https://techcommunity.microsoft.com/t5/azure-confidential-computing/introducing-edgelessdb-a-database-designed-for-confidential/ba-p/2813631 * [MicrosoftL] Microsoft Tech Community Home Community Hubs Community Hubs * Community Hubs Home * Products * Special Topics * Video Hub Close Products (75) Special Topics (42) Video Hub (744) Most Active Hubs Microsoft Teams Excel Exchange SharePoint Windows Office 365 Security, Compliance and Identity Windows Server Microsoft Edge Insider Azure Microsoft 365 Azure Databases Fully managed intelligent database services. Project Bonsai Create and optimise intelligence for industrial control systems. Yammer Connect and engage across your organization. Most Active Hubs ITOps Talk Education Sector Microsoft Learn Microsoft Localization Microsoft 365 PnP Healthcare and Life Sciences Public Sector Internet of Things (IoT) Mixed Reality Enabling Remote Work Small and Medium Business Humans of IT Empowering technologists to achieve more by humanizing tech. Green Tech Raise awareness about sustainability in the tech sector MVP Award Program Find out more about the Microsoft MVP Award Program. Video Hub Azure Exchange Microsoft 365 Microsoft 365 Business Microsoft 365 Enterprise Microsoft Edge Microsoft Outlook Microsoft Teams Security SharePoint Windows Browse All Community Hubs Blogs Blogs Events Events * Events Home * Microsoft Ignite * Microsoft Build * Community Events Microsoft Learn Microsoft Learn * Home * Community * Blog * Azure * Dynamics 365 * Microsoft 365 * Security, Compliance & Identity * Power Platform * Github * Teams * .NET Lounge Lounge * 718K Members * 2,730 Online * 1.9M Discussions Search [Search] [ ] [ ] [ ] [ ] cancel Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Showing results for Show only | Search instead for Did you mean: Sign In Sign In [Search] [ ] [ ] [ ] [ ] cancel Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Showing results for Show only | Search instead for Did you mean: Home * Home * * Azure * * Azure Confidential Computing * * Introducing EdgelessDB: A Database Designed for Confidential Computing * Back to Blog * Older Article Introducing EdgelessDB: A Database Designed for Confidential Computing By JennyMSFT Jenny Cook Published Oct 05 2021 08:25 AM 12.9K Views JennyMSFT JennyMSFT Microsoft Oct 05 2021 08:25 AM * Subscribe to RSS Feed * * Mark as New * Mark as Read * * Bookmark * Subscribe * * Email to a Friend * * Printer Friendly Page * Report Inappropriate Content Introducing EdgelessDB: A Database Designed for Confidential Computing Oct 05 2021 08:25 AM This post is authored by Felix Schuster (Edgeless Systems). Confidential computing is a breakthrough approach to data protection: sensitive workloads are run inside hardware-isolated and runtime-encrypted environments called enclaves. Enclaves can protect against threats like malware or rootkits and even rogue administrators and physical intruders. Azure confidential computing is at the forefront of this revolution, giving you the strongest data protection for your cloud workloads. Edgeless Systems is on a mission to build easy-to-use open-source tools that make confidential computing accessible to everyone. Recently, we added EdgelessDB to our portfolio, the first open-source database designed for confidential computing. In this post, we're introducing EdgelessDB and showing how it can easily be run on Intel SGX-enabled confidential computing VMs in Azure. The benefits of a confidential database Let's look at how databases like MariaDB or MySQL Server typically protect data: they apply access control at runtime and optionally encrypt data on disk. These are very reasonable mechanisms. However, they don't protect against privileged attackers able to access a database's memory. Such attackers include, for example, malicious administrators or rootkits. To mitigate this threat, many databases support dedicated hardware security modules (HSMs). While HSMs cannot protect data at runtime, they can at least protect the cryptographic keys used to encrypt data on disk. EdgelessDB takes things one step