IBM Hyper Protect Virtual Servers for IBM Z® and LinuxONE is a software solution designed to protect mission-critical Linux® workloads with sensitive data from both internal and external threats. 

IBM Hyper Protect Virtual Servers take advantage of IBM Secure Execution for Linux. It provides a confidential computing environment to protect sensitive data running in virtual servers and container runtimes by performing computation in a hardware-based, trusted execution environment (TEE). It is available on-premise as well as a managed offering in IBM Cloud®: IBM Cloud Hyper Protect Virtual Servers.

Additional products in IBM's confidential computing portfolio include the following:

• IBM Hyper Protect Offline Signing Orchestrator: designed to address limitations of current cold storage offerings for digital assets. Available on IBM Z or IBM LinuxONE. Hyper Protect Virtual Servers are a pre-requisite. 
• IBM Cloud Hyper Protect Crypto Services: a single-tenant, hybrid cloud key management service. Unified Key Orchestration, a part of Hyper Protect Crypto Services, enables key orchestration across multicloud environments. 

Features

• **Protect your digital assets on a security-rich, tamper-proof Linux-based platform: **Provides a secure hosting environment with end-to-end security for digital asset custodies, exchanges, issuance providers and permissioned blockchains that must protect private keys, applications and data.
• **Leverage common infrastructure: **Support client-provided container registry in addition to others such as IBM Cloud Container Registry, Docker Hub or Linux Distribution-provided Base Container registry.
• **Integrate data-at-rest-protection: **Use Linux Unified Key Setup encryption passphrase only present within the TEE and based on a key derivation during deployment, taken from seeds provided by the workload and environment persona.
• Experience multiparty contract and attestation of deployment
• Apply Zero Trust principles from workload development through deployment. Based on a newly introduced encrypted contract concept enabling each persona to contribute without risk of exposing this data or intellectual property to others.
• **Access a Crypto Express adapter in Enterprise PKCS#11 (EP11) mode: **Benefit from Hardware Security Module to protect keys as a common industry use case. To enable such solutions, directly attach a Crypto Express Network API for Secure Execution Enclaves provided as component of Hyper Protect Virtual Servers.
• **Protect workloads from internal threats: **Adopt Secure Execution for Linux to deploy isolated workloads protected by Confidential Computing at scale and enable client-defined middleware and hypervisor. With this, Hyper Protect Virtual Servers can be integrated into virtualized Linux environment without any isolated logical partition (LPAR).
• **Apply cloud native application development: **Empower developers with familiar tools and an automated, continuous software delivery pipeline to develop in a private, public or hybrid cloud. Hyper Protect Services provide secure cloud services for on-prem and off-prem deployments.
• **Maintain image integrity: **Enable developers to securely build source files, starting with the containerized application. Solution developers can keep image integrity, knowing it only contains what’s intended, and maintain confidence in the deployed application’s origin.
• **Build securely with trusted CI/CD: **Encrypt images and securely build with a trusted CI/CD flow to validate the origin, preventing backdoor introduction. Signed container images inherit security with no code changes, preventing access to data while it is being processed in the database.
• Safeguard sensitive data on IBM DS8000 storage
• IBM Safeguarded Copy provides immutable copies of sensitive data recovery that are hidden and protected from being modified or deleted due to user errors, malicious destruction or ransomware attacks.

Benefits

• **Build with security: **Equip your developers with the capability to securely build their applications in a trusted environment with integrity.
• **Deploy with trust: **Enable SysAdmins to validate that applications originate from a trusted source via their own auditing processes.
• **Manage with simplicity: **Give operations the ability to manage without accessing applications or their sensitive data.