The OpenMetal Bare Metal Dedicated Server XL v4 TDX Edition is not a separate server model — it is the XL v4 in its standard 1TB RAM configuration, with Intel Trust Domain Extensions active out of the box. Every XL v4 that OpenMetal ships meets the full DIMM population requirement that Intel TDX demands, which means confidential computing is available from day one without a customer-initiated RAM upgrade or configuration change. For workloads that require hardware-isolated, memory-encrypted execution environments — regulated healthcare data, confidential AI inference, multi-tenant SaaS isolation, or cryptographic key management — the XL v4 provides TDX at the baseline price, with no TDX surcharge.
Key Takeaways
- Intel TDX active by default — no RAM upgrade, no configuration ticket, no additional cost; every XL v4 ships at the 1TB RAM level that Intel requires for Trust Domain activation
- 64 dedicated cores / 128 threads with hardware-isolated Trust Domains — workloads running inside a TDX Trust Domain are encrypted in memory and cannot be accessed by the host OS, other VMs, or OpenMetal operators
- Intel SGX with 128GB max EPC provides application-level enclave isolation in parallel with TDX — two layers of confidential computing on the same server for different isolation granularities
- HIPAA BAA available at the organizational level — for healthcare workloads running PHI inside TDX enclaves, OpenMetal will execute a Business Associate Agreement; facility certifications apply per location
- 25.6TB Micron 7500 MAX NVMe with boot/data isolation — data drives are separated from the OS path, allowing TDX-protected workload storage to be wiped independently on decommission
- Fixed monthly pricing — see openmetal.io/bare-metal-pricing
Config at a Glance
| Processor | 2x Intel Xeon Gold 6530 (Emerald Rapids, 5th Gen Intel Xeon Scalable) |
| Total Cores / Threads | 64 cores / 128 threads |
| Base / Max Turbo | 2.10 GHz / 4.0 GHz |
| L3 Cache | 160MB per socket (320MB total) |
| Memory | 1024GB (1TB) DDR5 4800MHz ECC — 16 DIMM slots, all populated |
| Boot Storage | 2x 960GB RAID 1 |
| Data Storage | 4x Micron 7500 MAX 6400GB NVMe U.3 (25.6TB usable) |
| Max Drive Bays | 10 total |
| Private Bandwidth | 20Gbps (2x 10Gbps LACP bonded) |
| Public Bandwidth | 6 Gbps |
| Intel TDX | Enabled by default (all 16 DIMMs populated) |
| Intel SGX | Yes with Intel SPS — max 128GB EPC |
| TME-MK | Enabled — per-VM memory encryption |
| Pricing | Fixed monthly — see openmetal.io/bare-metal-pricing |
Why TDX on Bare Metal?
Confidential computing on shared cloud infrastructure places trust boundaries inside a multi-tenant hypervisor stack — the cloud provider’s firmware, hypervisor, and management layer can still access the physical server. On OpenMetal bare metal, there is no co-tenant sharing the physical hardware. The XL v4 is a single-tenant server: one customer owns all 64 cores, all 1TB of RAM, and all NVMe drives. TDX adds a second isolation layer on top of that — even within a multi-VM deployment on a single XL v4, each Trust Domain is hardware-encrypted and isolated from the host OS and from other VMs. This is the correct architecture for workloads that must protect data from the infrastructure operator, not just from other tenants.
Processor: AMX, QAT, and Confidential AI
The Xeon Gold 6530 (Emerald Rapids, 5th Gen, Intel 7) provides Intel AMX for BF16 and INT8 matrix acceleration alongside TDX — enabling confidential AI inference directly inside Trust Domains. Quantized language models, embedding generation, and recommendation engines can run inside a hardware-isolated enclave where neither the host OS nor OpenMetal operators can observe model inputs, outputs, or intermediate state. Intel QAT handles cryptographic preprocessing (TLS termination, AES operations) without adding CPU overhead on the compute cores, keeping inference throughput high even in encryption-heavy pipelines.
TDX and AMX operate concurrently — there is no performance penalty on the matrix acceleration hardware when TDX isolation is active.