further: by running entirely inside a secure enclave, its data, cryptographic keys, and code are always protected and encrypted - even at runtime. Thus, even highly privileged attackers cannot access the data. These are strong security properties, and they can even be verified remotely for any given instance of EdgelessDB. In a nutshell, you don't need to worry about your server machine being compromised, because EdgelessDB keeps all data securely inside an enclave. The following table summarizes the security differences between EdgelessDB and normal databases. JennyMSFT_0-1633446477083.png Use cases There are two main reasons to use EdgelessDB. First, EdgelessDB can greatly increase data security. For example, this may allow you to move more data to the cloud. Second, EdgelessDB's manifest and verification feature enables exciting new applications like confidential analytics of customer data or trustworthy pooling of data between companies. For instance, one can use the manifest to define that only certain enclaves (identified by their TLS certificates) with certain functionalities, can access the data. This way, one can, for example, build a system where sensitive customer data is protected by EdgelessDB and where only certain privacy-preserving AI training algorithms can run. Using EdgelessDB EdgelessDB is open-source software, and we provide free Docker images. Running EdgelessDB on enclave-enabled DCsv2 or DCsv3* VMs in Azure only requires a single command: docker run -p3306:3306 -p8080:8080 --privileged -v /dev/sgx:/dev/sgx -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb If you like it even simpler, there is also a free offering in the Azure Marketplace. Once it runs, EdgelessDB looks and feels just like a normal MySQL-compatible database. You can use it with your existing MySQL-compatible client software. There are, however, two significant differences: 1. You can only talk to EdgelessDB over TLS secured connections. 2. You need to initialize EdgelessDB with a manifest via a REST-API. The manifest is a simple JSON file that defines the initial state and configuration of an EdgelessDB instance. Here is an example: JennyMSFT_1-1633446477095.png Here, the manifest creates a database "test" that is readable by a user "reader" and writable by a user "writer". The manifest also defines a certificate authority (CA) to identify the users. Under "recovery", the manifest has the public key of the party that can recover the database in case of disaster. If you are familiar with blockchain, the manifest has some resemblance to a smart contract. It defines who can access the database and how. By leveraging the remote attestation capabilities of secure enclaves, clients can verify the manifest of an EdgelessDB instance. You can learn more about the manifest concept in the EdgelessDB documentation. A look under the hood EdgelessDB shares a lot of code with MariaDB, but instead of using MariaDB's default storage engine InnoDB, EdgelessDB uses a modified version of RocksDB. RocksDB is a high-performance storage engine developed by Facebook. The main reason that we chose RocksDB, was that it uses a sorted string tables (SSTs) format to store data on disk. These SSTs are append-only and allow for efficient and position-dependent authenticated encryption. This is important to ensure the overall integrity of the database. Without position-dependent authenticated encryption, an attacker could possibly modify encrypted blocks or swap them within or between files. For the cryptography experts among you, we encrypt each ~4KB block in an SST file separately using AES-GCM. As initialization vector (IV), we use each block's offset in a file, and each file has a unique key that is derived from its unique index and the database's master key. The master key never leaves the enclave and the index to file mapping is kept in a special encrypted meta file. Inside the enclave, everything runs on the Open Enclave SDK that has been contributed by Microsoft to the Confidential Computing Consortium and the Linux Foundation. Currently, EdgelessDB only supports Intel SGX enclaves, available in Azure VM SKUS DCsv2 and DCsv3*. Note that enclave size limitations do not affect EdgelessDB's storage capabilities but may affect performance. Here is a sketch of the architecture: JennyMSFT_7-1633447278790.jpeg Benchmarks Given all the extra security, EdgelessDB v0.1 has surprisingly small overhead. To measure it, we use the standard OLTP benchmark TPC-C, which models inventory tracking at a wholesaler with multiple warehouses. As testbed, we use an Azure DCsv3 VM (currently in limited preview, as of September 2021) with 16 cores and configure tpcc.lua to simulate 10 warehouses with 10 tables each and use 8 threads on the client side. We compare EdgelessDB v0.1 against its closest relative: MariaDB v10.5.11 with MyRocks storage engine. The preliminary results are shown below. JennyMSFT_5-1633447238287.png JennyMSFT_6-1633447251422.png While the current performance already should be satisfactory for most applications, we are confident that we can bring it down to single digit % soon. In fact, EdgelessDB v0.1 already outperforms standard MariaDB (with InnoDB as storage engine) in this benchmark. What's next? By now, we hope that you are as excited about the confidential database concept as we are! We'd love to get your feedback and hear about your use cases. You can find me (Felix Schuster) on Twitter or LinkedIn. Visit https://edgeless.systems/ to learn more about EdgelessDB and our other open-source tools for confidential computing. *DCsv3 virtual machines are the next generation of Intel SGX virtual machines, providing a higher core count and larger enclave cache sizes. At the time of this post, they are still in preview and not recommend for production workloads. Learn more here. 0 Likes Like Share You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in. * Comment %3CLINGO-SUB%20id%3D%22lingo-sub-2813631%22%20slang%3D%22en-US%22%3EIntroducing%20EdgelessDB%3A%20A%20Database%20Designed%20for%20Confidential%20Computing%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2813631%22%20slang%3D%22en-US%22%3E%3CP%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThis%20post%20is%20authored%20by%20Felix%20Schuster%20 (Edgeless%20Systems).%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EConfidential%20computing%20is%26nbsp%3Ba%26nbsp%3Bbreakthrough%26nbsp%3Bapproach%20to%20data%26nbsp%3Bprotection%3A%26nbsp%3Bsensitive%20workloads%26nbsp%3Bare%20run%20inside%26nbsp%3Bhardware-isolated%26nbsp%3Band%26nbsp%3Bruntime-encrypted%20environments%20called%26nbsp%3B%3C%2FSPAN%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eenclaves%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%26nbsp%3BEnclaves%26nbsp%3Bcan%26nbsp%3Bprotect%26nbsp%3Bagainst%26nbsp%3Bthreats%26nbsp%3Blike%26nbsp%3Bmalware%20or%20rootkits%26nbsp%3Band%20even%26nbsp%3Brogue%26nbsp%3Badministrators%26nbsp%3Band%26nbsp%3Bphysical%26nbsp%3Bintruders.%26nbsp%3BAzure%20confidential%20computing%20is%26nbsp%3Bat%26nbsp%3Bthe %20forefront%20of%20this%20revolution%2C%26nbsp%3Bgiving%20you%20the%20strongest%20data%20protection%20for%20your%20cloud%20workloads.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EEdgeless%20Systems%26nbsp%3Bis%26nbsp%3Bon%26nbsp%3Ba%26nbsp%3Bmission%20to%20build%26nbsp%3Beasy-to-use%26nbsp%3Bopen-source%20tools%20that%20make%20confidential%20computing%20accessible%20to%20everyone.%26nbsp%3BRecently%2C%20we%20added%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.edgeless.systems%2Fproducts%2Fedgelessdb%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EEdgelessDB%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bto%20our%20portfolio%2C%26nbsp%3Bthe%20first%26nbsp%3Bopen-source%26nbsp%3Bd atabase%26nbsp%3Bdesigned%26nbsp%3Bfor%20confidential%26nbsp%3Bcomputing.%26nbsp%3BIn%20this%20post%2C%26nbsp%3Bwe%E2%80%99re%26nbsp%3Bintroducing%26nbsp%3BEdgelessDB%20and%26nbsp%3Bshowing%26nbsp%3Bhow%26nbsp%3Bit%20can%20easily%20be%20run%20on%26nbsp%3BIntel%20SGX-enabled%26nbsp%3Bconfidential%20computing%26nbsp%3BVMs%26nbsp%3Bin%20Azure.