azure-confidential-computing
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAzure Confidential Computing Skill
Azure Confidential Computing 技能
This skill provides expert guidance for Azure Confidential Computing. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.
本技能为Azure Confidential Computing提供专业指导,涵盖故障排除、最佳实践、决策制定、架构与设计模式、限制与配额、安全性、配置、集成与编码模式以及部署。它结合了本地快速参考内容和远程文档获取功能。
How to Use This Skill
如何使用本技能
IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,), useL35-L120with the specified lines. For categories with file links (e.g.,read_file), use[security.md](security.md)on the linked reference fileread_file
IMPORTANT for Agent: Ifis more than 3 months old, suggest the user pull the latest version from the repository. Ifmetadata.generated_attools are not available, suggest the user install it: Installation Guidemcp_microsoftdocs
This skill requires network access to fetch documentation content:
- Preferred: Use with query string
mcp_microsoftdocs:microsoft_docs_fetch. Returns Markdown.from=learn-agent-skill - Fallback: Use with query string
fetch_webpage. Returns Markdown.from=learn-agent-skill&accept=text/markdown
Agent注意事项:使用下方的分类索引定位相关章节。对于带有行范围的分类(例如),使用L35-L120读取指定行内容。对于带有文件链接的分类(例如read_file),使用[security.md](security.md)读取链接的参考文件read_file
本技能需要网络访问权限以获取文档内容:
- 推荐方式:使用,查询字符串为
mcp_microsoftdocs:microsoft_docs_fetch,返回Markdown格式内容。from=learn-agent-skill - 备用方式:使用,查询字符串为
fetch_webpage,返回Markdown格式内容。from=learn-agent-skill&accept=text/markdown
Category Index
分类索引
| Category | Lines | Description |
|---|---|---|
| Troubleshooting | L37-L41 | Troubleshooting AKS confidential node issues: common errors, limitations, configuration and deployment problems, and FAQs about setup, security, and workload compatibility. |
| Best Practices | L42-L46 | FAQ and guidance on using Azure confidential VMs: supported scenarios, security guarantees, limitations, performance, pricing, and operational best practices. |
| Decision Making | L47-L59 | Guidance on choosing Azure confidential computing options: VMs (AMD/Intel), containers, GPUs, deployment models, capabilities, products, and use cases for secure workloads. |
| Architecture & Design Patterns | L60-L69 | Architectural patterns and design guidance for using Azure confidential VMs, SGX enclaves, AKS, and multi-party analytics to build secure AI and containerized workloads. |
| Limits & Quotas | L70-L74 | Guidance on choosing sizes, quotas, and deployment limits for Intel SGX-enabled VMs in Azure, including capacity planning and scaling considerations. |
| Security | L75-L90 | Attestation, vTPM, key/secrets handling, and hardening guidance to securely run and monitor Azure confidential VMs, SGX enclaves, AKS confidential containers, and clean rooms. |
| Configuration | L91-L100 | Configuring Azure confidential VMs and AKS: SGX/device plugins, confidential containers, VMMD/metablob settings, secure key release policies, and rotating customer-managed encryption keys. |
| Integrations & Coding Patterns | L101-L111 | Coding patterns and samples for building, running, and attesting Intel SGX/AMD SEV-SNP confidential apps and containers, including SKR flows, tools, and Fortanix/Key Vault integrations. |
| Deployment | L112-L122 | How to deploy and migrate Azure confidential VMs/VMSS and AKS (SGX and confidential node pools), create custom images, and set up Fortanix CCM using CLI and ARM templates. |
| 分类 | 行范围 | 描述 |
|---|---|---|
| 故障排除 | L37-L41 | 排查AKS机密节点问题:常见错误、限制、配置与部署问题,以及关于设置、安全性和工作负载兼容性的常见问题。 |
| 最佳实践 | L42-L46 | Azure机密虚拟机的常见问题与使用指南:支持的场景、安全保障、限制、性能、定价和运维最佳实践。 |
| 决策制定 | L47-L59 | 选择Azure机密计算选项的指导:虚拟机(AMD/Intel)、容器、GPU、部署模型、功能、产品以及安全工作负载的用例。 |
| 架构与设计模式 | L60-L69 | 使用Azure机密虚拟机、SGX隔离区、AKS和多方分析构建安全AI与容器化工作负载的架构模式与设计指导。 |
