What’s New in Azure Boost – Ignite 2025
Today we’re announcing the next generation of Azure Boost, a system that offloads virtualization processes from the host to purpose‑built hardware and software—to deliver higher performance, stronger isolation, and more flexible operations across the Azure platform. The first wave becomes available in preview on v7‑series VMs, with broader SKU coverage planned into 2026. This release brings a new set of capabilities aimed at helping organizations run critical workloads with improved speed, security, and flexibility. The Ignite 2025 update showcases the newest enhancements now offered across the Azure platform.
Tune into the Ignite session: Powering modern cloud workloads with Azure Compute on Nov 21, Friday to learn more.
Key Performance Enhancements
The latest iteration of Azure Boost provides up to 1 million IOPS and 20 GB/s throughput for remote storage, marking a substantial increase in performance compared to previous generations. These advancements facilitate faster data access and enhanced reliability for demanding workloads, supporting Azure migration of the most intensive storage requirements.
The next generation of Azure Boost introduces substantial enhancements to networking capabilities, now supporting up to 400 Gbps throughput for both general purpose and AI virtual machines—doubling the performance offered by previous versions. Consistent with earlier releases, this iteration features dual TOR architecture, providing active/active resiliency and ensuring sub-second networking maintenance. These improvements deliver robust connectivity and minimize downtime for mission-critical applications.
Furthermore, customers utilizing Azure network optimized Dln-, Dn-, and Ensv6-series VM SKUs can now achieve up to 400,000 connections per second, significantly increasing scalability for high-demand environments.
Azure VM customers are strongly encouraged to use the latest Microsoft Azure Network Adapter (MANA) drivers (https://aka.ms/mana) to ensure optimal performance and reliability on Azure Boost-enabled hardware.
Beyond these upgrades, Azure Boost introduces advanced networking capabilities like Remote Direct Memory Access (RDMA), which moves data between servers at high speed with very low delays which are ideal for AI and HPC workloads. New cross-region RDMA ensures reliable, multi-path connections for global AI training, while erasure-coded RDMA adds smart error recovery to keep performance steady even when networks drop packets. Together, these innovations help organizations tackle complex distributed computing with greater confidence and efficiency.
Feature spotlight: Azure Boost Confidential Device (ABCD)
As ensuring security and confidentiality remains crucial for Azure customers, the latest version of Azure Boost introduces an innovative feature: Azure Boost Confidential Device (ABCD). This capability allows confidential virtual machines to offload file I/O operations securely, without sacrificing performance. Through hardware-accelerated encryption and PCIe link encryption, data is safeguarded at rest, during transit, and while in use. These advancements strengthen cloud security and assist organizations in satisfying strict compliance standards.
In traditional confidential computing, I/O operations require data to be copied from the VM’s private memory into a shared “bounce buffer” before being sent to devices that aren’t trusted (such as a NIC or storage controller). This process exists because a VM’s memory is encrypted with a key that is not accessible outside the CVM boundary and therefore cannot be accessed by the host or device; the bounce buffer serves as an intermediary buffer for DMA operations where the data is encrypted with a shared key. The drawback is that each I/O operation requires copying and encrypting/decrypting, which increases CPU usage and latency and ultimately reduces networking and storage throughput.
The Azure Boost confidential device (ABCD) is included in the Trusted Compute Base (TCB) for confidential virtual machines by integrating the Azure Boost subsystem with attested hardware. Rather than transferring data to a shared buffer, the confidential device can access encrypted memory within the VM directly through an IDE-encrypted PCIe connection, using TDISP (a PCI-SIG standard supported by all major CPU vendors). By avoiding intermediate buffers, this attested secure link maintains both the confidentiality and integrity of data, allowing information to move safely and efficiently between the CVM and Boost hardware.
The addition of ABCD to the CVM reduces CPU usage by eliminating bounce-buffer copies and redundant encryption cycles, allowing more vCPU resources for app workloads and enabling higher throughput through direct hardware offload of networking and storage, which lowers I/O latency.
Benchmarks show attested confidential offloads offer performance nearly matching general-purpose VMs with maintained security. Azure Boost uses encrypted PCIe links and attestation to securely bypass bounce buffers, providing faster data transfer, lower CPU overhead, and improved VM performance without sacrificing security.
Looking Ahead
Azure’s latest compute innovations—powered by Azure Boost—deliver unmatched performance, scalability, and security for modern cloud workloads. Whether you’re running databases, analytics, AI, or mission-critical enterprise applications, Azure’s VM portfolio and infrastructure advancements provide the tools to operate without compromise.
Get started:
- Read the Azure Boost overview on Microsoft Learn (https://aka.ms/azureboost).
- Install the latest MANA drivers (https://aka.ms/mana).
- Watch the Ignite session to see demos and recommended configs (Powering modern cloud workloads with Azure Compute)
- Check out the latest Ebsv6-Series VMs public preview announcement.
- Watch how Elastic Cloud is using Azure VMs and Azure Boost: Elastic Cloud Serverless on Azure: AI-Powered Search, Observability, and Security - YouTube
Microsoft