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId--2124491251%22%20id%3D%22toc-hId--2124491243%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId-363021582%22%20id%3D%22toc-hId-363021590%22%3E%3CSTRONG%3EThe%20benefits%20of%20a%20confidential%20database%26nbsp%3B%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ELet%E2%80%99s%26nbsp%3Blook%26nbsp%3Bat%20how%20databases%20like%26nbsp%3BMariaDB%20or%26nbsp%3BMySQL%26nbsp%3BServer%26n bsp%3Btypically%26nbsp%3Bprotect%26nbsp%3Bdata%3A%20they%20apply%20access%20control%20at%20runtime%26nbsp%3Band%26nbsp%3Boptionally%26nbsp%3Bencrypt%20data%26nbsp%3Bon%26nbsp%3Bdisk.%26nbsp%3BThese%20are%20very%20reasonable%26nbsp%3Bmechanisms.%26nbsp%3BHowever%2C%20they%26nbsp%3Bdon%E2%80%99t%20protect%20against%26nbsp%3Bprivileged%20attackers%26nbsp%3Bable%20to%26nbsp%3Baccess%26nbsp%3Ba%20database%E2%80%99s%20memory.%20Such%20attackers%26nbsp%3Binclude%2C%26nbsp%3Bfor%20example%2C%26nbsp%3Bmalicious%20administrators%26nbsp%3Bor%20rootkits.%26nbsp%3BTo%20mitigate%20this%20threat%2C%26nbsp%3Bmany%26nbsp%3Bdatabases%20support%26nbsp%3Bdedicated%26nbsp%3Bhardware%20security%20modules%20 (HSMs).%20While%20HSMs%26nbsp%3Bcannot%26nbsp%3Bprotect%20data%20at%20runtime%2C%20they%20can%20at%20least%20protect%20the%26nbsp%3Bcryptographic%26nbsp%3Bkeys%26nbsp%3Bused%20to%20encrypt%20data%20on%20disk.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EEdgelessDB%20takes%26nbsp%3Bthings%20one%20step%26nbsp%3Bfurther%3A%20by%20running%26nbsp%3Bentirely%26nbsp%3Binside%20a%20secure%20enclave%2C%26nbsp%3Bits%26nbsp%3Bdata%2C%20cryptographic%20keys%2C%20and%20code%20are%20always%20protected%20and%20encrypted%20%E2%80%93%20even%20at%20runtime.%26nbsp%3BThus%2C%20even%26nbsp%3Bhighly%26nbsp%3Bprivileged%20attackers%20cannot%26nbsp%3Baccess%26nbsp%3Bthe%26nbsp%3Bdata.%26nbsp%3BThese%26nbsp%3Bare%26nbsp%3Bstrong%20security%26nbsp%3Bproperties%2C%26nbsp%3Band%20they%20can%20even%2 0be%20verified%20remotely%20for%20any%26nbsp%3Bgiven%20instance%20of%20EdgelessDB.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EIn%20a%20nutshell%2C%26nbsp%3Byou%20don%E2%80%99t%20need%20to%20worry%20about%20your%26nbsp%3Bserver%26nbsp%3Bmachine%26nbsp%3Bbeing%20compromised%2C%20because%20EdgelessDB%20keeps%20all%20data%20securely%20inside%20an%20enclave.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThe%26nbsp%3Bfollowing%20table%26nbsp%3Bsummarizes%20the%26nbsp%3Bsecurity%26nbsp%3Bdifferences%20between%26nbsp%3BEdgelessDB%20and%20normal %20databases.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22JennyMSFT_0-1633446477083.png%22%20style%3D%22width%3A%20748px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F315317iBEF833AC211487D7%2Fimage-dimensions%2F748x225%3Fv%3Dv2%22%20width%3D%22748%22%20height%3D%22225%22%20role%3D%22button%22%20title%3D%22JennyMSFT_0-1633446477083.png%22%20alt%3D%22JennyMSFT_0-1633446477083.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1444432881%22%20id%3D%22toc-hId--1444432873%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EUse%20cases%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot% 3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThere%20are%20two%20main%20reasons%20to%20use%20EdgelessDB.%20First%2C%20EdgelessDB%20can%20greatly%20increase%20data%20security.%20For%20example%2C%20this%20may%20allow%20you%20to%20move%20more%20data%20to%20the%20cloud.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESecond%2C%26nbsp%3BEdgelessDB's%26nbsp%3Bmanifest%20and%20verification%20feature%20enables%20exciting%20new%20applications%20like%20confidential%20analytics%20of%20customer%20data%20or%20trustworthy%20pooling%20of%20data%20between%20companies.%20For%20instance%2C%20one%20can%20use%20the%20manifest%20to%20define%20that%20only%20certain%20enclaves%20 (identified%20by%20their%20TLS%20certificates) %20with%20certain%20functionalities%2C%20can%20access%20the%20data.%20This%20way%2C%20one%20can%2C%20for%20example%2C%20build%20a%20system%20where%20sensitive%20customer%20data%20is%20protected%20by%20EdgelessDB%20and%20where%20only%20certain%20privacy-preserving%20AI%20training%20algorithms%20can%20run.