Skip navigation

Securing sensitive data is a high priority for individuals and enterprises. In today’s connected world, there are several points of vulnerability, from your smartphone or laptop, to the internet, intranet and data centers. Throughout these points, there are existing software and hardware solutions that have a goal of protecting data. These include: antivirus software, protecting a system from malware; secure connections which ensure data in transit is encrypted; firewalls which create a barrier between your trusted network and rest of the internet; and data encryption at rest, preventing unauthorized access or theft of data stored on persistent media.

 

Now let’s talk about what confidential computing is all about. Generally speaking, confidential computing is a relatively new concept with a goal to encrypt data in use in the main memory of the system, without compromising on performance.

 

There are two aspects of protecting the data in memory: 1) encrypting full system memory and 2) encrypting individual virtual machine memory and isolating the VM memory from the hypervisor. Full system memory encryption helps defend data against cold boot and even physical attacks. Encrypting individual virtual machine memory helps defend data against attacks originating in other VMs on the same physical host, as well as from the hypervisor itself.

 

Encrypting individual virtual machine memory and isolating it from the hypervisor is critical in today’s highly virtualized, multi-tenant environment.

 

Now let’s talk about how AMD is helping enable confidential computing. One of the key design considerations of the AMD EPYC processors is to provide advanced hardware enabled security features. If customers want to protect the entire system memory, then AMD Secure Memory Encryption (SME) can encrypt system memory with a single key. It’s as simple as enabling a BIOS parameter. In a multi-tenant environment, AMD Secure Encrypted Virtualization (SEV) isolates virtual machines from each other and from the hypervisor. AMD Secure Encrypted Virtualization with Encrypted State (SEV-ES) extends the protection to the CPU registers whose contents are encrypted when a virtual machine stops running.

 

SME, SEV and SEV-ES are part of the AMD Infinity Guardportfolio. The VM security features require enablement in the guest operating system and hypervisor. It is very important to note that AMD’s Secure Encrypted Virtualization helps protect all the applications running on the virtual machine, no code changes or re-compiling of the application are required. If a customer application is running on a system with SEV enabled, then they can reap the benefit of these security features.

AMD and VMware have been working together to enable SEV and SEV-ES on vSphere and we are excited that it is available in vSphere 7.0U1. vSphere 7 is the biggest release of vSphere in over a decade and delivers several innovations including support for AMD’s encrypted virtualization technology. If you are interested in learning more about AMD Secure Encrypted Virtualization (SEV) on VMware ESXi, please attend the on-demand VMware & AMD VMworld panel with Lee Caswell, Rich Brunner, David Dunn and Robert Gomer.

 

We understand the challenges associated with deploying new technologies. To address this we have created an end-to-end configuration guide showing how to set up a confidential computing environment using vSphere and vSAN. The design guide provides step by step instructions to set up a VMware vSAN cluster, build confidential computing virtual machines based on the Linux operating system, and how to deploy applications on it. We have tested popular database and big data benchmarks in order to understand the overhead and performance impact of AMD’s Secure Encrypted Virtualization.

 

AMD engineers ran OLTP and DSS workload tests with and without SEV-ES enabled. Five test runs were performed with the average taken1,2. As shown below, SEV-ES enabled VMs on a VMware ESXi host with a vSAN datastore has a low performance overhead of ~1.4% on OLTP workload and ~6.2% on DSS workload with SQL Server 2019.

 

 

AMD engineers also ran a big data workload test with and without SEV-ES enabled. Five test runs were performed with the average taken1,3. As shown, SEV-ES enabled VMs on a VMware ESXi host with a vSAN datastore has a low performance overhead of ~2% on the big data workload with Apache Hadoop.

 

The configuration described in the guide can be deployed as is or used as a baseline for custom configurations that uniquely address your workload demands. You can access the confidential computing blueprint here

 

I am excited to be a part of the continuing collaboration between AMD and VMware. Together, we are providing customers with a high-performance and security-enhanced virtualization experience for the modern data center.

 

Raghu Nambiar is a Corporate Vice President for AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

 

 

DISCLAIMER

The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD’s Standard Terms and Conditions of Sale.

2020 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo, EPYC, and combinations thereof are trademarks of Advanced Micro Devices, Inc. VMware, vSphere, vSAN and ESXi are trademarks or registered trademarks of VMware in the United States and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.

Footnotes

  1. SEV-ES enabled VMware vSAN cluster Configuration for OLTP and DSS workloads using SQL Server 2019 and Big Data workload using Ambari Hadoop tested with : 4 Hosts each with 1x AMD EPYC 7452, 1TB (16 x 64GB) of RAM, 2x1.6TB NVMe, 6 x 3.2TB NVMe, Broadcom BCM57414 NetXtreme-E 10Gb/25Gb RDMA Ethernet Controller, Mellanox Technologies ConnectX-5 VPI adapter card EDR IB (100Gb/s) and 100GbE dual-port QSFP28 (MCX556A-ECAT) connected to Mellanox SN2410 Ethernet switch 48-port 25GbE + 8-port 100GbE, VMware ESXi 7.0 update 1, VMware vSAN 7.0.1  
  2. System Under Test (SUT) Configuration for OLTP and DSS workloads: VMware Virtual Machine with 32 vCPUs, 768GB of memory, 700GB Hard Disk volume for OS from VMware vSAN, 9TB Hard Disk volume for database from VMware vSAN, uplink to 1GbE NIC, SUSE Linux Enterprise 15 SP2, 5.9.0-rc2-SEV-ES-orig-24.9-default, SQL Server 2019 cu6.  The TPC workloads were driven by HammerDB v3.3 from separate client virtual machine.  SEV-ES feature for Guest OS was enabled for the SUT config labeled as “SEV-ES Enabled” in the Figure 6 and 7.
  3. System Under Test (SUT) Configuration for Big data workload using Hortonworks Data Platform: 8x VMware Virtual Machines each configured with 16 vCPUs, 64GB of memory, 700GB Hard Disk volume for OS from VMware vSAN, 3x1TB Hard Disk volumes for data from VMware vSAN, uplink to 1x1GbE NIC, uplink to 1x100GbE NIC for Ambari Hadoop Cluster,  SUSE Linux Enterprise 15 SP2 5.9.0-rc2-SEV-ES-orig-24.9-default,  HDFS v3.1.1, YARN+MapReduce2 v3.1.1, Zookeeper v3.4.6, Ambari Metrics v0.2.0,  SmartSense 1.5.1.2.7.5.0-72 from Hortonworks Data Platform (HDP) version 3.1.4.  SEV-ES feature for Guest OS was enabled for the SUT config labeled as “SEV-ES Enabled” in the Figure 8.  HDP Cluster used 2 Master Nodes and 6 Data Nodes.

AMD continues to grow and help customers move to a more modern, hyperconverged infrastructure (HCI) for running their business critical applications, and today we’ve been recognized for that!

 

At the Global .NEXT Digital Experience conference Nutanix awarded AMD with the “Technology Alliances New Partner of the Year” award. Nutanix recognized AMD for the collaboration  between the two companies to support the capabilities of AMD EPYC processors for hyperconverged infrastructure powered by Nutanix based solutions.

 

We’re beyond proud of this award as it recognizes what AMD EPYC processors can do for customers, transforming their data centers to a hyperconverged infrastructure (HCI) with leadership performance, while adding flexibility and ease of management.

 

For customers moving to an HCI environment, AMD EPYC processors provide fantastic performance for hyperconverged infrastructure (HCI), and world record performance for virtualized environments[i]. In addition to providing high performance for virtualized business workloads, EPYC is certified and optimized for hybrid cloud deployments. The processors provide three critical foundational elements in an HCI environment.

 

  • High core density and memory capabilities. These two features help support a densely virtualized environment. More virtual machines equal more capabilities to process workloads.
  • Security ingrained within the EPYC architecture and advanced security features like Secure Encrypted Virtualization. This provide customers with peace of mind in moving to a software-defined virtualized environment for running business critical applications.
  • The industry’s only, no compromise, single socket platform, providing performance and infrastructure consolidation that helps reduce overhead and operations costs, improving overall TCO.

 

Earlier this year, we introduced the new AMD EPYC 7Fx2 series processors with industry-leading per core performance[ii] which are fantastic for HCI, giving customers great virtualization performance. Nutanix supported the new 7Fx2 series and all solutions that will use 2nd Gen AMD EPYC processors and Nutanix HCI software.

 

I also spoke to you about how the Modern Data Center is rapidly becoming hyperconverged and how AMD EPYC processors can help customers move to a HCI environment. In addition, John Morris highlighted the ecosystem growth for AMD EPYC processors and HCI solutions and showcased how AMD EPYC processors provide high-performance capabilities for HCI, allowing you to keep up with the evolution into a digital workspace.

 

And just last week, Lenovo announced a new ThinkAgile HX solution based on 2nd Gen AMD EPYC processors and Nutanix HCI software that provides great core density within a 1U server platform, for fantastic performance on VDI workloads. This joins the other Nutanix-based HCI systems from HPE and Dell

 

Again, I want to thank Nutanix for this award and recognition. This award is great recognition for the work AMD and the EPYC processor team has put into HCI solutions with our ecosystem partners to deliver delivering solutions that offer outstanding performance, scalability and TCO, and we will continue to do this.

 

Dan McNamara is a Senior Vice President and General Manager for the AMD server business. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

 

[i] ROM-169: For a complete list of world records see http://amd.com/worldrecords. ROM-169

[ii] Highest per core performance in the world based on EPYC 7F32 (8-cores) having the highest SPECrate2017_fp_base score divided by total core count, of all SPEC publications as of 4/14/2020. 2x EPYC 7F32 (8-cores) scoring 12.75 base result per core (204 SPECrate2017_fp_base/16 total cores, www.spec.org/cpu2017/results/res2020q2/cpu2017-20200316-21244.pdf) compared to the next highest result 1x AMD EPYC 7262 (8-cores) scoring 11.54 base result per core (92.3 SPECrate2017_fp_base/8 total cores.

http://spec.org/cpu2017/results/res2020q1/cpu2017-20191220-20435.pdf) See www.spec.org/cpu2017/results for full ranking. SPEC and SPECrate are trademarks of the Standard Performance Evaluation Corporation. Learn more at www.spec.org

Public cloud and enterprise datacenters continually require more computing power to meet the ever-increasing user demands. AWS processes billions of data requests every day1 from customers seeking performance, reliability and on-demand scalability in cloud instances that fit within their budgetary constraints. To meet its customers’ computing needs, AMD and AWS have collaborated to create distinct types of cloud instances designed to meet specific application needs: AMD-powered Amazon Elastic Compute Cloud (EC2) instances are available in four categories: general-purpose (M5a & M5ad), general-purpose burstable (T3a), memory optimized (R5a & R5ad), and now compute-optimized (C5a & C5ad).

 

Amazon EC2 C5a instances combine the power of the latest generation AMD EPYC processor with optional memory and storage configurations designed to support a wide variety of workloads such as data analytics, video encoding, gaming, image manipulation and more. With the broad range of instances available, the new C5a instances provide highly cost-effective cloud solutions with high performance, and the lowest cost per x86 vCPU in the Amazon EC2 family.

 

The C5ad instances extend the benefits of C5a with the ability to further tune workloads with low IO latency requirements using high-speed local storage caching, by adding local NVMe-based SSD block level storage connected directly to the host. C5ad instances come with up to 3.8 TB of NVMe based SSD storage and high-speed network connectivity. The high performance local NVMe storage and high-speed network connectivity in C5ad instances offer performance, value, and scalability to serve a variety of workloads.

 

Amazon EC2 instances powered by AMD EPYC processors are built on the AWS Nitro System—a collection of AWS-designed hardware and software innovations that enable the delivery of efficient, flexible, and secure cloud services with isolated multi-tenancy, private networking, and fast local storage—and deliver up to 10% cost savings over comparable instances3 in most regions, with the Asia Pacific (Mumbai) region offering up to 45% cost savings2, all while providing a reliable and scalable platform that brings optimal performance for enterprise-class workloads including web services and databases. Below are just a few examples of how AMD-powered Amazon EC2 instances are delivering predictable scaling and measurable impact.

 

Web and application servers for performance and scalability

Cloud-based solutions for distributed enterprise applications require a scalable infrastructure capable of accommodating dynamic capacity needs.

 

NGINX is a popular web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. For high-performance, multi-threaded deployments, C5a can deliver significantly lower cost3 when implemented in the cloud. The following chart demonstrates performance of NGINX in both scale-up and scale-out deployment scenarios.


 

Read the NGINX on Amazon EC2 C5a Instance solution brief here.

