nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
In the Epyc center: More Zen server CPU specs, prices sneak out of AMD

Silver badge

That SEV mode looks really interesting

I hadn't heard about this before, thanks for the mention. Undoubtedly there is more work to do to be able to run VMs in zero-trust environments, but it is a big step in the right direction. Bravo, AMD!

21
0
Silver badge

Re: That SEV mode looks really interesting

This harks back to some work done a long time ago. AMD opened up Hypertransport, meaning that any old Tom, Dick or Harry could make silicon that could plug into an AMD socket.

And people did, well, at least they did FPGA modules that could plug into a second CPU slot. I'm sure that one of the things someone did was to turn the FPGA into a RAM encrypter. Looks like AMD have moved that functionality over into the main CPU's memory controller.

It's an interesting idea that the hypervisor cannot see inside the VM. The IT security researchers won't like that particularly - they use VMs as a way of studying viruses, trojans, etc, relying on the hypervisor being an unseen God mode stealthy observer of whatever happens inside the VM. Meanwhile the malware writers go to a lot of effort to ensure that their malware detects a virtual environment and deletes itself, to prevent the whitehats unpicking the malware.

However, if SEV mode becomes commonplace, it might give the malware writers an unexpected advantage; the whitehats might no longer be able to see inside the VMs...

0
15
FAIL

Re: That SEV mode looks really interesting

"However, if SEV mode becomes commonplace, it might give the malware writers an unexpected advantage; the whitehats might no longer be able to see inside the VMs..."

Eh? The researchers create and run the VMs they use to study malware. They just have to not check the box for encryption.

14
0
Silver badge

Re: That SEV mode looks really interesting

They just have to not check the box for encryption.

Fine, provided the hypervisor writers remember to make that a checkable option...

On the topic of hypervisors, it does open up a new avenue for malware. Malware could stand up its own hypervisor, with encryption enabled, or use a hypervisor offered by the host OS, and run its paylaod in that VM. There's then nothing the host OS could do about looking inside that VM. There's plenty of reasons why malware wants discreet, unobservable runtime on someone else's hardware.

0
9
Gold badge

Re: That SEV mode looks really interesting

"The researchers create and run the VMs they use to study malware. They just have to not check the box for encryption."

But the client OS can presumably detect whether that box was checked. Otherwise the system is worthless because you still have to trust the person hosting your VM when they say "I ticked it, honest.". Of course, you then need some kind of way for a client to know that the VMM isn't virtualising the instructions that you are using to detect whether they checked that box. I'm not sure where it all ends.

0
0
Silver badge
Devil

Re: That SEV mode looks really interesting

And this is why the safest way to run an OS is in a VM, because a lot of malware will refuse to run if it detects it's running in a virtual machine.

(Some can be stopped just by installing the VMWare guest tools)

1
0
Anonymous Coward

> Undoubtedly there is more work to do to be able to run VMs in zero-trust environments ...

Anyone know if the controlling code has been open sourced? If it's not, then it's pretty much useless in zero-trust environments as it can't (practically) be audited.

6
0
Silver badge

I doubt it has been open sourced.

Perhaps the more important thing is that hopefully they've not made the mistake Intel did - connecting a system management microcontroller running an opaque binary blob with complete access to everything to the machine's Ethernet, and then finding that they'd fucked it up...

8
1
Go

Epyc 7351P @ $700

At 16c/32t isn't this basically a Threadripper?

Presumably the Threadripper will not have the enterprise features such as memory encryption, in which case it should be cheaper than than the Epyc 7351p, which would make it a fricking steal...

0
0
Bronze badge

Re: Epyc 7351P @ $700

Yes it is, since the dies are the same. The difference will be the security co-processor, which I doubt will make it into the HEDT package.

1
0

Re: Epyc 7351P @ $700

Epyc has 128 PCIe lanes every model, Thread Ripper has 64 hence the different socket.

Epyc has models with a larger L3 cache then TR

Epyc can be dual socket, TR cannot.

There is, currently, no information regarding in memory encryption for TR but is unlikely since as you say it's an enterprise feature.

Even without those features Thread Ripper is sure starting to look like a real beast.

4
0

With the clock speed at only 2.4/2.9, the Epyc 7351P is way too slow for a HEDT setup.

1
4

Re: Epyc 7351P @ $700

@analyzer: What I'm getting at - assuming these Epyc prices are accurate - is that this gives a ballpark figure for for the cost of a 16c/32t Threadripper. I can't see AMD pricing a Threadripper (at the same Epyc 7351P base frequency) higher than an Epyc 7351P, particularly as the Epyc 7351P includes a range of technologies that won't be included/enabled in Threadripper. Perhaps if the Threadripper is clocked significantly higher than the Epyc 7351P (while still maintaining sensible thermals) then it might allow AMD to charge a slightly higher premium, but not much more.

@John Pombrio: I wouldn't have thought 2.4GHz x 32 threads (Epyc 7351P or Threadripper) would be too slow for a HEDT, maybe slow for a gaming rig, but for a headless build system that spends all day compiling it could be pretty sweet!

4
0
rav

EPYC TDP explained here. "TDP's aren't everything"

Thomas Ryan writes a good piece regarding TDP here:

http://semiaccurate.com/2017/06/20/amd-details-epycs-power-efficiency/

"From a power efficiency perspective moving data around is a great way to burn power. This is why we often see a focus on increasing cache sizes and reducing the need to physically move data around inside of modern chips. Given this point of reference one could see EPYC’s epic focus on I/O as a conscious attempt to build a chip that burns most of its Watts not on number crunching but on data movement."

