With vSphere with Tanzu, you can run confidential vSphere Pods on a Supervisor Cluster. A confidential vSphere Pod uses a hardware technology that keeps the guest OS memory encrypted, protecting it against access from the hypervisor.

Starting from vSphere 7.0 Update 2, you can create confidential vSphere Pods by adding Secure Encrypted Virtualization-Encrypted State (SEV-ES) as an extra security enhancement. SEV-ES prevents CPU registers from leaking information in registers to components like the hypervisor. SEV-ES can also detect malicious modifications to a CPU register state. For more information about using SEV-ES technology in the vSphere environment, see Securing Virtual Machines with AMD Secure Encrypted Virtualization-Encrypted State.


To enable SEV-ES on an ESXi host, a vSphere administrator must follow these guidelines:
  • Use the hosts that support the SEV-ES functionality. Currently, SEV-ES supports only AMD EPYC 7xx2 CPUs (code named Rome) and later CPUs.
  • Use the ESXi version of 7.0 Update 2 or later.
  • Enable SEV-ES in an ESXi system's BIOS configuration. See your system's documentation for more information about accessing the BIOS configuration.
  • When enabling SEV-ES in the BIOS, enter a value for the Minimum SEV non-ES ASID setting equal the number of SEV-ES VMs and confidential vSphere Pods on the host plus one. For example, if you plan to run 100 SEV-ES VMs and 128 vSphere Pods, enter at least 229. You can enter a setting as high as 500.


  1. Create a YAML file that contains the following parameters.
    1. In annotations, enable the confidential vSphere Pods feature.
              vmware/confidential-pod: enabled
    2. Specify memory resources for containers.
      Make sure to set memory requests and memory limits to the same value, as in this example.
              memory: "512Mi"
              memory: "512Mi"
      Use the following YAML file as an example:
      apiVersion: v1
      kind: Pod
        name: photon-pod
        namespace: my-podvm-ns
          vmware/confidential-pod: enabled
      spec:  # specification of the pod's contents
        restartPolicy: Never
        - name: photon
          image: wcp-docker-ci.artifactory.eng.vmware.com/vmware/photon:1.0
          command: ["/bin/sh"]
          args:    ["-c", "while true; do echo hello, world!; sleep 1; done"]
              memory: "512Mi"
              memory: "512Mi"
  2. Log in to the Supervisor Cluster.
    kubectl vsphere login --server=https://<server_adress> --vsphere-username <your user account name>
  3. Switch to the namespace where you want to deploy the application.
    kubectl config use-context <namespace>
  4. Deploy a confidential vSphere Pod from the YAML file.
    kubectl apply -f <yaml file name>.yaml
    Note: When the vSphere Pod is deployed, DRS places it to the ESXi node that supports SEV-ES. If no such node is available, the vSphere Pod is marked as failed.

    The confidential vSphere Pod that is launched provides hardware memory encryption support for all workloads that are running on that pod.

  5. Run the following command to verify that the confidential vSphere Pod has been created.
    kubectl describe pod/<yaml name>

What to do next

A vSphere administrator can view the confidential vSphere Pod. In the vSphere Client, it appears with the Encryption Mode: Confidential Compute tag.

Encryption Mode: Confidential Compute shows up for the vSphere Pod