HIPAA and regulatory compliance
OpenMetal is HIPAA compliant at the organizational level and offers Business Associate Agreements (BAAs). For TDX-protected workloads, the BAA covers OpenMetal’s organizational obligations on the dedicated hardware; the hardware trust boundary itself is enforced by Intel TDX in silicon. This is an OpenMetal organizational certification, not a facility-level one.
Large v5 TDX servers deployed in Ashburn and Los Angeles are hosted in HIPAA-compliant facilities. Facility-level certifications are held by the facility operator (not OpenMetal) and vary by location:
- Ashburn, VA: SOC1 Type II, SOC2 Type II, ISO 27001, ISO 50001, PCI DSS, NIST 800-53 HIGH, HIPAA (facility-level)
- Los Angeles, CA: SOC1/SOC2, ISO 27001, PCI-DSS, HIPAA (facility-level)
- Amsterdam, NL: SOC Type 1/2, PCI-DSS, ISO 27001, ISO 50001, ISO 22301
- Singapore: BCA Green Mark Platinum [additional certifications pending]
Recommended Workloads on the Large v5 TDX Edition
Regulated financial workloads
PCI-DSS-scope cardholder environments, KYC/AML pipelines, transaction reconciliation, and trading infrastructure benefit from running inside TDs where the operating environment cannot observe in-memory keys, query plans, or PII. Combined with HIPAA BAA coverage at the organizational level, the Large v5 TDX provides a single platform for healthcare-finance overlap workloads (medical-billing reconciliation, payer adjudication systems) where both PHI and cardholder data are present.
Healthcare PHI processing
Patient record systems, clinical analytics, claims processing, and PHI-bearing ETL workloads run as TDX-protected VMs with hardware-level isolation from the OpenMetal-managed host. Combined with OpenMetal’s organizational HIPAA compliance and BAA, this addresses the “trusted infrastructure operator” assumption that most HIPAA architectures require — here, the operator is cryptographically removed from the trust boundary.
Multi-tenant SaaS with tenant isolation guarantees
SaaS providers serving customers in regulated verticals (defense, finance, healthcare) often need to demonstrate that one tenant’s data cannot be observed by another tenant or by the SaaS provider’s own privileged staff. Run each tenant in its own TD on the Large v5 TDX for hardware-enforced isolation that satisfies the audit ask without rebuilding the application as a single-tenant deployment per customer.
Key management and HSM-class operations
Run software-HSMs, certificate authorities, and signing services inside SGX enclaves while running the surrounding application as a TDX-protected guest VM. The combined boundary (TDX outside, SGX inside) is appropriate for root-of-trust operations like code signing for software supply chain, payment HMAC generation, and protocol-level key derivation.
Sovereign cloud deployments
Government and government-adjacent customers building sovereign cloud environments use TDX to demonstrate that the underlying infrastructure operator cannot access tenant memory, even at the host OS level. Combined with OpenMetal’s HIPAA BAA, dedicated single-tenant hardware, and physical facility certifications, the Large v5 TDX provides a foundation for sovereign cloud zones inside OpenMetal’s data centers.
Confidential data analytics and federated learning
Cross-organization analytics (consortium fraud detection, federated learning across hospitals, joint research on commercially-sensitive data) require that the compute environment not be able to extract raw inputs. TDX provides the host-level boundary; SGX provides intra-process boundaries for narrow operations.
Ready to Deploy a Large v5 TDX Edition?
Tell us about your workload and we’ll help you configure the right deployment — bare metal or Hosted Private Cloud, in any of our four data center regions.
Cloud Comparison: TDX on OpenMetal vs Confidential VMs on AWS
AWS offers confidential computing primarily through Nitro Enclaves (process-level isolation, not full guest VM) and through a small set of confidential-VM-capable instance types. The structural difference with OpenMetal’s TDX-enabled Large v5 is the trust model and the cost model.
| Dimension | OpenMetal Large v5 TDX | AWS Confidential Compute |
|---|---|---|
| Trust boundary | TDX-protected guest VM (full OS opaque to host) | Nitro Enclave (process-level), or limited TDX/SEV instance types |
| Tenancy | Single-tenant dedicated bare metal | Multi-tenant underlying host |
| Memory protection | TME-MK across all 1 TB DDR5 + per-TD keys | Per-instance encryption |
| SGX enclaves | Up to 128 GB EPC on every server | Not available |
| Attestation cost | Included, no per-attestation fees | Varies by service |
| Pricing | Fixed monthly, no usage-based add-ons | Hourly + service-specific surcharges |
| HIPAA posture | Org-level HIPAA + BAA on dedicated hardware | Per-service BAA on shared host |
For organizations standardizing on TDX as a long-term confidential computing primitive, dedicated hardware on fixed pricing removes the per-attestation accounting and instance-class limitations that constrain confidential workloads on public cloud.
Deployment Options
Single TDX bare metal server
Deploy a Large v5 TDX as a standalone bare metal server with full root access and IPMI remote management. Every server is single-tenant dedicated hardware with TDX active on the 1 TB DDR5-6400 configuration. Pre-built images include TDX-aware Linux distributions (recent kernel with TDX guest support) and a base TDX-enabled hypervisor stack. Pricing is fixed monthly with the option to lock rates for up to 5 years.
Multi-server TDX deployment
For workloads requiring TDX across multiple servers (federated analytics, distributed key management, multi-region sovereign cloud zones), deploy multiple bare metal Large v5 TDX servers connected over the 20 Gbps private LACP-bonded network. This is a multi-server bare metal configuration, not a Hosted Private Cloud cluster — TDX is supported on bare metal Large v5 servers only. Inter-server communication uses customer-specific VLANs at no additional bandwidth cost; TDs on different hosts communicate via standard network paths with end-to-end encryption between TDs.
Where to deploy
Deploy a Large v5 TDX in Ashburn, Los Angeles, Amsterdam, or Singapore. All locations offer the same fixed monthly pricing regardless of region.
| Location | Region | Facility Certifications | Location Page |
|---|---|---|---|
| Ashburn, Virginia | US-East | SOC1/2 Type II, ISO 27001, PCI DSS, NIST 800-53, HIPAA | Ashburn facility specs |
| Los Angeles, California | US-West | SOC1/2, ISO 27001, PCI-DSS, HIPAA | Los Angeles facility specs |
| Amsterdam, Netherlands | EU-West | SOC Type 1/2, PCI-DSS, ISO 27001, ISO 50001, ISO 22301 | Amsterdam facility specs |
| Singapore | Asia | BCA Green Mark Platinum | Singapore facility specs |
All facilities are Tier III data center spaces. Facility certifications are held by the facility operator. Proof of Concept clusters are available for testing TDX integration, attestation flows, and workload validation before committing to a production deployment.
Get a Large v5 TDX Edition Quote
Tell us about your infrastructure needs and we’ll provide a custom quote for the Large v5 TDX Edition — as a standalone bare metal server or as part of a Hosted Private Cloud cluster.
- Bare metal: Single-server or multi-server deployments with full root access and IPMI
- Hosted Private Cloud: Three-node OpenStack + Ceph clusters with Day 2 operations included
- Custom configurations: RAM upgrades, additional NVMe drives, TDX enablement
Ramp pricing available for migrations. All deployments include fixed monthly pricing, 99.96%+ network SLA, and DDoS protection.