| 限制与配额 | L70-L74 | Azure中Intel SGX启用型虚拟机的规格选择、配额与部署限制指导,包括容量规划和扩展注意事项。 |
| 安全性 | L75-L90 | 证明、vTPM、密钥/机密处理以及加固指导,以安全运行和监控Azure机密虚拟机、SGX隔离区、AKS机密容器和洁净室。 |
| 配置 | L91-L100 | 配置Azure机密虚拟机和AKS:SGX/设备插件、机密容器、VMMD/元数据Blob设置、安全密钥发布策略以及轮换客户管理的加密密钥。 |
| 集成与编码模式 | L101-L111 | 构建、运行和证明Intel SGX/AMD SEV-SNP机密应用与容器的编码模式和示例,包括SKR流程、工具以及Fortanix/Key Vault集成。 |
| 部署 | L112-L122 | 如何部署和迁移Azure机密虚拟机/虚拟机规模集以及AKS(SGX和机密节点池)、创建自定义镜像,以及使用CLI和ARM模板设置Fortanix CCM。 |
Troubleshooting
故障排除
| Topic | URL |
|---|---|
| FAQ for AKS confidential computing nodes | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-faq |
Best Practices
最佳实践
| Topic | URL |
|---|---|
| Azure confidential VM FAQ and usage guidance | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-vm-faq |
| 主题 | URL |
|---|---|
| Azure机密虚拟机常见问题与使用指导 | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-vm-faq |
Decision Making
决策制定
Architecture & Design Patterns
架构与设计模式
| Topic | URL |
|---|---|
| Apply confidential computing to AI workloads on Azure | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-ai |
| Design solutions with Azure confidential computing options | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-computing-solutions |
| Use SGX enclave nodes in AKS workloads | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-overview |
| Design enclave-aware container applications on AKS | https://learn.microsoft.com/en-us/azure/confidential-computing/enclave-aware-containers |
| Understand Azure confidential VM guest attestation design | https://learn.microsoft.com/en-us/azure/confidential-computing/guest-attestation-confidential-virtual-machines-design |
| Architect multi-party analytics on Azure confidential computing | https://learn.microsoft.com/en-us/azure/confidential-computing/multi-party-data |
Limits & Quotas
限制与配额
| Topic | URL |
|---|---|
| Deploy and size Intel SGX VMs on Azure | https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-solutions-sgx |
| 主题 | URL |
|---|---|
| 在Azure上部署和规划Intel SGX虚拟机规格 | https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-solutions-sgx |
Security
安全性
Configuration
配置
| Topic | URL |
|---|---|
| Configure Confidential Containers on AKS (preview) | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-containers-on-aks-preview |
| Configure AKS Intel SGX device plugin (confcom) | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-addon |
| Configure opt-out of VMMD blob for Azure Confidential VMs | https://learn.microsoft.com/en-us/azure/confidential-computing/disable-confidential-vm-metadata-blob |
| Rotate customer-managed keys for Azure confidential VMs | https://learn.microsoft.com/en-us/azure/confidential-computing/key-rotation-offline |
| Author Secure Key Release policies for Azure confidential TEEs | https://learn.microsoft.com/en-us/azure/confidential-computing/skr-policy-examples |
| Use Virtual Machine Metablob Disk with confidential VMs | https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-metablob-disk |
| 主题 | URL |
|---|---|
| 在AKS上配置机密容器(预览版) | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-containers-on-aks-preview |
| 配置AKS Intel SGX设备插件(confcom) | https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-addon |
| 配置Azure机密虚拟机的VMMD Blob退出选项 | https://learn.microsoft.com/en-us/azure/confidential-computing/disable-confidential-vm-metadata-blob |
| 轮换Azure机密虚拟机的客户管理密钥 | https://learn.microsoft.com/en-us/azure/confidential-computing/key-rotation-offline |
| 为Azure机密TEE编写安全密钥发布策略 | https://learn.microsoft.com/en-us/azure/confidential-computing/skr-policy-examples |
| 将虚拟机元数据Blob磁盘与机密虚拟机结合使用 | https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-metablob-disk |