A secure Kubernetes platform with ARCA Trusted OS from CYSEC

Companies who want to manage their sensitive data within their internal infrastructure will be well served by ARCA Trusted OS, which is a Kubernetes platform developed by CYSEC. Used together with axxiv’s rack server CUN VERVA ARCA, ARCA Trusted OS is the perfect platform for managing your application workloads easily and securely. ARCA Trusted OS combines the versatility and scalability of Kubernetes with all of the security features needed by companies today.

How does ARCA Trusted OS protect your data?

ARCA Trusted OS is a container-specific operating system with a secure Kubernetes orchestrator that makes it possible to operate containerised workloads in a hardware-based secure execution environment (Trusted Execution Environment, TEE).

This environment protects your data during transmission within the ARCA Kubernetes Clusters, both at rest and in-use. ARCA Trusted OS furthermore includes containers with an API for cryptography services and a Key Management System that your containers can use for business applications.

This API provides easy access to cryptographic functions that are executed by a hardware security module (HSM), provided it is integrated in the axxiv server.


Individually configurable

Customized service
To ensure maximum availability and productivity, needs-based service options, such as on-site service, can be coupled with the server.

Technical details of the platform

Immutable container-specific operating system
Hardware root of trust of the ARCA Trusted OS platform
Full Disk Encryption when the server is switch off
Kubernetes orchestration platform with secure data communication channels between pods
Containers run in a confidential enclave provided by AMD SEV
Key management and cryptographic services provided through an easy-to-use cryptographic API
The cryptographic API can optionally be supplemented with a certified hardware security module, which will make it comprise several blockchain-compatible algorithms
Maintenance, updates, technical support and recovery – L1/L2/L3 DevOps
Uninterruptible upgrade rollout/rollback makes it possible to make frequent changes without any downtimes

Key Kubernetes platform features

  • A container-specific platform for quickly and easily creating an infrastructure for managing sensitive data.
  • Secure protection for both – your containers and the data you are managing.
  • An extensive set of cryptographic services for your containers for protecting your business.

What sets our hardware apart?

CYSEC has certified axxiv’s CUN VERVA ARCA server for use with the Kubernetes platform with ARCA Trusted OS. It is based on AMD’s EPYC platform. This platform allows business applications, cloud computing and virtualisations to run more securely and faster than ever before. The platform features AMD’s powerful third generation (Milan) EPYC processors, quad-channel memory with ECC support, PCIe 4.0 and the latest security technologies.

The CUN VERVA ARCA server comes with a number of other technologies that are vital for professional environments. PCIe 4.0 will provide you with the fastest PCI express standard currently available.

Added to that, the axxiv server also features up to 128 PCIe lanes for connecting components such as the graphics card, SSDs and network cards. This makes this system highly extensible.

AMD EPYC is the first ever server CPU with an integrated, dedicated security processor. These security mechanisms guarantee that the BIOS will start without corruption.



CYSEC SA is a Swiss data security company headquartered at the EPFL Innovation Park in Lausanne, Switzerland. The company’s mission is to shorten the time-to-market of innovative services by facilitating their integration into a trusted IT environment. In order to achieve its mission, CYSEC developed “ARCA Trusted OS”, a confidential computing platform protecting software applications manipulating sensitive data designed for various sectors, including financial services, IoT, space and telecoms. CYSEC provides its cybersecurity solutions either in the cloud, on site and as edge solutions.

CYSEC is a member of the Confidential Computing Consortium.