Azure confidential computing and Intel: Technology for the AI Era | BRKFP308H
[Music] hello and welcome my name is Anil raal vikas and I have the privilege of having this conversation first thing after lunch for all of you guys so hopefully it's going to be something where we build energy drive up I'm not going to make you all stand up and raise your hands and do jumping jacks or anything but the topic itself is going to go there so like I said I'm Anil raav I'm VP and GM at Intel responsible for security and systems architecture vas yeah thanks Anil and I'm vikas and I'm the head of product for Azure confidential Computing so the first thing you guys need to do is like start dancing no thank you so much for being here uh anel and I have been working on This Confidential Computing Journey for a while now and in many in many ways this is like a great milestone for both of us to be able to share this with you on how the evolution of confidential Computing is happening so let me first start off with you know what are we seeing in terms of uh customer challenges right I think overall the cloud in general everybody's on it right if you missed the keyote today there's so much happening in the cloud uh you know along with what we are seeing with AI today but what we are also seeing is you know when you're running in the cloud there is a higher level of assurance in some cases uh that need to be met right sometimes there are projects blocked uh there are new Services there's new collaboration that could be done but those are not possible because of the compliance and regulations reasons that exist that prevent sort of these workloads to run in the cloud and despite sort of many of the advantages that you see in the cloud applications may have sensitive data that may be stuck on Prem that uh may be concerned about sort of data security risks data compliance risks when they're running in the cloud and a lot of these are um applicable to many of the regulatory or legal elements that organizations have to deal with when running in the cloud and in general many applications just have sensitive data right and they want a higher level of assurance they want to be able to verify the state of the cloud environment so that they can run on it and have the complete control over the data during its entire life cycle from the time it is created to the time it was destroyed and in many cases confidential Computing was created for one of these reasons to provide a higher level of assurance for the data that you're running in a cloud environment so what is confidential Computing right um we all know that we encrypt data at rest we encrypt data in transit right this is industry standard right like today you you can take my laptop and run away with it there's nothing you're going to find because data is encrypted at rest using bit Locker as an example similarly your data in the cloud it's encrypted at rest on the ssds or you know the storage devices that you use similarly data and Transit it's a standard we don't do HTTP anymore we do https we do TLS if you go to a browser and you go to http yahoo.com it'll tell you it's insecure it automatically transfers you to https yahoo.com that's the state of evolution of encryption and confidential Computing is that missing Third Leg of the three leged data life cycle stool which has now been available for customers to use that scale and what confidential Computing does is it protects that data when it is in use when it is in memory when it is being computed upon so that inside that trust boundary data appears in the clear but outside that trust boundary data appears as Cipher text so confidential Computing there are two key takeaways from this slide that you need to understand so that you can become dangerous after this first confidential Computing is a protection of data when it is in memory this has not been done yet it's a new innovation that you know Intel and Azure have been leading the evolution of this technology the second key takeaway is because now we have confidential Computing data can stay protected from the time it is created until it is destroyed with a key that you own right and that's sort of the big picture for confidential Computing and what does it protect against it protects against Insider threats whether you're worried about threats in your own organization or threats where your data is running uh it protects against uh you know malicious code for example the Azure hypervisor is already b battle tested you know we have a $250,000 bounty on the Azure hypervisor but what confidential Computing does it puts the hypervisor outside the trust boundary and there are new use cases that confidential Computing helps unlock such as operating on multiple uh data sources where you're sharing without actually sharing you're getting analysis you're getting value out of the data without actually sharing the data with anyone else so wec confidential Computing as a natural evolution of how data should be protected and we when we talk about confidential Computing we think of it as a standard this is something that Intel and Azure were one of the co-founders of the confidential Computing Consortium back in September 2019 and the definition you see on the screen is something that we have worked with the confidential Computing Consortium and the larger industry to make possible which defines confidential Computing as the protection of data in use by performing that computation in a hardware based comma attested very very important element attested verifiable trusted execution environment or a te and a te tells you that the definition of a te is you have verifiable Assurance for your data and code Integrity nobody has modified my data nobody has modified my code before I actually operate on it you get that assurance and of course that the data itself is confidential only the code that should have access to the data will have access to the data and anybody who's not explicitly granted access to the data will not have access to the data these are some of the founding principles of how we think about confidential Computing and the way uh anel if