As we all know Google Cloud is one of the major cloud platform in the cloud computing segment along with other players including Amazon AWS, Microsoft Azure and others. Major companies are shifting data from traditional servers to cloud servers for their speed, features and reliability but is cloud still enough reliable to hold sensitive information?
For this reason, major companies are building secure cloud servers of their own or relying on giants like Google, Microsoft and Amazon. So, according to CRN, a Google Cloud product manager explained why their new encrypted virtual machines run on AMD EPYC processors and not on Intel Xeon processors.
There’s no denial of the fact that AMD is overpowering Intel in every segment including desktop CPUs, mobile processors and even server processors. AMD launched EPYC lineup for its server processors based on their revolutionary Zen microarchitecture that power their Ryzen CPUs few years ago.
Last year, AMD launched the Zen 2 based EPYC Rome processors which gave the huge benefit of switching to 7nm process and showed their performance supremacy once again. Intel, for the last couple of years, has not been able to deliver any breakthrough in performance but their server-based Xeon chips are very costly to implement but EPYC gave higher performance even coming half of the price as that of Intel.
AMD EPYC CPUs came with up to 64 cores and 128 threads along with up to 2.25 GHz base and 3.40 GHz clock speeds which made them so special when it comes to performance along with the fastest PCIe gen 4 support. It destroyed the likes of Platinum 8280 at almost half costs which attracted a lot of fore-runners in the server market.
Confidential VMs by Google Cloud
So, its unsurprising of the fact that Google too has opted for AMD but preferring the Red team over their long partner Intel in a segment for Confidential VMs is kind of interesting and raises doubts among lot of people. On Tuesday, at the virtual Google Cloud Next conference, the first product came out to be the new Confidential Computing portfolio that encrypts data in memory and elsewhere outside the CPU.
This is the beta launch of the Confidential VMs which actually makes as Google Cloud “the first major cloud provider to offer this level of security and isolation while giving customers a simple, easy-to-use option for newly built as well as ‘lift and shift’ applications,” according to the vendor.
Storing and retrieving encrypted data has been going on for a lot of time now but protecting that same data when it’s getting processed in the memory is a serious challenge. This requires major hardware solutions which exist in the form of Intel’s Software Guard Extensions (SGX), launched in 2015, and AMD’s Secure Encrypted Virtualization (SEV), came in 2017.
Confidential VMs are based on Google Cloud’s N2D series instances that run on AMD’s 2nd Gen EPYC ‘Rome’ processors, all of which come with an expanded version of SEV that supports 509 encryption keys that are generated by the processors’ Arm-based secure co-processor. The co-processor’s key manager generates the VM encryption keys, so neither Google Cloud nor any VMs running on the hypervisor can access to them.
Why Google Cloud chose AMD over Intel?
Nelly Porter, a lead product manager at Google Cloud, said to CRN that it is due to the ease of use, low-performance impact along with scalability is some of the key reasons for the adoption of Confidential VMs, which in turn are actually the key reasons behind its decision to go with AMD SEV over Intel SGX.
Performance, security and cost are the three pillars of the server processors and in three of them Intel has been failing as they have been stuck with 14nm process. Intel had been involving in a lot of security flaws and their performance benefit is slipping way in front of AMD’s EPYC CPUs and the cost remains very high for Intel while with AMD you can get double the performances of Intel at half the prices.
According to Porter, who believes that the way AMD SEV was designed customers don’t have to worry about redesigning or tweaking any of their applications to move them to Confidential VMs. The design and security of these Confidential VMs allow Google Cloud to ensure customers the security that they can provide to them. “This means nobody, not AMD, neither Google have access to those keys,” she said.
As per tests done by Google Cloud, the use of SEV impact only by 2-6% in performance that too depending on the workload which most companies are happy with until it exceed the 10% barrier. Greg Gibby, a senior product manager at AMD, also said that there’s minimal impact by implementing an AES-128 encryption engine in each memory controller of the CPU.
This is not surprising how powerful AMD EPYC CPUs are and how many cores they posses, but when asked why they didn’t go with Intel SGX, Porter said it was a matter of the availability of processors supporting the feature as well as the complexity associated with adapting applications for the technology.
Porter said Intel SGX can be a “very useful tool for very dedicated and specific workloads,” such as protecting encryption keys, reviewing SSL and TLS connections and signing certificate requests for a certificate authority.” But the technology comes with a “significant price” associated with a need to redesign applications for Intel SGX enclaves, and the performance impact is significant, she added.
“From our perspective, for the workloads, we’re trying to enable, for use of use that we’re looking at and performance penalty,’ to tell customers [they] have to pay based on those three things, Intel SGX was an interesting idea, and we continue to look and work with Intel on that, but it’s not yet applicable to the workloads and scale that we’re looking at,” she said.
The words are enough to explain the switch to AMD, the Blue team is losing grounds in the desktop CPU market where it has nothing “exciting” to offer apart from higher clock speeds surrendering to the multi-core performance and focusing on only single-core performance, which will soon be overturned with AMD’s ambitious “Vermeer” CPUs based out of Zen 3 architecture.
In 2020, AMD has stepped the laptop market with its Ryzen 4000 mobile processors which is just destroying Intel coming in at lower prices and giving a monstrous performance which the blue team could have never expected. Now, with Google Cloud and other cloud vendors, AMD is joining hands to strengthen its role in the server market, which is currently dominated by Intel only, not to forget EPYC Milan server processors based on Zen 3 architecture will be launching this year itself.
Do check out: