Google Cloud and AMD launched the “Confidential Computing” program this summer, which maintains data encryption in locations other than memory and CPU. The solution uses hardware-based encryption in AMD’s latest EPYC processor.
Partners said this week that they are expanding their confidential cloud computing plans to cover workloads running on Kubernetes clusters through Google’s Kubernetes Engine. These GKE nodes will be available in the upcoming Beta version. On Tuesday (September 8), Google also announced the full listing of the confidential virtual machine released in July.
Google Cloud also said that it will expand its support for confidential computing from AMD to a series of data center processors. In both cases, the value proposition is the ability to encrypt data “in use” when processing the data.
Like confidential VMs, confidential Kubernetes nodes are also based on AMD’s latest EPYC processor, which integrates hardware-based encryption in its Zen 2 Core architecture. According to Google (NASDAQ: GOOGL), clusters running protected nodes will automatically force the use of confidential VMs. Confidential nodes use memory encryption in the “secure encryption virtualization” function of the EPYC processor.
Partners say that confidential VMs running in Google Cloud can be increased to 240 virtual CPUs and 896 GB of memory. AMD is also promoting its latest EPYC processor based on 7nm process technology as a platform for migrating applications and data to the cloud .
The hardware-based security method uses a “root of trust” method, where an encryption key is used to protect the function. AMD stated that these keys are managed on the chip, which means that only users can view them.
The architecture uses a virtual key to encrypt the memory, and then the security processor maps the key to the VM running in the memory. The hypervisor cannot access the encrypted memory, and the “guest” operating system chooses the data that can be shared.
At the same time, Google Cloud stated that its confidential nodes will be released in beta form in its upcoming version of the Kubernetes engine.
Google’s chief Internet communicator Vinton Cerf said: “We believe that the future of cloud computing will increasingly shift to private encryption services.”
Cerf added: “When processing data, there is no simple solution to encrypt it.” Therefore, the development of confidential computing programs is promoted because it is “in use” between the customer and the data center and at rest and at rest. When encrypting data.
Now, the confidential VM model has been applied to container-based workloads to encrypt data in memory and elsewhere outside the CPU. Cerf explained: “The memory controller uses an embedded hardware key that Google cannot access to decrypt data within the boundaries of the CPU.”
With the rise of enterprise microservices, isolating application container resources and dependencies is the initial challenge. Google and AMD are betting that adding a layer of data processing security will promote the private encrypted cloud service strategy of cloud providers.
Memory encryption will further isolate the workload while also isolating tenants from the cloud infrastructure. “Our goal is to ensure that the functionality is independent of the hardware we use,” Cerf said. Therefore, Google cooperates with other CPU vendors and extends support for confidential computing to GPUs, Tensor processing units and FPGAs.
Google Cloud is one of the founding members of the Confidential Computing Alliance established by the Linux Foundation in October 2019. Other members include Alibaba, Arm, Huawei, Intel, Microsoft and IBM’s Red Hat division.
For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Google News, Facebook, Instagram, Twitter, YouTube, and Pinterest.