The OpenMetal Medium v5 TDX Edition is the same Granite Rapids Xeon 6505P server as the standard Medium v5, configured with all 16 DIMM slots populated at 1 TB DDR5-6400 and Intel TDX activated at the BIOS level. It is not a separate server model: it is the Medium v5 with the RAM upgrade and BIOS configuration required to operate TDX Trust Domains. This page describes that specific configuration and the workloads it is designed to serve: regulated data processing, multi-tenant isolation with cryptographic proof, healthcare PHI handling, and key management infrastructure that must demonstrate hardware-level boundaries to auditors.
Key Takeaways
- Intel TDX active – hardware-isolated Trust Domains prevent the hypervisor, firmware, and other VMs from accessing protected workload memory, with remote attestation providing cryptographic proof of isolation to external parties.
- 1 TB DDR5-6400 across all 16 DIMM slots – the minimum RAM threshold required to activate TDX, providing full memory encryption via TME-MK with up to 1,024 distinct encryption keys.
- Intel SGX alongside TDX – SGX enclaves (128 GB EPC) remain available for application-layer isolation while TDX protects the VM layer, supporting defense-in-depth isolation architectures.
- HIPAA-eligible infrastructure – OpenMetal holds org-level HIPAA compliance and offers BAAs; the Ashburn facility (NTT DATA VA1) holds HIPAA at the facility operator level.
- Dedicated hardware, no shared tenancy – TDX isolation is meaningful only on hardware you control; co-tenanted servers undermine the threat model TDX is designed to address.
- Fixed monthly pricing with optional 5-year price lock – no per-hour billing uncertainty for regulated workloads with multi-year audit cycles.
Server Configuration at a Glance
| Component | Specification |
|---|---|
| Processor | 2x Intel Xeon 6505P (Granite Rapids, Intel 3) |
| Total Cores / Threads | 24 cores / 48 threads |
| Base / Max Turbo Frequency | 2.2 GHz base / 4.1 GHz max turbo |
| L3 Cache | 48 MB per socket (96 MB total) |
| TDP | 150 W per socket |
| Memory | 1 TB DDR5-6400 · all 16 DIMM slots populated (16x 64 GB) |
| Boot Storage | 2x 960 GB NVMe (RAID 1) |
| Data Storage | 1x 6.4 TB Micron 7500 MAX NVMe |
| Max Drive Bays | 4 data drives (up to 25.6 TB) |
| Private Bandwidth | 2x 10 Gbps LACP bond (20 Gbps aggregate) |
| Public Bandwidth | 6 Gbps included · bursts to 40 Gbps |
| PCIe | Gen 5.0 · 88 lanes per processor |
| Intel TDX | Active – Trust Domains enabled, remote attestation available |
| Intel SGX | Active – 128 GB EPC |
| Intel TME-MK | Active – up to 1,024 memory encryption keys |
| Pricing | Fixed monthly – see openmetal.io/bare-metal-pricing |
Ready to Deploy a Medium v5 TDX Edition?
Tell us about your workload and we’ll help you configure the right deployment — bare metal or Hosted Private Cloud, in any of our four data center regions.
Hardware architecture overview for the Bare Metal Dedicated Server Medium V5 Tdx
Intel TDX on the Medium v5: How It Works
Intel TDX (Trust Domain Extensions) is a hardware virtualization feature built into the Xeon 6505P that creates cryptographically isolated execution environments called Trust Domains (TDs). A TD runs as a confidential VM: its memory is encrypted with a unique key managed by the CPU, and neither the hypervisor, the VMM, nor any other VM on the same physical host can read or modify its memory contents.
Three properties distinguish TDX from software-only isolation: memory encryption (each TD’s memory pages are encrypted with a TD-specific key, with no software component having access to raw key material); remote attestation (a relying party can request a signed measurement of the TD’s firmware, configuration, and runtime state, rooted in hardware keys that cannot be forged in software); and measured boot (the boot sequence from firmware through guest OS is logged in a hardware-maintained event log, with any deviation detectable by the attestation verifier).
On the Medium v5, TDX is activated when 1 TB of RAM is installed (16x 64 GB DIMMs) and BIOS is configured. This is a customer-initiated configuration, handled during server provisioning or as an upgrade to a deployed server. OpenMetal’s team can assist with the BIOS configuration step.
Memory: 1 TB at Full Slot Population
The TDX Edition ships with all 16 DIMM slots populated using 64 GB DDR5-6400 RDIMMs, totalling 1 TB. This is the minimum configuration for TDX activation on the Xeon 6505P platform. At 6,400 MT/s across 8 memory channels per socket, aggregate memory bandwidth reaches approximately 409 GB/s per socket – sufficient for large in-memory workload footprints that operate under TDX protection.
TME-MK (Total Memory Encryption – Multi-Key) operates across all 1 TB, with up to 1,024 encryption keys available for simultaneous assignment. This supports high-density confidential VM deployments where each tenant TD holds a distinct key, ensuring that memory pages from one TD are cryptographically opaque to all others even in the event of a physical memory access.
No further RAM upgrades are available at this configuration; all DIMM slots are occupied.
Storage
Boot and data isolation
Boot/data isolation applies to the TDX Edition in the same way as the standard Medium v5: two 960 GB NVMe boot drives in RAID 1 operate independently from the data bays. The OS volume running the TDX host environment is separate from data storage used by confidential VMs.
Micron 7500 MAX data drives
For workloads processing regulated data – PHI, financial records, cryptographic key material – the 6.4 TB Micron 7500 MAX NVMe data drive provides dedicated, persistent storage that survives reboots and does not share physical media with other customers. Persistent NVMe storage is a prerequisite for regulated workloads that cannot tolerate ephemeral storage loss. Up to three additional drives can be added for 25.6 TB total.
| Metric | 6.4 TB Model |
|---|---|
| Interface | PCIe Gen4 x4, NVMe v2.0b |
| NAND | 232-layer 3D TLC (6-plane architecture with iWL) |
| Sequential Read | 7,000 MB/s |
| Sequential Write | 5,900 MB/s |
| Random Read (4 KB) | 1,100,000 IOPS |
| Random Write (4 KB) | 400,000 IOPS |
| QoS | Sub-1 ms at 99.9999% (6-nines) for 4 KB random read |
| Endurance | 35,040 TBW · 3 DWPD |
| Warranty | 5 years |
Source: Micron 7500 NVMe SSD Tech Product Spec Rev. A 10/2023.
Networking
The Medium v5 TDX Edition carries the same networking configuration as the standard server: two 10 Gbps NICs in LACP bond (20 Gbps aggregate private), 6 Gbps public with burst to 40 Gbps, and VLAN-segmented private networks included without east-west metering. For confidential computing deployments, traffic isolation at the network layer complements TDX memory isolation: tenant VMs operate on separate VLANs, ensuring that network-layer and memory-layer boundaries are independently enforced.
DDoS protection is included for up to 10 Gbps per IP. Network SLA is 99.96%, with measured uptime exceeding 99.99% from 2022 through Q1 2026.
Egress pricing: 95th-percentile billing, not per-GB transfer.
Public egress is billed at the 95th percentile above the included base allotment, discarding the five busiest hours each week before calculating the rate. Regulated workloads with compliance-driven audit log exports, encrypted backup transfers, or attestation traffic pay for their sustained rate, not their infrequent peaks. See OpenMetal egress billing for details.
Security and Confidential Computing
Intel TDX is active on the Medium v5 TDX Edition. Each confidential VM runs as a Trust Domain with hardware-enforced memory encryption, remote attestation capability, and measured boot logging. The Xeon 6505P supports up to 1,024 TME-MK encryption keys, enabling dense multi-tenant confidential VM deployments where each TD is cryptographically isolated from all others, including the host OS and hypervisor.
Remote attestation generates ECDSA-signed quotes rooted in Intel-provisioned keys. These quotes can be verified by a third-party attestation service (Intel Tiber Trust Services or a self-hosted verifier) to confirm that a given TD is running unmodified on genuine hardware with the expected firmware configuration. This chain of cryptographic evidence satisfies the technical requirements of auditors evaluating hardware-level isolation for regulated workloads.
Intel SGX remains available alongside TDX on the TDX Edition. SGX operates at the application layer: enclaves protect specific code and data within a process, with 128 GB of Enclave Page Cache (EPC) available. For architectures that require both VM-level isolation (TDX) and application-level enclave execution (SGX), such as key management services that generate keys inside an enclave and attest to their provenance, both are available simultaneously on the same server.