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId-1043079952%22%20id%3D%22toc-hId-1043079960%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EUsing%20EdgelessDB%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EEdgelessDB%20is%20open-source%26nbsp%3Bsoftware%2C%26 nbsp%3Band%20we%20provide%26nbsp%3Bfree%20Docker%20images.%26nbsp%3BRunning%26nbsp%3BEdgelessDB%26nbsp%3Bon%20enclave-enabled%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fvirtual-machines%2Fdcv2-series%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EDCsv2%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bor%26nbsp%3BDCsv3*%26nbsp%3BVMs%26nbsp%3Bin%20Azure%26nbsp%3Bonly%20requires%20a%20single%20command%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3Edocker%20run%20-p3306%3A3306%20-p8080%3A8080%20--privileged%20-v%20%2Fdev%2Fsgx%3A%2Fdev%2Fsgx%26nbsp%3B-t%20ghcr.io%2Fedgelesssys%2Fedgelessdb-sgx-1gb%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-ccp-props %3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FPRE%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EIf%20you%20like%20it%20even%20simpler%2C%26nbsp%3Bthere%26nbsp%3Bis%20also%20a%20free%20offering%20in%20the%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fazuremarketplace.microsoft.com%2Fen-us%2Fmarketplace%2Fapps%2Fedgelesssystems.edb%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Marketplace%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EOnce%26nbsp%3Bit%26nbsp%3Bruns%2C%20EdgelessDB%26nbsp%3Blooks%20and%20feels%20just%20like%26nbsp%3Ba%26nbsp %3Bnormal%20MySQL-compatible%20database.%26nbsp%3BYou%20can%26nbsp%3Buse%20it%20with%20your%26nbsp%3Bexisting%20MySQL-compatible%26nbsp%3Bclient%26nbsp%3Bsoftware.%26nbsp%3BThere%20are%2C%26nbsp%3Bhowever%2C%26nbsp%3Btwo%26nbsp%3Bsignificant%26nbsp%3Bdifferences%3A%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYou%20can%20only%20talk%20to%20EdgelessDB%26nbsp%3Bover%26nbsp%3BTLS%26nbsp%3Bsecured%20connections.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYou%20need%26nbsp%3Bto%20initialize%26nbsp%3BEdgelessDB%20with%20a%20mani fest%26nbsp%3Bvia%20a%26nbsp%3BREST-API.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThe%20manifest%20is%20a%20simple%20JSON%20file%20that%20defines%20the%20initial%20state%26nbsp%3Band%20configuration%20of%20an%20EdgelessDB%20instance.%20Here%20is%20an%20example%3A%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22JennyMSFT_1-1633446477095.png%22%20style%3D%22width%3A%20582px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F315318i46CAAFB692D0A502%2Fimage-dimensions%2F582x272%3Fv%3Dv2%22%20width%3D%22582%22%20height%3D%22272%22%20role%3D%22button%22%20title%3D%22JennyMSFT_1-1633446477095.png%22%20alt%3D%22JennyMSFT_1-1633446477095.png%22%20%2F%3E%3C%2FSPAN%3E %3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EHere%2C%20the%26nbsp%3Bmanifest%20creates%20a%20database%20%E2%80%9Ctest%E2%80%9D%20that%20is%26nbsp%3Breadable%20by%20a%20user%20%E2%80%9Creader%E2%80%9D%20and%20writable%20by%20a%20user%20%E2%80%9Cwriter%E2%80%9D.%26nbsp%3BThe%20manifest%20also%20defines%20a%20certificate%20authority%20 (CA) %26nbsp%3Bto%20identify%20the%20users.%20Under%20%E2%80%9Crecovery%E2%80%9D%2C%20the%20manifest%26nbsp%3Bhas%20the%20public%20key%20of%20the%20party%20that%26nbsp%3Bcan%26nbsp%3Brecover%20the%20database%20in%20case%20of%20disaster.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EIf%20you%20are%20familiar%20with%20blockchain%2C%20the%20manifest%20has%20some%20resemblance%26nbsp%3Bto%26nbsp%3Ba%20smart%20contract.%26nbsp%3BIt%26nbsp%3Bdefines%20who%20can%20access%20the%20database%20and%20how.%26nbsp%3BBy%20leveraging%20the%26nbsp%3Bremote%20attestation%20capabilities%26nbsp%3Bof%20secure%20enclaves%2C%26nbsp%3Bclients%20can%20verify%20the%20manifest%20of%20an%20EdgelessDB%20instance.