 

High-performance, in-memory data store for real-time performance

Caching data and objects in memory can improve the throughput and often deliver near real-time data access performance. 

 

Memcached is a popular, open-source, in-memory distributed caching system. There are several applications that can benefit from Memcached such as web application frontend, content delivery, media streaming, search engines, relational databases, gaming and many more. Amazon EC2 C5a instances powered by AMD EPYC processors are optimal in many ways for Memcached, offering cost effective, high performance and scalability on demand. Memcached on Amazon EC2 C5a instances can offer predictable performance starting with the application’s current needs and as requirements grow. Our benchmark tests demonstrate the performance and scaling for both scale-up and scale-out scenarios as demonstrated below.

 


Read the Memcached on Amazon EC2 C5a Instance solution brief here.

 

In addition, I wanted to highlight the recent performance characterization of Redis Enterprise on AWS C5a instances in collaboration with Redis Enterprise from Redis Labs, a real-time database and enterprise grade caching layer.

 

Powerful performance in business transactions and decision support

Relational Database Management Systems remains the core of enterprise applications for transaction processing, business analytics, and decision support systems.

MySQL is one of the most popular open-source relational database management systems. Implementing MySQL in the cloud is an increasingly popular choice for many applications. Performance, scalability, security features, reliability, and cost of ownership are all important factors when choosing a platform for a MySQL deployment – Amazon EC2 C5a instances offers all of them. We have tested a well known Online Transaction Processing (OLTP) benchmark on AWS EC2 C5a instances and a Decision Support System (DSS) benchmark on AWS EC2 C5ad instances which offer high speed local storage for tempdb to analyze the performance and scalability of MySQL. These results, shown below, demonstrate the effectiveness of AWS EC2 C5a instances in common relational database deployment scenarios.

Read the MySQL on Amazon EC2 C5a Instance solution brief here.

 

Big Data applications for deeper insights

Enterprises across industry verticals are realizing the power of Big Data Analytics for gaining operational efficiency for new business opportunities.


Apache Hadoop offers an ecosystem of open source components that fundamentally changes the way enterprises store, process, and analyze data. Cloudera Distribution Hadoop (CDH) is the most popular distribution of Hadoop. The new C5ad instance is an optimal fit for Apache Hadoop based workloads. Combining the high performance of AMD EPYC with high performance local NVMe storage for temporary storage with the right network bandwidth can match demanding workload requirements and achieve predictable scaling of performance as shown below.

Fast Encoding/Transcoding for live streaming

We are in a new era of high-quality video in social, entertainment and business applications. Such applications in many cases, use real-time encoding/transcoding using FFmpeg like frameworks.  FFmpeg is the leading open source multimedia framework used to decode, encode, transcode, mux, demux, stream, filter, and play videos. The benchmark testing of encoding time for the Tears of Steel movie clip, shows real-time video delivery performance by AMD EPYC powered Amazon EC2 C5ad.8xlarge (32 vCPUs) instances. The high core count and exceptional memory bandwidth of the AMD EPYC processor combined with high-speed NVMe local storage on C5ad instances, enable fast encoding/transcoding. See chart below showing faster encoding time for 1080p and 4K using NVME local storage showing real-time video stream delivery!  This performance testing used the VP9 codec in Constant Bitrate mode with the Highest quality setting for streaming.

In short, the latest generation of AMD’s record-setting EPYC processors power the Amazon EC2 C5a and C5ad instances, giving customers a variety of options for high performance, scalability, reliability, and security features -available on-demand with pay-per-use pricing at the lowest cost per x86 vCPU in the Amazon EC2 family.

 

For more AWS Cloud solutions powered by AMD EPYC processors, visit  AMD EPYC Tech Docs and White Papers Library

 

End notes:

  1. https://aws.amazon.com/blogs/startups/how-to-scale-to-billions-of-requests-a-day-with-aws/
  2. “The AMD-based instances provide additional options for customers who are looking to achieve a 45% cost savings on their Amazon EC2 compute environment for a variety of workloads.” See https://aws.amazon.com/about-aws/whats-new/2019/11/amazon-ec2-amd-instances-are-now-available-in-asia-pacific-mumbai-aws-region/
  3. AMD powered AWS EC2 instances offer up to 10% lower cost compared to comparable x86 based instances. See https://aws.amazon.com/ec2/amd/

 

Raghu Nambiar is a Corporate Vice President for AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

In order to understand Hyperconverged Infrastructure (HCI), a brief history of the evolution of the legacy data center to the modern-day data center is needed. Legacy data centers are typically composed of a multi-tier architecture made up of a storage tier, a networking tier, and a compute tier. Each of these components would typically be managed by a different administrator using purpose-built hardware creating a natural barrier, or silo, because of the functionality and expertise required to manage them.

