2023-09-14, 17:15–17:40 (Europe/Berlin), Dome
A quick journey through the Azure infrastructure, specifically looking at how image-based Linux is used for Azure Boost, what it enables, what interesting security and performance features were added and where to find them upstream.
Believe it or not, today Linux is right at the core of Microsoft Azure's infrastructure, on the very nodes that run all those fancy virtual machines. Getting there was not easy, and a lot of work was needed to meet the very stringent security and performance goals that were set. We built a custom distribution, added several security features such as signed dm-verity and kernel-enforced code integrity, came up with a way to keep state alive across kexec with PMEM, and implemented the stackable Portable Services image model that ultimately became sysexts and confexts. And much more! This talk will walk through this effort, starting with a peek under the cover at the hardware that powers it and what it enables, passing through the custom OS and ending up at all the features we added to systemd and elsewhere that you all can enjoy as well.
Software engineer at Microsoft by day, open source developer involved in various projects by night (systemd maintainer, DPDK LTS maintainer, ZeroMQ project co-lead, Debian Developer).