ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Google tau tshaj tawm Cov VMs Tsis pub twg paub rau Google Cloud Confidential Computing

Google tau tshaj tawm Cov VMs Tsis pub twg paub rau Google Cloud Confidential Computing

Google tau tshaj tawm Cov VMs Tsis pub twg paub rau Google Cloud Confidential Computing

Ntawm Google, peb ntseeg hais tias yav tom ntej ntawm huab xam yuav nce mus rau ntiag tug, encrypted cov kev pab cuam uas muab cov neeg siv ua tiav kev ntseeg siab ntawm kev ceev ntiag tug ntawm lawv cov ntaub ntawv.

Google Cloud twb encrypts cov neeg siv khoom cov ntaub ntawv hauv kev thauj mus los thiab so, tab sis nws tseem yuav tsum tau decrypted kom ua tiav. Tsis pub leej twg paub yog ib lub tshuab thev naus laus zis siv los encrypt cov ntaub ntawv thaum ua tiav. Kev zais zais ib puag ncig tso cai rau koj khaws cov ntaub ntawv encrypted hauv RAM thiab lwm qhov chaw sab nraum lub processor (CPU).

Tsis pub twg paub VMs tam sim no nyob rau hauv kev sim beta thiab yog thawj cov khoom hauv Google Cloud Confidential Computing kab. Peb twb tau siv ntau yam kev sib cais thiab cov txheej txheem sandboxing hauv peb cov txheej txheem huab los ua kom muaj kev ruaj ntseg ntawm ntau tus neeg xauj tsev. Tsis pub twg paub VMs coj kev ruaj ntseg mus rau qib tom ntej los ntawm kev muab hauv-nco encryption ntxiv cais lawv cov haujlwm hauv huab, pab peb cov neeg siv khoom tiv thaiv cov ntaub ntawv rhiab. Peb xav tias qhov no yuav muaj txiaj ntsig tshwj xeeb rau cov neeg ua haujlwm hauv kev tswj hwm kev lag luam (tej zaum txog GDPR thiab lwm yam cuam tshuam, kwv yees. tus txhais lus).

Google tau tshaj tawm Cov VMs Tsis pub twg paub rau Google Cloud Confidential Computing

Qhib cov muaj peev xwm tshiab

Twb tau nrog Asylo, lub platform qhib rau kev suav tsis pub lwm tus paub, peb tau tsom mus rau kev ua kom tsis pub lwm tus paub hauv computer yooj yim rau kev xa thiab siv, muab kev ua haujlwm siab thiab daim ntawv thov rau txhua qhov haujlwm uas koj xaiv los khiav hauv huab. Peb ntseeg tias koj tsis tas yuav cuam tshuam txog kev siv tau, hloov tau yooj yim, kev ua tau zoo thiab kev ruaj ntseg.

Nrog Tsis pub twg paub VMs nkag mus rau hauv beta, peb yog thawj tus neeg muab kev pabcuam huab loj los muab cov qib kev ruaj ntseg thiab kev cais tawm no-thiab muab cov neeg siv khoom siv yooj yim, yooj yim-rau-siv kev xaiv rau ob daim ntawv thov tshiab thiab "ported" sawv daws yuav (tej zaum hais txog cov ntawv thov uas tuaj yeem khiav hauv huab yam tsis muaj kev hloov pauv tseem ceeb, kwv yees. tus txhais lus). Peb muab:

  • Kev ceev ntiag tug tsis sib haum: Cov neeg siv khoom tuaj yeem tiv thaiv kev ceev ntiag tug ntawm lawv cov ntaub ntawv rhiab hauv huab, txawm tias nws tab tom ua tiav. Tsis pub twg paub VMs leverage qhov Secure Encrypted Virtualization (SEV) feature ntawm ob tiam AMD EPYC processors. Koj cov ntaub ntawv tseem encrypted thaum siv, indexing, querying, thiab kev cob qhia. Cov yuam sij encryption yog tsim nyob rau hauv cov khoom siv sib cais rau txhua lub tshuab virtual thiab tsis txhob tawm ntawm lub hardware.

  • Txhim kho Innovation: Kev suav tsis pub lwm tus paub tuaj yeem qhib cov txheej txheem ua haujlwm uas yav dhau los tsis tuaj yeem ua tau. Cov tuam txhab tam sim no tuaj yeem faib cov ntaub ntawv sib cais thiab sib koom tes ntawm kev tshawb fawb hauv huab thaum tswj kev zais cia.

  • Tsis pub twg paub rau Ported Workloads: Peb lub hom phiaj yog ua kom yooj yim rau kev suav tsis pub lwm tus paub. Kev hloov pauv mus rau VM tsis pub lwm tus paub yog seamless - tag nrho cov haujlwm hauv GCP khiav hauv cov tshuab virtual tuaj yeem tsiv mus rau Cov VM tsis pub lwm tus paub. Nws yooj yim - tsuas yog kos ib lub thawv.

  • Kev Tiv Thaiv Kev Nyuaj Siab Tshaj Plaws: Kev suav tsis pub lwm tus paub tsim los ntawm kev tiv thaiv ntawm Shielded VMs tiv thaiv rootkits thiab bootkits, pab kom muaj kev ncaj ncees ntawm kev khiav hauj lwm uas tau xaiv los khiav hauv Cov Ntaub Ntawv VM.

