Announcing: AMD SEV-SNP Support
VPSBG is proud to announce that our powerful and reliable cloud servers officially support AMD SEV-SNP. Our constant strive to combine exceptional performance with top-notch security has inspired us to continue to improve our services, adding an extra layer of protection with the help of AMD SEV for zero-trust solutions.
For us at VPSBG privacy is vital in this age of technology, so we have quickly implemented the value of confidential compute technologies to improve the robustness, scalability, and performance of our evolving and modern infrastructure.
What is AMD SEV-SNP?
Our cloud hosting infrastructure is built with premium AMD EPYC CPUs and lightning-fast NVMe SSDs in order to output consistent maximum performance at all times.
For a while, our powerful processors have come equipped with SEV-SNP, an extra feature that improves privacy and security. Secure Encrypted Virtualization (SEV) by design aims to enhance virtual machine security by applying memory encryption and guaranteeing guest isolation.
This encryption prevents unauthorized access and protects all virtual machines from memory modification attacks with some popular examples being firmware rollback and memory injections from a malicious hypervisor.
With SEV even if the hypervisor is compromised, all virtual machines’ memory remains encrypted, meaning that information cannot be extracted or altered. Additionally, SEV-ES prevents leakage of information from CPU registers even when the server is stopped.
This, in addition to SNP (Secure Nested Paging), guarantees that neither the hypervisor nor the cloud hosting provider can access data that is hosted on the virtual machine, essentially allowing you to have a confidential virtualized environment. These technologies combine to deliver a layered and integrated confidential compute solution that focuses on hardware isolation primarily within the CPU.
The basic principle of SEV-SNP encryption integrity is that if a VM is able to read a private page from memory, it must always read the last written value. This means that it is impossible to see a different value unless the page has been swapped.
To enforce this, a hardware-level change is needed in combination to firmware security, which is only supported from the 3rd generation of AMD EPYC processors and onwards, which we at VPSBG are using.
This helps make our servers not only secure but also privacy-friendly due to the fact that SNP ensures that even if the hypervisor is compromised, it won’t be able to remap or exchange memory pages between the virtual machines, eliminating the risk of information leaks.
Once a memory page is assigned to a virtual machine, it remains unchangeable, which further ensures that the hypervisor won’t be able to tamper with the information and prevents vulnerabilities like the recently discovered memory side channel attacks. Additionally, users can also perform manual cryptographic attestation to verify the security of their virtual machine.
Benefits Of AMD SEV-SNP
As we already mentioned, with SEV-SNP your virtual machine data remains encrypted at all times, which is extremely beneficial for companies and businesses that handle sensitive data on a day to day basis. It is also very useful for those individuals that want to take care of their privacy and want to remain in full control of their data.
Another benefit of the technology is that it doesn’t come at the expense of performance. The protection has almost no impact on the overall system speed or its efficiency due to the dedicated hardware acceleration, which ensures that the encryption and verification processes happen under the hood without having a negative impact on the processing power of the CPU.
Furthermore, SEV-SNP is also very beneficial for those businesses that are expected to meet certain regulatory requirements like GDPR, HIPAA, PCI-DSS, ISO 27001, and SOC 2, which can be organizations in finance, healthcare and legal industries as examples of some that require strict data protection measures.
Finally, with the ever evolving aspect of AI and machine learning, AMD SEV-SNP allows for large datasets that are primarily used for training to remain completely confidential while being hosted on a virtual machine, which essentially means that the data training remains encrypted without any leaks.
