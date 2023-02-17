



Confidential GKE Node utilizes purpose-built hardware to encrypt data in use, making it ideal for organizations processing sensitive data in the cloud. To make it easier for you to get started with Confidential GKE Node, any GKE standard workload you’re running today can be run as a Confidential GKE workload without any code changes on the end.

Confidential GKE Node security foundation

As we expand our Confidential Computing product portfolio from Confidential VMs to Confidential GKE Node to Confidential Dataproc, ensuring high performance is critical. Confidential GKE Node is built on the same technical foundation as Confidential VM, leveraging the Secure Encrypted Virtualization (SEV) feature of AMD EPYC processors. This feature allows data to be kept encrypted in memory using a node-specific private key that is generated and managed by the processor. Keys are hardware-generated at node creation and exist only within the processor, so they cannot be used by Google Cloud or other nodes running on the host.

Combined with the high performance of C2D VMs

Previously, Confidential GKE Nodes were generally only available on general-purpose N2D VMs, but now they are also available on compute-optimized C2D VMs. The C2D machine series offers VM sizes ranging from 2 vCPU to 112 vCPU and offers up to 896 GB of memory, suitable for performance-intensive workloads. C2D Standard and C2D High CPU machines cater for compute-bound workloads such as high-performance web servers and media transcoding. C2D high-memory machines serve specialized workloads such as high-performance computing (HPC) and electronic design automation (EDA) that require more memory.

Confidential GKE Nodes on compute-optimized C2D VMs may be suitable for use cases that require high performance and security. You can achieve in-use encryption of data processed within a GKE cluster or only on specific node pools without a significant performance penalty. This is relevant to industries such as financial services, healthcare, retail, blockchain and telecommunications. These industries often contain sensitive data and personally identifiable information (PII) that require additional security measures.

How MATRIXX used Confidential GKE Nodes

MATRIXX Software selects sensitive GKE nodes to provide transparent encryption of data in use and complements encryption of data at rest to protect individual subscriber data as required by privacy regulations. protected.

MATRIX Digital Commerce Platform (DCP) is real-time 5G monetization for the telecom industry, serving many of the world’s largest operator groups, regional operators and emerging digital service providers . MATRIXX used Google Cloud Confidential GKE Nodes to deliver a cloud-first digital commerce solution that enables commercial and operational agility for current and new telecom business models.

In a white paper titled Securing 5G Revenue Streams in the Cloud, when the MATRIXX DCP is deployed with Confidential Computing on Google Cloud, its subscriber data, account balances, network events, fee/revenue streams are Describes how it is encrypted in use without modification. Application or performance compromises.

Confidential GKE Node is available worldwide

As Google Cloud committed to investing in Confidential Computing, we extended support to VM families such as the C2D VM. Confidential GKE Nodes running on C2D VMs are us-central1 (Iowa), asia-southeast1 (Singapore), us-east1 (South Carolina), us-east4 (Northern Virginia), asia-east1 (Taiwan), europe- west4 (Netherlands). Note that Confidential GKE Nodes are available wherever C2D or N2D machines are available.

Confidential GKE node pricing

Beyond the Compute Engine and Confidential VM charges, there are no additional costs for deploying Confidential GKE Nodes.

Try Confidential GKE Node for cluster-level enablement

First, go to the Google Kubernetes Engine page in the Google Cloud console. In the top navigation bar,[作成]Click.[Create Cluster]modal,[Standard: You manage your cluster]and select[Configure]Click.

Then in the left navigation pane,[クラスター]under the[セキュリティ]Click.[機密 GKE ノードを有効にする]Check the box.

Then in the left navigation pane,[ノード プール]is under[ノード]Click.[マシン構成]and[マシン ファミリー]and,[コンピューティング最適化]Select the tab and select the C2D machine type.

