Trusted Execution Environment (TEE) Virtual Machines
Teenode TEE VMs are full virtual machines that run in a Trusted Execution Environment, providing hardware-level security and isolation.
What is a TEE VM?
A TEE VM is a complete Linux virtual machine that runs in AMD SEV-SNP, a hardware-based trusted execution environment. Key features include:
- Full VM - Not a container or process, but a complete isolated Linux environment
- Hardware Encryption - Memory encrypted by CPU, hypervisor cannot access
- Attestation - Cryptographically verify the environment hasn’t been tampered with
- Isolation - Each VM has its own encrypted memory space
- SSH Access - Full SSH access for remote management
When to Use TEE VMs
Use TEE VMs when you need:
- Maximum security and isolation for sensitive workloads
- Hardware-level encryption of your data
- Cryptographic proof your workload is running securely
- Full control over the operating system and environment
- To run custom software that needs system-level access
VM Lifecycle
| State | Description |
|---|---|
CREATING | VM is being provisioned and launched |
RUNNING | VM is running and ready for connections |
STOPPED | VM is stopped but can be restarted |
PAUSED | VM is paused (reserved for future use) |
DELETING | VM is being deleted |
ERROR | VM encountered an error |
VM Specifications
CPU
- Range - 1 to 32 cores
- Type - AMD EPYC (SEV-SNP capable)
- Note - Cores are exclusively allocated
Memory
- Range - 512 MB to 128 GB
- Encryption - All memory encrypted by hardware
- Note - Memory is exclusively allocated
Storage
- Range - 10 GB to 2000 GB
- Type - Encrypted persistent storage
- Note - SSD for performance
Operating Systems
- Ubuntu 22.04 LTS - Latest stable LTS release
- Debian 12 - Stable Debian release
- Alpine 3.18 - Lightweight Linux
Networking
Each TEE VM has:
- Public IP - Accessible from the internet
- Private IP - For internal network communication
- SSH Access - Remote shell access
- Custom Ports - Run web servers, APIs, etc.
Security is provided by network isolation and hardware encryption. No additional firewall rules needed.
Creating a TEE VM
Step 1: Create a TEE_VM project:
teenode project create \
--name my-secure-app \
--type TEE_VM \
--region us-eastStep 2: Create a VM in the project:
teenode vm create proj_abc123 \
--cpu-cores 4 \
--ram-mb 4096 \
--disk-gb 100 \
--os-image ubuntu-22.04Step 3: Wait for it to be ready:
teenode vm info proj_abc123Accessing Your VM
Get connection information:
teenode vm console proj_abc123Connect via SSH:
ssh root@YOUR_PUBLIC_IPPricing
TEE VMs are charged based on CPU cores, RAM, and storage used. See the Teenode website for current pricing.
What’s Next?
- Launch Your First TEE VM - Step-by-step guide
- AMD SEV-SNP - Learn about the security technology
- Attestation - Verify your VM’s security