- AES-NI – hardware-accelerated encryption for at-rest and in-transit workloads without software overhead
- Intel Boot Guard – firmware-to-OS measured boot chain, integral to the TDX attestation measurement
- Control-Flow Enforcement Technology (CET) – ROP/JOP protection for the host environment and guest VMs
HIPAA and Regulatory Compliance
OpenMetal holds HIPAA compliance at the organizational level and offers BAAs for healthcare workloads processed on Medium v5 TDX Edition servers. Medium v5 servers in Ashburn are hosted at NTT DATA VA1, which holds HIPAA as a facility-operator certification alongside SOC 1/2 Type II, ISO 27001, ISO 50001, PCI DSS, and NIST 800-53 HIGH. Los Angeles (Digital Realty LAX10) holds SOC 2, SOC 3, ISO 27001, and PCI DSS at the facility level – HIPAA at that location is OpenMetal org-level only, not a LAX10 facility certification. Amsterdam (Digital Realty AMS3) holds SOC 1/2, PCI-DSS, ISO 27001, ISO 50001, and ISO 22301. Singapore (Digital Realty SIN10) holds BCA Green Mark Platinum; additional certs not confirmed in official data sheet.
The combination of TDX hardware isolation, SGX enclave capability, measured boot, and facility-level compliance certifications at Ashburn positions the Medium v5 TDX Edition for workloads subject to HIPAA, PCI DSS, SOC 2, and NIST 800-53 audit frameworks.
Recommended Workloads on the Medium v5 TDX Edition
Healthcare PHI Processing
Electronic health record systems, clinical data pipelines, and analytics workloads processing protected health information require both technical and administrative safeguards under HIPAA. TDX provides the technical isolation layer: PHI processed inside a Trust Domain is inaccessible to the hypervisor, firmware, and other tenants on the same server. Remote attestation generates auditable evidence that the workload ran on hardware meeting the configured security baseline – suitable for inclusion in HIPAA risk assessments and audit documentation. Deploy EHR workloads in Ashburn (HIPAA facility cert) or any region under OpenMetal’s organizational BAA coverage.
Financial Services and PCI DSS Workloads
Payment processing systems, transaction databases, and audit log infrastructure subject to PCI DSS require cardholder data environments to be isolated from other systems. TDX enforces this boundary at the hardware level: cardholder data in a TD is cryptographically isolated from co-located non-CDE workloads. The Ashburn and Amsterdam facilities hold PCI DSS certifications at the facility operator level, supporting the physical environment controls required by PCI DSS requirements 9 and 12. Fixed monthly pricing supports the predictable infrastructure cost modeling required for SOX-covered technology expense reporting.
Multi-Tenant SaaS Isolation
SaaS platforms running tenant workloads with strict data isolation requirements – legal tech, HR platforms, financial SaaS – can use TDX Trust Domains to enforce hardware-level tenant separation beyond OS-level namespace or container isolation. Each tenant TD runs with its own memory encryption key; a compromise at the hypervisor layer does not expose other tenants’ memory. SGX enclaves can further protect tenant-specific cryptographic operations (key generation, signing) at the application layer. LACP-bonded 20 Gbps private networking supports high-density inter-tenant traffic patterns without cross-tenant billing.
Key Management Infrastructure
Hardware Security Module alternatives and key management services (HashiCorp Vault, self-hosted KMS, EJBCA) benefit from TDX and SGX on the same platform. SGX enclaves protect key generation and cryptographic operations from the host OS; TDX protects the key management VM from the hypervisor layer. Remote attestation lets relying parties verify that a key was generated on hardware meeting a specific security configuration – a property required by some regulated key custody frameworks. The 20 Gbps private VLAN provides high-throughput key service access across internal workloads without exposing key material over the public internet.
Confidential Machine Learning
ML workloads processing proprietary training data or sensitive inference inputs – medical imaging, financial modeling, protected genomic data – benefit from TDX isolation when model IP and input data must remain inaccessible to infrastructure operators. Run ONNX Runtime, TensorFlow Serving, or OpenVINO inside a TDX Trust Domain: the inference pipeline is protected from the host OS during execution, and attestation provides verifiable evidence of the execution environment to data owners before sensitive inputs are submitted. The Xeon 6505P’s AMX and AVX-512 instruction support handles the underlying compute without a GPU requirement.