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B3355 59739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EYou%20can%20learn%20more%20about%20the%20manifest%26nbsp%3Bconcept%26nbsp%3Bin%20the%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.edgeless.systems%2Fedgelessdb%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EEdgelessDB%20documentation%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId--764374511%22%20id%3D%22toc-hId--764374503%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId-1723138322%22%20id%3D%22toc-hId-1723138330%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EA%20look%20under%20the%26nbsp%3Bhood%3C% 2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EEdgelessDB%20shares%20a%20lot%20of%20code%20with%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fmariadb.org%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EMariaDB%2C%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bbut%20instead%20of%26nbsp%3Busing%26nbsp%3BMariaDB%E2%80%99s%20default%20storage%20engine%26nbsp%3BInnoDB%2C%20EdgelessDB%20uses%26nbsp%3Ba%20modified%26nbsp%3Bversion%20of%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Frocksdb.org%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ERocksDB%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%26n bsp%3BRocksDB%26nbsp%3Bis%20a%20high-performance%20storage%20engine%26nbsp%3Bdeveloped%26nbsp%3Bby%26nbsp%3BFacebook.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThe%20main%20reason%26nbsp%3Bthat%20we%20chose%26nbsp%3BRocksDB%2C%26nbsp%3Bwas%26nbsp%3Bthat%20it%20uses%26nbsp%3Ba%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Ffacebook%2Frocksdb%2Fwiki%2FA-Tutorial-of-RocksDB-SST-formats%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Esorted%20string%20tables%20 (SSTs) %3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bformat%20to%20store%20data%20on%20disk.%26nbsp%3BThese%20SSTs%26nbsp%3Bare%20append-only%20and%26nbsp%3Ballow%20for%20efficient%26nbsp%3Band%26nbsp%3Bposition-dependent%26nbsp%3Bauthenticated%20encryption.%26nbsp%3BThis%26nbsp%3Bis%20important%20to%26nbsp%3Bensure%20the%20overall%20integrity%26nbsp%3Bof%20the%20database.%20Without%26nbsp%3Bposition-dependent%20authenticated%20encryption%2C%20an%20attacker%20could%26nbsp%3Bpossibly%26nbsp%3Bmodify%26nbsp%3Bencrypted%20blocks%26nbsp%3Bor%20swap%26nbsp%3Bthem%26nbsp%3Bwithin%20or%26nbsp%3Bbetween%20files.%26nbsp%3BFor%20the%20cryptography%20experts%20among%20you%2C%26nbsp%3Bwe%26nbsp%3Bencrypt%20each%20~4KB%26nbsp%3Bblock%20in%26nbsp%3Ban%20SST%20file%26nbsp%3Bseparately%20using%20AES-GCM.%26nbsp%3BAs%20initialization%20vector%26nbsp%3B (IV) %2C%20we%26nbsp%3Buse%20each%20block%E2%80%99s%20offset%26nbsp%3Bin%26nbsp%3Ba%20file%2C%20and%26nbsp%3Beach%20file%20has%20a%20unique%20key%26nbsp%3Bthat%20is%20derived%20from%20its%26nbsp%3Bunique%20index%26nbsp%3Band%20the%20database%E2%80%99s%20master%20key.%26nbsp%3BThe%20master%20key%20never%20leaves%20the%20enclave%26nbsp%3Band%20the%20index%20to%20file%20mapping%20is%26nbsp%3Bkept%20in%26nbsp%3Ba%26nbsp%3Bspecial%26nbsp%3Bencrypted%26nbsp%3Bmeta%20file.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EInside%20the%20enclave%2C%20everything%20runs%20on%20the%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fopenenclave%2Fopenenclave%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EOpen%20Enclave%20SD K%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bthat%20has%20been%20contributed%20by%20Microsoft%20to%20the%20Confidential%20Computing%20Consortium%20and%20the%20Linux%20Foundation.%26nbsp%3BCurrently%2C%20EdgelessDB%20only%20supports%20Intel%20SGX%26nbsp%3Benclaves%2C%26nbsp%3Bavailable%20in%20Azure%20VM%20SKUS%20DCsv2%20and%20DCsv3*.%26nbsp%3B%26nbsp%3BNote%20that%20enclave%20size%20limitations%20do%20not%26nbsp%3Baffect%26nbsp%3BEdgelessDB%E2%80%99s%26nbsp%3Bstorage%20capabilities%26nbsp%3Bbut%26nbsp%3Bmay%20affect%26nbsp%3Bperformance.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EHere%26nbsp%3Bis%20a%20sketch%20of%26nbsp%3Bthe%20architecture%3A%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739% 26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A257%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JennyMSFT_7-1633447278790.jpeg%22%20style%3D%22width%3A%20729px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F315327iF747A6069385C5F7%2Fimage-dimensions%2F729x410%3Fv%3Dv2%22%20width%3D%22729%22%20height%3D%22410%22%20role%3D%22button%22%20title%3D%22JennyMSFT_7-1633447278790.jpeg%22%20alt%3D%22JennyMSFT_7-1633447278790.