What would you consider the least appreciated feature of the new processors?
Well, that's a great question. You challenged me to think out of the box for my answer. I think two things: The [original] Zen [core architecture] wasn't well known for its Java performance, but we really fixed it with Zen 2. There's a class of customers for whom I think they're going to really be surprised to see how much this thing kicks a** in Java. So that would be one.
AMD showed some slides demonstrating the improvement for Java workloads.
That's right. We got a bunch of 68 [percent to] 88 percent improvements in Java. And if you look at the notes, I think we spell it out. Some of those workloads that [AMD CTO] Mark [Papermaster] was talking about, the [instructions per clock] advances, some of the ones on the far right [of the slide] were more dramatic.
The second least appreciated feature?
I think the SEV, Secure Encrypted Virtualization, is going to be huge. It does require the rest of the ecosystem to enable it. It [interfaces with] the hypervisor and the OS and the enterprise key manager, and there's a lot of pieces that have to all be in place to get the full value. But I think that it in three to four years, it will be ridiculous to even consider deploying a [virtual machine] in the cloud if you can't control and isolate that thing cryptographically from the cloud provider. I think that your risk management guys [will say], ‘What are you talking about?’
EPYC is the first processor to offer that, and we've been working on the rest of those pieces. VMware's a critical part of that. That's why that part was so important. You're going to be able to have a whole new level of security that you can control independent of your cloud provider.
Can you remind me how it works?
The virtual machine is encrypted. So the virtual machine or container or even a process—actually the way that we've implemented it you can make it any one of those three—and it's independent. It's managed by a separate key manager in our security processor. So the systems administrator for the server does not control that key. The user of that VM running their workloads on Amazon [Web Services] can control that key, so all of their VMs work as normal, work full performance, there's no performance impact, but even if Amazon wanted to, they couldn't look into that virtual machine.
And it's only in Rome?
It's in Naples [first-generation EPYC], but it was limited to two things. It was limited to 16 keys, and then there's a couple of things that VMware asked us to do to change it on Rome. So it's now 509 keys. It's a lot of keys, and there's also a couple changes to make it a little easier for them. They gave us some really good feedback we incorporated into our second generation.