The Microsoft Windows Key Management Licensing Service (MKMS) has been migrated to Azure to leverage technologies such as Azure Confidential Computing (ACC) and Managed Hardware Security Modules (mHSM). ACC’s main benefit is Trusted Execution Environments (TEEs) which create secure, isolated enclaves within the processor where data is encrypted while being processed.
As for mHSMs, these are physical, hardened devices that generate, store, and protect cryptographic keys. They are highly resistant to physical and logical attacks and can self-destruct or erase keys if any tampering is detected.
MKMS processes billions of licensing requests daily for products including the Windows operating system, applications, and games. With this move to Azure, all of this will be done a lot more securely. Outlining the benefits of the move, Microsoft said: “Transitioning from multiple highly secure on-prem data centers to strategically selected Azure regions has enabled greater reliability, stronger security, and a seamless customer experience for the service.”
Microsoft’s Azure Confidential Computing is based on AMD EPYC CPUs with Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) which protects data during processing in hardware-based Trusted Execution Environments (TEEs). One of the perks of this is that it prevents unauthorized access to the data, even by cloud administrators. Azure already encrypts the data when it"s at rest and in transit and Confidential Virtual Machines (CVMs) encrypt the data when it’s in the memory being used.
For a bit of background, TEEs in Azure are specialized, isolated areas within the CPU and memory that protect code and data from tampering and unauthorized access. Azure implements them using hardware security features and encryption.
With this shift to the cloud, Microsoft expects to see improved reliability and stronger security for licensing, compared to the on-premises approach it has been using to date. The Redmond giant said that the move aligns with its Secure Future Initiative, which aims to secure Microsoft’s operations. It also helps with capital expenditure as it reduces costs thanks to the elimination of hardware refreshes.
Another benefit is that Microsoft has more flexibility when it comes to scaling as cloud pricing is more elastic and the company only needs to pay for what it uses. The company has also managed to reduce upfront hardware investments and ongoing maintenance costs while maintaining high throughput, speed, and reliability; it claims that it’s seeing results on par with or better than its previous on-premises environment.
Source: Microsoft