Onidel Cloud's Thread - Announcements, Feedbacks and Discussions!

nghialele · June 2025

@onidel said:

@allthemtings said:

@onidel said:

Update:

We are now offering licensed Windows VMs through SPLA program. That means Evaluation Windows templates are no longer available. The license costs $6.5 / vCPU / month. Hourly billing supported. RDP SAL is available as an optional add-on.

On second note, you can now enable AMD-SEV for VMs in Amsterdam location directly via the control panel. AMD-SEV is a hardware-based security feature on AMD EPYC CPUs that encrypts VM memory, enhancing protection against unauthorised access and increasing data privacy. This feature will also be available in Sydney and Singapore soon as we are setting up new nodes.

NY launch is very close ...

hot

🥵 where is your review mate …

Very nice update sir! Congratulations! Lovely service!

where dealz pls?

allthemtings · June 2025

@onidel said:

@allthemtings said:

@onidel said:

Update:

We are now offering licensed Windows VMs through SPLA program. That means Evaluation Windows templates are no longer available. The license costs $6.5 / vCPU / month. Hourly billing supported. RDP SAL is available as an optional add-on.

On second note, you can now enable AMD-SEV for VMs in Amsterdam location directly via the control panel. AMD-SEV is a hardware-based security feature on AMD EPYC CPUs that encrypts VM memory, enhancing protection against unauthorised access and increasing data privacy. This feature will also be available in Sydney and Singapore soon as we are setting up new nodes.

NY launch is very close ...

hot

🥵 where is your review mate …

Posted it several times but seems to be removed I’ll try again m8

navneetkk · June 2025

.

oloke · June 2025

@onidel recently introduced AMD SEV to their Amsterdam location.
I decided to make some benchmarks to check how it influences performance.

Out of the box YABS without SEV or FDE using Debian 12 template:

# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
#              Yet-Another-Bench-Script              #
#                     v2025-04-20                    #
# https://github.com/masonr/yet-another-bench-script #
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #

Sat Jun 14 14:26:48 UTC 2025

Basic System Information:
---------------------------------
Uptime     : 0 days, 0 hours, 1 minutes
Processor  : AMD EPYC 7713 64-Core Processor
CPU cores  : 1 @ 1996.249 MHz
AES-NI     : ✔ Enabled
VM-x/AMD-V : ✔ Enabled
RAM        : 1.9 GiB
Swap       : 0.0 KiB
Disk       : 19.6 GiB
Distro     : Debian GNU/Linux 12 (bookworm)
Kernel     : 6.1.0-37-amd64
VM Type    : KVM
IPv4/IPv6  : ✔ Online / ✔ Online

IPv6 Network Information:
---------------------------------
ISP        : Onidel Pty Ltd
ASN        : AS152900 Onidel Pty Ltd
Host       : Onidel Pty Ltd
Location   : Amsterdam, North Holland (NH)
Country    : The Netherlands

fio Disk Speed Tests (Mixed R/W 50/50) (Partition /dev/vda1):
---------------------------------
Block Size | 4k            (IOPS) | 64k           (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 169.02 MB/s  (42.2k) | 1.09 GB/s    (17.1k)
Write      | 169.47 MB/s  (42.3k) | 1.10 GB/s    (17.2k)
Total      | 338.49 MB/s  (84.6k) | 2.20 GB/s    (34.4k)
           |                      |                     
Block Size | 512k          (IOPS) | 1m            (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 1.04 GB/s     (2.0k) | 1.03 GB/s     (1.0k)
Write      | 1.10 GB/s     (2.1k) | 1.10 GB/s     (1.0k)
Total      | 2.15 GB/s     (4.2k) | 2.14 GB/s     (2.0k)

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
-----           | -----                     | ----            | ----            | ----           
Clouvider       | London, UK (10G)          | 1.07 Gbits/sec  | 1.02 Gbits/sec  | 6.51 ms        
Eranium         | Amsterdam, NL (100G)      | 1.07 Gbits/sec  | 1.02 Gbits/sec  | 1.54 ms        
Uztelecom       | Tashkent, UZ (10G)        | 920 Mbits/sec   | 702 Mbits/sec   | 88.2 ms        
Leaseweb        | Singapore, SG (10G)       | 529 Mbits/sec   | 691 Mbits/sec   | 162 ms         
Clouvider       | Los Angeles, CA, US (10G) | 595 Mbits/sec   | 908 Mbits/sec   | 150 ms         
Leaseweb        | NYC, NY, US (10G)         | 942 Mbits/sec   | 906 Mbits/sec   | 76.9 ms        
Edgoo           | Sao Paulo, BR (1G)        | 660 Mbits/sec   | 679 Mbits/sec   | 239 ms         

