Skip to content

canarybit/tower

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
.github/workflows
.github/workflows
 
 
cloud-init
cloud-init
 
 
examples
examples
 
 
modules
modules
 
 
.DS_Store
.DS_Store
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
versions.tf
versions.tf
 
 

Repository files navigation

CanaryBit Tower

CanaryBit Tower is a security orchestration tool to provision, control and maintain Confidential VM instances. Tower integrates with a long list of Cloud Service Providers (CSPs), private and bare-metal infrastructure to provide governance of the resources defining your Trusted Execution Environment (TEE).

It implements Infrastructure-as-Code (IaC) and SecDevOps best-practices to provide integrity and state of the art security to your workloads runtime.

Features

  • Confidential VM Orchestration: Deploy confidential VMs on AMD SEV-SNP and Intel TDX platforms.
  • Hardware & Environment Verification: Integrate with CanaryBit Inspector to support Remote Attestation of deployed confidential VMs. Requires a CanaryBit account.
  • Extensible Configuration: Configure your confidential VM using available configuration options or write your own.
  • No lock-in: Support for multiple hardware platforms and virtualisation software.

Integrations

  • Galaxy server: Support for the Galaxy project for data-intensive computation.
  • Write your own: Simple to create new integrations with custom cloud-init configurations.

How It Works

  1. Clone the repository to get the configurations.
  2. Configure the cloud-init script fine-tune your target setup.
  3. Run the code and deploy resources on your target infrastructure.
  4. Need help? Check the examples to help you get started.

Requirements

Documentation

For setup instructions, API references, and usage examples, read the technical documentation.

Use Cases

  • Confidential AI: Train models in a secure environment to protect intellectual property at all times.
  • Cloud infrastructure security: Deploy workloads in memory-encrypted VMs to protect workloads from infrastructure operators.
  • On-prem infrastructure security: Implement defence-in-depth to protect workloads from malicious insiders and motivated adversaries.
  • High-performance computing (HPC): Protect security-sensitive HPC workloads with minimum overhead.

Contributing

Contributions are welcome! Please check the CONTRIBUTING.md for details on how to get started.

Licences

Tower is a Freemium service: basic features are free for Public Cloud setups while additional features, such as Remote Attestation and On-prem support, are offered via a paid subscription.

Standard

The Apache-2.0 License free version contains the Terraform/OpenTofu configurations for deploying Confidential VMs in Public Clouds.

Currently, Tower supports the following platforms and public cloud providers:

Cloud Platform AMD SEV-SNP Intel TDX
AWS yes upcoming
Azure yes yes
GCP yes yes

Premium

The Premium version contains the Terraform configurations for deploying Confidential VMs on-premise and for bare-metal setups.

Currently, Tower supports the following virtualisation plaftorms:

Contacts

Reach us out at hi@canarybit.eu for more information.

/ The CanaryBit Team

About

Confidential VM orchestrator for cloud infrastructure. Provision Trusted Execution Environments (TEEs) in Public Clouds or On-prem setup!

docs.confidentialcloud.io/tower/

Topics

terraform orchestration trusted-execution-environment confidential-computing

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Contributors

Languages