Hybrid-Confidential-Cloud: Democratize Secure AI With GPUs and Confidential Containers - Zvonko Kaiser, NVIDIA

less than 1 minute read

Abstract

Secure AI workloads require verifiable trust regardless of where GPUs operate—on-premises, private clouds, or public CSPs. CNCF Confidential Containers facilitate infrastructure-agnostic, lift-and-shift deployments of GPU workloads, delivering confidentiality seamlessly without needing modifications. This is accomplished by layering trust-oriented elements over Kubernetes for compute, networking, storage, and the control plane. Hardware-backed confidential VMs ensure runtime integrity for GPU workloads, identity-based overlay networks, and a confidential storage layer safeguards highly valuable data against replay attacks. A confidential control plane overlays K8S default control plane, offering mechanisms for multi-tenancy, key lifecycle management, and maintenance of trust boundaries. This architecture supports trusted, portable AI infrastructure at scale, enabling secure AI deployments across any IaaS—on-premises, private cloud, or CSP—facilitating true hybrid secure AI at scale.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Hybrid-Confidential-Cloud: Democratize Secure AI With GPUs and Confidential Containers - Zvonko Kaiser, NVIDIA

Abstract

Video

Share on

You May Also Enjoy

You Deployed What?! Data-Driven Lessons on Unsafe Helm Chart Defaults - Yossi Weizman, Microsoft

Tools and Strategies for Making the Most of Kubernetes Access Control - Lucas Käldström, Upbound & Micah Hausler, AWS

The Ultimate Container Challenge: An Interactive Trivia Game on Supply Chain Security - Aurélie Vache, OVHcloud & Sherine Khoury, Red Hat

Securing Data Applications at Pinterest With Finer Grained Access Control on Kubernetes - Soam Acharya & William Tom, Pinterest