QingTian Enclave
What Is QingTian Enclave?
QingTian Enclave is an advanced security feature based on the Huawei Cloud QingTian architecture and allows you to create a secure, isolated execution environment. QingTian Enclave instances are completely separate VMs and have no persistent storage, interactive access, or external networking. They communicate with the parent instance through a secure local channel, which is called vsock. Even the root user of the parent instance cannot access or SSH into QingTian Enclave instances.
Application Scenarios
QingTian Enclave allows you to create isolated execution environments from ECS instances to secure your sensitive data, such as personal identity information, keys, healthcare data, financial data, and intellectual property data. In this way, you can ensure the data confidentiality and reduce the attack surface area during the processing of sensitive data.
Advantages
- Superb Isolation and Security
QingTian Enclave instances are completely separate VMs and have no persistent storage, interactive access, or external networking. They communicate with the parent instance through a secure local channel, which is called vsock. Even the root user of the parent instance cannot access or SSH into QingTian Enclave instances.
- Cryptographic Attestation
QingTian Enclave instances support cryptographic attestation. The instances use cryptographic attestation to prove their identities and build trust with external services. The attestation process uses an attestation document that includes the measurements of the QingTian Enclave runtime environment. These measurements can be used to create access control policies in external services to control access to specific operations for specific QingTian Enclave instances.
- Flexibility
You can create QingTian Enclave instances with different combinations of vCPUs and memory. QingTian Enclave combines hardware and software. It is processor agnostic and compatible with any programming language or framework. In addition, since many components of QingTian Enclave are open-sourced, you can even check and verify the code by yourself.
- Multiple QingTian Enclaves Support
You can create multiple separate, isolated QingTian Enclave security zones on a parent instance for confidential computing.
- O&M Automation
Automatic live migration is supported to prevent hardware and software faults and improve reliability.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
