Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-2296

Confidential GPUs with NVIDIA

XMLWordPrintable

    • Icon: Outcome Outcome
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • Product / Portfolio Work
    • 100% To Do, 0% In Progress, 0% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • None

      Outcomes

      Customers can confidently run sensitive AI/ML workloads on NVIDIA GPUs in OpenShift by integrating Confidential AI capabilities into the existing Confidential Containers and Confidential Clusters offerings. This enables secure, privacy-preserving AI model training and inference, ensuring that both data and models remain encrypted and protected while in use, including in GPU memory, and that the integrity of the underlying hardware and software stack is verifiably attested, without compromising performance.

      The solution maintains the high level of automation, operationalization, and streamlined developer and user experience that customers expect from standard AI workloads on OpenShift, while seamlessly incorporating attestation and trust verification into the workflow. This makes it easy to adopt confidential computing protections for GPU-accelerated AI in regulated and sensitive environments, with assurance that workloads only run on verified, trusted hardware and software configurations.

      Success Criteria

      AI/ML workloads running in Confidential Containers and Confidential Clusters can securely access and utilize NVIDIA confidential GPU features, with both GPU memory and CPU memory encryption enabled and verified.

      Attestation evidence is verified against defined policies before workloads execute, and workloads are blocked or fail gracefully if trust cannot be established.

      Developers and users should continue to have a familiar, streamlined experience when building, deploying, and operating GPU-enabled AI workloads on OpenShift. This should include the added protections of confidential computing, without introducing additional complexity.

      Comprehensive documentation, best practices, and deployment examples are delivered to guide customers in adopting and operating confidential GPU-enabled AI workloads securely both for Confidential Clusters and Confidential Containers. 

      (Nice to have, not mandatory) Documentation includes clear guidance on expected performance overhead when running AI workloads with confidential GPU capabilities enabled, referencing external NVIDIA sources where applicable, to help customers set realistic expectations.

       

      Expected Results (what, how, when)

      What incremental impact do you expect to create toward the company's Strategic Goals by delivering this outcome?  (possible examples:  unblocking sales, shifts in product metrics, etc. + provide links to metrics that will be used post-completion for review & pivot decisions). {}For each expected result, list what you will measure and when you will measure it (ex. provide links to existing information or metrics that will be used post-completion for review and specify when you will review the measurement such as 60 days after the work is complete)

       

       

      Post Completion Review – Actual Results

      After completing the work (as determined by the "when" in Expected Results above), list the actual results observed / measured during Post Completion review(s).

       

              mak.redhat.com Marcos Entenza Garcia
              mak.redhat.com Marcos Entenza Garcia
              Jens Freimann, JP Jung, Nitesh Narayan Lal, Yash Mankad
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: