Announcing the General Availability of the Next Generation of Azure Boost
Starting May 7th, 2026, the new Esv7, Dsv7, and Dlsv7 virtual machines are generally available — and underneath them is a fundamentally new generation of Azure Boost. Not an incremental refresh. A platform that took over five years to build, with custom ASIC-hardened logic, a new network adapter, redesigned storage offload, and a security architecture that makes Azure Boost a Trusted Execution Environment in its own right. You’ll notice the performance: up to 400 Gbps networking, up to 1M remote storage IOPS, up to 21 million local NVMe IOPS. What you won’t see yet is everything this platform can do. These VMs tap into the first wave of capabilities from the new Boost generation — and over the coming months, new VM families and features will unlock additional capabilities and performance. What Makes This Generation Different Azure Boost offloads virtualization, networking, and storage onto purpose-built hardware, so your workloads get more of the server you paid for. That fundamental model hasn’t changed. What has changed — substantially — is the platform underneath. This generation of Azure Boost is built around a purpose-designed PCIe card that integrates three tightly coupled subsystems onto a single ASIC: A custom ASIC/FPGA hybrid accelerator — handles storage acceleration, virtual network encryption, remote storage encryption, and high-throughput data-path processing. This generation hardens significantly more critical data path logic into dedicated logic — moving functions that previously ran in software or in FPGA into application-specific silicon. Most data for high-speed networking and storage is now transferred through the ASIC without going through the FPGA or software, which we use only where we need programmable packet processing. The result is higher throughput at lower latency, with better power efficiency per I/O operation – a 2x improvement in power per throughput over our prior 200Gbps Boost generation. The ASIC also contains the trusted subsystems that form the foundation of Azure Boost’s confidential computing capabilities. The Microsoft Azure Network Adapter (MANA) — Microsoft’s custom-designed network interface, purpose-built for Azure. MANA delivers up to 400 Gbps of networking bandwidth with hardware-accelerated packet processing, high speed RDMA transport, dual top-of-rack active/active resiliency, and sub-second networking maintenance. It provides a consistent driver interface across hardware generations, so future platform upgrades won’t disrupt your networking stack. A dedicated System-on-Chip (SoC) — running the Azure Boost control plane, agent management, servicing, and diagnostics on Arm cores — physically isolated from both the customer VM and the ASIC/FPGA data path. The SoC manages the operational lifecycle of the card while the ASIC and FPGA handle customer I/O at wire speed. These three subsystems work as a single integrated platform. The ASIC and FPGA process your storage and networking data with hardware-enforced tenant isolation. MANA moves your packets. The SoC manages the device without ever touching your data. And all of it sits behind a hardware root of trust that attests the integrity of every component before the card is allowed to serve a single VM. This architecture is also what makes confidential I/O possible. The ASIC contains dedicated confidential data-flow logic in hard-IP, designed to handle encrypted VM memory directly over IDE-encrypted PCIe links — without bounce buffers, without software intermediaries. This hardware foundation ships with every card today; the confidential computing features that build on it will be exposed in upcoming VM SKUs. For customers, the practical impact is straightforward: faster I/O, more predictable performance, fewer host CPU cores consumed by platform overhead, and a security boundary that’s enforced in silicon — not just in software policy. Millions of additional sellable CPU cores have been released back to customer workloads as a result of the host core reductions this platform enables. The physical Boost card itself — a PCIe card with the central ASIC/FPGA hybrid accelerator, surrounding memory, MANA network ports, and Microsoft branding — is visible in the image above. Every new generation of Azure Boost-enabled server in the fleet will carry this card, and every new Intel v7-series VM runs on it. What the New VMs Deliver Today The Esv7 (memory-optimized), Dsv7 (general-purpose), and Dlsv7(general purpose) families are the first SKUs to ship on this Azure Boost generation in general availability. Powered by custom Intel® Xeon® 6 processors with frequencies up to 4.2 GHz and up to 2x higher memory bandwidth than v6, they deliver substantial generational gains across the board: Compute Up to 20% better general compute performance compared to v6 VMs Up to 25% better performance for compute-bound workloads like video transcoding, compression, and cryptography Up to 30% better database workload performance on the largest sizes Sizes up to 372 vCPUs and 2.8 TiB of memory — enabling larger in-memory databases, agentic AI workloads with larger context windows, and latency-sensitive applications that benefit from minimizing cross-node hops Networking Up to 400 Gbps of VM networking bandwidth on the largest Esv7/Edsv7 sizes Dual top-of-rack (TOR) active/active fabric — continuing the proven architecture from prior generations for higher throughput and faster failover under network events Storage Up to 800K remote storage IOPS and 20 GBps remote storage throughput per VM on Premium v2 SSD and Ultra Disk with the largest Esv7/Edsv7 sizes Up to 9.6 million local NVMe IOPS and 53 GBps local storage throughput with the largest Ddsv7/Edsv7 sizes — storage processing offloaded entirely to dedicated Azure Boost SSD hardware Customers are strongly encouraged to use the latest Microsoft Azure Network Adapter (MANA) drivers to ensure optimal performance and reliability on Azure Boost-enabled hardware. The latest drivers are available at https://aka.ms/mana. These are the capabilities the current VMs expose. The Azure Boost platform underneath has more in reserve — capabilities that will show up as new VM families ship throughout the year. For the full SKU lineup, sizing, and benchmarks, see the companion announcement: Announcing General Availability of Azure Dl/D/Esv7-series VMs based on Intel® Xeon® 6 processors. Azure Boost Confidential Device (ABCD): the Boost device joins the Confidential VM’s Trusted Compute Base through attested hardware and IDE-encrypted PCIe links. Built on a Hardware Root of Trust Performance is the visible part. Below the waterline, the bigger shift is what this generation enables for security: Azure Boost is now a full Trusted Execution Environment in its own right. That’s not a future promise — it’s the foundation shipping today, and it’s what powers the confidential computing capabilities already in production and the ones coming next. Security isn’t layered on top of Azure Boost — it’s the foundation the platform boots from. Every Azure Boost device is anchored by Cerberus, Microsoft’s open-sourced hardware root of trust, certified to NIST SP 800-193 for platform firmware resiliency. Cerberus measures and attests every critical firmware component before Boost is allowed to initialize. If anything is off, Boost doesn’t come up. You get a chain of trust that starts in hardware and extends all the way up to your workload: Hardware root of trust identity — every Azure Boost device has a unique, cryptographically-bound identity established at manufacturing. Measured and Secure Boot — every layer of Azure Boost firmware and software is measured and verified before execution. Continuous attestation — the Azure Attestation Service periodically validates that each Boost device in the fleet is running known-good, trusted firmware and software. Devices that fail attestation are taken out of service automatically. In practice, this means every Azure Boost device proves what it is before it’s allowed to touch your data — and keeps proving it continuously while your workloads run. Strong Isolation Between Azure Boost and Your Workloads By offloading virtualization, networking, and storage onto dedicated hardware, Azure Boost establishes a hard, physical isolation boundary between the platform infrastructure and your workloads: Control plane and data plane separation — hypervisor management, networking, and storage policy execution all run on the Azure Boost hardware, completely off your CPU and memory. Your VM has no path to reach Boost’s control surfaces. Reduced host attack surface — because Azure Boost owns the I/O path end-to-end, the host runs a minimal, hardened software stack with far fewer privileged components than a traditional hypervisor host. Memory-safe implementation — critical Azure Boost components are written in memory-safe languages, eliminating entire classes of vulnerabilities by construction. Per-tenant cryptographic isolation — networking and storage I/O are cryptographically segregated per tenant on the Azure Boost data path. The net effect: the attack surface between your VM and the platform infrastructure is smaller than any mainstream cloud hypervisor — by design, not by patch. Confidential Computing: What’s Shipped and What’s Coming This Boost generation doesn’t just promise confidential computing — parts of it are already in production, and the hardware foundation for what comes next is shipping on every card today. Shipped: Confidential VMs on Azure Boost Confidential VMs running on Azure Boost infrastructure are generally available today on Intel platforms, deployed on dedicated clusters. This makes them the first CVM SKU running on Azure Boost. Learn more here: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes/general-purpose/dcesv6-series Coming: Azure Boost Confidential Device and Confidential I/O In traditional confidential computing, every I/O operation requires data to be copied from the VM’s private encrypted memory into a shared “bounce buffer” before it can be sent to devices like a NIC or storage controller. This exists because the VM’s memory is encrypted with a key that’s not accessible outside the CVM boundary — so devices can’t read it directly. The bounce buffer serves as an intermediary for DMA operations. The cost: every I/O operation requires an extra copy and an encrypt/decrypt cycle, increasing CPU usage and latency, and reducing networking and storage throughput. Azure Boost Confidential Device (ABCD) eliminates this tax. ABCD extends the Confidential VM’s Trusted Compute Base (TCB) into the Azure Boost TDISP enabled ASIC through attested hardware integration. Rather than transferring data to a shared buffer, the Boost device can access encrypted VM memory directly through an IDE-encrypted PCIe connection, using TDISP — a PCI-SIG standard supported by all major CPU vendors that allows CVMs to attest the hardware and firmware of devices granted DMA access to their memory. By avoiding intermediate buffers, this attested secure link maintains both the confidentiality and integrity of data, allowing information to move safely and efficiently between the CVM and the attested Boost hardware. The ASIC on the Boost card contains dedicated confidential data-flow logic in hard-IP, specifically designed to handle this encrypted traffic at wire speed. The Arm SoC and its agents remain outside the trust boundary — only the attested ASIC, FPGA and real-time firmware subsystems are included in the TCB. We are implementing TDISP across both Intel (via TDX Connect) and AMD (via SEV-SNP) platforms — because confidential I/O should not be limited to a single CPU vendor. The result: ABCD reduces CPU usage by eliminating bounce-buffer copies and redundant encryption cycles, freeing more vCPU resources for application workloads and enabling higher throughput through direct hardware offload of networking and storage. Benchmarks show attested confidential offloads performing at near parity with general-purpose VMs, with maintained security guarantees. The hardware foundation is shipping on every Azure Boost card today. The customer-facing SKUs that bring ABCD to virtual machines will enter preview on Intel later this year, with AMD following. Stay tuned. Why this matters for regulated customers For regulated industries and sovereign deployments, this answers a question that no amount of contractual language can resolve: how do you prove the infrastructure itself is trustworthy? Hardware root of trust and continuous attestation let you and your regulators verify — cryptographically, not contractually — that workloads run on known-good, policy-compliant hardware and firmware. That’s not a checkbox. It’s a fundamentally different assurance model. More Platform Capabilities Coming This Year The new Azure Boost generation powers more than today’s Esv7/Dsv7/Dlsv7 launch. Over the coming months, expect: Network-optimized VM families — new SKUs designed to expose the full networking capabilities of the Boost platform for customers who need maximum connections-per-second and packet processing performance. Guest RDMA — low-latency, lossless networking between VMs, extending RDMA beyond traditional HPC scenarios. This Boost generation is architected for region-wide RDMA, enabling distributed workloads to communicate across Availability Zones with minimal overhead. Broader SKU coverage — additional VM families across AMD, Arm-based processors, and GPUs will ship on this Boost generation, including remote storage encryption enablement by default, extending the platform’s performance and security benefits across the Azure Compute portfolio. We’ll share more details as each capability reaches preview and GA milestones. Available Today Deploy Esv7, Dsv7, or Dlsv7 today from the Azure portal, Azure CLI, or your preferred Infrastructure as a Code (IaC) tool. They’re the first to run on this generation of Azure Boost, and they won’t be the last. The platform underneath has more to give, and we’ll be showing what’s next throughout the year. To learn more: Azure Boost overview — https://learn.microsoft.com/azure/azure-boost/overview Esv7, Dsv7, and Dlsv7 VM announcement — Announcing General Availability of Azure Dl/D/Esv7-series VMs based on Intel® Xeon® 6 processors Azure Boost product page — https://azure.microsoft.com/products/virtual-machines/boost
Authenticating to an Azure CycleCloud Slurm cluster with Azure Active Directory
As enterprises increasingly move to using Azure Active Directory for their authentication needs this blog explores how Azure AD and OpenSSH certificate-based authentication may be used to provide authentication to a Slurm cluster. We also utilise the Azure Bastion recent native client support feature to provide remote access to the login node over the public internet.
