Microsoft Azure Boost
Applies to: ✔️ Linux VMs ✔️ Windows VMs ✔️ Sizes
Azure Boost is a system designed by Microsoft that offloads server virtualization processes traditionally performed by the hypervisor and host OS onto purpose-built software and hardware. This offloading frees up CPU resources for the guest virtual machines, resulting in improved performance. Azure Boost also provides a secure foundation for your cloud workloads. Microsoft's in-house developed hardware and software systems provide a secure environment for your virtual machines.
Benefits
Azure Boost contains several features that can improve the performance and security of your virtual machines. These features are available on select Azure Boost compatible virtual machine sizes.
Networking: Azure Boost includes a suite of software and hardware networking systems that provide a significant boost to both network performance (Up to 200-Gbps network bandwidth) and network security. Azure Boost compatible virtual machine hosts contain the new Microsoft Azure Network Adapter (MANA). Learn more about Azure Boost networking.
Storage: Storage operations are offloaded to the Azure Boost FPGA. This offload provides leading efficiency and performance while improving security, reducing jitter, and improving latency for workloads. Local storage now runs at up to 26-GBps and 6.6 million IOPS with remote storage up to 14-GBps throughput and 750 K IOPS. Learn more about Azure Boost Storage.
Security: Azure Boost uses Cerberus as an independent HW Root of Trust to achieve NIST 800-193 certification. Customer workloads can't run on Azure Boost powered architecture unless the firmware and software running on the system is trusted. Learn more about Azure Boost Security.
Performance: With Azure Boost offloading storage and networking, CPU resources are freed up for increased virtualization performance. Resources that would normally be used for these essential background tasks are now available to the guest VM. Learn more about Azure Boost Performance.
Networking
The next generation of Azure Boost will introduce the Microsoft Azure Network Adapter (MANA). This network interface card (NIC) includes the latest hardware acceleration features and provides competitive performance with a consistent driver interface. This custom hardware and software implementation ensures optimal networking performance, tailored specifically for Azure's demands. MANA's features are designed to enhance your networking experience with:
Over 200-Gbps of network bandwidth: Custom hardware and software drivers facilitating faster and more efficient data transfers. Starting up to 200Gbps network bandwidth with increases in the future.
High network availability and stability: With an active/active network connection to the Top of Rack (ToR) switch, Azure Boost ensures your network is always up and running at the highest possible performance.
Native support for DPDK: Learn more about Azure Boost's support for Data Plane Development Kit (DPDK) on Linux VMs.
Consistent driver interface: Assuring a one-time transition that won't be disrupted during future hardware changes.
Integration with future Azure features: Consistent updates and performance enhancements ensures you're always a step ahead.
Storage
Azure Boost architecture offloads storage covering local, remote and cached disks that provide leading efficiency and performance while improving security, reducing jitter & improving latency for workloads. Azure Boost already provides acceleration for workloads in the fleet using remote storage including specialized workloads such as the Ebsv5 VM types. Also, these improvements provide potential cost saving for customers by consolidating existing workload into fewer or smaller sized VMs.
Azure Boost delivers industry leading throughput performance at up to 14-GBps throughput and 750K IOPS. This performance is enabled by accelerated storage processing and exposing NVMe disk interfaces to VMs. Storage tasks are offloaded from the host processor to dedicated programmable Azure Boost hardware in our dynamically programmable FPGA. This architecture allows us to update the FPGA hardware in the fleet enabling continuous delivery for our customers.
By fully applying Azure Boost architecture, we deliver remote, local, and cached disk performance improvements at up to 26-GBps throughput and 6.6M IOPS. Azure Boost SSDs are designed to provide high performance optimized encryption at rest, and minimal jitter to NVMe local disks for Azure VMs with local disks.
Security
Azure Boost's security contains several components that work together to provide a secure environment for your virtual machines. Microsoft's in-house developed hardware and software systems provide a secure foundation for your cloud workloads.
Security chip: Boost employs the Cerberus chip as an independent hardware root of trust to achieve NIST 800-193 certification. Customer workloads can't run on Azure Boost powered architecture unless the firmware and software running on the system garners trust.
Attestation: HW RoT identity, Secure Boot, and Attestation through Azure’s Attestation Service ensures that Boost and its powered hosts always operate in a healthy and trusted state. Any machine that can't be securely attested is prevented from hosting workloads and it's restored to a trusted state offline.
Code integrity: Boost systems embrace multiple layers of defense-in-depth, including ubiquitous code integrity verification that enforces only Microsoft approved and signed code runs on the Boost system on chip. Microsoft has sought to learn from and contribute back to the wider security community, up streaming advancements to the Integrity Measurement Architecture.
Security Enhanced OS: Azure Boost uses Security Enhanced Linux (SELinux) to enforce principle of least privilege for all software running on its system on chip. All control plane and data plane software running on top of the Boost OS is restricted to running only with the minimum set of privileges required to operate – the operating system restricts any attempt by Boost software to act in an unexpected manner. Boost OS properties make it difficult to compromise code, data, or the availability of Boost and Azure hosting Infrastructure.
Rust memory safety: Rust serves as the primary language for all new code written on the Boost system, to provide memory safety without impacting performance. Control and data plane operations are isolated with memory safety improvements that enhance Azure’s ability to keep tenants safe.
FIPS certification: Boost employs a FIPS 140 certified system kernel, providing reliable and robust security validation of cryptographic modules.
Performance
The hardware running virtual machines are a shared resource. The hypervisor (host system) must perform several tasks to ensure that each virtual machine is both isolated from other virtual machines and that each virtual machine receives the resources it needs to run. These tasks include networking between the physical and virtual networks, security, and storage management. Azure Boost reduces the overhead of these tasks by offloading them to dedicated hardware. This offloading frees up CPU resources for the guest virtual machines, resulting in improved performance.
VMs using large sizes: Large sizes that encompass most of a host's resources benefit from Azure Boost. While a large VM size running on a Boost-enabled host might not directly see extra resources, workloads and applications that stress the host processes replaced by Azure Boost see a performance increase.
Dedicated hosts: Performance improvements also have significant impact to Azure Dedicated Hosts (ADH) users. Azure Boost-enabled hosts can potentially run extra, small VMs or increase the size of existing VMs. This allows you to do more work on a single host, reducing your overall costs.
Current availability
Azure Boost is currently available on several VM size families:
Size Series | Series Type | Deployment Status |
---|---|---|
Mbsv3 | Memory Optimized | Preview |
Mbdsv3 | Memory Optimized | Preview |
Easv6 | Memory Optimized | Preview |
Eadsv6 | Memory Optimized | Preview |
Epdsv6 | Memory Optimized | Production |
Epsv6 | Memory Optimized | Production |
ECesv5/ECedsv5 | Memory Optimized | Preview |
Dsv6 | General Purpose | Preview |
Dldsv6 | General Purpose | Preview |
Ddsv6 | General Purpose | Preview |
DCesv5 | General Purpose | Preview |
DCedsv5 | General Purpose | Preview |
Dasv6 | General Purpose | Preview |
Dalsv6 | General Purpose | Preview |
Daldsv6 | General Purpose | Preview |
Dadsv6 | General Purpose | Preview |
Dpsv6 | General Purpose | Production |
Dplsv6 | General Purpose | Production |
Ddsv6 | General Purpose | Preview |
Dlsv6 | General Purpose | Preview |
Dpdsv6 | General Purpose | Production |
Dpldsv6 | General Purpose | Production |
Nvadsv5 | GPU/AI workload optimized | Production |
Msv3 | Memory Optimized | Production |
Mdsv3 | Memory Optimized | Production |
Msv3 | High Memory Optimized | Production |
Mdsv3 | High Memory Optimized | Production |
Msv2 | Memory Optimized | Production |
Lsv3 | Storage Optimized | Production |
HX | High Performance Compute | Production |
HBv4 | High Performance Compute | Production |
Fasv6 | Compute Optimized | Production |
Falsv6 | Compute Optimized | Production |
Famsv6 | Compute Optimized | Production |
Ev5 | Memory Optimized | Production |
Esv6 | Memory Optimized | Production |
Esv5 | Memory Optimized | Production |
Epsv5 | Memory Optimized | Production |
Epdsv5 | Memory Optimized | Production |
Edv5 | Memory Optimized | Production |
Edsv6 | Memory Optimized | Production |
Edsv5 | Memory Optimized | Production |
Ebsv5 | Memory Optimized | Production |
Ebdsv5 | Memory Optimized | Production |
Dv5 | General Purpose | Production |
Dsv5 | General Purpose | Production |
Dpsv5 | General Purpose | Production |
Dplsv5 | General Purpose | Production |
Dpldsv5 | General Purpose | Production |
Dpdsv5 | General Purpose | Production |
Dlsv5 | General Purpose | Production |
Dldsv5 | General Purpose | Production |
Ddv5 | General Purpose | Production |
Ddsv5 | General Purpose | Production |
DCdsv3 | General Purpose | Production |
Bsv2 | General Purpose | Production |
Bpsv2 | General Purpose | Production |
Next Steps
- Learn more about Azure Virtual Network.
- Look into Azure Dedicated Hosts.
- Learn more about Azure Storage.