Enterprise Security

Better Security.
less complexity.

Name: Confidential VM (CVM)
Brand: Phala
Price: 50.37 USD
Availability: InStock
Rating: 4.8 (127 reviews)

Confidential Virtual Machines combine the simplicity of containerization with hardware-level security. Deploy any Docker container to Trusted Execution Environments (TEE) ensuring complete data isolation from cloud providers and system administrators.

Hardware Memory Encryption

Cryptographic Attestation

Zero Code Changes

Intel TDX + NVIDIA Support

Real-time Verification

Start Building Read Documentation

Hardware Support

Multi-TEE platform for every confidential computing use case you can think of.

From CPU-intensive workloads to GPU-accelerated AI, we support all major Trusted Execution Environment technologies.

Performance

95% native performance with full security guarantees. 2-5% CPU overhead, 5-7% GPU overhead while maintaining hardware acceleration.

Intel TDX Architecture

Trust Domain Extensions for x86 with CPU-generated keys and TDX Report attestation. Best for web services and traditional ML.

Learn more

AMD SEV

Secure Encrypted Virtualization technology providing VM-level isolation with encrypted memory for diverse workloads.

Learn more

NVIDIA Confidential Computing

H100/H200 GPU TEE for AI workloads with 80GB+ secure memory and hardware memory encryption on GPU.

Learn more

Multi-Hardware Support

Deploy across Intel Xeon 4th gen (Sapphire Rapids), NVIDIA H100/H200, and AMD EPYC processors from a single unified platform.

ARM TrustZoneComing soon

Mobile and edge computing support with ARM Confidential Compute Architecture for IoT and edge deployments.

GLOBAL INFRASTRUCTURE

Phala Cloud Worldwide Network

Our distributed infrastructure spans multiple continents, providing low-latency access to confidential computing resources globally

1848

Total vCPUs

Total H200 GPUs

Global Locations

Nodes (12)

ZERO-TRUST DEPLOYMENT

Deploy confidential containers with cryptographic verification

Use your existing Docker workflow - no code changes needed. Build, tag, and deploy containers exactly as you do today.

Learn more

container-preparation.sh

# Build your Docker image
docker build -t myapp:latest .

# Create docker-compose.yml
cat > docker-compose.yml <<EOF
version: '3'
services:
  app:
    image: myapp:latest
    ports:
      - "3000:3000"
    environment:
      - DATABASE_URL=${DATABASE_URL}
      - API_KEY=${API_KEY}
EOF

# Deploy to Phala CVM
npx phala cvms create -n myapp \
  --compose docker-compose.yml

Technical Benefits

Zero-trust confidential computing

Hardware-backed security guarantees with enterprise-grade performance.

Memory Encryption

Hardware-level encryption of all memory pages with CPU/GPU generated keys

Native Performance

5% overhead while maintaining full security guarantees and hardware acceleration

Attack Resistance

Protection against privileged access, cold boot, and side-channel attacks

Zero Migration

Deploy existing Docker containers without code changes or special libraries

Live Attestation

Real-time cryptographic proof of integrity with public verification endpoints

Multi-Hardware

Support for Intel TDX, NVIDIA GPU TEE, and AMD SEV from one platform

Seamlessly integrates with your developer tools

Deploy confidential containers using your existing development stack. No need to learn new tools or change your workflow.

Learn about Zero-Trust Framework

GitHub

Docker

Supabase

OpenAI

Anthropic

Jupyter

Databricks

TensorFlow

PyTorch

Kubernetes

MongoDB

Ethereum

Coinbase

Solana

LangChain

Vercel

Next.js

FAQ

Common Questions & Answers

Everything you need to know about Confidential VM

What's the difference between Intel TDX and NVIDIA GPU TEE?

Intel TDX provides VM-level CPU isolation while NVIDIA GPU TEE offers hardware-secured GPU memory and compute for AI workloads.

Do I need to modify my Docker containers for TEE deployment?

No modifications needed. Your existing containers work as-is with automatic TEE security applied at infrastructure level.

How do I verify my application is running in genuine TEE?

Use attestation endpoints to get cryptographic reports signed by Intel/NVIDIA hardware proving TEE genuineness and code integrity.

What's the performance impact of memory encryption?

CPU workloads see 2-5% overhead, GPU AI/ML workloads see 5-7% overhead while maintaining hardware acceleration.

Can Phala operators access my running containers?

No. TEE hardware prevents any external access including from operators, cloud providers, or system administrators.

How does environment variable encryption work?

Variables are encrypted with TEE public keys during deployment. Only your running TEE instance can decrypt them.

What compliance standards does this meet?

Supports GDPR, HIPAA, SOC 2, FedRAMP requirements with hardware-backed security guarantees and audit trails.

How do I debug applications running in TEE?

Standard debugging tools work through encrypted channels. Remote debugging, logging, and profiling maintain security.

Build AI People Can Trust.

Subscribe to our newsletter

Better Security.
less complexity.

Multi-TEE platform for every confidential computing use case you can think of.