We’re excited today to announce the general availability of Azure Boost, a system designed by Microsoft that offloads server virtualization processes traditionally performed by the hypervisor and host OS onto purpose-built software and hardware, enabling faster storage and networking performance for Azure VM customers.
Going forward, every new Azure virtual machine (VM) series will benefit from Azure Boost technologies, making the networking and storage components of your virtual workloads run even faster, whether you have deployed general purpose compute workloads or specialized AI clusters.
Azure Boost was engineered by a team of Microsoft hardware and software engineers to enhance the performance, security, and reliability of Microsoft Azure, and is already being used at Microsoft datacenters around the world, delivering benefits to millions of customers VMs in production today.
To learn more, watch the product overview video, read the documentation, or experience Azure Boost benefits today by provisining Azure Boost enabled VMs sizes listed in the documentation. Continue reading to learn more about the benefits of using Azure Boost.
Pictured below: the Azure Boost Card
Below we take a deeper look at three ways you can benefit from leveraging Azure Boost.
As customers embark on their cloud journey, they seek superior performance, robust security, reliable service with maximum up time, consistently low jitter, and minimal disruption from platform servicing events. Further demonstrating Azure is the optimal cloud for running mission-critical workloads, Azure Boost is specifically designed architected to lessen the impact on customers when Azure maintenance activities occur. reinforcing our commitment to customers that Azure is the optimal cloud for running mission-critical workloads.
Azure Boost maintenance encompasses both the hardware and software on the card, including a secure Linux OS and networking drivers, as well as the top-of-rack switch topology. Each component of the system can be updated without significantly affecting customer throughput, reducing the duration of impact to less than one second for networking updates and less than three seconds for system-level updates in most common cases.
Dual top-of-rack topology allows Azure to maintain our switching infrastructure without measurable impact on existing customer workloads.
Additionally, Azure Boost introduces Microsoft’s proprietary programmable networking interface: MANA (Microsoft Azure Network Adapter). Using MANA allows Azure VM customers to achieve up to 200Gbps networking throughput on select VM sizes. Not less importantly, MANA helps to ensure forward compatibility for Azure VM customers by shielding them from future impacts when the underlying platform changes occur.
One of the primary advantages of Azure Boost is its ability to enhance the throughput of Azure Managed Disks and local storage. This enhancement is enabled by offloading of the storage processing tasks to Azure Boost’s dedicated programmable hardware. Furthermore, Azure Boost optimizes performance by utilizing industry-standard Non-Volatile Memory Express (NVMe) interfaces, which are designed to capitalize on the low latency and internal parallelism of solid-state storage drives.
Azure’s continued investments in VM-level storage throughput optimizations led to incremental improvements in the acceleration of Azure Managed Disks, resulting in industry-leading storage performance. During Microsoft Ignite, we have successfully demonstrated a throughput of up to 12.5GB/s and 650k IOPS for supported VM sizes.
Here’s a look at Azure’s journey of performance enhancements:
The Azure Boost SSD augments the performance of local SSDs by delivering an enhancement of up to 3.8 million IOPS and a throughput of 17.2GB/s.
Additional enhancements provided by Azure Boost SSD:
Note: Azure Boost SSD is offered in select preview VM sizes only.
Azure Boost delivers another innovation in the security space—isolating customer VMs from the network, and the network from customer VMs—by leveraging state-of-the-art security techniques.
Designed to enhance Azure workload security, Azure Boost includes the following security components:
Azure Boost SoCs pair with each host and work in tandem to create a more secure hosting infrastructure.
Following Azure security principles, Azure Boost Integrity foundation architecture is using:
The Azure Boost system implements a secure and trustworthy configuration, supporting Azure Boost integrity from initialization through to runtime. Cerberus functions as the Hardware Root of Trust, providing attestation that the underlying firmware of critical hardware components within Azure Boost aligns with a trusted state. Furthermore, the attestation process, provided by Azure’s Attestation Service, guarantees the activation of Integrity Policy Enforcement and the verification of executable integrity through Code Integrity. The Attestation Service delivers a cryptographic signal to denote the operational status of Code Integrity and to report any potential violations.
This comprehensive security approach aids in mitigating the exploitation of software vulnerabilities, thereby constraining potential system damage, data exfiltration, privilege escalation, and persistence.
Azure Boost aligns with ecosystem specifications and segregates cryptographic primitives helping to ensure robust security, reliability, and efficacy in safeguarding customers’ data and sensitive information. It employs isolation techniques to prevent unauthorized access and potential security threats. Furthermore, Azure Boost adheres to Federal Information Processing Standards (FIPS) certification, thereby ensuring that customers’ workloads conform to industry benchmarks for security, interoperability, compliance, credibility, and trustworthiness. This adherence to FIPS standards underscores the commitment to maintaining an elevated level of cryptographic security in protecting sensitive information.
Experience Azure Boost benefits today trying out Azure Boost enabled VM sizes listed in the documentation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.