1
0
Bronze badge

I've surprised at the prices, they're pretty reasonable. I was expecting them to be insane based on the crazy size of the chip.

4
0
Gold badge
Unhappy

SEV sounds like what you need for "The Cloud"

You provide the app, "They" provide the cores to process it.

Huge caveats. Can (has?) the memory encryption processor code been independently audited or is open source? Can the Hypervisor UI be trusted (IE when you click "encrypted" on the setup options it is actually enabled)?

We've seen the f**kup Intel supplied with it's MIPS based unit that appeared to have just been cut N pasted in wholesale, along with its software.

An interesting legal question. Could the USG declare such systems illegal as it would spoil the NSA's ability to snoop

7
0
Anonymous Coward

Don't show these processors to Theresa May!

These processors (and their designers) are giving an "abhorrent"+ two finger salute to Theresa May / Amber Rudd's "simplistic, we're the good guys, you're the bad guys, nonsense" regards backdoors into encryption.*

Some good, well thought out design here.

*assuming they don't have a backdoor/vunerability, that is, at the hw level.

+As Amber Rudd would describe it, she never fails with the hyperbole.

7
6
Silver badge

Will They Look as Good on 11th July?

That's when Intel is unveiling it's Xeon Scalable range.

3
0

Re: Will They Look as Good on 11th July?

My take on that now is they look even better.

Intel keep playing silly games.

0
0
Bronze badge

It's definitely interesting competition

I do wonder how Epyc will compete at the higher clock rates, the nearest apples to apples configuration shows a 20% increase over the equivalent Intel part, which is impressive if true. It'll shake up the market regardless, which is no bad thing..

4
0
Bronze badge

Looks very interesting for FreeNAS ... if an affordable version is ever provided

I already had to move to a larger Intel server mobo to support 32GB Parity RAM; my next FreeNAS box build, in about 2 to 3 years time, will probably require 64GB Parity RAM. It'd be nice if I didn't have to scrap any more mobos for having inadequate RAM expansion.

1
0
Anonymous Coward

Software licensing costs will make this a winner

All that bandwidth and addressable memory for a single socket will make this advantageous over Intel architectures for those apps that are licensed by socket.

I'm also expecting that this will show well in high performance compute and similar workloads.

3
0
Bronze badge

Re: Software licensing costs will make this a winner

SPLA licensing on Microsoft is per-core. For example, if you license Windows it's for a minimum of 8 cores per machine, then increasing 2 at a time. Hence, it may be cheaper to buy, and faster than the Xeon part, but if it costs twice as much each month to run software on it then it's hobbled before you start.

This licensing model has hurt AMD in the past for server CPUs. Great to see some competition though, and anyone licensing per socket is golden.

0
0
Silver badge

virtual servers

I see a big market for them in "ultrasecure virtual servers"

A box with 2 32 cores could be rented assuring the customers total privacy.. so if the new xeons are not that good they might sell them a lot.

4
0
Silver badge

Re: virtual servers

And used in a workstation, for the ultra-paranoid, one Hell of a QEMU implementation down the road. Yeah, I'd marry that.

2
0
Anonymous Coward

SEV mode = Safe Harbour?

From the article: "Here's where it gets weird. SEV is designed for paranoid people who don't trust whoever is hosting their virtual machines. "

Could this be used by US based companies and data centres to create hosting environments that meet EU data protection standards and also prevent compelled access from US law enforcement?

If I was trying to break into the data centre market at the moment, that would certainly be my pitch...

2
0
Silver badge

Retail availability?

Any idea when these will be in the online retail outlets?

1
0
Anonymous Coward

Sensation within chip design!

From Reddit: "Thanks to Infinity Fabric and to high yelds, AMD is using 99,9% of Ryzen Die. WOW!"

That are remarkably high yields. That explains why AMD can kick the butt out of Intel performancewise _and_ have lower prices _and_ still be more profitable than Intel. Normally if you cut price, you cut profit. Not in this case. AMD has no market share in the very lucrative server segment, so AMD's market share can only increase and Intel can only loose market share.

This means that when the financial markets see the first AMD reports in a few months of how much server CPUs they are selling and see AMD's profit margin, the AMD stock price will surely ryze. Epyc will start to deliver in July. So the quarter after that, we will see the first profit reports. Those numbers will be epyc!

Also, dont forget the VEGA gpus that are reportedly faster than GTX 1080, and cheaper. But we dont know if VEGA is faster than GTX 1080 Ti.

2
0
Bronze badge

Like I said in the other thread, i was excited for EPYC because it really looks to be a game changer.

If they can really deliver on a truly secure and encrypted system with SEV, they may just have won the internet, literally....

0
0

Very helpful, Ta.

re:

"AMD has split its Epyc SKUs into dual and single socket classes – they can be used in either configuration, though, unless they are a P-coded SKU, and a couple appear twice because they straddle both classes. So, for example, AMD recommends using the 7301 in a dual-socket system as an alternative to a pair of $800-plus Intel Xeon E5-2640 v4s, and the 7551P in a single-socket server versus a pair of Xeon E5-2650 v4s."

I cannot find clarity on this. Surprisingly, as its a very common scenario I hear - future proofing with an unused second socket on the chosen mobo.

Part of the reason for 2P popularity is simply adding more cpu grunt later if needed.

The epyc options in this regard are far from clear to me.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing