Introduction
What's OBLV Deploy?
OBLV Deploy provides a solution to ensure data security throughout the processing stages by using secure enclaves.
Data Protection regulations are a key concern of every country and company. While in-rest and in-transit data protection solutions are widespread, the security of processing doesn't have a well-established and approachable solution. OBLV Deploy fills the gap using enclaves to provide:
- Isolation: Enclaves operate within Trusted Execution Environments (TEEs) using virtualised CPU cores and memory. This design ensures that applications are executed in a controlled and isolated environment, maintaining separation from other applications within the same physical infrastructure.
- Attestation: Before execution, enclaves perform a verification process to ensure the application's code is authorised and untampered. This process includes comparing the code's cryptographic hash against a list of approved hashes to verify its integrity.
OBLV Deploy is a confidential computing solution. If you are new to the field, see the Confidential Computing page, where the topic is covered from the basics.
OBLV Deploy Components
To provide a secure solution to process information, OBLV Deploy uses three main components:
- AMI: OBLV Deploy provides an Amazon Machine Image (AMI) through AWS Marketplace which provides all the Confidential Computing solutions you need. The AMI defines the configurations and how the enclave will work, providing an isolated environment where you can run sensitive information.
- Kubernetes: To manage the enclaves' lifecycle, OBLV Deploy uses Kubernetes, which takes care of initiation, termination, and scaling based on user-defined configurations.
- CLI: The OBLV Deploy CLI enables user to manage and configure enclave settings and also connect to their remote applications running on the enclaves.
OBLV Deploy is initially available for AWS Nitro enclaves. However, OBLV Deploy is working to support Azure, Google Cloud, and OCI confidential computing solutions as well.
For additional information about the components used to provide a safe environment to run your applications, you can see the OBLV Deploy Architecture page, where all components used are addressed.
OBLV Deploy Unique Features
OBLV Deploy and standard enclaves like AWS Nitro Enclave offer robust security features regarding isolated runtime and attestation documents to verify the integrity of the environment. However, OBLV Deploy provides additional features to enhance security, usability, and performance.
Security and Flexibility
OBLV Deploy extends the basic feature set of standard enclaves with attested TLS, ensuring that all traffic entering and leaving the enclave is encrypted and verified against a trusted certificate. Moreover, OBLV Deploy supports controlled outbound connections, which allows precise control over network traffic, ensuring that only authorised connections are made. Container digest controls provide another layer of security by ensuring that only containers with verified digests are executed.
Simplified Operations
OBLV Deploy seamlessly integrates into existing workflows. It requires no modification to CI/CD processes or development environments, making it incredibly straightforward to adopt without disrupting current operations.
Customisation and Performance
OBLV Deploy offers customisable authentication, allowing you to choose the authentication mechanisms that best fit your needs. In addition, OBLV Deploy also supports autoscaling and sticky sessions, which are essential for handling variable loads and maintaining user session continuity across multiple instances, respectively.
What's Next?
Now that you know the solution OBLV Deploy provides, you can start learning how to use it. In this documentation, you find two ways to use the getting started page. If you're an administrator, the OBLV Deploy team recommends you start with the Quick Start Guide. However, if you're an end-user, see the Making an Attested Connection page.