Merge pull request #283765 from mattmcinnes/sizes-ncc-h100-v5

[Sizes] NCCads_H100_v5-series and supporting docs

Author: denrea

articles/confidential-computing/TOC.yml

@@ -43,6 +43,8 @@
       href: confidential-vm-faq.yml
     - name: Guest attestation for confidential VMs
       href: guest-attestation-confidential-vms.md
+    - name: About Azure confidential GPUs
+      href: gpu-options.md
     - name: Microsoft Defender for Cloud integration
       href: guest-attestation-defender-for-cloud.md
     - name: Virtual TPMs in Azure confidential VMs

articles/confidential-computing/confidential-vm-overview.md

@@ -3,8 +3,8 @@ title: About Azure confidential VMs
 description: Learn about Azure confidential virtual machines. These series are for tenants with high security and confidentiality requirements.
 author: ju-shim
 ms.author: mmcrey
+ms.reviewer: mattmcinnes
 ms.service: azure-virtual-machines
-ms.subservice: azure-confidential-computing
 ms.custom:
   - ignite-2023
 ms.topic: overview
@@ -31,7 +31,6 @@ Azure confidential VMs offer strong security and confidentiality for tenants. Th
 - Secure key release with cryptographic binding between the platform's successful attestation and the VM's encryption keys.
 - Dedicated virtual [Trusted Platform Module (TPM)](/windows/security/information-protection/tpm/trusted-platform-module-overview) instance for attestation and protection of keys and secrets in the virtual machine.
 - Secure boot capability similar to [Trusted launch for Azure VMs](../virtual-machines/trusted-launch.md)
-- Ultra disk capability is supported on confidential VMs
 
 ## Confidential OS disk encryption
 
@@ -87,6 +86,7 @@ Confidential VMs support the following VM sizes:
 - General Purpose with local disk: DCadsv5-series, DCedsv5-series
 - Memory Optimized without local disk: ECasv5-series, ECesv5-series
 - Memory Optimized with local disk: ECadsv5-series, ECedsv5-series
+- NVIDIA H100 Tensor Core GPU powered NCCadsH100v5-series
 
 ### OS support
 Confidential VMs support the following OS options:
@@ -124,6 +124,7 @@ Confidential VMs *don't support*:
 - Microsoft Azure Virtual Machine Scale Sets with Confidential OS disk encryption enabled
 - Limited Azure Compute Gallery support
 - Shared disks
+- Ultra disks
 - Accelerated Networking
 - Live migration
 - Screenshots under boot diagnostics

articles/confidential-computing/gpu-options.md

@@ -0,0 +1,93 @@
+---
+title: Azure Confidential GPU options
+description: Learn about Azure Confidential VMs with confidential GPU.
+author: kphande
+ms.author: khande
+ms.reviewer: mattmcinnes
+ms.service: azure-virtual-machines
+ms.custom: confidential-compute
+ms.topic: conceptual
+ms.date: 07/16/2024
+---
+
+# Azure Confidential GPU options
+
+Azure confidential GPUs are based on AMD 4th Gen EPYC processors with SEV-SNP technology and NVIDIA H100 Tensor Core GPUs. In this VM SKU Trusted Execution Environment (TEE) spans confidential VM on the CPU and attached GPU, enabling secure offload of data, models and computation to the GPU.  
+ 
+## Sizes
+
+We offer the following VM sizes:
+
+| Size Family          | TEE | Description                                                                         |
+| ------------------ | ------------ | ----------------------------------------------------------------------------------- |
+| [**NCCadsH100v5-series**](../virtual-machines/sizes/gpu-accelerated/nccadsh100v5-series.md) | AMD SEV-SNP and NVIDIA H100 Tensor Core GPUs | CVM with Confidential GPU. | 
+
+
+## Azure CLI
+
+You can use the [Azure CLI](/cli/azure/install-azure-cli) with your confidential GPU VMs.
+
+To see a list of confidential VM sizes, run the following command. Replace `<vm-series>` with the series you want to use. The output shows information about available regions and availability zones.
+
+```azurecli-interactive
+vm_series='NCC'
+az vm list-skus \
+    --size dc \
+    --query "[?family=='standard${vm_series}Family'].{name:name,locations:locationInfo[0].location,AZ_a:locationInfo[0].zones[0],AZ_b:locationInfo[0].zones[1],AZ_c:locationInfo[0].zones[2]}" \
+    --all \
+    --output table
+```
+
+For a more detailed list, run the following command instead:
+
+```azurecli-interactive
+vm_series='NCC'
+az vm list-skus \
+    --size dc \
+    --query "[?family=='standard${vm_series}Family']" 
+```
+
+## Deployment considerations
+
+Consider the following settings and choices before deploying confidential GPU VMs.
+
+### Azure subscription
+
+To deploy a confidential GPU VM instance, consider a [pay-as-you-go subscription](/azure/virtual-machines/linux/azure-hybrid-benefit-linux) or other purchase option. If you're using an [Azure free account](https://azure.microsoft.com/free/), the quota doesn't allow the appropriate number of Azure compute cores.
+
+You might need to increase the cores quota in your Azure subscription from the default value. Default limits vary depending on your subscription category. Your subscription might also limit the number of cores you can deploy in certain VM size families, including the confidential VM sizes. 
+
+To request a quota increase, [open an online customer support request](../azure-portal/supportability/per-vm-quota-requests.md). 
+
+If you have large-scale capacity needs, contact Azure Support. Azure quotas are credit limits, not capacity guarantees. You only incur charges for cores that you use.
+
+### Pricing
+
+For pricing options, see the [Linux Virtual Machines Pricing](https://azure.microsoft.com/pricing/details/virtual-machines/linux/). 
+
+### Regional availability
+
+For availability information, see which [VM products are available by Azure region](https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines).
+
+### Resizing
+
+Confidential GPU VMs run on specialized hardware and resizing is currently not supported. 
+
+### Guest OS support
+
+OS images for confidential VMs have to meet certain security and compatibility requirements. Qualified images support the secure mounting, attestation, optional [confidential OS disk encryption](confidential-vm-overview.md#confidential-os-disk-encryption), and isolation from underlying cloud infrastructure. These images include:
+
+- Ubuntu 22.04 LTS
+
+For more information about supported and unsupported VM scenarios, see [support for generation 2 VMs on Azure](../virtual-machines/generation-2.md). 
+
+### High availability and disaster recovery
+
+You're responsible for creating high availability and disaster recovery solutions for your confidential GPU VMs. Planning for these scenarios helps minimize and avoid prolonged downtime.
+
+## Next steps 
+
+> [!div class="nextstepaction"]
+> [Deploy a confidential GPU VM from the Azure portal](quick-create-confidential-vm-portal.md)
+
+For more information see our [Confidential VM FAQ](confidential-vm-faq.yml).