Google tau tshaj tawm Cov VMs Tsis pub twg paub rau Google Cloud Confidential Computing

Lub hauv paus ntawm Kev Tiv Thaiv VMs

Tsis pub twg paub VMs khiav ntawm N2D virtual tshuab uas khiav ntawm ob tiam AMD EPYC processors. AMD's SEV feature muab kev ua tau zoo ntawm kev xav tau ntau ntawm kev ua haujlwm suav nrog thaum khaws lub tshuab virtual RAM encrypted nrog tus yuam sij ib-VM tsim thiab tswj los ntawm EPYC processor. Cov yawm sij yog tsim los ntawm AMD Secure Processor coprocessor thaum lub tshuab virtual tsim thiab nyob hauv nws, uas ua rau lawv nkag tsis tau rau Google thiab lwm lub tshuab virtual uas khiav ntawm tib lub node.

Ntxiv nrog rau kev tsim kho vajtse RAM encryption, peb tsim Cov VM tsis pub lwm tus paub nyob rau sab saum toj ntawm Shielded VMs los muab kev tiv thaiv kev ua haujlwm rau cov duab ua haujlwm, txheeb xyuas qhov tseeb ntawm firmware, kernel binaries, thiab tsav tsheb. Cov duab muab los ntawm Google suav nrog Ubuntu 18.04, Ubuntu 20.04, Container Optimized OS (COS v81) thiab RHEL 8.2. Peb tab tom ua haujlwm ntawm Centos, Debian thiab lwm tus los muab lwm cov duab ua haujlwm.

Peb kuj ua haujlwm ze nrog AMD Cloud Solution engineering pab pawg los xyuas kom meej tias lub tshuab virtual nco encryption tsis cuam tshuam kev ua haujlwm. Peb tau ntxiv kev txhawb nqa rau OSS cov tsav tsheb tshiab (nvme thiab gvnic) los tswj cov kev thov cia thiab kev sib txuas hauv network ntawm kev nkag siab ntau dua li cov txheej txheem qub. Qhov no ua rau nws muaj peev xwm txheeb xyuas tau tias qhov ntsuas kev ua tau zoo ntawm Kev Tiv Thaiv VMs nyob ze rau cov tshuab virtual niaj hnub.

Google tau tshaj tawm Cov VMs Tsis pub twg paub rau Google Cloud Confidential Computing

Ruaj Ntseg Encrypted Virtualization, tsim rau hauv tiam thib ob ntawm AMD EPYC processors, muab qhov tshiab kho vajtse ruaj ntseg feature uas pab tiv thaiv cov ntaub ntawv hauv ib puag ncig virtualized. Txhawm rau pab txhawb GCE Tsis pub twg paub VMs N2D tshiab, peb tau ua haujlwm nrog Google los pab cov neeg siv khoom tiv thaiv lawv cov ntaub ntawv thiab xyuas kom lawv cov haujlwm ua haujlwm. Peb zoo siab heev uas pom tias VMs zais cia tib theem ntawm kev ua haujlwm siab thoob plaws kev ua haujlwm raws li N2D VMs.

Raghu Nambiar, Tus Lwm Thawj Coj, Data Center Ecosystem, AMD

Kev Ua Si Hloov Technology

Kev suav tsis pub lwm tus paub tuaj yeem pab hloov txoj kev lag luam ua cov ntaub ntawv hauv huab thaum tswj hwm tus kheej thiab kev nyab xeeb. Tsis tas li ntawd, ntawm lwm cov txiaj ntsig, cov tuam txhab yuav tuaj yeem ua haujlwm ua ke yam tsis muaj kev cuam tshuam rau kev zais ntawm cov ntaub ntawv teev tseg. Cov kev sib koom tes zoo li no, dhau los, tuaj yeem ua rau muaj kev hloov pauv ntawm cov thev naus laus zis thiab cov tswv yim ntau dua, xws li muaj peev xwm tsim cov tshuaj tiv thaiv sai thiab kho cov kab mob raws li kev sib koom tes ruaj ntseg.

Peb tos tsis tau kom pom cov cib fim no qhib rau koj lub tuam txhab. Saib nonrhiav kom paub ntxiv.

PS Tsis yog thawj zaug, thiab cia siab tias tsis yog zaum kawg, Google nthuav tawm cov thev naus laus zis uas hloov lub ntiaj teb. Raws li tau tshwm sim nrog Kubernetes tsis ntev los no. Peb txhawb nqa thiab faib cov cuab yeej Goggle rau qhov zoo tshaj plaws ntawm peb lub peev xwm thiab cob qhia IT cov kws tshaj lij hauv tebchaws Russia. Peb lub tuam txhab yog ib qho ntawm 3 Kubernetes Certified Service Provider thiab ib leeg xwb Kubernetes Training Partner nyob rau hauv Russia. Tias yog vim li cas peb ua cov kev cob qhia Kubernetes hnyav txhua lub caij nplooj ntoos hlav thiab lub caij nplooj zeeg. Cov kev kawm hnyav ntxiv tom ntej yuav muaj rau lub Cuaj Hlis 28-30 Kubernetes Base thiab Kaum Hli 14–16 Kubernetes Mega.

Tau qhov twg los: www.hab.com

Ntxiv ib saib