A Confidential VM is a Compute Engine VM that uses the N2D or C2D machine type and keeps your sensitive code and other data encrypted in memory during processing, that is, it performs encryption-in-use. Together with encryption-at-rest and encryption-in-transit, Confidential VM can help keep your data and applications encrypted at all times.
For a more detailed conceptual overview, see Confidential Computing concepts.
To get started using Confidential VM, try the quickstart or see Creating a Confidential VM instance.
You can manage your Confidential VMs in some of the following ways:
You can use organization policy constraints to ensure that instances created in your organization are Confidential VMs.
You can use Cloud Monitoring and Cloud Logging to monitor and validate your Confidential VM instances.
You can use shared Virtual Private Cloud (VPC) networks, organization policy constraints, and firewall rules to set up a security perimeter that ensures your Confidential VM instances can only interact with other Confidential VM instances.