articles/confidential-computing/index.yml

@@ -6,8 +6,8 @@ summary: Azure confidential computing offers solutions to enable isolation of yo
 metadata:
   title: Azure confidential computing
   description: Learn about how Azure confidential computing protects data in use and learn ways to build confidential workloads in the cloud.
-  ms.service: azure-virtual-machines
-  ms.subservice: azure-confidential-computing
+  ms.service: virtual-machines
+  ms.subservice: confidential-computing
   ms.topic: landing-page
   author: michamcr 
   ms.author: mmcrey
@@ -105,8 +105,8 @@ landingContent:
             url: https://azure.microsoft.com/global-infrastructure/services/?products=virtual-machines
       - linkListType: whats-new
         links:
-          - text: Confidential VMs with Intel TDX (Public Preview)
-            url: https://aka.ms/TDX-CVM-pubprev
+          - text: Azure confidential VMs with NVIDIA H100 Tensor Core GPUs (Public Preview)
+            url: https://aka.ms/cvm-h100-blog
 
   # Card
   - title: Container compute

articles/confidential-computing/quick-create-confidential-vm-portal.md

@@ -3,7 +3,6 @@ title: Create an Azure confidential VM in the Azure portal
 description: Learn how to quickly create a confidential virtual machine (confidential VM) in the Azure portal using Azure Marketplace images.
 author: RunCai
 ms.service: azure-virtual-machines
-ms.subservice: azure-confidential-computing
 ms.topic: quickstart
 ms.date: 12/01/2023
 ms.author: RunCai
@@ -57,6 +56,9 @@ To create a confidential VM in the Azure portal using an Azure Marketplace image
 
     h. Toggle [Generation 2](../virtual-machines/generation-2.md) images. Confidential VMs only run on Generation 2 images. To ensure, under **Image**, select **Configure VM generation**. In the pane **Configure VM generation**, for **VM generation**, select **Generation 2**. Then, select **Apply**.
 
+    > [!NOTE]
+    > For NCCH100v5 series, only the **Ubuntu Server 22.04 LTS (Confidential VM)** image is currently supported. 
+
     i. For **Size**, select a VM size. For more information, see [supported confidential VM families](virtual-machine-options.md).
 
