simranparkhe introduces the public preview of Azure Integrated HSM for AMD v7 Trusted Launch Virtual Machines, providing secure hardware-based cryptography directly within supported Azure VMs.

Microsoft Azure Introduces Azure Integrated HSM: Secure Hardware-Backed Cryptography for Virtual Machines

Azure has announced the public preview of Azure Integrated HSM (Hardware Security Module) support for AMD v7 Trusted Launch Virtual Machines, targeting customers with intensive cryptographic workloads and stringent security requirements.

Key Features

  • Integrated Hardware Security Module (HSM): Azure Integrated HSM delivers a hardware-backed cache and cryptographic offload inside virtual machines. It is designed for workloads that require quick, secure cryptographic key operations, such as encryption, decryption, signing, and verification.
  • FIPS 140-3 Level 3 Compliance: Designed to meet strict security standards for cryptographic modules, protecting keys and sensitive assets while they are in-use.
  • Improved Performance and Security: By avoiding reliance on remote HSM services (such as Azure Key Vault Managed HSM), Azure Integrated HSM eliminates network round-trip latency and never exposes keys outside of the secure hardware boundary. Authorized services gain fast oracle-style access within the VM.
  • Platform Support: Available in preview for AMD Dasv7-, Dadsv7-, Easv7-, and Eadsv7-series VMs (8+ vCores) running Windows, with Linux support planned soon. The preview comes at no additional cost.

Azure Integrated HSM vs. Azure Key Vault Managed HSM

  • Azure Managed HSM: Offers robust, managed, single-tenant key protection, but network calls can introduce latency, and key extraction carries a risk of reduced security post-transfer.
  • Azure Integrated HSM: Keys remain in the local hardware module, avoiding the complexity and potential risks involved in key release and import. Key usage remains within the VM, maintaining a high security standard.

Security and Cryptographic Operations

Azure Integrated HSM utilizes specialized hardware accelerators for:

  • Encryption and decryption
  • Digital signing and verification
  • Fast, secure, and local cryptographic key usage while maintaining FIPS 140-3 Level 3 compliance

Getting Started

Availability

  • Supported VM Series: General-purpose Dasv7-, Dadsv7-, Easv7-, and Eadsv7-series VMs (8 vCores and above).
  • Platform: Currently Windows; Linux support coming soon.
  • Cost: Feature offered at no extra cost during preview.

Posted by simranparkhe. For further information, reference the provided enrollment form and GitHub repository links.

This post appeared first on “Microsoft Tech Community”. Read the entire article here