Saturday, November 12, 2022

Getting started with Azure Confidential Ledger

Azure Confidential Ledger is one of the most interesting Confidential Computing offering on Azure. It offers you the capability store data in a secure blockchain with private and public ledger type options. In the back of it, it uses blocks in blobs stored in Azure Storage Account. Data in transit is secured with TLS 1.3 and allowed via verified certificate users as well as Azure AD users. 

Currently you can have Administrator, Contributor and Reader access levels assigned via Azure RBAC. Confidential Ledger runs on Trusted Execution Environments (TEEs) of Azure Confidential Computing. All the administrators and cloud providers are kept outside a Trusted Computing Base and it prevents anyone having access. 

Creating a Confidential ledger is very easy. But a few things to keep in mind.

1. Limited regions are supported as of now. (East US, South Central US, West Europe).
2. Ledger type cannot be changed once provisioned. 
3. Name must be unique as it provides a public endpoint. 

Next you can define the security roles required. These are RBAC roles which can even be setup later. 

Both AAD Users and Certificate based users can be assigned ledger roles. 

Currently no such vNet support exists, but might become available once it is generally available. 

Once it is deployed, it will appear like this.  

We will start connecting via .NET code in next article.

No comments:

Post a Comment