you want to take this one yeah um let's talk about one level more detail from what vika spoke what confidential Computing is think of it as a way in which you create like vikka said a trusted execution environment to operate on your sensitive data so it's almost a region inside of memory that you dedicate and say this is where my data is going to be safe and secure anything outside of a trusted execution environment whether it is uh software Stacks other virtual machines or other applications or even hypervisor and Cloud related administrators they're all outside of this trusted execution environment so what happens inside of this trusted execution environment essentially you once you create this trusted execution environment it provides kind of like three basic capabilities and functionalities the first one is isolation with isolation what happens is that anything and everything which is not inside of a trusted execution environment doesn't have access to the data in the clear you can kind of like walk through memory you can do privilege escalation and you can kind of like dump contents of the memory you're not going to see the data in the clear data is always going to be encrypted from outside of the trusted execution environment so then like Vias mentioned attestation is a key element of creating confidential Computing the process and methodology you follow is that your application which is completely encrypted it can be AI models it can be AI data or it can just be traditional applications and traditional data completely encrypted you maintain the keys and once you know the underlying infrastructure is safe and secure and it has met all the goals that you want to do whether it is your custom policy or whether it is making sure that the latest and greatest version of the firmware latest and greatest version of the hypervisor they're all kind of like uh in that particular infrastructure once the attestation process is done that's when you release the keys and once you release the keys the the application then decrypts the data and the uh application information inside of the trusted execution environment and normal operation follows from there the beauty of confidential Computing is that you don't need to make modifications to your applications applications run the way it is and the second is that you don't go through any major drop in terms of performance it may be one or 2% in terms of drop in performance depending on what types of applications that you use so you will get the performance benefits of traditional compute but you'll also get the benefits of confidentiality in uh in adopting a confidential compute whether it is for your private or for the public Club yeah absolutely and I think one element that Anil just talked about that I want to kind of reinforce force is this element of verification or attestation right and the attestation language itself is something that we working on as part of the standard that's right which is as part of the ETF standard now one of the elements that you get out of it is I want to know is my operating system the operating system I expect does it have secured boot does it have measured boot do I know that you know all the layers in my uh stack are something that I can explicitly verify and that verification report is generated by the CPU right so you're you're verifying your entire stack with an attestation report and only when the attestation report and again it's an optional component you don't have to actually use it if you don't really need to but it's an optional component that but it helps using it for auditing purposes absolutely all of those things right definitely important for auditing definitely important for additional assurance that you need but this is one of the key elements of what makes confidential Computing tick so the way to kind of think about confidential Computing is is we already encrypt data and Transit and at rest so when we talk about confidential Computing it's a foundational layer and our vision with confidential Computing is that we are building the confidential Cloud where eventually all workloads as the technology matures operate essentially in a confidential environment where Computing itself becomes confidential Mark rasovic is doing the Azure CTO is doing a talk on this again in his Azure AI Innovations section that I think I recommend people to go look at but generally the way you should think about confidential Computing is it's it's it's this circle if you may that's been shown on the screen is it protects it helps you protect the data during its entire life cycle from the time it's created to when it is stored to where it is transported until it is destroyed you stay control of your data and the benefits obviously are that you're unlocking the value in the data as we mentioned earlier there are some data sets that regulations prevent sharing the data with someone else as in like if you want to do anti-money laundering or if you want to do new drug development regulations prevent uh customers from doing that so these sort of Technologies help you unlock the value in the data that you already have by getting that additional Assurance it helps you be compliant be compliant with regulations that are happening and we see the regulations you know rapidly evolving right uh some of them we are have seeing in the APAC region some of them you're seeing in obviously in EU so there's a ton of sort of interest in how we ensure as custodians of data that we are making sure that the data stays protected and confidential Computing follows zero trust principles right it's it's trust and verify it's explicit trust rather than implicit trust that you're giving to your computer environment so so the beauty of this um what Vias just said is that you own you maintain and you have control of your applications and data regardless of where you do computation so you can start thinking about what that means right you can kind of like Leverage compute anywhere whether it's in the public cloud or the edge these are areas where confidential compute enables you to take advantage of computation anywhere without necessarily worrying about is my data secure do I have to make my infrastructure choices based on the security of my data or even like compliance or production of information that is maintained in the data all of those are off you can kind of like focus on saying what's the most efficient way to do this where is the most efficient place to do this so you can adopt Cloud you can adopt some of the beautiful things that you heard in the conversation that Satya mentioned this morning yeah and you know I think like when we were thinking about like how to present the slide how do you talk about confidential Computing and where it's applicable in it's like asking a question where is https applicable in right it's actually applicable everywhere but I think in terms of you know this technology is still maturing rapidly maturing rapidly evolving so I think what we can give you is a snapshot of where we are seeing the interest come when we talk to customers and I think when we kind of talk to customers is you know a lot of it is happening in regulated Industries whether that's you know healthare where multiple drug companies are trying to work together to combine their data to get a new sort of drug development new analysis um you know we do we talk to a lot of customers and you know we I've had actually neuroscientists come and tell me that hey now I can actually leverage this data for new uh you know uh drug applicability that previously I was not able to right it unlocks all of these new data sets the other sort of use case that we see in financial services uh for example you know we see a bunch of these use cases where uh financial services are trying to run analysis on with their models and they want to make sure that the models themselves are kept private U I'll talk a lot about the use cases um in the future of how we are seeing customers use it but many of the use cases that we see for example are in these confidential multi-party analysis or data clean rooms as an example where multiple parties come together and they are able to solve sort of their uh um analysis without actually sharing the data another use case that we see a ton right now now is in public sector uh one of the things that we are spending a ton of effort on is Microsoft Cloud for sovereignty where we enable these Sovereign Landing zones for our public sector customers and confidential Computing is one of the options that's available for customers for their highly restricted uh data sets or highly restricted workloads and in terms of usages you know we see a ton of usage you know I already mentioned collaborative analysis uh we announced the first you know confidential gpus today so at we see a ton of use cases in visualizations simulations obviously AI privacy preserving uh analysis with advertising especially with what's going on in the industry with third party cookies uh you know uh eventually going away so these are some of the use cases that we see um around confidential Computing is there anything else you want to add to this I I think um the reality is that where are we seeing use cases now uh if you ask me 5 years from now you will all ask why is my compute not confidential by default and I think that's where we're going from an industry perspective so here are some of the initial set of use cases that uh we mentioned I'll give you another example multi party compute especially when it comes to healthcare digging a little deeper um if you if you look at some of the use cases that uh we have between Microsoft and uh and Intel you'll see that a single Hospital may not have all the data in order to do training because some of the um data is uh is is not uh comprehensive and some types of diseases are not that common but if you pool in multiple hospitals you get enough in terms of data for you to make good model training happen which results in much better use of AI inferences in the future so these are some of the use cases that we're starting to see but that just is the beginning there is tremendous amount of opportunity that uh we will see as we move forward as well so let's talk about you know what we are giving in public preview today and you know one of the things that I'd love anel to talk through is how they think about Intel's confidential Computing portfolio and then I can talk about what's exciting in public preview yeah um look from a confidential Computing Intel has by far the most comprehensive set of offerings in the industry today uh we started off with uh our initial technology called software guard extension or sgx the beauty of sgx was that we focused a lot in terms of security we said let's give full control to software and application developers and once we give them control they can go and decide where is sensitive data what do they want to protect through confidential Computing it can be kind of like a simple function in your application or it can be a single line of code or it can be a complete application so that's why you had the flexibility and for those of you have used our sgx technology we initially had an SDK where you use in order to use the isolation attestation mechanisms that we spoke before now go and and Microsoft offered some of these things as part of the DC sv3 and DCd sv3 Series in terms of solutions we also augmented it with a library OS where you can not necessarily use an SDK and make application changes but you can can automatically run your entire application inside of a confidential uh environment with sgx as a technology so these have been around for a while battle tested rugged in terms of technology and solutions and our partner um Azure has been offering this for a while so we most recently have also announced availability of a new technology called trust domain extensions trust domain extension starts appearing in the fourth generation Zeon series and the beauty of trust uh domain extensions is that you actually don't need to do anything you just go in and say instead of me getting u a virtual machine I'm going to go get a confidential virtual machine and once you get a confidential virtual machine you continue to use the confidential virtual machine just the way in which you use a traditional virtual machine and the entire uh virtual machine now runs inside side of uh trusted execution environment and you get and gain benefits out of it now as we introduced sgx and TDX as a technology and like Vias was talking about uh an attestation technology how how can how can Intel help here because at the end of the day we wanted to and the industry wanted uh Operator Independent uniform attestation solution because in certain cases you're going to deploy your application maybe in your private cloud in certain cases going to go do it in the edge and in certain cases you're going to go deploy it in Azure or any other Cloud as a as an example so how do you get that independent uniform attestation mechanism and that's where most recently in uh at the Intel Innovation event we launched uh Trust Services Intel trust Authority and we've been working with Microsoft Azure Vias Mark and team for a while now they've been hugely supportive of this and you as an End customer can Leverage either Intel trust Authority for attestation or Microsoft Azure attest for attestation as well so the beauty of this is that through our mechanism you will be able to not only use the confidential environment but you'll also be able to verify you'll also be able to have Trails for auditing so that entire comprehensive set of solution is what we bring to the portfolio in collaboration with theur yeah and I think one of the things that I think is important to kind of talk about is confiden Computing has been a journey over many years right and it will be going and it will be going forward you're absolutely right and you know intel sgx was a great sort of first step for us to explain to you you know what is the value of confiden competing how do you protect data and use and we see a ton of customers adopting it right signal messenger for example is one of the biggest customers sort of in this space that runs entirely on confidential Computing but then you know as we've been talking to customers we we realize that you know customers want an easy button you know path to confidentiality and that's sort of what TDX enables because the D series you know is a standard Azure VM and we've created a dce series where instead of deploying to that you deploy to this one you don't have to change any of your code right it's it's essentially no code change lift and shift sort of a VM solution so rather than deploying to a you're deploying to a confidential VM and now what you get is whole VM sort of isolation and that's sort of the new innovation that we've been working uh with Intel on and one of the great things in this partnership is we've been working with you know customers like you who give us this amazing feedback on you know we we want choice in our artist station providers and this is why you know we did the work with the Intel uh trust authority to give customers that choice hey if you want to use a uh service that Microsoft provides you can can use that if you want to use another service you can use that but the point is that customers have that choice and attestation and verification are key elements that we think is super valuable especially along with you know where you can just take your code your your your VM and just redeploy and now you're confidential there's a ton of value in that yeah and I'm I'm also proud to say that in partnership with Azure we offer by far the most comprehensive Solutions in the industry uh you can use sgx you can use TDX you can use Intel trust Authority you can use Microsoft as your attest in order to do what you want to do so you will not get this type of solution anywhere else so with that uh I think one of the things that we are super excited to announce is the public preview of Intel TDX based confidential VMS and you know this has been part of the journey that we've been doing with Intel and in some ways we are super excited because these are our most powerful confidential VMS yet with you know up to uh 28 vcpus uh 766 uh GB memory these are perfect for you know general purpose or you know memory optimized sort of workloads U they are integrated as part of our general sort of confidential VM uh capabilities they provide standard capabilities that we provide such as you know attestation uh dis encryption confidential key management and you know we've taken the these Intel TDX based confidential VMS a step further with what we are calling FML sort of TPM based confidential VMS where your confidential VM is a VM that essentially has is is is a unit by itself there is no dependency on any other service except the confidential VM that you're deploying and that's where you have a choice of using an independent uh attestation provider or independent Key Management provider in case you want to do those sort of separation of Duties but in many ways you know these sort of uh confidential VMS gives you you know OS disk Integrity as an example uh ensuring that you know your discs are encrypted uh it it gives you uh attestation confidential Key Management all of these elements that are now also available you know with the work that we've done with uh red hat or with the Suzie Linux to bring these capabilities obviously Windows is also supported but the work that we're doing with Intel on TDX you know get get into the Linux kernel and at that point you know it's going to be upstreamed and essentially you know all dros will start carrying this capability as well so we totally see this as a a foundational element of how you know VMS evolve in the public Cloud yeah just to add to that because um if you go to the next slide we already have a numerous amount of dros canonical lunu Red Hat sus Windows Server Windows 11 all of these are guest es that are ready to go right and uh with our forth generation Zeon series we also collaborated heavily with Microsoft in order to make the right kind of like changes in the hypervisor in order to enable confidential Computing and confidential virtual machines for you because would it be fair for us to say that if a customer is using traditional VMS in order for them to get up and running with a confidential VM it's just a matter of hours and not days months weeks right it's very redeploying just choose a different VM size obviously you got to move to a newer guest OS right because that's where all the guest enlightment enlightenments are but I think in general you're not changing your code yeah right like you're just redeploying and boom you're ready to go like that's sort of what we see as where we see confidential Computing involving it becomes part of the fabric it's just there right and and again this is going to be as as anel mentioned we've been doing this for a while it's not something that's going to happen overnight right but we totally see that this General Evolution moving in this direction uh the other thing I think uh you know Anil if you want to talk a little bit about sort of how attestation Works in this environment yeah let's first talk about what attestation is right um attestation is actually a cryptographic confirmation of the state of the confidential Computing environment you a lot of times when you go through the mechanism for releasing the keys you want to know that the environment where you're operating is secure the environment you're operating is exactly what you expected to be including some of the custom policies that you may Define right you may Define a custom policy which says that I want the latest version of maybe the hypervisor patch or I want a latest version of an OS patch these are all things that you may want to decide and Define so attestation is a mechanism where it goes in and says I will give you the state of the system I will have an immutable way in which that state of the system is maintained as a record for your future auditing or any of those purposes that's exactly what attestation is typically from a attestation elements perspective you want to make sure that it's uh on a genuine Intel processor you want to make sure that the micr code patch is updated with your policy in certain cases you may say I'll give a certain amount of leave here or no I want to strictly adhere to a certain set of policy U the launch is done using an authentic firmware and last but not least the Manifest matches what you have defined in terms of the policy once you do these things then the attestation solution gives you a token you present that token to your key engine we have collaborations with our partners to integrate with key engines as well and there you release the key and once you release the key then the decryption happens inside of the trusted execution environment and everything else processes and progresses as defined so this entire process of making some of these changes by the way we have open source code available to um go through the uh the type of attestation Solutions as well and you can use that to point to Intel trust Authority or Azure atst and and you have that flexibility as well so once you do that then your application is up and running that's why because and I feel like it's probably going to take you like hours in order to do it and not like weeks or months in order to have something of this up and running so the trust Authority the benefit that Intel trust author provides is it's an independent source for attestation it's like what Vias was talking about trust but verify right um it's unified for public private on-prem Edge Cloud unified solution it's a SAS offering something simple and you can you can uh quickly use and deploy in your applications and solutions today and we collaborate with Azure to may bring it to you as an End customer so that you have the flexibility and you also kind of like get up and running with Solutions in Azure ask with quickly as possible so with that you know let's talk about how you know we are leveraging sort of these Technologies in in Azure so one of the things like we've done with uh um conference Computing is we've created our own service for a particular specific use case as an example which is you know we've create we we are announcing in public preview the Azure manage cons uh confidential Consortium framework we've had this CCF confidential consorti framework SDK uh open source for a while and we've seen you know a bunch of customers use it for these uh confidential multi-party applications because it helps with uh governance building trust in the nodes you know ensuring that you know the the right uh organization has the ability to perform the transaction rather than not right so it helps with building these sort of uh scenarios now what we've done is we've taken that SD and we making that a managed service because this gives you a hassle-free experience to host and run your entire secure network in This Confidential environment and something that we've uh been working with uh on on Intel on and when we talk about you know Intel based confidential Computing Services on Azure it the way we look at it is the underlying underpinning of everything is the hardware because that's sort of what make gives us that you know Hardware based root of trust to give us the attestation report but on top of that you know there are there is a platform which starts with enabling these virtual machines uh for example the sgx virtual machines we talked about the new uh public preview Intel TDX based virtual machines that we talking about the confidential virtual machines and on top of that we are also enabling containers as an example and we are also enabling services that run on this infrastructure first Party Services as an example one of the services that we t talked about is the Microsoft Azure attestation service that itself is a confidential service the other is manage HSM which is a Key Management Service we've taken our Azure key wall service and completely sort of reimagined how that would run inside an onclave to make sure that you know the keys are protected and it's a much higher sort of level of security you know using the best in sort of bre best-in-class uh abilities to provide the key management solution in addition you know we see a bunch of customers using confidential Computing for also services so you know one that uh we have enabled is uh confidential SQL so that SQL always encrypted that runs inside these secure enclaves that gives you you know for example Ro level assurance that your your your records in SQL are confidential as well so these are sort of the evolutions and uh you know uh innovations that we are doing on sort of these confidential Computing Technologies uh one that I think I love to and we we've actually announced a few features on this today is azure confidential Ledger it provides you a tamperproof audit logging capability that's backed by uh a confidential Computing environment this is also a choice that you have that you can enable as part of the SQL Ledger as an example that's this becomes one of the providers behind the scene but in general the way you should think about it is the hardware enables you know B basic capabilities there's platform level elements to run your code inside like virtual machines or containers and then services are the ones that light it up where you're just using a service that happens to be confidential and you know you have that extra level of assurance in in that case anything you want to add no I think you you got it all it's like um making sure that as we go forward you have applications and services that you can leverage not just from an infrastructure as a service but also like app a platform as a service and these element ments are where we're going together so let's talk a little bit about you know what we see in terms of use cases uh beekeeper AI has been one of our close partners for a while now uh they are an Innovative startup uh startup that spun out of University of uh California San Francisco we've been working with them for a while and what they enable is this unique use case of creating these uh trusted execution environments or these enclaves for these mult multiple Healthcare companies somebody brings their data somebody brings their model those are two entirely different organizations and what beekeeper AI allows them to do is it it creates an enclave for them where the data provider brings that data the model provider brings the model and they are operating on that data the output comes out and you know the computer environment is essentially destroyed and there's nothing that remains the only thing that the only compute that happens in that environment in inside that Enclave is the code that should be operating in that environment and and beekeeper is one of those you know Innovative startups that is doing a ton of work uh to to make this happen the the interesting thing about beekeeper is that nowhere through no process does sensitive data get out of the Enclave it doesn't matter where you're running it the sensitive data is inside the enclave and you don't lose control of the sensitive data you go through an attestation mechanism and each individual hospit hospital or each individual entity release this the keys once they know that the entire environment is safe and secure so you go through a cumulative model training so that at the end of the training you have a rich set of models that you can use for these rare diseases and that's the beauty of what they've done uh another you know Innovative company that we've been working with is fire blocks uh they provide you know the simplest and secure way to manage these digital assets and they've been one of the innovators in this space since quite early uh they've been using a confidential Computing environment to manage their uh assets to run sort of these multiple uh uh financial institutions leveraging their infrastructure inside a confidential Computing environment uh they they've started off with leveraging Intel sgx for these digital assets scenarios and they are continuing to innovate in this space with you know use cases around helping Financial instit utions enable these sort of new use cases that were really hard to do or you know pretty hard to do without it uh so the other sort of use case that I want to talk about is also one that we've been working with dcentric dcentric is one of the partners based out of Switzerland which is enabling the SAS service where they've been working with goldbar as an example where they are enabling this SAS service to exist where the data providers bring in in their data they they get an attestation report and then they are operating in that environment and this this they help Des centri helps multiple parties work together in a SAS environment where the parties don't have to set up their you know individual environments and the parties don't have to trust the Centric as the solution provider they don't have to trust uh Azure as the cloud provider they don't have to trust their employees the only thing that they trust is the code that operates on that data right so this is again a new paradigm of how we see compute evolve in the you know future Cloud environment uh I guess the other thing I also want to add you know this is another sort of use case where we see a bunch of these customers wanting to uh interact because of the third partyy cookie uh and and the uh expanded uh visibility into do how retail and uh marketing data is being leveraged with end customers so with the additional sort of uh uh assurance that you get from a confidential Computing environment many of these use cases can now get unblocked so because before we go to the uh final slide there are a few questions that I wanted to kind of like uh kind of like ask and answer to an extent and I'll ask you some questions as well because you know most of you have heard this thing called project Amber from Intel right we didn't talk about it much today and the reason is because project Amber was our code name and we were doing previews of uh uh an attestation framework we launched project Amber and it is a service under Intel trust Authority right now so project Amber was just a code name and Intel trust Authority is the actual attestation service that you can leverage we went GA generally available for Intel trust Authority in uh September of this year first question so because what's next when it comes to confidential Computing we spoke about all the things associated with