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId--84316141%22%20id%3D%22toc-hId--84316133%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId--18917 70604%22%20id%3D%22toc-hId--1891770596%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EBenchmarks%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EGiven%26nbsp%3Ball%20the%20extra%20security%2C%26nbsp%3BEdgelessDB%20v0.1%26nbsp%3Bhas%26nbsp%3Bsurprisingly%20small%20overhead.%26nbsp%3BTo%20measure%26nbsp%3Bit%2C%20we%20use%20the%20standard%26nbsp%3BOLTP%26nbsp%3Bbenchmark%20TPC-C%2C%20which%20models%26nbsp%3Binventory%20tracking%20at%20a%20wholesaler%20with%26nbsp%3Bmultiple%20warehouses.%26nbsp%3BAs%20testbed%2C%20we%20use%26nbsp%3Ban%20Azure%26nbsp%3BDCsv3%20VM%26nbsp%3B (currently%20in%20limited%20preview%2C%20as%20of%20September%202021) %26nbsp%3Bwith%2016%20cores%26nbsp%3Band%26nbsp%3Bconfigure%26nbsp%3Btpcc.lua%26nbsp%3Bto%26nbsp%3Bsimulate%2010%20warehouses%20with%26nbsp%3B10%20tables%20each%26nbsp%3Band%26nbsp%3Buse%208%20threads%26nbsp%3Bon%20the%20client%20side.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWe%26nbsp%3Bcompare%20EdgelessDB%20v0.1%20against%26nbsp%3Bits%20closest%20relative%3A%26nbsp%3BMariaDB%26nbsp%3Bv10.5.11%26nbsp%3Bwith%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fmyrocks.io%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EMyRocks%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bstorage%20engine.%26nbsp%3BThe%26nbsp%3Bpreliminary%26nbsp%3Bresults%20are%20shown%20below.%3C%2FSPAN%3E% 3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-center%22%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JennyMSFT_5-1633447238287.png%22%20style%3D%22width%3A%20484px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F315325iE340C3799237A6C0%2Fimage-dimensions%2F484x241%3Fv%3Dv2%22%20width%3D%22484%22%20height%3D%22241%22%20role%3D%22button%22%20title%3D%22JennyMSFT_5-1633447238287.png%22%20alt%3D%22JennyMSFT_5-1633447238287.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inl ine%22%20image-alt%3D%22JennyMSFT_6-1633447251422.png%22%20style%3D%22width%3A%20477px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F315326i4C3250EAE9D2D422%2Fimage-dimensions%2F477x207%3Fv%3Dv2%22%20width%3D%22477%22%20height%3D%22207%22%20role%3D%22button%22%20title%3D%22JennyMSFT_6-1633447251422.png%22%20alt%3D%22JennyMSFT_6-1633447251422.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-align-center%22%3E%3CSPAN%20class%3D%22EOP%20SCXW217865009%20BCX8%22%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWhile%20the%26nbsp%3Bcurrent%26nbsp%3Bperformance%20already%20should%20be%20satisfactory%20for%26nbsp%3Bmost%20applications%2C%26nbsp%3Bwe%20are%20confident%20that%20we%20can%20b ring%26nbsp%3Bit%26nbsp%3Bdown%26nbsp%3Bto%26nbsp%3Bsingle%20digit%26nbsp%3B%25%26nbsp%3Bsoon.%20In%26nbsp%3Bfact%2C%20EdgelessDB%26nbsp%3Bv0.1%20already%20outperforms%26nbsp%3Bstandard%20MariaDB%20 (with%26nbsp%3BInnoDB%26nbsp%3Bas%26nbsp%3Bstorage%20engine) %20in%20this%20benchmark.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20aria-level%3D%221%22%20id%3D%22toc-hId-595742229%22%20id%3D%22toc-hId-595742237%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EWhat%E2%80%99s%20next%3F%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH3%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EBy%20now%2C%20we%20hope%20that%26nbsp%3Byou%20are%20as%20excited%20about%20the%26nbsp%3Bconfidential%20database%20concept%20as%20we%20are! %26nbsp%3BWe%E2%80%99d%20love%20to%26nbsp%3Bget%20your%20feedback%26nbsp%3Band%20hear%20about%20your%20use%20cases.%26nbsp%3BYou%20can%20find%20me%20 (Felix%20Schuster) %20on%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fflxflx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ETwitter%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bor%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fin%2Ffelixschuster%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ELinkedIn%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%26nbsp%3BVisit%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fedgeless.systems%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ehttps%3A%2F%2Fedgeless.systems%2F%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bto%20learn%20more%20about%20EdgelessDB%26nbsp%3Band%26nbsp%3Bour%20other%20open-source%20tools%20for%20confidential%20computing.%3C%2FSPAN%3E%3CSPAN%20data-c cp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3E*%3C%2FSPAN%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EDCsv3%20virtual%20machines%20are%20the%20next%20generation%20of%20Intel%20SGX%20virtual%20machines%2C%20providing%26nbsp%3Ba%20higher%20core%20count%26nbsp%3Band%26nbsp%3Blarger%26nbsp%3Benclave%26nbsp%3Bcache%26nbsp%3Bsizes.%20At%20the%20time%20of%20this%20post%2C%20they%20are%20still%20in%20preview%20and%20not%20recommend%20for%20production%20workloads.%20Learn%20more%26nbsp%3B%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fupdates%2Fnew-azure-confidential-virtual-machines-sgx%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3Ehere.%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B2 01341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2813631%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW85572780%20BCX8%22%3EEdgeless%20Systems%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW85572780%20BCX8%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eis%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW85572780%20BCX8%22%3Eon%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW85572780%20BCX8%22%3Ea%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW85572780%20BCX8%22%3Emission%20to%20build%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW85572780%20BCX8%22%3Eeasy-to-use%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW85572780%20BCX8%22%3Eopen-source%20tools %20that%20make%20confidential%20computing%20accessible%20to%20everyone.%20This%20article%3CSPAN%20class%3D%22NormalTextRun%20CommentStart%20SCXW19770066%20BCX8%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3Eintroduces%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EEdgelessDB%20and%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3Eshows%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3Ehow%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3Eit%20can%20easily%20be%20run%20on%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3EIntel%20SGX-enabled%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3Econfidential%20computing%3CSPAN%3E%26nb sp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3EVMs%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW19770066%20BCX8%22%3Ein%20Azure.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2813631%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EACC%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntel%20SGX%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E Co-Authors JennyMSFT JennyMSFT Version history Last update: Oct 05 2021 08:25 AM Updated by: JennyMSFT Labels Browse What's new * Surface Pro X * Surface Laptop 3 * Surface Pro 7 * Windows 10 Apps * Office apps Microsoft Store * Account profile * Download Center * Microsoft Store support * Returns * Order tracking * Store locations * Buy online, pick up in store * In-store events Education * Microsoft in education * Office for students * Office for schools * Deals for students and parents * Microsoft Azure in education Enterprise * Azure * AppSource * Automotive * Government * Healthcare * Manufacturing * Financial Services * Retail Developer * Microsoft Visual Studio * Window Dev Center * Developer Network * TechNet * Microsoft developer program * Channel 9 * Office Dev Center * Microsoft Garage Company * Careers * About Microsoft * Company News * Privacy at Microsoft * Investors * Diversity and inclusion * Accessibility * Security * Sitemap * Contact Microsoft * Privacy * Manage cookies * Terms of use * Trademarks * Safety and eco * About our ads * (c) Microsoft