FarmGPU

The neoclouds quietly became the second tier of hyperscale AI infra. Same 100kW racks, same RoCE fabrics, same firmware nightmares — on a fraction of the team and balance sheet. That's the gap OCP's new Scaling AI Clusters at Neoclouds workstream exists to close, and FarmGPU is co-chairing it alongside Scaleway and Denvr Dataworks. A few signals from the first 19-operator community survey worth paying attention to: → Power sourcing and benchmarking are rated the most important 2026 problems (4.21 / 4.05 importance). → But the area where operators think OCP can move the needle most is open rack and pod reference patterns for 30–100kW (4.11 leverage). Hardware ≠ the bottleneck. Operational surface area is. → The top operator pain points: networking (RoCE/IB tuning, congestion control), management & automation (Day-2 ops, firmware), and interoperability (BMC/BIOS/telemetry consistency). Every neocloud is independently re-discovering the same gaps and filing the same tickets to the same OEMs. Concrete output already in motion: 1. A neocloud Redfish profile. Redfish works great on Dell, inconsistently everywhere else. Instead of 20 operators each begging OEMs separately, the workstream is drafting a collective, machine-validatable profile that codifies the BMC, firmware, TLS, telemetry, and event-subscription behaviors neoclouds actually need. One spec OEMs implement against. One checklist procurement validates. 2. FarmGPU is the first neocloud running an OCP-aligned backend fabric in production — the AI Training Fabric Reference Architecture we co-developed with Hedgehog and Celestica. Celestica DS5000 (51.2T) + SONiC + Hedgehog as the K8s-native control plane. 36 ready-to-deploy composition variants spanning OPG-64/128/256/512 → XOC-256/512/1024, air- and liquid-cooled, single- and dual-plane. Vendor-neutral, declarative, reproducible. Contributed back to OCP so nobody has to reinvent it. 3. OCP NVMe SSD spec → predictive failure engine. We standardize on the OCP Datacenter NVMe SSD spec because the telemetry surface is dramatically richer than vanilla NVMe. On top of that we built a fleet-wide predictive failure engine — scores every drive for NAND degradation, ECC escalation, recoverable/uncoverable error trends, surfaces replace/watch/monitor recommendations. Plan is to open-source it so other neoclouds can run it directly. The whole thesis: write down what neoclouds actually need → get OEMs to ship it through OCP → open-source the operator tooling that turns the spec into operational value. That compounds. Full writeup, survey results, hardware-management deep dive recording, and how to join the workstream: https://t.co/G2dbSjh2Q1 🌾🚜

🚜 The OCP just published the first real framework for DC-powered AI data centers. Most of the industry hasn't read it yet. On March 30, the OCP DCF Power Distribution sub-project — co-led by ABB and Eaton, with NVIDIA, Google, Microsoft, Amazon, AMD, Siemens, Schneider, Vertiv, and 180+ others on the workstream — shipped a white paper on Low Voltage DC power distribution for AI factories. This isn't a research curiosity. It's the architectural foundation for every NVIDIA 800V DC rack Jensen has been talking about, and the reason Mt. Diablo exists. The thesis in one sentence: AC has a 100-year head start, but it can't carry a 1+ MW rack without losing 5–10% to conversion stages and choking on 30→100% load swings in milliseconds. So the industry is rediscovering DC. The numbers worth stopping for: → ORv3 HPR power shelves went from 33 kW (v1, AC) → 72 kW (v2, AC) → 100 kW (v4, DC) in the same 1 OU footprint. A 39% density jump, almost entirely from deleting the AC/DC conversion stage. → Moving the BBU and CBU out of the IT rack into the Mt. Diablo sidecar reclaims 12–16 OU of compute volume. Another 27–36% of usable rack space, given back to GPUs. → AI training availability target: 99.9%. Inference: 99.999%. The catch nobody talks about: DC distribution cannot use UPS maintenance bypass. Redundancy has to live at the power block level. This rewrites how you think about N+1. → AI workloads ramp 30→100% in milliseconds. The CBU (capacitor backup) responds in sub-ms. AC architectures can't keep up. Grid operators have noticed. If your data center can't physically fit a Mt. Diablo / 800V DC rack, you can't run the next NVIDIA generation at full density. The 415V/480V room is already a stranded asset for hyperscale AI. Read the whitepaper: https://t.co/39YaFg1gq6 🌾🚜