iperf3 Network Speed Tests (IPv6):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
-----           | -----                     | ----            | ----            | ----           
Clouvider       | London, UK (10G)          | 1.06 Gbits/sec  | 1.00 Gbits/sec  | 6.52 ms        
Eranium         | Amsterdam, NL (100G)      | 1.07 Gbits/sec  | 1.01 Gbits/sec  | 1.50 ms        
Uztelecom       | Tashkent, UZ (10G)        | 823 Mbits/sec   | 933 Mbits/sec   | 87.1 ms        
Leaseweb        | Singapore, SG (10G)       | 601 Mbits/sec   | 877 Mbits/sec   | 162 ms         
Clouvider       | Los Angeles, CA, US (10G) | 615 Mbits/sec   | 896 Mbits/sec   | 150 ms         
Leaseweb        | NYC, NY, US (10G)         | 939 Mbits/sec   | 887 Mbits/sec   | 76.8 ms        
Edgoo           | Sao Paulo, BR (1G)        | 560 Mbits/sec   | 620 Mbits/sec   | 239 ms         

Geekbench 6 Benchmark Test:
---------------------------------
Test            | Value                         
                |                               
Single Core     | 1552                          
Multi Core      | 1577                          
Full Test       | https://browser.geekbench.com/v6/cpu/12438118

YABS completed in 14 min 52 sec

YABS from custom Debian install with FDE (LUKS2) enabled:

# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
#              Yet-Another-Bench-Script              #
#                     v2025-04-20                    #
# https://github.com/masonr/yet-another-bench-script #
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #

Sat Jun 14 01:57:41 PM CEST 2025

Basic System Information:
---------------------------------
Uptime     : 0 days, 0 hours, 20 minutes
Processor  : AMD EPYC 7713 64-Core Processor
CPU cores  : 1 @ 1996.249 MHz
AES-NI     : ✔ Enabled
VM-x/AMD-V : ✔ Enabled
RAM        : 1.9 GiB
Swap       : 976.0 MiB
Disk       : 18.5 GiB
Distro     : Debian GNU/Linux 12 (bookworm)
Kernel     : 6.1.0-37-amd64
VM Type    : KVM
IPv4/IPv6  : ✔ Online / ✔ Online

IPv6 Network Information:
---------------------------------
ISP        : Onidel Pty Ltd
ASN        : AS152900 Onidel Pty Ltd
Host       : Onidel Pty Ltd
Location   : Amsterdam, North Holland (NH)
Country    : The Netherlands

fio Disk Speed Tests (Mixed R/W 50/50) (Partition /dev/mapper/nl2--vg-root):
---------------------------------
Block Size | 4k            (IOPS) | 64k           (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 77.67 MB/s   (19.4k) | 297.61 MB/s   (4.6k)
Write      | 77.88 MB/s   (19.4k) | 299.18 MB/s   (4.6k)
Total      | 155.55 MB/s  (38.8k) | 596.79 MB/s   (9.3k)
           |                      |                     
Block Size | 512k          (IOPS) | 1m            (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 413.45 MB/s    (807) | 436.65 MB/s    (426)
Write      | 435.42 MB/s    (850) | 465.73 MB/s    (454)
Total      | 848.87 MB/s   (1.6k) | 902.38 MB/s    (880)


iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
-----           | -----                     | ----            | ----            | ----           
Clouvider       | London, UK (10G)          | 1.06 Gbits/sec  | 1.02 Gbits/sec  | 8.89 ms        
Eranium         | Amsterdam, NL (100G)      | 1.07 Gbits/sec  | 1.02 Gbits/sec  | 1.45 ms        
Uztelecom       | Tashkent, UZ (10G)        | 262 Mbits/sec   | 913 Mbits/sec   | 87.6 ms        
Leaseweb        | Singapore, SG (10G)       | 249 Mbits/sec   | 754 Mbits/sec   | 164 ms         
Clouvider       | Los Angeles, CA, US (10G) | 77.4 Mbits/sec  | 883 Mbits/sec   | 147 ms         
Leaseweb        | NYC, NY, US (10G)         | 424 Mbits/sec   | 905 Mbits/sec   | 75.5 ms        
Edgoo           | Sao Paulo, BR (1G)        | 284 Mbits/sec   | 726 Mbits/sec   | 243 ms         

