Intel SGX Bare Metal Cloud Nodes
One other quick point here is that one will notice many of the newer Intel Xeon E-2300 series and 3rd generation Intel Xeon Scalable servers are marked with Intel SGX.
Intel SGX is a secure enclave solution to enhance security for VMs. There are a number of industries and applications where confidential computing is becoming an important feature. These confidential computing platforms really started being deployed around 2020 so the feature is still relatively new. One of the big areas that SGX helps with is to ensure that the cloud provider cannot see into the virtual machines running on the host. This is becoming a popular technology in servers and server processors.
Just because a system’s processor supports SGX, that does not mean that it is necessarily working and available. SGX enablement also requires the UEFI firmware all the way through the kernel and even to the hypervisor to support the feature. Many have SGX servers that do not have SGX turned on. Here we can see that it is actually enabled in a PhoenixNAP BMC Intel SGX labeled server:
Turning on SGX in KVM/Linux is fairly easy since it is now in upstream kernels. You can also find Intel qemu-sgx on Github.
With the higher-end dual socket 3rd generation Intel Xeon Scalable “Ice Lake” nodes there are other nice features like TME for memory encryption. This is not available on the Xeon E-2300 series, but they both can support SGX.
Going a step further, since these are Ice Lake servers, one can get a lot of extra performance by using the onboard accelerators as we showed in Stop Leaving Performance on the Table with AWS EC2 M6i Instances. That is in addition to the new security features.
Deploying a Rancher Kubernetes Cluster
PhoenixNAP also has several solutions that do clustering for you. As an example, one can deploy a Kubernetes cluster built on Rancher (now part of SUSE).
The process is similar and one can deploy the cluster among many nodes an locations. Here we are going to setup a 3-node cluster:
After that is complete, we get our Rancher login details similar to what we got for Proxmox VE previously:
The setup process took around 5 minutes, but once it was done, we had a working Rancher Kubernetes cluster across three nodes.
After logging in, we save the installation URL (automatically configured/ filled) and we are ready to go.
Here we can see the “local” 3-node cluster.
Here is the cluster dashboard:
We can see our three nodes that are part of the k3s installation:
We can then drill down into the nodes:
Five minutes for a three-node k3s cluster installation is nothing short of awesome. This little cluster is running at $0.36/ hour and can use the 15TB of included outbound data transfer.
That proxmox cluster install was neat
I didn’t realize how much cheaper it is to go off AWS.
Is that Rancher feature new? I looked at this sometime in october or november but I didn’t see it then
Signing up didn’t work for me, the payment processor first refused my e-mail address for containing a plus, then it turns out the button to pay simply doesn’t work… So far I’m not impressed.
@Samir, we first launched our Rancher integration back in July last year, but we enabled HA cluster deployment and added additional features a couple of months ago.
@Nils, sorry to hear that. We might be able to help with the login and we’d definitely like to hear if something hasn’t worked for you. You can contact feedback@phoenixnap.com and let us know about your experience, so we know what we can fix.
nice ad
Got a working account now, there are quite a few rough edges but I’m still quite impressed by the level of current generation Hardware offered, not something you see everywhere.
Hi Patrick,
Are you able to push 5ghz on this CPU? I’m having difficulties in reaching the boost freq.
Any ideas why? BIOS config is set to turbo boost mode already.
Registration failed for me, the payment processor initially rejected my email address because it contained a plus sign, and it turns out that the button to pay simply doesn’t function.
nice ad