Memory: Trust Domain Isolation
TDX works by assigning physical memory pages to Trust Domains, encrypting each domain’s pages with a unique key that only the CPU and the guest OS can access. The 1TB of DDR5 4800MHz RAM across 16 DIMM slots provides the memory budget required for this isolation. With 614 GB/s of memory bandwidth system-wide, large Trust Domains — hosting 64GB, 128GB, or larger confidential VMs — can move data between CPU and RAM at full speed without decryption bottlenecks.
For multi-tenant deployments running several Trust Domains simultaneously, the 1TB base capacity provides substantial headroom: 8 × 100GB isolated VMs, 16 × 50GB enclaves, or any partition that fits within available physical RAM. Memory above each Trust Domain’s allocation remains encrypted and inaccessible to other domains.
Storage: Data Isolation for Confidential Workloads
TDX protects data in memory; NVMe drives protect data at rest. The XL v4’s boot/data isolation architecture ensures that the OS drive pool (2x 960GB RAID 1) never co-mingles with application data drives (4x Micron 7500 MAX). For regulated workloads running PHI or financial records inside TDX enclaves, this separation allows data drives to be independently verified and wiped on decommission without touching the OS partition.
The Micron 7500 MAX delivers 1.1M random read IOPS and 400K random write IOPS per drive, and the sub-1ms 6-nines QoS guarantee means that database operations inside a Trust Domain are not I/O-constrained. See the primary XL v4 spec page for full drive performance numbers.
Networking: Isolated Traffic at 20Gbps
All 20Gbps of private bandwidth and the 6Gbps public uplink are available to Trust Domain workloads without restriction. East-west traffic between VMs inside the same XL v4 (or between XL v4 nodes in a cluster) transits the OpenMetal private VLAN and is unmetered. Public egress is billed on the 95th-percentile model — confidential AI inference APIs, encrypted data pipelines, and external attestation service calls do not accumulate per-GB egress charges for burst traffic.
Security, Compliance, and Confidential Computing
TDX is the headline capability of the XL v4 TDX Edition, but the Gold 6530 platform provides a layered security architecture beneath it. Intel SGX supports application-level enclaves of up to 128GB EPC alongside TDX — a key management service, for example, can run in an SGX enclave while the larger application workload runs inside a TDX Trust Domain. TME-MK adds per-VM AES encryption across the full DRAM range. Boot Guard verifies the UEFI firmware before loading, preventing pre-OS compromise of the trusted execution environment. CET provides hardware control-flow integrity that protects the integrity of code running inside Trust Domains.
- Intel TDX — full VM memory isolation with hardware-encrypted Trust Domains, enabled by default
- Intel SGX — application-level enclaves up to 128GB EPC, available alongside TDX
- TME-MK — per-VM total memory encryption at the platform level
- Intel Boot Guard — firmware attestation for trusted boot chain integrity
- Intel AES-NI — hardware AES acceleration, zero CPU overhead on encryption workloads
- Intel CET — control-flow enforcement for code integrity inside enclaves and Trust Domains
HIPAA and Regulatory Compliance
OpenMetal executes HIPAA Business Associate Agreements (BAAs) at the organizational level. For healthcare workloads running PHI inside TDX enclaves on the XL v4 TDX Edition, OpenMetal’s BAA covers the infrastructure layer. Facility-level certifications (SOC 2, PCI DSS, NIST 800-53) are held by the data center operators at each location.
XL v4 TDX Edition servers deployed in Ashburn are hosted at an NTT DATA facility that holds HIPAA as a facility-operator certification, alongside SOC 1/2 Type II, ISO 27001, PCI DSS, and NIST 800-53 HIGH. Los Angeles (Digital Realty): SOC 2, SOC 3, ISO 27001, PCI DSS — HIPAA at Los Angeles is OpenMetal organizational-level only. Amsterdam (Digital Realty): SOC 1/2, PCI-DSS, ISO 27001, ISO 50001, ISO 22301. Singapore (Digital Realty): BCA Green Mark Platinum. Contact OpenMetal to confirm compliance posture for your specific deployment location.
Recommended Workloads
Regulated financial data processing
Algorithmic trading systems, risk calculation engines, and financial record processing that must isolate computation from the infrastructure operator benefit from TDX’s hardware attestation and memory encryption. Audit trails can include attestation reports confirming that calculations occurred inside a verified Trust Domain. Fixed monthly pricing eliminates the variable cost exposure that makes public cloud financial workloads difficult to budget.
Healthcare PHI processing and inference
Electronic health records, medical imaging pipelines, and clinical ML inference running inside TDX Trust Domains satisfy the technical safeguard requirements for PHI handling. OpenMetal’s HIPAA BAA covers the infrastructure layer; TDX provides the hardware isolation that prevents PHI from being accessible to the host OS or adjacent processes. CPU-based inference with AMX eliminates the need to push PHI to a GPU — a significant attack surface reduction for confidential medical AI pipelines.
Multi-tenant SaaS isolation
SaaS providers running multiple customer workloads on a single physical server can use TDX to provide contractual hardware isolation between tenants. Each customer’s application runs in a separate Trust Domain with encrypted memory — a compromise of one tenant’s VM cannot read the memory of another tenant’s Trust Domain. For SaaS providers with enterprise customers who require hardware isolation in their contracts, TDX on bare metal satisfies that requirement at a lower cost than provisioning separate physical servers per tenant.
Cryptographic key management and attestation services
Hardware Security Module (HSM) alternatives, certificate authorities, and attestation services that require hardware root-of-trust operate correctly inside SGX enclaves on the XL v4. TDX and SGX can run simultaneously — the key management enclave runs in SGX while the broader application infrastructure runs inside a TDX Trust Domain. Remote attestation confirms that the enclave is running on genuine Intel hardware with expected firmware and software configurations.
Confidential AI inference at scale
LLM inference, embedding generation, and RAG pipelines that process private user data (contracts, medical records, financial documents) can run inside TDX Trust Domains where model inputs and outputs are encrypted in memory. AMX acceleration provides BF16 matrix multiply throughput for quantized model inference. This is the CPU-based confidential AI path — for GPU-accelerated confidential training, contact OpenMetal about GPU server configurations.
Sovereign and jurisdictional cloud deployments
Organizations with data residency requirements (GDPR Article 46, sector-specific data localization rules) can deploy XL v4 TDX servers in Ashburn, Los Angeles, Amsterdam, or Singapore and combine jurisdictional data placement with hardware-level memory isolation. TDX’s attestation capability provides verifiable proof that workloads ran in a specific physical location — useful for audit requirements that mandate location verification.
Ready to Deploy a Confidential Computing Environment?
Tell us about your workload — regulated data, multi-tenant isolation, or confidential AI inference — and we’ll configure the right XL v4 TDX deployment.
Deployment Options
Bare Metal Dedicated Server (TDX)
Single-tenant server with TDX active by default. Full root access, IPMI console, no shared tenancy. Customer configures Trust Domain partitioning per their workload architecture. Fixed monthly pricing, price locks up to 5 years, ramp pricing for migrations.
Where to deploy
Deploy an XL v4 TDX Edition in Ashburn, Los Angeles, Amsterdam, or Singapore.
| Location | Region | Certifications | Location Page |
|---|---|---|---|
| Ashburn, VA | US-East | SOC 1/2 Type II, ISO 27001, PCI DSS, NIST 800-53 HIGH, HIPAA (facility) | Ashburn |
| Los Angeles, CA | US-West | SOC 2, SOC 3, ISO 27001, PCI DSS | Los Angeles |
| Amsterdam | EU-West | SOC 1/2, PCI-DSS, ISO 27001, ISO 50001, ISO 22301 | Amsterdam |
| Singapore | Asia | BCA Green Mark Platinum | Singapore |
Get a XL v4 TDX Quote
Tell us about your infrastructure needs and we’ll provide a custom quote for the XL v4 TDX.
- Bare metal TDX: Single-server with Trust Domain Extensions enabled, full IPMI access
- Custom configurations: Additional NVMe drives, SGX enclave sizing guidance
- HIPAA BAA: Available for healthcare and regulated workloads
All deployments include fixed monthly pricing, 99.96%+ network SLA, and DDoS protection.
Ramp pricing available for migrations. All deployments include fixed monthly pricing, 99.96%+ network SLA, and DDoS protection.
Product specifications, pricing, and availability may change due to market conditions and other factors. For the most current information, please contact the OpenMetal team directly.