Sovereign Cloud and Data Residency
Government agencies, regulated financial institutions, and organizations subject to data residency mandates (GDPR, data localization laws) can deploy on Medium v5 TDX Edition servers in the region that satisfies their residency requirement – US-East (Ashburn), US-West (Los Angeles), EU-West (Amsterdam), or Asia (Singapore). TDX remote attestation generates evidence that workloads ran within a specific, verifiable hardware boundary, supporting data residency audit trails. OpenMetal’s VLAN isolation ensures no cross-customer data paths exist at the network layer.
Ready to Deploy a Medium v5 TDX Edition?
Tell us about your workload and we’ll help you configure the right deployment — bare metal or Hosted Private Cloud, in any of our four data center regions.
How the Medium v5 TDX Edition Compares to Public Cloud
AWS Nitro Enclaves provide an application-layer isolated environment within a single EC2 instance . Nitro Enclaves are designed for secrets processing and credential isolation within a VM; they do not provide full VM-level memory isolation across tenant boundaries. Intel TDX on the Medium v5 TDX Edition provides isolation at the VM layer: the hypervisor itself cannot access TD memory, a stronger boundary than Nitro’s enclaves-within-an-instance model.
AWS infrastructure for regulated workloads typically requires selecting specific HIPAA-eligible services and signing a BAA with AWS, with compliance responsibility shared under the shared responsibility model. OpenMetal’s TDX Edition provides hardware-level isolation on dedicated physical hardware – the threat model excludes the infrastructure operator by design, rather than by contractual boundary.
When AWS is the better fit: workloads requiring managed services tightly integrated with the AWS ecosystem (Macie, GuardDuty, HealthLake), global multi-region deployments with sub-50ms edge coverage, or total spend below $10k/month where AWS managed compliance tooling reduces operational overhead.
Medium v5 TDX Edition Deployment Options
Bare Metal Dedicated Server
The Medium v5 TDX Edition deploys as a bare metal server with TDX pre-activated. OpenMetal handles the BIOS configuration for TDX enablement during provisioning. IPMI access is provided for hardware-level management. Price locks up to 5 years support multi-year compliance program planning. Ramp pricing is available for migrations from existing environments.
→ View pricing: openmetal.io/bare-metal-pricing
Deploy a Medium v5 TDX Edition in Ashburn (Virginia), Los Angeles (California), Amsterdam (Netherlands), or Singapore, subject to regional availability at launch.
| Location | Region | Relevant Certifications | Location Page |
|---|---|---|---|
| Ashburn, VA | US-East | SOC1/2 Type II, ISO 27001, PCI DSS, NIST 800-53 HIGH, HIPAA (facility) | Ashburn |
| Los Angeles, CA | US-West | SOC2, SOC3, ISO 27001, PCI DSS | Los Angeles |
| Amsterdam, NL | EU-West | SOC1/2, PCI-DSS, ISO 27001, ISO 50001, ISO 22301 | Amsterdam |
| Singapore | Asia | BCA Green Mark Platinum | Singapore |
→ View pricing and configuration: openmetal.io/cloud-deployment-calculator
Both deployment paths: available across OpenMetal’s Tier III data center locations. Fixed monthly pricing applies regardless of utilization. No per-hour, per-query, or per-GB billing.
Get a Medium v5 TDX Edition Quote
Tell us about your infrastructure needs and we’ll provide a custom quote for the Medium v5 TDX Edition — as a standalone bare metal server or as part of a Hosted Private Cloud cluster.
- Bare metal: Single-server or multi-server deployments with full root access and IPMI
- Hosted Private Cloud: Three-node OpenStack + Ceph clusters with Day 2 operations included
- Custom configurations: RAM upgrades, additional NVMe drives, TDX enablement
Ramp pricing available for migrations. All deployments include fixed monthly pricing, 99.96%+ network SLA, and DDoS protection.
Specifications, pricing, and availability are subject to change without notice. The information on this page is provided for general guidance and does not constitute a contractual commitment. Contact OpenMetal for current configuration details and pricing. AWS specifications and pricing are sourced from publicly available documentation and may not reflect current rates or configurations.