Computing you know what happens when people want to use something like a GPU or a domain specific compute uh I know that we're doing some work together on things like TDX connect can you talk about it yeah absolutely and I think you know one of the things that um we should keep in mind is conferen Computing has been a journey right it's a constantly evolving journey and one of the things that we have seen is that the Arc of innovation has rapidly increased over the last year or two because this is when sort of the the major CPU and GPU vendors have adopted confidential Computing as one of the Baseline capabilities that's going to be enabled in hardware for these sort of lift and shift workloads that don't require any sort of you know code modifications so to answer sort of you know the Arc of innovation here in confidential Computing it's going to be continuing you know to be a journey right like https overall adoption did not happen over time it took a while and that's sort of what we see this happen as well but we are seeing a bunch of these early innovators uh early adopters doing a bunch of these workloads in production today and what we hear from them is also they want to use this technology not just for CPU based workloads but also for GPU based workloads and one of the things that Saia announced on stage today which was the confidential Computing uh confidential gpus that we are announcing today and today they are you know aimed at small to medium models but over time you know we see you the term that they use was slm small language models and you know those models are great for sort the sort of the capabilities available today but if you follow this Arc of innovation where Computing eventually becomes confidential the Baseline capabilities that we talking about here Will will eventually obviously make it their way in a very short time where you could run your AI models whether there for your virtualization for simulation for llms in these sort of you know High capable models uh High capable gpus which will enable U that additional level of privacy where you're protecting the model weights you're protecting the uh prompts that go into the models when you're inferencing against them and over time you know these capabilities just become standard foundational in in you know what you expect essentially as the The Arc of innovation continues yeah to add to what vikas is saying right uh earlier this year we announced a collaboration with uh Nvidia and the technology is called TDX connect and uh uh what is available today is a software way in which you attach a GPU or a bunch of gpus to uh trusted execution environment it's great but you want to get extremely high performance and you want to make sure that you have a hardware way in which you connect this and that technology is called TDX connect and uh we're working together with some of our partners we're working with aure in this particular regard as well now the beauty of this once you have all of these mechanisms built in uh you can use uh uh the same kind of like Intel trust Authority or Microsoft azur test in order to attest not just your applications but your workload your models and your data now you maintained an immutable record of where did I where where was my data what was the exact snapshot of my data what was the exact snapshot of the models how did I go through the training what was the environment under which I went through the training so you can really go in once you have this you can explain all the elements that went in and you can have keys that you use in order to release for the data or even the models to get decrypted inside of a trusted execution environment and you ex extend it to domain specific accelerators like gpus in order to do that so we believe that for a lot of Enterprise use cases these are bare minimum it is very important for you to ensure that your data your IP is secure and what you use in order to train and what you use for inferencing is something that you know where exactly the origin of all of these things came from and that's some of the things that we're doing from a technology perspective as we as we progress forward there any last questions becauseas before we thank our our uh our customers here I think one of the things that I kind of touched on and and you did as well is the evolution of AI and the evolution of sort of how you know attestation becomes a key element can you help me understand or maybe talk to the audience about why do you feel that this sort of evolution is necessary for computer right like going back to basics if you may yeah at the end of the day one of the fundamental reasons why this evolution is necessary is because we want to give our customers and our partners the ability to bring up productivity the ability to kind of like take advantage of the flexibility that various types of computational infrastructure Pro provide you right so when you want to take care of that flexibility when you want to take care of that in order to drive productivity you don't want to have this worry in your mind as to okay is my data secure what are the Bad actors who are kind of like attacking on the data you know at any point of time nobody will ever say that everything is 100% secure but we are continually raising the bar with what we're doing with confidential Computing continuously raising the bar with Technologies like sgx TDX connect and TDX as well raising the bar with some of the things associated with verification and uh attestation mechanism all of these things are going to make it lot more harder for anybody to attack your your data and uh and compromise your IP so this is why it's an evolution yep every time that we do something we're going to do more and uh you will get benefit from it so I do want to thank all of you um we have all the resources and blogs available here for you to go and further verify and at any point of time you have any questions please do reach out to either the Intel or the Microsoft team and we'll be happy to help absolutely thank you so much for your time and yeah please reach out thank [Applause] you
2023-11-20 09:55
