Merge pull request #229221 from agowdamsft/agowdamsft-patch-acc-1

ACI Related Changes and Generic ACC updates

Author: Stacyrch140

articles/confidential-computing/TOC.yml

@@ -42,7 +42,7 @@
       items:
         - name: Create Intel SGX enclaves on AKS with CLI
           href: confidential-enclave-nodes-aks-get-started.md
-    - name: Confidential node pools in AKS
+    - name: Confidential VM node pools in AKS
       items:
         - name: Add a confidential VM node pool to your AKS cluster
           href: confidential-node-pool-aks.md
@@ -111,13 +111,13 @@
       items:
       - name: Confidential containers overview
         href: confidential-containers.md
+      - name: Confidential containers with Azure Container Instances (ACI)
+        href: confidential-containers.md#vm-isolated-confidential-containers-on-azure-container-instances-aci---public-preview
       - name: Confidential containers with Intel SGX enclaves
         href: confidential-containers-enclaves.md
-      - name: VM isolated confidential containers on Azure Container Instance 
-        href: https://techcommunity.microsoft.com/t5/azure-confidential-computing/microsoft-introduces-preview-of-confidential-containers-on-azure/ba-p/3410394
     - name: Confidential node pools on AKS
       items: 
-      - name: Confidential node pools in AKS (preview)
+      - name: Confidential VM node pools in AKS
         href: confidential-node-pool-aks.md
 - name: How To
   expanded: true

articles/confidential-computing/choose-confidential-containers-offerings.md

@@ -2,7 +2,8 @@
 title: Choose container offerings for confidential computing
 description: How to choose the right confidential container offerings to meet your security, isolation and developer needs.
 author: agowdamsft
-ms.service: container-service
+ms.service: virtual-machines 
+ms.subservice: confidential-computing
 ms.topic: conceptual
 ms.date: 11/01/2021
 ms.author: amgowda #ananyagarg
@@ -22,13 +23,11 @@ The diagram below will guide different offerings in this portfolio
 
 ## Links to container compute offerings
 
-**Azure Container Instances with Confidential containers (AMD SEV_SNP)** are the first serverless offering that helps protect your container deployments with confidential computing through AMD SEV-SNP technology. Read more on the product [here](https://aka.ms/ccacipreview).
+**Confidential VM worker nodes on AKS)** supporting full AKS features with node level VM based Trusted Execution Environment (TEE). Also support remote guest attestation. [Get started with CVM worker nodes with a lift and shift workload to CVM node pool.](../aks/use-cvm.md)
 
+**Unmodified containers with serverless offering** [confidential containers on Azure Container Instance (ACI)](./confidential-containers.md#vm-isolated-confidential-containers-on-azure-container-instances-aci---public-preview) supporting existing Linux containers with remote guest attestation flow.
 
-There are two programming and deployment models on Azure Kubernetes Service (AKS). 
-<!-- You can deploy containers with confidential application enclaves. This method of container deployments has the strongest security and compute isolation, with a lower Trusted Computing Base (TCB). Confidential containers based on Intel Software Guard Extensions (SGX) that run in the hardware-based Trusted Execution Environment (TEE) are available. These containers support lifting and shifting your existing container apps. Another option is to allow building custom apps with enclave awareness. -->
-
-**Unmodified containers** support higher programming languages on Intel SGX through the Azure Partner ecosystem of OSS projects. For more information, see the [unmodified containers deployment flow and samples](./confidential-containers.md).
+**Unmodified containers with Intel SGX** support higher programming languages on Intel SGX through the Azure Partner ecosystem of OSS projects. For more information, see the [unmodified containers deployment flow and samples](./confidential-containers.md).
 
