A Deep Dive into Google Cloud Confidential Computing with SUSE Linux Enterprise Server: A Practical Guide

Introduction

We are excited to introduce a new resource for our users interested in hands-on experience with confidential computing on Google Cloud. Building on our recent collaborative blog post with Google Cloud about how SUSE Linux Enterprise Server (SLES) integrates with Google Cloud Confidential Computing, we have created a new video to guide you through the practical steps of deploying a confidential VM.

This blog post will expand on the foundational ideas from our previous collaboration, focusing on practical steps from the video and exploring a crucial topic that resonates deeply with our users: digital sovereignty.

From Theory to Practice

Our previous blog post highlighted the strong security partnership between SUSE and Google Cloud, showing how SLES enhances the guest OS layer while Google Cloud Confidential VMs offer hardware-level protection. To make this technology more accessible, we’ve created the following demonstration video

SUSE Confidential Computing on Google Cloud with SLES

In this video, you will learn how to:

• Deploy a Confidential Computing virtual machine using both the Google Cloud Console and the command-line interface (CLI).
• Select and configure the appropriate machine type and operating system, including support for AMD SEV and Intel TDX technologies.
• Learn the essential setup steps for a secure and confidential environment.

This video complements our initial blog post by offering a visual, step-by-step guide to help you create and secure your own confidential computing environment.

Digital Sovereignty: A Cornerstone of Confidential Computing

A key part of moving sensitive workloads to the cloud is maintaining control and ownership of your data. This is where confidential computing and digital sovereignty meet. Digital sovereignty refers to an organization or country’s ability to govern its own data, infrastructure, and future in the digital world. Confidential Computing is a crucial tool for this. By utilizing hardware-based Trusted Execution Environments (TEEs), Confidential VMs encrypt data during processing—keeping it safe even from the cloud provider. With SLES on Google Cloud Confidential VMs, you can achieve stronger guarantees for your digital sovereignty by:

• Retaining Control: Your data remains encrypted in memory, with encryption keys managed securely by the hardware and inaccessible to the cloud provider.
• Limiting Access: Only authorized workloads can access and process the encrypted data within the TEE.
• Enhancing Compliance: For regulated industries, this layered security approach helps fulfill strict data protection and residency requirements, making it easier to migrate sensitive workloads to the cloud.

This joint solution emphasizes that you, as the data owner, remain in control at all times, regardless of where your data is processed.