Conclusion

NVIDIA Confidential Computing enables the deployment of proprietary models securely and colocated with the enterprise data. This Confidential Virtual Machine (CVM) Reference Architecture (RA) describes a reference implementation for the deployment of proprietary and frontier models virtualized infrastructure using software from NVIDIA and ecosystem partners.

With this Reference Architecture:

The model is secure. The model provider controls the encrypted model and the keys to decrypt the model, which are released only after successful attestation, protecting the model from the infrastructure, data owner and platform operator.

The data is secure. The enterprise data owner controls approved inputs, outputs, and telemetry collection. The data is unencrypted only during execution and never exposed to anyone but the data owner.

The platform operator controls the virtualization environment and deployment SLA. The TEE (Confidential VM) is where the workload runs on data readable only inside the confidential execution environment that is isolated, encrypted and attestated.

In addition to unlocking AI use cases for regulated industries that work on sensitive data on-premises, NVIDIA Confidential Computing and this Reference Architecture allows enterprises to control the cost and SLA of inference without compromising on accuracy and performance.

Software and hardware components must be confirmed against the target validation profile for a given deployment.