 **Enclave-aware containers** use a custom Intel SGX programming model. For more information, see the [the enclave-aware containers deployment flow and samples](./enclave-aware-containers.md). 
 

articles/confidential-computing/confidential-containers-enclaves.md

@@ -6,7 +6,8 @@ author: agowdamsft
 ms.topic: article
 ms.date: 7/15/2022
 ms.author: amgowda
-ms.service: container-service
+ms.service: virtual-machines
+ms.subservice: confidential-computing
 ms.custom: ignite-fall-2021
 ---
 
@@ -15,7 +16,7 @@ ms.custom: ignite-fall-2021
 [Confidential containers](confidential-containers.md) help you run existing unmodified container applications of most **common programming languages** runtimes (Python, Node, Java etc.) in the Intel SGX based Trusted Execution Environment(TEE).
 This packaging model typically does not need any source-code modifications or recompilation and is the fastest method to run in Intel SGX enclaves. Typical deployment process for running your standard docker containers requires an Open-Source SGX Wrapper or Azure Partner Solution. 
 In this packaging and execution model each container application is loaded in the trusted boundary (enclave) and with a hardware-based isolation enforced by Intel SGX CPU. Each container running in an enclave receives its own memory encryption key delivered from the Intel SGX CPU.
-This model works well for off the shelf container applications available in the market or custom apps currently running on general purpose nodes
+This model works well for off the shelf container applications available in the market or custom apps currently running on general purpose nodes.
 To run an existing Docker container, applications on confidential computing nodes require an Intel Software Guard Extensions (SGX) wrapper software to help the container execution within the bounds of special CPU instruction set. 
 SGX creates a direct execution to the CPU to remove the guest operating system (OS), host OS, or hypervisor from the trust boundary. This step reduces the overall surface attack areas and vulnerabilities while achieving process level isolation within a single node.
 

articles/confidential-computing/confidential-containers.md

@@ -1,45 +1,52 @@
 ---
 title: Confidential containers on Azure
-description: Learn about unmodified lift and shift container support to confidential containers.
+description: Learn about unmodified container support with confidential containers.
 services: container-service
 author: agowdamsft
 ms.topic: article
-ms.date: 7/15/2022
+ms.date: 3/1/2023
 ms.author: amgowda
-ms.service: container-service
+ms.service: virtual-machines 
+ms.subservice: confidential-computing
 ms.custom: ignite-fall-2021
 ---
 
 # Confidential containers on Azure
 
-Confidential containers provide a set of features and capabilities to further secure your standard container workloads to achieve higher data security by running them in a Trusted Execution Environment (TEE). Azure offers a portfolio of capabilities through different confidential container options as discussed below.
+Confidential containers provide a set of features and capabilities to further secure your standard container workloads to achieve higher data security, data privacy and runtime code integrity goals. Confidential containers run in a hardware backed Trusted Execution Environment (TEE) that provide intrinsic capabilities like data integrity, data confidentiality and code integrity. Azure offers a portfolio of capabilities through different confidential container service options as discussed below.
 
 ## Benefits
-Confidential containers on Azure run within an enclave-based TEE or VM based TEE environments. Both deployment models help achieve high-isolation and memory encryption through hardware-based assurances. Confidential computing can enhance your deployment security posture in Azure cloud by protecting your memory space through encryption.
+Confidential containers on Azure run within an enclave-based TEE or VM based TEE environments. Both deployment models help achieve high-isolation and memory encryption through hardware-based assurances. Confidential computing can help you with your zero trust deployment security posture in Azure cloud by protecting your memory space through encryption. 
 
 Below are the qualities of confidential containers:
 
 - Allows running existing standard container images with no code changes (lift-and-shift) within a TEE
-- Allows establishing a hardware root of trust through remote guest attestation
-- Provides strong assurances of data confidentiality, code integrity and data integrity in a cloud environment
+- Ability to extend/build new applications that have confidential computing awareness
+- Allows to remotely challenge runtime environment for cryptographic proof that states what was initiated as reported by the secure processor 
+- Provides strong assurances of data confidentiality, code integrity and data integrity in a cloud environment with hardware based confidential computing offerings
 - Helps isolate your containers from other container groups/pods, as well as VM node OS kernel
 
-## VM Isolated Confidential containers on Azure Container Instances (ACI) - Private Preview
-Confidential Containers on ACI platform leverages VM-based trusted execution environments (TEEs) based on AMD’s SEV-SNP technology. The TEE provides memory encryption and integrity of the utility VM’s address space as well as hardware-level isolation from other container groups, the host operating system, and the hypervisor. The Root-of-Trust (RoT), which is responsible for managing the TEE, provides support for remote attestation, including issuing an attestation report which may be used by a relying party to verify that the utility VM has been created and configured on a genuine AMD SEV-SNP CPU. Read more on the product [here](https://aka.ms/ccacipreview)
+## VM Isolated Confidential containers on Azure Container Instances (ACI) - Public preview
+[Confidential containers on ACI](../container-instances/container-instances-confidential-overview.md) enables fast and easy deployment of containers natively in Azure and with the ability to protect data and code in use thanks to AMD EPYC™ processors with confidential computing capabilities. This is because your container(s) runs in a hardware-based and attested Trusted Execution Environment (TEE) without the need to adopt a specialized programming model and without infrastructure management overhead.  With this launch you get: 
+1.	Full guest attestation, which reflects the cryptographic measurement of all hardware and software components running within your Trusted Computing Base (TCB). 
+2.	Tooling to generate policies that will be enforced in the Trusted Execution Environment.
+3.	Open-source sidecar containers for secure key release and encrypted file systems. 
+
+:::image type="content" source="./media/confidential-containers/confidential-container-group.png" alt-text="Graphic of ACI.":::
 
 ## Confidential containers in an Intel SGX enclave through OSS or partner software
 Azure Kubernetes Service (AKS) supports adding [Intel SGX confidential computing VM nodes](confidential-computing-enclaves.md) as agent pools in a cluster. These nodes allow you to run sensitive workloads within a hardware-based TEE. TEEs allow user-level code from containers to allocate private regions of memory to execute the code with CPU directly. These private memory regions that execute directly with CPU are called enclaves. Enclaves help protect data confidentiality, data integrity and code integrity from other processes running on the same nodes, as well as Azure operator. The Intel SGX execution model also removes the intermediate layers of Guest OS, Host OS and Hypervisor thus reducing the attack surface area. The *hardware based per container isolated execution* model in a node allows applications to directly execute with the CPU, while keeping the special block of memory encrypted per container. Confidential computing nodes with confidential containers are a great addition to your zero-trust, security planning and defense-in-depth container strategy. Learn more on this capability [here](confidential-containers-enclaves.md)
 
 :::image type="content" source="./media/confidential-nodes-aks-overview/sgx-aks-node.png" alt-text="Graphic of AKS Confidential Compute Node, showing confidential containers with code and data secured inside.":::
 
-
 ## Questions?
 
 If you have questions about container offerings, please reach out to <[email protected]>.
 
 ## Next steps
 
 - [Deploy AKS cluster with Intel SGX Confidential VM Nodes](./confidential-enclave-nodes-aks-get-started.md)
+- [Deploy Confidential container group with Azure Container Instances](../container-instances/container-instances-tutorial-deploy-confidential-containers-cce-arm.md)
 - [Microsoft Azure Attestation](../attestation/overview.md)
 - [Intel SGX Confidential Virtual Machines](virtual-machine-solutions-sgx.md)
 - [Azure Kubernetes Service (AKS)](../aks/intro-kubernetes.md)

articles/confidential-computing/confidential-enclave-nodes-aks-get-started.md

@@ -2,9 +2,10 @@
 title: 'Quickstart: Deploy an AKS cluster with Enclave Confidential Container Intel SGX nodes by using the Azure CLI'
 description: Learn how to create an Azure Kubernetes Service (AKS) cluster with enclave confidential containers a Hello World app by using the Azure CLI.
 author: agowdamsft
-ms.service: confidential-computing
+ms.service: virtual-machines 
+ms.subservice: confidential-computing
 ms.topic: quickstart
-ms.date: 11/1/2021
+ms.date: 3/1/2023
 ms.author: amgowda
 ms.custom: contentperf-fy21q3, devx-track-azurecli, ignite-fall-2021, mode-api
 ---
@@ -30,10 +31,6 @@ Features of confidential computing nodes include:
 
 This quickstart requires:
 
-- An active Azure subscription. If you don't have an Azure subscription, [create a free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
-- Azure CLI version 2.0.64 or later installed and configured on your deployment machine.
-
-  Run `az --version` to find the version. If you need to install or upgrade, see [Install the Azure CLI](../container-registry/container-registry-get-started-azure-cli.md).
 - A minimum of eight DCsv2/DCSv3/DCdsv3 cores available in your subscription.
 
   By default, there is no pre-assigned quota for Intel SGX VM sizes for your Azure subscriptions. You should follow [these instructions](../azure-portal/supportability/per-vm-quota-requests.md) to request for VM core quota for your subscriptions.
@@ -42,11 +39,13 @@ This quickstart requires:
 
 Use the following instructions to create an AKS cluster with the Intel SGX add-on enabled, add a node pool to the cluster, and verify what you created with hello world enclave application.
 
-### Create an AKS cluster with a system node pool
+### Create an AKS cluster with a system node pool and AKS Intel SGX Addon
 
 > [!NOTE]
 > If you already have an AKS cluster that meets the prerequisite criteria listed earlier, [skip to the next section](#add-a-user-node-pool-with-confidential-computing-capabilities-to-the-aks-cluster) to add a confidential computing node pool.
 
+Intel SGX AKS Addon "confcom" exposes the Intel SGX device drivers to your containers to avoid added changes to your pod yaml.
+
 First, create a resource group for the cluster by using the [az group create][az-group-create] command. The following example creates a resource group named *myResourceGroup* in the *eastus2* region:
 
 ```azurecli-interactive
@@ -60,7 +59,7 @@ az aks create -g myResourceGroup --name myAKSCluster --generate-ssh-keys --enabl
 ```
 The above command will deploy a new AKS cluster with system node pool of non confidential computing node. Confidential computing Intel SGX nodes are not recommended for system node pools.
 
-### Add an user node pool with confidential computing capabilities to the AKS cluster<a id="add-a-user-node-pool-with-confidential-computing-capabilities-to-the-aks-cluster"></a>
+### Add a user node pool with confidential computing capabilities to the AKS cluster<a id="add-a-user-node-pool-with-confidential-computing-capabilities-to-the-aks-cluster"></a>
 
 Run the following command to add a user node pool of `Standard_DC4s_v3` size with three nodes to the AKS cluster. You can choose another larger sized SKU from the [list of supported DCsv2/DCsv3 SKUs and regions](../virtual-machines/dcv3-series.md).
 

articles/confidential-computing/confidential-node-pool-aks.md

@@ -6,7 +6,8 @@ author: ananyagarg
 ms.topic: article
 ms.date: 10/04/2022
 ms.author: ananyagarg
-ms.service: azure-kubernetes-service
+ms.service: virtual-machines 
+ms.subservice: confidential-computing
 ms.custom: inspire-fall-2022, ignite-2022
 ---
 

articles/confidential-computing/confidential-nodes-aks-addon.md

@@ -2,8 +2,8 @@
 title: Azure Kubernetes Service plugin for confidential VMs
 description: How to use the Intel SGX device plugin and Intel SGX quote helper daemon sets for confidential VMs with Azure Kubernetes Service.
 author: agowdamsft
-ms.service: virtual-machines
-ms.subservice: workloads
+ms.service: virtual-machines 
+ms.subservice: confidential-computing
 ms.workload: infrastructure
 ms.topic: article
 ms.date: 11/01/2021
@@ -67,7 +67,7 @@ Each container needs to opt in to use out-of-proc quote generation by setting th
 An application can still use the in-proc attestation as before. However, you can't simultaneously use both in-proc and out-of-proc within an application. The out-of-proc infrastructure is available by default and consumes resources.
 
 > [!NOTE]
-> If you are using a Intel SGX wrapper software (OSS/ISV) to run you unmodified containers the attestation interaction with hardware is typically handled for your higher level apps. Please refer to the attestation implementation per provider. 
+> If you are using a Intel SGX wrapper software (OSS/ISV) to run your unmodified containers the attestation interaction with hardware is typically handled for your higher level apps. Please refer to the attestation implementation per provider. 
 
 ### Sample implementation