July 12, 2022 By Angel Nunez Mencias 4 min read

Announcing the next generation of IBM Hyper Protect Virtual Servers in IBM’s Confidential Computing solution portfolio – IBM Hyper Protect Virtual Servers for Virtual Private Cloud (VPC).

This new version takes advantage of Secure Execution technology to further enhance the protective boundary that Hyper Protect offers and lays the groundwork for a Kubernetes-based future.

Gartner estimates that by 2027, more than 90% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 40% in 2021. [1]

Companies are containerizing their applications in a large-scale effort to modernize and move to cloud, but security is still a top concern. Hackers are exploiting the vulnerabilities of exposed containers by injecting malicious code and escalating privileged access.

IBM Hyper Protect Virtual Servers for VPC is designed to protect cloud-native applications with open container initiative (OCI) deployments that utilize confidential computing. Unique to the market, IBM offers a solution with Secure Execution for Linux.

This new product in the Hyper Protect family is the next generation of Hyper Protect Virtual Servers and a stepping stone to a Kubernetes-based offering. The protection boundary moves from the logical partition level (which includes the operating system and application) to complete isolation of the application from the operating system. Customers’ code and data are exclusively controlled by their admins — no exceptions.

Hyper Protect Virtual Servers for VPC is developer-friendly and designed to use industry-standard open-container initiative (OCI) images with a standard user interface to provision, manage, maintain and monitor in the Virtual Private Cloud (VPC) Infrastructure of IBM Cloud. By leveraging VPC, this next generation of Hyper Protect Virtual Servers gains additional network security, as well.

Hyper Protect Virtual Servers for VPC is available in Sao Paolo and Toronto Multi-Zone Regions (MZRs) to start, with London, Washington D.C. and Tokyo to come throughout July and August 2022

Key features

  1. Secure execution: Enjoy technical assurance that unauthorized users — including IBM Cloud admins — do not have access to the application. Workloads are locked down by individual, instance-level secure boundaries
  2.  Multi-party contract and attestation of deployment: Apply Zero Trust principles from workload development through deployment. As multiple personas and legal entities collaborate, it is essential to separate duty and access. Hyper Protect Virtual Servers for VPC is based on an encrypted contract concept, which enables each persona to provide their contribution, while being ensured through encryption that none of the other personas can access this data or IP. The deployment can be validated by an auditor persona through an attestation record, which is signed and encrypted to ensure only the auditor has this level of insight.
  3. Malware protections: Utilize Secure Build to set up a verification process to ensure that only authorized code is running in an application. Hyper Protect Virtual Servers for VPC only deploys container versions, which are validated at deployment.
  4. Bring your own OCI image: Use any open-container initiative (OCI) image and gain the benefits of a confidential computing solution for additional levels of protection
  5. Flexible deployments: Choose from a variety of profile sizes and grow as needed to protect containerized applications and pay-as-you-go on an hourly basis.

Using Hyper Protect Virtual Servers for VPC will help customers with a variety of strategic projects where security is the underlying concern:

  1. Superior security for containerized workloads: Whether you are building a cloud-native application or on an application modernization journey, you can now do both with peace of mind by leveraging IBM’s Secure Execution for Linux technology. Containerizing applications within a confidential computing environment ensures that your applications are protected (even the IBM Cloud admin doesn’t have access), and workloads are isolated by a secure boundary to prevent privileged user escalation.
  2. Digital assets: IBM Digital Asset Infrastructure provides the building blocks to create and enhance end-to-end solutions for storing and transferring large quantities of digital assets in highly secure wallets. Customers’ applications are secured in a Trusted Execution Environment – a hardware-based, Common Criteria-certified isolation designed to thwart compromised insider attacks. By leveraging features like Secure Build and the Encrypted Multi-Party contract, code is validated before it is deployed to reduce the risk of malicious code insertion using a code manifest accessible only to the custodian’s designated security apparatus. Policy workflows are transformed into immutable binary executables that effectively make these policies tamperproof from unauthorized rule manipulation.
  3. Secure machine learning: Often, the most valuable data is also the most sensitive data, making it risky to provide too many people with access. Now, you can run your machine learning or artificial intelligence models with sensitive data in a locked-down environment that protects against unauthorized access, the IP of the model as well as the privacy of the data being processed.

Get started today 

Try out this new service for free by requesting a promotion code from your local IBM Sales Team. For more information on this product, please visit this page.

Provisioning, deployment and management all occur through the standard IBM Cloud Virtual Servers for VPC catalog page. Check out the documentation for additional help.

[1] CTOs’ Guide to Containers and Kubernetes —Answering the Top 10 FAQs; Published 31 May 2022 – ID G00763328 – 17 min read; By Analyst(s): Arun Chandrasekaran, Wataru Katsurashima

More from Cloud

Announcing Dizzion Desktop as a Service for IBM Virtual Private Cloud (VPC)

2 min read - For more than four years, Dizzion and IBM Cloud® have strategically partnered to deliver incredible digital workspace experiences to our clients. We are excited to announce that Dizzion has expanded their Desktop as a Service (DaaS) offering to now support IBM Cloud Virtual Private Cloud (VPC). Powered by Frame, Dizzion’s cloud-native DaaS platform, clients can now deploy their Windows and Linux® virtual desktops and applications on IBM Cloud VPC and enjoy fast, dynamic, infrastructure provisioning and a true consumption-based model.…

Microcontrollers vs. microprocessors: What’s the difference?

6 min read - Microcontroller units (MCUs) and microprocessor units (MPUs) are two kinds of integrated circuits that, while similar in certain ways, are very different in many others. Replacing antiquated multi-component central processing units (CPUs) with separate logic units, these single-chip processors are both extremely valuable in the continued development of computing technology. However, microcontrollers and microprocessors differ significantly in component structure, chip architecture, performance capabilities and application. The key difference between these two units is that microcontrollers combine all the necessary elements…

Seven top central processing unit (CPU) use cases

7 min read - The central processing unit (CPU) is the computer’s brain, assigning and processing tasks and managing essential operational functions. Computers have been so seamlessly integrated with modern life that sometimes we’re not even aware of how many CPUs are in use around the world. It’s a staggering amount—so many CPUs that a conclusive figure can only be approximated. How many CPUs are now in use? It’s been estimated that there may be as many as 200 billion CPU cores (or more)…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters