Skip to main content
Phala Cloud is the managed version of dstack deployment that enables developers to deploy programs to CVM (Confidential VM), and to follow the security best practices by default.
The dstack SDK simplifies deploying programs to CVMs (Confidential VMs) with security best practices built in. Explore dstack’s blockchain-verified computing capabilities and architecture. The main features include:
  • Deploy any Docker container as a CVM on supported TEEs
  • Generate remote attestation reports and visualize the chain of trust via Web UI
  • Wrap HTTP services with automatic RA-HTTPS and content-addressed domains (0xABCD.dstack.host)
  • Keep applications portable across hardware via decentralized Root-of-Trust key management
The following example shows how dstack works with a typical multi-container application configured with Docker Compose.
As the architecture shown below, multiple docker containers can run inside one single CVM. The underlying infrastructure we provide is to make sure the application is secure and verifiable. Your containers use the dstack component to communicate with the underlying tappd. dstack sets up the CVM environment, handles remote attestation, and manages the lifecycle of all Docker containers running inside the CVM. tappd communicates with a decentralized Key Management Service (KMS) that derives deterministic encryption keys for the application. These keys encrypt application-specific storage and protect data integrity. Because the KMS operates independently from any specific TEE instance, your applications avoid vendor lock-in and can be securely migrated between different hardware environments without data loss.
dstack CVM architecture diagram showing the relationship between docker containers, dstack, tappd, and decentralized KMS

Verify If An Application is Running Inside a TEE

When the application launches, dstack exports a Remote Attestation (RA) Report that cryptographically binds the application’s runtime information — Docker image hash, startup arguments, and environment variables. The TEE hardware signs this report, and the application’s own derived key co-signs it. Anyone can verify the report using standard TEE RA verification tools. For applications deployed on Phala Intel TDX workers, RA reports are exported and verified by default — use the TEE Attestation Explorer to inspect them.

Conclusion

Ready to build? See Getting Started for deployment options. For managed hosting without running dstack on your own hardware, use Phala Cloud.