Microsoft has embarked on a project to bring ‘Confidential AI’ capabilities to its Azure cloud computing service, working in partnership with Nvidia. The new offering, which is in the preview stage, aims to protect AI workloads by leveraging advanced encryption technologies during execution. Mark Russinovich, Microsoft’s chief technology officer for Azure, unveiled these developments, emphasizing the importance of safeguarding sensitive data and AI models in the evolving landscape of cloud computing.
Microsoft and Nvidia has been working on confidential computing in Azure since last year. To create a confidential computing environment, trusted execution environments (TEEs) are needed to protect data at a CPU-level. Intel and AMD processors already have TEEs that can encrypt data when it is stored, used, or transferred. Microsoft also uses similar concepts in Azure.
However, TEEs are currently limited to CPUs. Microsoft wants to extend them to GPUs and is working with NVIDIA to achieve this. This would make data more secure at a hardware level for machines that handle heavy workloads.
Moving TEEs from CPUs to GPUs is not easy. The GPU has to defend against attacks while still allowing full admin functions in Azure. The performance of the hardware should not be affected by having TEE on the GPU.
The Convergence of AI and Confidential Computing
The confidential AI efforts are materializing through the use of Nvidia H100-PCIe Tensor Core GPUs. These GPUs are instrumental in enabling complex AI computations, ensuring data remains encrypted throughout its lifecycle in the cloud. Such advancements aim to foster innovation while multiple parties collaborate on sensitive data without compromising security.
Further Developments in Cloud Security
Microsoft’s endeavors in confidential computing also extend to other areas. The company has announced additional progressions, including the preview of confidential containers on the Azure Kubernetes Service. This platform is designed for applications that require high-grade security by ensuring that nodes executing transactions are unable to access their contents.
Moreover, Azure anticipates a forthcoming preview of new VM series, specifically the DCesv5 and ECesv5-series, which will operate on the latest gen-4 Intel Xeon processors. These confidential VMs, offering up to 128 vCPUs, are created with security in mind, allowing Azure customers to transfer their sensitive workloads without impacting performance or necessitating code modifications.
Envisioning a future where confidential computing becomes the standard, Microsoft aims to establish comprehensive memory encryption throughout Azure’s infrastructure. This ambition underlines the tech giant’s commitment to enabling a secure cloud environment where organizational data is protected at every stage.
