Azure is also introducing new confidential VMs, DCasv5 and ECasv5, which use the latest advanced security features available in 3rd Gen EPYC processors, including Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). The new Azure confidential VMs, DCasv5 and ECasv5, the first EPYC processor-based confidential VMs at Azure and the first confidential VMs to use SEV-SNP, will enable customers to have the data in their security focused applications encrypted in use, in transit and at rest. The updated Dasv5 VMs, optimized for general purpose workloads, and the Easv5 VMs, optimized for memory-based workloads, deliver better price-performance for most general purpose and memory intensive workloads compared to prior EPYC processor-based Microsoft Azure VMs.
“By using the new Azure Dav5 and Eav5 VMs with the latest AMD EPYC CPUs, customers will get access to leading performance and fantastic price-performance for general purpose and memory optimized workloads,” said Lynn Comp, corporate vice president, Cloud Business Unit, AMD. “Beyond that, Azure is using the advanced security features of EPYC CPUs for the new confidential VMs, so their customers can benefit from both performance and security for their workloads.”
“At Microsoft we are committed to enabling the industry to move from computing in the clear to computing confidentially in the cloud and the edge,” said Vikas Bhatia, Head of Product, Azure Confidential Computing, Microsoft. “Our work with AMD is one of the steps towards this vision, giving customers access to Microsoft Azure confidential VMs with advanced
hardware security features and a lift-and-shift migration experience; a powerful tool for meeting their desired security posture.”
Bringing Confidential VMs to Azure with AMD EPYC CPUs
Azure confidential VMs can be used by customers with high security and confidentiality requirements for their workloads. By using AMD EPYC processors, these confidential VMs benefit from strong hardware-based security features that enable the VMs to excel at:
· Privacy-preserving data analytics
· Workloads needing robust encryption
· Sharing data across companies with reduced exposure to other data, while gaining benefits from shared insights.
Azure is also enabling worker nodes on Azure Kubernetes Service (AKS) on these confidential VMs to help secure containers with memory encryption powered by SEV-SNP.