Confidential Computing: Securing Data Where It's Most Vulnerable — In Use You encrypt data at rest. You encrypt data in transit. But when a GPU processes it — training a model, running inference — it sits in memory in plaintext. Anyone with hypervisor or BMC access can see it. Confidential computing closes that gap. The Problem: Data in Use Is Data Exposed Three data states exist: at rest (encrypted, solved), in transit (encrypted, solved), and in use (traditionally wide open). For AI workloads, the stakes are massive — model weights that cost $50M-$500M to train sit in GPU memory unprotected. Training data with PII, financial records, healthcare info — all decrypted during computation. Confidential computing uses hardware-based Trusted Execution Environments (TEEs) to encrypt and isolate data DURING computation. Not after. Not during transport. While it's being processed. CPU TEEs: The Foundation Intel TDX (Trust Domain Extensions) — Creates hardware-isolated VMs called Trust Domains. Entire VMs run with encrypted memory (AES-XTS-128 via MKTME with 28-bit MACs). The hypervisor can schedule VMs but cannot read their memory or modify their code. TDX Connect extends this to PCIe devices, enabling encrypted DMA between CPU and GPU TEEs. AMD SEV-SNP — Three generations deep. SEV (encryption only) → SEV-ES (+ register protection) → SEV-SNP (+ memory integrity). SEV-SNP prevents hypervisor replay and corruption of encrypted memory. SEV-TIO extends TEE protection to PCIe devices. ARM CCA — Realm Management Extensions create isolated Realms. Relevant for Ampere-based cloud and edge. CPU TEEs are necessary but not sufficient for AI. They protect host-side code and data, but GPUs process the most sensitive information — and GPU memory has historically been unprotected. GPU TEEs: The New Frontier NVIDIA's H100 was the first production GPU with confidential computing. The architecture: 1. CC-On Boot — GPU boots with hardware protections enabled. On-die silicon root of trust. Debug access, JTAG, and performance counters disabled. BMC restricted to anonymous health metrics only. 2. Secure Boot Chain — Signed firmware verified during boot. Firmware measurements stored in hardware registers. Chain of trust from silicon to software. 3. SPDM Key Exchange — In-CVM driver and GPU firmware establish an SPDM session via Diffie-Hellman. Both authenticate, exchange firmware measurements, and establish AES-256-GCM session keys for all CPU↔GPU data. 4. Data Transfer Modes: • Bounce Buffers — Shared encrypted pages, AES-256-GCM with rolling 96-bit IVs. Hypervisor sees ciphertext only. Works on Hopper and Blackwell. • TDISP/IDE (Blackwell + Granite Rapids) — GPU DMAs directly into CVM-private memory. No bounce buffers. IDE encrypts every PCIe TLP at line rate. Zero-copy, near-zero overhead, hardware end-to-end encryption. 5. GPU Memory Encryption — All HBM encrypted. Keys managed by GPU security processor, ephemeral, destroyed on teardown. 6. NVLink Encryption — Blackwell encrypts GPU-to-GPU traffic at 1.8 TB/s via AES-GCM. Critical for distributed training and large-model inference. 7. Remote Attestation — Cryptographically signed reports of firmware version, boot measurements, and configuration. Dual attestation: Intel TDX + NVIDIA GPU TEE providing independent verification. What It Protects — And What It Doesn't Protects against: Cloud operator insider access, compromised hypervisors (VM escape), physical access (PCIe analyzers, DIMM dumps, JTAG), co-tenant VMs, supply chain attacks (with attestation). Does NOT protect against: Side-channel attacks (raised bar, not eliminated), compromised app logic inside the TEE, output inference attacks (differential privacy is the countermeasure). The Trust Boundary • Trusted: Inside the CVM — your application, CUDA kernels, model weights, training data. Encrypted in CPU memory by TDX/SEV, encrypted in GPU memory by NVIDIA CC. Only you hold the keys. • Encrypted boundary: PCIe link + bounce buffers (or TDISP/IDE on Blackwell). All data AES-256-GCM encrypted. With TDISP/IDE, even shared memory intermediaries are eliminated. • Untrusted: Hypervisor, host OS, BMC, physical access. All see only ciphertext. Keys ephemeral, destroyed on teardown. Why Now 1. Regulation is enforceable. GDPR requires data protection during processing. HIPAA requires safeguards for PHI during computation. EU AI Act (enforceable August 2027) classifies models >10^25 FLOPS as systemic risk. 35+ countries have sovereign AI programs. This is procurement requirements, not theory. 2. Multi-party AI needs it. Training on combined datasets without exposing raw data requires TEEs. Alternatives (homomorphic encryption, SMPC) are 10-1000x slower. TEEs make multi-party AI commercially viable. 3. Model IP is a survival issue. Frontier training runs cost $50M-$500M. Without TEEs, any admin can dump model weights. CC converts IP protection from a trust relationship into a cryptographic guarantee. The Market • 75% of orgs adopting CC (IDC, Dec 2025), 18% in full production • Market: $12.28B (2025) → $54.92B (2030), 34.7% CAGR • Azure: only hyperscaler with GA confidential GPU VMs (SEV-SNP + H100, single GPU) • Google Cloud: TDX + H100, 3 zones, GA Aug 2025 • AWS: no GPU TEE capability (Nitro Enclaves can't access GPUs) • CoreWeave, Lambda, Crusoe, RunPod: zero CC capability Hardware's here. Stacks are maturing. Regulations are enforceable. The question isn't whether — it's how fast. 🌾

NVIDIA's GPU fault remediation tool went production-ready this week. It's called NVSentinel, it's open-source, and I think it's worth understanding how it works because it draws a clean line between two very different layers of the infrastructure stack. NVSentinel sits inside Kubernetes. It reads GPU health signals from the NVIDIA driver via DCGM, catches things like ECC errors and driver crashes, and then takes automated action at the scheduler level: cordon the node, drain workloads, hand off to a repair workflow. For teams running NVIDIA GPUs on Kubernetes, that automation is real and useful. What caught my attention is where it stops. NVSentinel operates above the OS. It can tell you a GPU is failing and pull it out of rotation, but it doesn't go below the driver layer to diagnose root cause, it doesn't talk to BMCs, and it doesn't correlate failures across a fleet. The repair workflow it triggers is a handoff to an external system that has to actually figure out what happened and fix it. That lower layer, actual hardware-level diagnostics and recovery, is what we're focusing on at Cosmic. I like that NVIDIA is raising the baseline here. It makes the conversation about where the real complexity lives a lot easier to have. What does your GPU fault response look like today? Are you handling it at the Kubernetes layer, the hardware layer, or both?

KV cache is becoming the real inference bottleneck. With Lightbits + ScaleFlux, FarmGPU showed 100x-280x KV cache acceleration at GTC 2026 — enabling up to 3x more inference requests on the same GPUs with 65% lower infrastructure cost. This is what storage-first AI infra looks like: https://t.co/eycJdHqVJJ