Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Google Expands Its Confidential Computing Portfolio

Google Expands Its Confidential Computing Portfolio

This item in japanese

In a recent blog post, Google announced the expansion of its Confidential Computing Portfolio with the addition of Confidential Google Kubernetes Engine (GKE) Nodes. Furthermore, the public cloud vendor will make Confidential Virtual Machines (VMs) publically available.

Earlier this year the company made their first Confidential Computing offering Confidential VMs available in beta. These VMs were an evolutionary step up from Google Shielded VMs by hardening the security of data – encrypted not only at rest but also in memory. And now Confidential VMs will be generally available in the coming weeks with additional features such as audit reports for compliance, new policy controls for confidential computing resources, integration with other enforcement mechanisms, and secure sharing of secrets between Confidential VMs. 


Furthermore, next to the general availability of Confidential VMs, Google added a second product to their portfolio of Confidential Computing with Confidential GKE Nodes, which will be available in beta starting with the GKE 1.18 release soon. With Confidential GKE Nodes, customers can have additional options for confidential workloads when they want to utilize Kubernetes clusters with GKE.

Google built Both Confidential VMs and GKE Nodes on the same technology foundation – allowing customers to keep data encrypted in memory with a node-specific dedicated key that's generated and managed by the AMD EPYC processor. Under the hood, according to the blog post, Confidential GKE Nodes will enable customers to configure their GKE cluster to only deploy node pools with Confidential VM capabilities underneath. Hence, these nodes will use hardware memory encryption powered by the AMD Secure Encrypted Virtualization feature used by AMD EPYC processors, which means that the customers' workloads running on the confidential nodes will be encrypted in-use.  

Note that AMD is not the only processor, as Vint Cerf, vice president and chief internet evangelist for Google, stated in a Confidential Cloud introduction video

In addition to supporting AMD CPUs, we're planning to work on other CPU vendors and extend support to GPUs, TPUs, and FPGAs.

Besides Google, other prominent cloud vendors such as Microsoft and Amazon have Confidential Computing products. Earlier this year, Microsoft released the DCsv2-series VMs as a part of the Azure confidential computing offering into general availability. And, Amazon introduced Nitro Enclaves last year during re:Invent 2019, which are currently available as a preview. Furthermore, both Google and Microsoft are members of the Confidential Computing Consortium, who are committed to collaborating with the industry to deliver a more secure computing infrastructure.

Constellation Research Inc. analyst Holger Mueller told InfoQ:

Enterprises must secure their workloads and IP when computing their next generations in the cloud. Confidential computing is the technology adoption for that, and it is good to see more and more IaaS vendors to offer this deployment option. Today it is Google's turn to offer more offerings in its Confidential Computing portfolio.

Confidential VMs are available in the Google Cloud in various regions, and pricing details of Confidential are available on the pricing page. Furthermore, customers can sign up for Confidential GKE Nodes when it becomes available in beta.

Rate this Article