Azure Confidential Computing at Ignite 2024

VikasBhatia

Microsoft

Nov 19, 2024

The Azure Confidential Computing team is announcing a new confidential VM series and a new PaaS for enabling privacy-preserving multi-party analytics.

This is another great year for Azure Confidential Computing (ACC) team at Ignite. We are announcing the availability of two new offerings:

The preview of our latest DCa/ECa v6 series confidential VMs running on 4th generation AMD EPYC™ processors, with enhanced performance and security features.

The preview of Azure Confidential Clean Rooms, a totally new PaaS for building privacy preserving multiparty analytics and collaboration solutions.

And we are amplifying the confidential AI use cases of our recently announced generally available confidential VMs with NVIDIA H100 Tensor Core GPUs.

Preview of our latest DCa/ECa v6 series confidential VMs

We are thrilled to partner with AMD to offer these confidential VMs based on 4th generation AMD EPYC processors. They offer up to 25% better CPU performance on Windows Server 2022 compared to their previous generation counterparts. Also, for Windows Server, they offer enhanced security with the option to use Virtualization-based Security (VBS) to protect secrets in a highly secure section of VM memory. And these VMs will be our most widely available confidential VM to date. To learn more and sign up for the preview read the preview blog post: https://aka.ms/Genoa-CVM-Prev-blog

Preview of Azure Confidential Clean Rooms

We are very excited to announce the preview Azure’s first confidential clean room offering, Azure Confidential Clean Rooms, a PaaS for building multi-party, privacy preserving applications, leveraging the Confidential Consortium Framework (CCF) and confidential containers on Azure Container Instances (ACI). To learn more and sign up for the preview read the preview blog post: https://aka.ms/ACCR-preview-blog

Confidential GPUs new use cases

On Thursday, November 21, at 12:30 PM CST, I will be at Ignite presenting a live demonstration of deploying an NCC H100 v5 confidential VM with NVIDIA H100 Tensor Core GPU (aka, confidential GPU) and show several use cases within the context of confidential AI including:

How to do attestation of the confidential VM and its associated GPU
Using confidential GPUs to support confidential retrieval-augmented generation (RAG)
Using confidential GPUs to support confidential speech to text translation with the preview of the confidential inference feature of the Azure OpenAI Whisper model

Please make sure to attend if you are at the event as this event is not being broadcast and will not being recorded.

Figure 1. Architecture of Azure AI confidential inferencing

Other recent ACC related announcements

We are excited to acknowledge the recent announcement of confidential containers on Azure Red Hat OpenShift (ARO). This gives ARO users the opportunity to provide an additional layer of protection of their sensitive workloads in memory from Azure operators and from your own application and tenant administrators. Read the blog post to learn more: Confidential Containers Public Preview on Azure Red Hat OpenShift | Microsoft Community Hub

We are happy to report that Azure Batch is now supported on all AMD SEV-SNP based v5 and v6 confidential VMs.

And finally, as part of Microsoft’s commitment to our Secure Future Initiative (SFI), we are announcing our newest in-house security chip, Azure Integrated HSM, a dedicated Hardware Security Module (HSM) that strengthens key protection by enabling the use of encryption and signing keys while they remain within the bounds of a HSM, without incurring the typical network access latencies for HSM access. Read the blog post to learn more: Securing Azure infrastructure with silicon innovation | Microsoft Community Hub

ACC at Ignite sessions

In addition to my confidential GPU demonstration mentioned above, ACC powered solutions are being covered in multiple sessions at Ignite including: