Google’s Confidential VMs may change the public cloud market
At Google Cloud‘s virtual Cloud Next ’20 event, Google announced its newest cloud security program: Confidential VMs (virtual machines). The idea is simple: As we put more and more of our work and data on the cloud, we need data not just to be encrypted at-rest and in-transit but to be encrypted in memory while being processed. The results in the public cloud market may be profound.
Encrypting data in and out of memory, as you might imagine, takes a lot of CPU power. Without sufficient processing power, encrypting and decrypting data in and out of memory would be prohibitively slow. To pull this off, Confidential VMs rely on second-generation AMD EPYC processors.
These chips were designed to be fast enough to loosen Intel’s heretofore iron grip on data center processors. AMD has pulled this off. In addition to being the foundation of Google’s secure Confidential VMs, Oracle’s new Cloud E3 platform and AWS’s Elastic Compute Cloud (EC2) C5a instances are both on top of the second-generation AMD EPYC CPUs.
Google’s Confidential VMs use the AMD EPYC secure encrypted virtualization (SEV) to keep VM memory encryption while still delivering good performance. It locks down the memory with a dedicated per-VM instance key. This key is generated and managed by the EPYC processor. These keys, in turn, are generated by the AMD Secure Processor during VM creation and reside solely within it. This means neither Google nor any other VMs running on the host can read your data.
For this security, though, you do pay a performance penalty. How much of a hit, depends on your application. According to AMD benchmarks on Confidential VMs, you can expect to see slowdowns of between 1% and 6%. For example, the NGINX web server and load-balancer are slower by 1% to 4%, while the MySQL DBMS applications can expect to see less than a 5% performance slowdown. Google and the AMD Cloud Solution engineering team are working together to speed up workload performance.
Raghu Nambiar, AMD’s corporate vice president for Data Center Ecosystem, said: “For the new Google Compute Engine Confidential VMs in the N2D series, we worked with Google to help customers both secure their data and achieve performance of their workloads. We’re thrilled to see the Confidential VMs demonstrate similar levels of high performance, for various workloads, as the standard N2D VMs.”
Besides tuning the interaction between Confidential VMs and the EYPC processors, the Google Cloud developers have added support for improved open-source storage and network traffic drivers: nvme and Google Virtual NIC (gVNIC). These help overall VM performance by offering higher throughput than older protocols.
Confidential VMs are built on top of Google’s Shielded VMs. These are hardened by security controls to help defend against rootkits and bootkits. This is done by hardening your operating system image and verifying your firmware, kernel binaries, and drivers’ integrity. Google-offered Shield VM images include Ubuntu v18.04, Ubuntu 20.04, Google’s own Linux/Chrome OS distro Container Optimized OS (COS v81), and Red Hat Enterprise Linux (RHEL) 8.2. Google is working with CentOS, Debian, and other Linux distributors to offer additional confidential OS images.
These secured VMs are built on the open-source, confidential computing Asylo framework. This Google project works with emerging trusted execution environments (TEEs) to lock down systems. Asylo provides:
- The ability to execute trusted workloads in an untrusted environment, inheriting the confidentiality and integrity guarantees from the security backend, i.e., the underlying enclave technology.
- Ready-to-use containers, an open-source API, libraries, and tools so you can develop and run applications that use one or more enclaves.
- A choice of security backends.
- Portability of your application’s source code across security backends.
All these technical security details are hidden. Google claims its goal is to: “Make Confidential Computing easy. The transition to Confidential VMs is seamless — all GCP workloads you run in VMs today can run as a Confidential VM. One checkbox — it’s that simple.”
While still a beta, Confidential VMs look very promising. Google is right when it states it’s the “first major cloud provider to offer this level of security and isolation while giving customers a simple, easy-to-use option for newly built as well as ‘lift and shift’ applications.”
Besides simply securing your data for yourself, it can also enable you to share confidential data sets and collaborate on research in the cloud while preserving confidentiality. Confidential VMs can also be useful for organizations that need to preserve privacy for HIPPA. CCPA, and GDPR, and other regulatory requirements.
When it comes to public clouds, there’s seldom a single feature that makes one cloud stand above the others. Google Cloud with Confidential VMs has found such a standout feature.