News

Microsoft's Nvidia Partnership Sets Sights on Azure 'Confidential AI'

• By Kurt Mackie
• November 30, 2023

Microsoft is working to deliver "confidential AI" to Azure customers, per a Wednesday announcement.

Those efforts stem from collaborations with Nvidia to bring "confidential computing" to graphics processing units (GPUs). Confidential computing uses trusted execution environments (TEEs), typically based in hardware or software, to provide encryption security for workloads while they are running.

Microsoft has already enabled confidential computing on Azure central processing units (CPUs) and virtual machines (VMs). Now, it's addressing GPUs used with Azure services, which increasingly may get used for the processing of data through artificial intelligence (AI) models, known as "inferencing."

The confidential AI collaboration with Nvidia is currently at the preview stage in Azure using VMs based on Nvidia H100-PCIe Tensor Core GPUs, explained Mark Russinovich, Microsoft's chief technology officer and technical fellow for Microsoft Azure, in the announcement:

Azure has been working closely with NVIDIA® for several years to bring confidential to GPUs. And this is why, at Microsoft Ignite 2023, we announced Azure confidential VMs with NVIDIA H100-PCIe Tensor Core GPUs in preview. These Virtual Machines, along with the increasing number of Azure confidential computing (ACC) services, will allow more innovations that use sensitive and restricted data in the public cloud.

Organizations will get security assurances on the intellectual property of their AI models with this effort, and they will be able to collaborate with other parties "without ever exposing their models or data," the announcement suggested. The weights used by AI models won't be visible.

"Confidential AI can enhance the security and privacy of AI inferencing by allowing data and models to be processed in an encrypted state, preventing unauthorized access or leakage of sensitive information," Russinovich wrote.

Bringing confidential computing to GPUs is yet another step in Microsoft's confidential computing efforts, which also encompass, CPUs, virtual machines and containers. Microsoft's aim is to enable confidential computing across Azure.

"Eventually confidential computing will become the norm, with pervasive memory encryption across Azure’s infrastructure, enabling organizations to verify data protection in the cloud throughout the entire data lifecycle," Russinovich indicated.

Microsoft also announced a bunch of other confidential computing advancements at Ignite, including confidential containers on the Azure Kubernetes Service (in preview). There's also a preview of an Azure Managed Confidential Consortium Framework for building and hosting decentralized applications, "where nodes executing the transactions cannot access the contents," which is used to limit information sharing between multiple parties.

Microsoft also announced a coming December preview of DCesv5 and ECesv5-series Azure confidential VMs using gen-4 Intel Xeon processors. These confidential VMs, with support for "up to 128 vCPUs," will permit Azure customers to "migrate their most sensitive workloads to Azure with minimal performance impact and without code changes," Microsoft indicated.