Deploying Proprietary Models Securely with NVIDIA Confidential Computing on Self-Hosted Virtual Machines

Deploying Proprietary Models Securely with NVIDIA Confidential Computing on Self-Hosted Virtual Machines

• Introduction
  • Comparison of Integration Methods
• Scope
• Primary Roles
• Architecture Summary
• Trust & Threat Model
• Required Capabilities
• Hardware (Host) and Platform Software Requirements
• CVM Image and Model Lifecycle
• Attestation and Key-Release Flow
• Network and Service Integration
• Operations and Failure Handling
• Sizing and Performance
• Reference Implementations
  • CVM Reference Implementation with Fortanix
    • Fortanix Implementation
    • Software Components
    • QEMU Launch Flags (AMD SEV-SNP)
    • QEMU Launch Flags (Intel TDX)
    • Support Model
    • Example Validation: RTX PRO 6000 Blackwell Server Edition
• Deployment Pattern
• Limitations and Open Questions
• Conclusion

Appendix

• Appendix A. Validated Configuration Profile Template
• Appendix B. Sample Ownership Matrix
• Appendix C. Component Responsibilities and Interfaces
• Appendix D. Lifecycle and Change Control
• Appendix E. Failure Modes and Acceptance Tests
• Appendix F. Deployment Detail Checklist
  • Implementation References
  • Reference Deployment Bill of Materials

Notices

• Notices
  • Notice
  • Trademarks
  • Copyright