Core Concepts

Understand the fundamental concepts behind Teenode and how to use the platform effectively.

Key Concepts

Trusted Execution Environment (TEE)

A Trusted Execution Environment (TEE) is a secure area on a computer’s processor that:

Encrypts data in memory at the hardware level
Prevents unauthorized access from the hypervisor or other VMs
Provides cryptographic attestation of the environment
Ensures your code and data remain confidential

With Teenode, you get a full virtual machine running in a TEE, not just an enclave or container.

AMD SEV-SNP

AMD Secure Encrypted Virtualization - Secure Nested Paging (SEV-SNP) is the hardware technology that powers Teenode’s TEE VMs.

Learn more in the AMD SEV-SNP section.

Projects

A Project is the top-level container for your applications or virtual machines. There are two types:

Git Deploy - Deploy Docker applications directly from Git repositories with automatic builds and deployments
TEE VM - A full virtual machine running on AMD SEV-SNP hardware

Teams

Teenode uses team-scoped resources:

Every user has a personal team by default
Projects belong to teams, not individuals
Team members can be invited to collaborate
Resources are isolated per team

Deployments

Deployments are specific builds and releases of your Git Deploy projects. Each deployment:

Is tied to a specific Git commit
Has a unique deployment ID
Can be monitored for status and logs
Is either ACTIVE, FAILED, QUEUED, BUILDING, or DEPLOYING

Attestation

Attestation is a cryptographic proof that your VM is running in a genuine TEE with AMD SEV-SNP.

This allows you to verify that your workload is running in a secure environment and hasn’t been tampered with.

Architecture Overview

┌─────────────────────────────────────┐
│          Your Applications          │
├──────────┬──────────────────────────┤
│   CLI    │   Website Dashboard      │
├──────────┴──────────────────────────┤
│          Main API                   │
│  (Authentication & Orchestration)   │
├──────────┬──────────────────────────┤
│          │                          │
│   Regions with AMD SEV-SNP Hosts   │
│          │                          │
├──────────┴──────────────────────────┤
│  Git Deploy Projects + TEE VMs      │
│  (Running in AMD SEV-SNP TEE)       │
└─────────────────────────────────────┘

Resource Isolation

All resources in Teenode are isolated:

Team-level - Projects and VMs belong to teams
VM-level - Each TEE VM runs in its own encrypted memory space
Network-level - Each region has its own network isolated from others

Data Encryption

Data in Teenode is encrypted at multiple layers:

In Transit - All API communication uses HTTPS/TLS
At Rest - Database records are encrypted
In Memory - TEE VM memory is encrypted by AMD SEV-SNP hardware

What’s Next?

TEE VMs - Learn about Teenode’s virtual machines
AMD SEV-SNP - Understand the security technology
Attestation - Cryptographic verification
Create Your First Project - Get started

PreviousAPI Virtual Machines

NextTEE VMs