Organizations are racing to harness the transformative power of AI, but sensitive data privacy and model security remain critical roadblocks. What if you could unlock the full potential of AI without compromising your most valuable assets?

Canonical is thrilled to announce the availability of Ubuntu Confidential VMs on Google Cloud’s accelerator-optimized A3 machine series, featuring the groundbreaking NVIDIA H100 Tensor Core GPUs. This powerful combination brings a new level of secure and high-performance AI computing to the cloud, enabling you to confidently tackle previously impossible use cases.  Ubuntu is the only operating system to support Confidential GPU on Google Cloud.

Why Confidential AI Matters

As AI permeates every industry, the need to protect sensitive data and proprietary models becomes paramount. Whether it’s fine-tuning large language models (LLMs) with private customer data, collaborating with multiple untrusted parties on healthcare research, or deploying cutting-edge AI services while safeguarding intellectual property, traditional cloud environments simply fall short.

Confidential AI, powered by the convergence of hardware-based Trusted Execution Environments (TEEs) and cutting-edge GPU technology, provides the answer. Ubuntu Confidential VMs on Google Cloud A3 extend this protection to the entire AI stack, ensuring data privacy and integrity throughout its lifecycle.

How confidential AI works

Google Cloud’s Confidential AI architecture combines AMD SEV-SNP technology with NVIDIA H100 GPUs to create a robust, confidential computing environment. Data is protected in use, in transit, and at rest through the following mechanisms:

• CPU-TEE (AMD SEV-SNP): Ubuntu confidential VMs running on AMD 4th Gen EPYC processors utilize SEV-SNP to encrypt and protect the entire VM memory space. Hardware-managed keys prevent unauthorized access or modification from outside the TEE.
• GPU-TEE (NVIDIA H100): NVIDIA H100 Tensor Core GPUs extend the Trusted Execution Environment to GPU-accelerated computations, ensuring data security within the GPU.
• Encrypted PCIe: All PCIe traffic between the VM and GPU is encrypted and integrity-protected, mitigating risks associated with hardware-level attacks.
• Attestation: Provides cryptographic verification of the CPU and GPU TEEs, ensuring workload integrity and data processing adheres to specified policies.

Ubuntu: The Secure Foundation

Our collaboration with Google Cloud and NVIDIA delivers a truly groundbreaking solution:

• Accelerator Optimized Ubuntu 24.04 LTS and Ubuntu 22.04 LTS, known for their security and stability, power these confidential VMs on Google Cloud, providing a trusted and reliable foundation for your sensitive AI applications.
• We recommend using Ubuntu Pro for its extended security maintenance of 12 years and additional enterprise-grade capabilities. These features ensure a more comprehensive security posture for your sensitive workloads.

Key Benefits:

• Enhanced Security: Protect your sensitive data and proprietary models from unauthorized access, manipulation, or reverse engineering.
• Expanded Use Cases: Unlock new opportunities for secure AI in regulated industries like healthcare, finance, and government.
• Accelerated Innovation: Collaborate confidently with partners and competitors without compromising data privacy.
• Simplified Compliance: Meet stringent regulatory requirements and demonstrate verifiable compliance with data protection laws.
• Seamless Integration: The CUDA driver and GPU firmware handle encryption transparently, maintaining performance and ease of use. NVIDIA Blackwell architecture will provide nearly identical performance and be protected with NVIDIA Confidential Computing with strong guarantees.

Unlocking New Possibilities Across Industries

Ubuntu Confidential VMs with NVIDIA H100 GPUs on Google Cloud A3 unlocks a wide range of use cases:

• Healthcare: Securely train AI models on sensitive patient data to improve diagnoses and treatment outcomes.
• Finance: Detect fraud and assess risk using AI while ensuring the confidentiality of financial data.
• Drug Discovery: Collaborate securely with research partners to accelerate the development of new drugs and therapies.
• AI Chatbots: Give chatbot users additional assurances that their queries are not visible to anyone besides themselves.

Getting Started Today

Ready to experience the power of Confidential AI with Ubuntu? Contact us today to explore how this transformative solution can help you unlock new possibilities while safeguarding your most valuable assets.

Further reading

• Read our blog post: “What is confidential computing? A high-level explanation for CISOs”
• Read our blog post:“Confidential computing in public clouds: isolation and remote attestation explained