 

articles/confidential-computing/virtual-machine-options.md

@@ -5,7 +5,6 @@ author: ju-shim
 ms.author: jushiman
 ms.reviewer: mattmcinnes
 ms.service: azure-virtual-machines
-ms.subservice: azure-confidential-computing
 ms.custom: devx-track-azurecli
 ms.topic: conceptual
 ms.date: 11/15/2023
@@ -31,6 +30,7 @@ We offer the following VM sizes:
 | **DCedsv5-series** | Intel TDX | General purpose CVM with local temporary disk.                                        |
 | **ECesv5-series** | Intel TDX | Memory-optimized CVM with remote storage. No local temporary disk. |
 | **ECedsv5-series** | Intel TDX | Memory-optimized CVM with local temporary disk. |
+| **NCCadsH100v5-series** | AMD SEV-SNP and NVIDIA H100 Tensor Core GPUs | CVM with Confidential GPU. | 
 
 > [!NOTE]
 > Memory-optimized confidential VMs offer double the ratio of memory per vCPU count.

articles/virtual-machines/TOC.yml

@@ -441,6 +441,8 @@
           href: nc-series-retirement.md
         - name: NCads_H100_v5 series
           href: ./sizes/gpu-accelerated/ncadsh100v5-series.md
+        - name: NCCads_H100_v5 series
+          href: ./sizes/gpu-accelerated/nccadsh100v5-series.md
         - name: NCv2 series
           href: ./sizes/gpu-accelerated/ncv2-series.md
         - name: NCv2 series retirement

articles/virtual-machines/sizes/gpu-accelerated/includes/nccadsh100v5-series-specs.md

@@ -0,0 +1,20 @@
+---
+title: NCCads_H100_v5 series specs include
+description: Include file containing specifications of NCCads_H100_v5-series VM sizes.
+author: kphande
+ms.topic: include
+ms.service: azure-virtual-machines
+ms.subservice: sizes
+ms.date: 08/06/2024
+ms.author: khande
+ms.reviewer: mattmcinnes
+ms.custom: include file
+---
+| Part | Quantity <br><sup>Count Units | Specs <br><sup>SKU ID, Performance Units, etc.  |
+|---|---|---|
+| Processor      |  40 vCPUs     | AMD EPYC (Genoa) [x86-64] |
+| Memory         |  320 GiB        |    |
+| Local Storage  |  1 Disk         | 800 GiB  |
+| Remote Storage |  8 Disks        | 100000 IOPS <br>3000 MBps |
+| Network        |  2 NICs        | 40000 Mbps |
+| Accelerators   |  1 GPU            | Nvidia H100 GPU (94GB)    |

articles/virtual-machines/sizes/gpu-accelerated/includes/nccadsh100v5-series-summary.md

@@ -0,0 +1,20 @@
+---
+title: NCCads_H100_v5-series summary include file
+description: Include file for NCCads_H100_v5-series summary
+author: kphande
+ms.topic: include
+ms.service: azure-virtual-machines
+ms.subservice: sizes
+ms.date: 08/06/2024
+ms.author: khande
+ms.reviewer: mattmcinnes
+ms.custom: include file
+---
+The NCCads H100 v5 series of virtual machines are a new addition to the Azure GPU family. In this VM SKU, Trusted Execution Environment (TEE) spans confidential VM on the CPU and attached GPU, enabling secure offload of data, models, and computation to the GPU.
+The NCCads H100 v5 series is powered by 4th-generation AMD EPYC™ Genoa processors and NVIDIA H100 Tensor Core GPU. These VMs feature 1 NVIDIA H100 NVL GPUs with 94 GB memory, 40 non-multithreaded AMD EPYC Genoa processor cores, and 320 GiB of system memory. These VMs are ideal for real-world Applied AI workloads, such as:
+
+- GPU-accelerated analytics and databases
+- Batch inferencing with heavy pre- and post-processing
+- Machine Learning (ML) development
+- Video processing
+- AI/ML web services

articles/virtual-machines/sizes/gpu-accelerated/nc-family.md

@@ -29,12 +29,20 @@ ms.author: mattmcinnes
 [!INCLUDE [nc-series-specs](./includes/nc-series-specs.md)]
 
 
-### NCads_-_H100_v5-series
-[!INCLUDE [ncads_-_h100_v5-series-summary](./includes/ncadsh100v5-series-summary.md)]
+### NCads_H100_v5-series
+[!INCLUDE [ncads_h100_v5-series-summary](./includes/ncadsh100v5-series-summary.md)]
 
-[View the full NCads_-_H100_v5-series page](./ncadsh100v5-series.md).
+[View the full NCads_H100_v5-series page](./ncadsh100v5-series.md).
 
-[!INCLUDE [ncads_-_h100_v5-series-specs](./includes/ncadsh100v5-series-specs.md)]
+[!INCLUDE [ncads_h100_v5-series-specs](./includes/ncadsh100v5-series-specs.md)]
+
+
+### NCCads_H100_v5-series
+[!INCLUDE [nccads_h100_v5-series-summary](./includes/nccadsh100v5-series-summary.md)]
+
+[View the full NCCads_H100_v5-series page](./nccadsh100v5-series.md).
+
+[!INCLUDE [nccads_h100_v5-series-specs](./includes/nccadsh100v5-series-specs.md)]
 
 
 ### NCv2-series