Earlier this year, we wrote a news segment about AMD and Google’s announcement about bringing confidential virtual machines to the cloud using features enabled through 2nd Gen AMD EPYC processors. At the time, AMD and Google marketed the announcement as the first commercially available cloud confidential VMs, powered through AMD’s Secure Encryption Virtualization feature. After writing up the news, I got a rather sternly worded email from IBM, stating that AMD/Google were not the first – IBM claims to have been offering confidential VMs to its client base for almost two years at this point. The difference I could find is that Google’s offering is more open-to-the-public, compared to IBM’s solution which is strictly more a B2B arrangement.

Today AMD and IBM are combining their effort in this space. In a press release today, the two companies have announced a multi-year joint development agreement to advance the use of confidential computing in the cloud, with a nod to accelerating artificial intelligence.

In the combined press release, the agreement is based upon a vision of open-source software, open standards, and open system architectures to drive confidential computing advancements across a wide range of markets such as high-performance computing, enterprise critical environments, through virtualization and encryption. The goal of this project is to protect sensitive data, especially datasets used for AI training as well as incoming data for inference. Both companies have openly discussed different cloud computing models, such as private clouds, public clouds, and hybrid-clouds, and according to analyst research presented through IBM and AMD, securing sensitive data is still a barrier to entry for organizations looking at deploying hybrid and scalable cloud strategies. Ultimately the goal here is to enable hybrid cloud with the same security as a private cloud, but accessible to more ecosystems local to where it is required.

The announcement today states that engagement between AMD and IBM is already underway. It does not state how long this ‘multi-year joint development agreement’ will last or the goal is to evolve into something more open with other members.

Related Reading

Source: AMD


Comments Locked


View All Comments

  • abufrejoval - Wednesday, November 11, 2020 - link

    Well, initially not all of IBM fully embraced virtual machines, even if they were probably the first to provide capable hardware with the IBM 360/67. But they were quick to exploit virtual machines, when they sold much better than TSO.

    But since then they have certainly pioneered a lot of security techniques in their mainframes, which have faced "cloud" security issues in their mainframe hosting business, decades before cloud computing was officially invented.

    They could be thinking of bringing some of those IP assets to x86.

    What else that implies I don't know but someone has to regularly review the future chances of the p- and z-Series architectures.

    If you change your footing, you need to ensure that the new ground is safe to stand on.
  • TeXWiller - Wednesday, November 11, 2020 - link

    I strongly suspect that the coming 5G infrastructure needs are driving many such initiatives in the future. When your building security runs on a virtual machine located in a nearby facility among the workloads of industrial and other customers, there is not a lot of room between good enough and irresponsibly inadequate.
  • SarahKerrigan - Wednesday, November 11, 2020 - link

    z will live forever. There is far, far too much mission-critical dependence on it for that to change in the next decade or two.

    Power is different. It makes sense today, the AIX and i customer bases are substantial... but IPF and SPARC "made sense today" right up until they didn't too.
  • linuxgeex - Wednesday, November 11, 2020 - link

    The really shocking thing is that there's still PSTN routers running MULTICS in production.
  • SarahKerrigan - Wednesday, November 11, 2020 - link

    Source? The last Multics site I'm aware of was the Canadian defense ministry, and they shut down ages ago.

    I'd believe GCOS (which runs on roughly the same hardware family) but Multics is a stretch.
  • thorski - Thursday, November 12, 2020 - link

    you might be surprised (or not) how many VAX machines are still being maintained for some absolutely mission critical situations
  • eastcoast_pete - Thursday, November 12, 2020 - link

    Of course, SPARC's EOL was much accelerated by Larry (Ellison, Oracle). First their license fees by core (helped Intel a lot, SPARC's strength was many threads/core), and then the takeover of SUN. As long as Power isn't purchased by Oracle, they'll pro6 be around for a while (:
  • SarahKerrigan - Thursday, November 12, 2020 - link

    Oracle actually did a few generations of really good SPARC designs; they got away from Sun's crappy network-processor-derived in-order cores and did the S3 and S4 designs. The first S3 chips (T4 and friends) weren't great, but M7 was phenomenal. M8 was a solid bump on top of that.

    Then, they said "screw it" and set the roadmap on fire.
  • abufrejoval - Wednesday, November 11, 2020 - link

    Secure virtual machines are not just a cloud issue: They could also be a game changer on the home-office desktop, if they gave you the ability to run corporate secured VMs on your private hardware.

    And there are plenty of other scenarios in hospitals and medical practices where cryptographically secured VMs could avoid hardware sprawl, especially since now 8 or more cores even on NUCs or laptops provide plenty of consolidation potential on the edge.

    Of course, that means less hardware sold and reminds me of how Intel made sure the 80386 didn't contain VM hardware support. It was only when Mendel Rosenblum & friends discovered how to make the 80486SL System Management Mode work to implement a hypervisor, that Intel devalued the VMware IP and provided hardware support for virtual machines.

    Back on topic: That is why I am rather disappointed that SEV or MKTME (in AMD and Intel parlance) doesn't seem to have made it onto the Ryzen 5000, while Tiger Lake perhaps might make it a client side feature, just like control flow integrity (CFI) seems now finally in on both.

Log in

Don't have an account? Sign up now