 

The traditional data center model has been in place for decades. Its rigidity and attendant inefficiencies led to a search for solutions culminating in the creation of Hyperconverged Infrastructure (HCI). Initially, HCI was thought of as a type of software-defined storage, primarily because software abstraction of the traditional enterprise storage architecture was the last element necessary for a truly software defined data center. HCI has grown to be much larger than its original scope, combining server virtualization with software defined networking and continuous availability through self-healing along with advanced management and analytics capabilities.

 

Today, HCI is mainstream and offers a cloud experience in the customers own data center, bringing efficiencies and agility for demanding IT requirements. AMD has been working closely with our ecosystem partners in delivering fully tested and validated solutions that offer outstanding performance, scalability and TCO. While this is not an exhaustive list, these are some of the most common HCI use cases:

 

  • General Purpose Computing – Virtualization had already started a trend towards server consolidation. But significant deployment planning was still required to avoid stress on existing storage and network infrastructure. By bringing storage within the node and distributing it across the cluster, much of this overhead could be avoided, and server consolidation can continue in an easy and predictable fashion. One of the unique differentiations that 2nd Gen AMD EPYC processors offers is the core density – up to 64 cores and 128 threads per processor – which enables the ability to run higher virtual machine density and while reducing infrastructure.
  • Virtualized Databases – Databases and other Tier 1 applications are finding that HCI can provide enough performance for these workloads. Historically, it was assumed that HCI would be unable to meet these needs, but with recent advances in HCI technology along with performance and feature enhancements that AMD has brought to the table, such as higher base and boost frequency processors, along with high speed I/O and network enabled through PCIe 4, this is no longer the case. It’s also important to note that the memory capacity advantage that 2nd Gen AMD EPYC processors has – up to 4TB of memory per processor - can accelerate in-memory computing for transactional and real-time analytics workloads. That is not to say that all business-critical applications are a good fit for HCI yet, but even some of the traditional database vendors are starting to see the appeal.
  • Virtual Desktop Infrastructure (VDI) – VDI historically pushes virtualized servers to the very edge of their capabilities. Today, VDI is bringing an even richer user experience to a mobile and distributed workforce. VDI enhances centralized control and protection over business-critical data while supporting collaboration. A better user experience is tied directly to server capability. Industry-leading core count coupled with the high memory capacity and bandwidth in AMD EPYC processors enables optimal virtual desktop density and performance.
  • Edge Computing – HCI is becoming a popular choice for Remote Branch Office and Edge Computing. Traditional systems are overkill, being both too costly and too complex for such deployments. AMD EPYC processors offers the power and space efficiencies required for edge environments. With AMD EPYC processors, these self-contained small data centers can be deployed efficiently at a fraction of the cost. Beyond deployment advantages, the core capabilities of HCI, such as provisioning, monitoring, management and on-demand scaling, can significantly reduce the complexities associated with edge computing.

 

Nutanix is a world leader in HCI and we at AMD are very excited to collaborate with them. We have worked together on optimizing the Nutanix hyperconverged software, Acropolis OS, on AMD EPYC processors. Together, we have enabled choice in hypervisors including Nutanix Acropolis Hypervisor (AHV), VMware ESXi, and Microsoft Hyper-V. We have been collaborating closely with our server OEM partners in bringing fully validated HCI solutions including the Nutanix-integrated HPE ProLiant DX385 appliance, the Dell EMC XC Core XC-6515 and newly announced Lenovo ThinkAgile HX HCI solution.

 

We are a proud sponsor of Nutanix Global.NEXT 2020 and look forward to helping you meet today’s business challenges with fully validated hyperconverged infrastructure solutions. You can learn more about AMD EPYC processors for Nutanix solutions at the Partner Xchange Breakout Sessions and here at the AMD website.

 

Raghu Nambiar is a CVP of Datacenter Ecosystems & Application Engineering for AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites or use of third party names/marks are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.