{"id":35,"date":"2025-11-08T21:03:31","date_gmt":"2025-11-08T21:03:31","guid":{"rendered":"https:\/\/mryelamanchili.dev\/?p=35"},"modified":"2025-11-09T01:00:28","modified_gmt":"2025-11-09T01:00:28","slug":"azure-confidential-vm-attestation-demo-java","status":"publish","type":"post","link":"https:\/\/mryelamanchili.dev\/?p=35","title":{"rendered":"Azure Confidential VM Attestation Demo (Java)"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Ensuring that sensitive business logic only runs in a trusted environment is a cornerstone of secure cloud computing. To demonstrate this principle, I\u2019ve published a <strong>Spring Boot application<\/strong> that performs <strong>attestation of an Azure Confidential Compute VM<\/strong> before executing protected operations. You can explore the source code here: <a href=\"https:\/\/github.com\/yelamanchili-murali\/sovereign-cloud\/tree\/main\/azure-confidential-computing\/apps\/java\/hello-attestation\/app\">GitHub Repository<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Attestation Matters<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In Azure, <strong>guest attestation<\/strong> helps confirm that a confidential VM is backed by genuine hardware-based Trusted Execution Environments (TEEs) with features like <strong>secure boot<\/strong> enabled. This ensures that workloads are isolated, integrity is maintained, and compliance requirements are met before sensitive logic is executed. For a deeper dive, see Microsoft\u2019s official documentation: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/confidential-computing\/guest-attestation-confidential-vms\">Guest Attestation for Confidential VMs<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About the Demo Application<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This Java sample is a <strong>simple Spring Boot variant<\/strong> of the examples provided in Microsoft\u2019s documentation. It implements a secure attestation flow using the <strong>Microsoft Azure Attestation (MAA) service<\/strong>. Key features include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>VM Attestation<\/strong>: Validates that the application runs on an Azure Confidential Compute VM.<\/li>\n\n\n\n<li><strong>JWT Token Verification<\/strong>: Confirms the authenticity of MAA-issued tokens.<\/li>\n\n\n\n<li><strong>Compliance Checking<\/strong>: Ensures secure boot is enabled and the VM is Azure-compliant.<\/li>\n\n\n\n<li><strong>Protected Business Logic<\/strong>: Sensitive operations only run after successful attestation.<\/li>\n\n\n\n<li><strong>Detailed Execution Trail<\/strong>: Comprehensive logging of the attestation process.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This demo is not intended to showcase a novel approach\u2014it\u2019s a practical, developer-friendly example to help you integrate attestation into Java applications.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Learn More About Confidential Computing<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Azure Confidential Computing extends protection beyond data at rest and in transit, safeguarding <strong>data in use<\/strong> inside hardware-based TEEs. This capability is especially valuable for organisations handling sensitive or regulated workloads. For a broader overview, visit: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/confidential-computing\/overview\">Azure Confidential Computing Overview<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Sovereign Cloud Resources<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">For those working in regulated industries or regions with strict compliance requirements, Microsoft\u2019s <strong>Sovereign Cloud<\/strong> offerings provide additional controls and assurances. Explore these resources to understand how Sovereign Cloud can support your workloads:<br>\ud83d\udc49 <a href=\"https:\/\/learn.microsoft.com\/en-us\/industry\/sovereign-cloud\/\">Microsoft Sovereign Cloud Documentation<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Closing Thoughts<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This demo application is meant to serve as a <strong>starting point<\/strong> for developers exploring confidential computing in Java. By following the attestation flow, you can ensure that your applications only execute sensitive logic in environments that meet Azure\u2019s compliance and integrity standards.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re building enterprise-grade solutions, combining <strong>Confidential Computing<\/strong> with <strong>Sovereign Cloud<\/strong> principles can help you achieve both technical assurance and regulatory compliance.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ensuring that sensitive business logic only runs in a trusted environment is a cornerstone of secure cloud computing. To demonstrate this principle, I\u2019ve published a Spring Boot application that performs attestation of an Azure Confidential Compute VM before executing protected operations. You can explore the source code here: GitHub Repository. Why Attestation Matters In Azure, &#8230; <a title=\"Azure Confidential VM Attestation Demo (Java)\" class=\"read-more\" href=\"https:\/\/mryelamanchili.dev\/?p=35\" aria-label=\"Read more about Azure Confidential VM Attestation Demo (Java)\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,16,15],"tags":[12,17,19,18],"class_list":["post-35","post","type-post","status-publish","format-standard","hentry","category-azure","category-confidential-computing","category-sovereign-cloud","tag-azure","tag-confidential-computing","tag-microsoft","tag-sovereign-cloud"],"_links":{"self":[{"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=\/wp\/v2\/posts\/35","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=35"}],"version-history":[{"count":2,"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=\/wp\/v2\/posts\/35\/revisions"}],"predecessor-version":[{"id":48,"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=\/wp\/v2\/posts\/35\/revisions\/48"}],"wp:attachment":[{"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=35"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=35"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mryelamanchili.dev\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=35"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}