Ku Google, timakhulupirira kuti tsogolo la cloud computing lidzasunthira kuzinthu zachinsinsi, zobisika zomwe zimapatsa ogwiritsa ntchito chidaliro chonse muchinsinsi cha deta yawo.
Google Cloud imasunga kale deta yamakasitomala poyenda komanso popuma, koma ikufunikabe kusinthidwa kuti ikonzedwe. Makompyuta achinsinsi ndi ukadaulo wosinthira womwe umagwiritsidwa ntchito kubisa deta pokonza. Malo achinsinsi apakompyuta amakupatsani mwayi wosunga data yobisidwa mu RAM ndi malo ena kunja kwa purosesa (CPU).
Ma VM achinsinsi pano akuyezetsa pa beta ndipo ndi chinthu choyamba pamzere wa Google Cloud Confidential Computing. Timagwiritsa ntchito kale njira zosiyanasiyana zodzipatula komanso za sandbox mumapangidwe athu amtambo kuti tiwonetsetse chitetezo cha zomangamanga za anthu ambiri. Ma VM achinsinsi amatengera chitetezo pamlingo wotsatira popereka ma encryption mu-memory kuti apitirize kudzipatula ntchito zawo mumtambo, kuthandiza makasitomala athu kuteteza deta yodziwika bwino. Tikuganiza kuti izi zidzakhala zosangalatsa kwambiri kwa iwo omwe amagwira ntchito m'mafakitale olamulidwa (mwinamwake za GDPR ndi zina zokhudzana nazo, pafupifupi. womasulira).
Kutsegula mwayi watsopano
Kale ndi Asylo, gwero lotseguka la makompyuta achinsinsi, tayang'ana kwambiri pakupanga malo achinsinsi apakompyuta kukhala osavuta kugwiritsa ntchito ndi kugwiritsira ntchito, kupereka ntchito zapamwamba ndi kugwiritsa ntchito ntchito iliyonse yomwe mwasankha kuyendetsa mumtambo. Tikukhulupirira kuti simuyenera kunyalanyaza kugwiritsa ntchito, kusinthasintha, magwiridwe antchito ndi chitetezo.
Ndi Confidential VMs akulowa mu beta, ndife oyamba opereka mtambo kuti apereke chitetezo komanso kudzipatula - ndikupatsa makasitomala njira yosavuta, yosavuta kugwiritsa ntchito pamapulogalamu onse atsopano ndi "osungidwa" (mwina okhudza mapulogalamu omwe imatha kuthamanga mumtambo popanda kusintha kwakukulu, pafupifupi. womasulira). Timapereka:
-
Zinsinsi zosagwirizana: Makasitomala amatha kuteteza zinsinsi za data yawo mumtambo, ngakhale ikukonzedwa. Ma VM achinsinsi amathandizira gawo la Secure Encrypted Virtualization (SEV) la mapurosesa a AMD EPYC a m'badwo wachiwiri. Zambiri zanu zimakhalabe zobisika mukamagwiritsa ntchito, kulondolera, kufunsa, ndi maphunziro. Makiyi a encryption amapangidwa mu Hardware padera pamakina aliwonse odziwika ndipo samasiya zida.
-
Kupanga Bwino Kwambiri: Makompyuta achinsinsi amatha kutsegulira zochitika zomwe sizinali zotheka m'mbuyomu. Makampani tsopano atha kugawana ma data amtundu wamagulu ndikuchita nawo kafukufuku mumtambo ndikusunga chinsinsi.
-
Zinsinsi za Ntchito Zonyamula: Cholinga chathu ndi kufewetsa makompyuta achinsinsi. Kusintha kupita ku Confidential VM kulibe vuto - zochulukira zonse mu GCP zomwe zikuyenda m'makina enieni zitha kusamukira ku Confidential VM. Ndi zophweka - ingoyang'anani bokosi limodzi.
-
Kutetezedwa Kwambiri Paziwopsezo: Kusunga chinsinsi kumamangika pachitetezo cha ma VM otetezedwa ku ma rootkits ndi ma bootkits, zomwe zimathandiza kutsimikizira kukhulupirika kwa makina opangira osankhidwa kuti aziyendera mu Confidential VM.
Zoyambira Zachinsinsi za VM
Ma VM achinsinsi amayendera pamakina a N2D omwe amayendera mapurosesa a AMD EPYC a m'badwo wachiwiri. Gawo la AMD la SEV limapereka magwiridwe antchito apamwamba pamakompyuta omwe amafunikira kwambiri kwinaku akusunga makina a RAM obisika ndi kiyi ya per-VM yopangidwa ndikuyendetsedwa ndi purosesa ya EPYC. Makiyi amapangidwa ndi AMD Secure processor coprocessor pamene makina enieni amapangidwa ndipo amakhala momwemo, zomwe zimawapangitsa kukhala osafikirika kwa onse a Google ndi makina ena omwe akuyenda pa node yomweyo.
Kuphatikiza pa kubisa kwa RAM kwa zida zomangidwira, timapanga Confidential VM pamwamba pa Shielded VMs kuti tipereke zithunzi zamakina osagwira ntchito, macheke a firmware, ma kernel binaries, ndi madalaivala. Zithunzi zoperekedwa ndi Google zikuphatikiza Ubuntu 18.04, Ubuntu 20.04, Container Optimized OS (COS v81) ndi RHEL 8.2. Tikugwira ntchito pa Centos, Debian ndi ena kuti apereke zithunzi zina zamakina ogwiritsira ntchito.
Timagwiranso ntchito limodzi ndi gulu laumisiri la AMD Cloud Solution kuti tiwonetsetse kuti kubisa kukumbukira makina sikukhudza magwiridwe antchito. Tawonjeza chithandizo cha madalaivala atsopano a OSS (nvme ndi gvnic) kuti asamalire zopempha zosungirako komanso kuchuluka kwa magalimoto pamanetiweki apamwamba kuposa ma protocol akale. Izi zidapangitsa kuti zitsimikizire kuti zisonyezo za magwiridwe antchito a Confidential VMs zili pafupi ndi zamakina anthawi zonse.
Safe Encrypted Virtualization, yomangidwa mum'badwo wachiwiri wa mapurosesa a AMD EPYC, imapereka mawonekedwe achitetezo a hardware omwe amathandiza kuteteza deta pamalo owoneka bwino. Kuti tithandizire GCE Confidential VMs N2D yatsopano, tinagwira ntchito ndi Google kuthandiza makasitomala kuteteza deta yawo ndikuwonetsetsa kuti ntchito zawo zikuyenda bwino. Ndife okondwa kwambiri kuwona kuti Confidential VM imapereka magwiridwe antchito apamwamba kwambiri pantchito zonse monga ma N2D VM.
Raghu Nambiar, Vice President, Data Center Ecosystem, AMD
Game Kusintha Technology
Makompyuta achinsinsi amatha kuthandizira kusintha momwe mabizinesi amapangira data mumtambo ndikusunga zachinsinsi komanso chitetezo. Komanso, pakati pa zabwino zina, makampani azitha kugwirira ntchito limodzi popanda kusokoneza chinsinsi cha seti ya data. Kugwirizana koteroko, kungayambitsenso chitukuko cha umisiri ndi malingaliro osintha kwambiri, monga kutha kupanga katemera mwamsanga ndi kuchiza matenda chifukwa cha mgwirizano wotetezeka wotere.
Sitingadikire kuti tiwone mwayi womwe ukadaulowu umatsegulira kampani yanu. Penyani! kuti mudziwe zambiri.
PS Osati koyamba, ndipo mwachiyembekezo osati komaliza, Google itulutsa ukadaulo womwe umasintha dziko. Monga zidachitikira Kubernetes posachedwa. Timathandizira ndikugawa matekinoloje a Goggle momwe tingathere ndikuphunzitsa akatswiri a IT ku Russia. Kampani yathu ndi imodzi mwa 3 Kubernetes Certified Service Provider ndi yekhayo Kubernetes Training Partner ku Russia. Ichi ndichifukwa chake timachita maphunziro a Kubernetes nthawi zonse masika ndi kugwa. Maphunziro otsatirawa adzachitika pa Seputembara 28-30 ndi October 14-16 .
Source: www.habr.com