With AMD’s market share slowly increasing, it becomes very interesting to see where EPYC is being deployed. Today’s latest announcement comes from AMD and Google, with news that Google’s Compute Engine will begin offering new confidential virtual machines (cVMs) based on AMD’s secure encryption virtualization (SEV) feature. These new cVMs are variants of Google’s N2D series offerings, and Google claims that enabling SEV for memory encryption and full virtualization has a near zero performance penalty.
Secure encryption virtualization on AMD’s 2North Dakota Gen EPYC processors allow cloud providers to encrypt all the data and memory of a virtual machine at the level per VM. These are generated on the fly in hardware and are not exportable, reducing the risk of secondary attacks from potentially aggressive neighbors. Previously, this type of computing model was only possible if a host assumed control of an entire server, which is impractical for most use cases.
With SEV2, AMD technically allows up to 509 keys per system. Google will offer images for its cVMs with Ubuntu 18.04 / 20.04, COS v81 and RHEL 8.2; Other images of the operating system will be available in due course.
These cVMs will be available in the vCPU listings, confirming that concurrent multithreading is enabled on the hardware. Both Google and AMD declined to comment on the exact EPYC CPUs being used, only that they were part of the 2North Dakota Gen Rome family.
This is technically a beta release, with Google as the first cloud provider to offer SEV-enabled virtual machines. Google is also promoting the use of its open source Asylo framework for confidential computing, promising to facilitate implementation with high performance.
Google created a series of 30 MB gifs to show the new cVM. Instead of sharing them with you in an outdated 1989 format, we convert them to video:
Users who wish to access the new virtual machines must go to the corresponding Google page.