iperf3 Network Speed Tests (IPv6):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
-----           | -----                     | ----            | ----            | ----           
Clouvider       | London, UK (10G)          | 1.06 Gbits/sec  | 1.00 Gbits/sec  | 8.83 ms        
Eranium         | Amsterdam, NL (100G)      | 1.06 Gbits/sec  | 1.01 Gbits/sec  | 1.83 ms        
Uztelecom       | Tashkent, UZ (10G)        | 246 Mbits/sec   | 902 Mbits/sec   | 87.0 ms        
Leaseweb        | Singapore, SG (10G)       | 242 Mbits/sec   | 878 Mbits/sec   | 165 ms         
Clouvider       | Los Angeles, CA, US (10G) | 318 Mbits/sec   | 475 Mbits/sec   | 148 ms         
Leaseweb        | NYC, NY, US (10G)         | 434 Mbits/sec   | 874 Mbits/sec   | 75.3 ms        
Edgoo           | Sao Paulo, BR (1G)        | 258 Mbits/sec   | 263 Mbits/sec   | 243 ms         

Geekbench 6 Benchmark Test:
---------------------------------
Test            | Value                         
                |                               
Single Core     | 1557                          
Multi Core      | 1553                          
Full Test       | https://browser.geekbench.com/v6/cpu/12436052

YABS completed in 15 min 58 sec

To make sure SEV is enabled and working, you can either check dmesg:

$ dmesg | grep -i sev
[    0.182897] Memory Encryption Features active: AMD SEV

or use cpuid:

$ sudo apt install cpuid
$ sudo cpuid -l 0x8000001f
CPU 0:
   AMD Secure Encryption (0x8000001f):
      SME: secure memory encryption support    = false
      SEV: secure encrypted virtualize support = true
...

YABS from custom Debian install with SEV and FDE (LUKS2) enabled:

SEV reserves a bit of our RAM so shown here is 1.8G instead of 1.9G we had before.

# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
#              Yet-Another-Bench-Script              #
#                     v2025-04-20                    #
# https://github.com/masonr/yet-another-bench-script #
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #

Sat Jun 14 02:25:56 PM CEST 2025

Basic System Information:
---------------------------------
Uptime     : 0 days, 0 hours, 6 minutes
Processor  : AMD EPYC 7713 64-Core Processor
CPU cores  : 1 @ 1996.249 MHz
AES-NI     : ✔ Enabled
VM-x/AMD-V : ✔ Enabled
RAM        : 1.8 GiB
Swap       : 976.0 MiB
Disk       : 18.5 GiB
Distro     : Debian GNU/Linux 12 (bookworm)
Kernel     : 6.1.0-37-amd64
VM Type    : KVM
IPv4/IPv6  : ✔ Online / ✔ Online

IPv6 Network Information:
---------------------------------
ISP        : Onidel Pty Ltd
ASN        : AS152900 Onidel Pty Ltd
Host       : Onidel Pty Ltd
Location   : Amsterdam, North Holland (NH)
Country    : The Netherlands

fio Disk Speed Tests (Mixed R/W 50/50) (Partition /dev/mapper/nl2--vg-root):
---------------------------------
Block Size | 4k            (IOPS) | 64k           (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 69.67 MB/s   (17.4k) | 282.96 MB/s   (4.4k)
Write      | 69.86 MB/s   (17.4k) | 284.45 MB/s   (4.4k)
Total      | 139.54 MB/s  (34.8k) | 567.41 MB/s   (8.8k)
           |                      |                     
Block Size | 512k          (IOPS) | 1m            (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 388.67 MB/s    (759) | 405.58 MB/s    (396)
Write      | 409.32 MB/s    (799) | 432.60 MB/s    (422)
Total      | 798.00 MB/s   (1.5k) | 838.19 MB/s    (818)

iperf3 Network Speed Tests (IPv4):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
-----           | -----                     | ----            | ----            | ----           
Clouvider       | London, UK (10G)          | 1.06 Gbits/sec  | 1.02 Gbits/sec  | 7.75 ms        
Eranium         | Amsterdam, NL (100G)      | 1.07 Gbits/sec  | 1.03 Gbits/sec  | 1.56 ms        
Uztelecom       | Tashkent, UZ (10G)        | 324 Mbits/sec   | 891 Mbits/sec   | 87.3 ms        
Leaseweb        | Singapore, SG (10G)       | 233 Mbits/sec   | 694 Mbits/sec   | 163 ms         
Clouvider       | Los Angeles, CA, US (10G) | 199 Mbits/sec   | 892 Mbits/sec   | 152 ms         
Leaseweb        | NYC, NY, US (10G)         | 459 Mbits/sec   | 900 Mbits/sec   | 75.5 ms        
Edgoo           | Sao Paulo, BR (1G)        | 260 Mbits/sec   | 668 Mbits/sec   | 242 ms         

iperf3 Network Speed Tests (IPv6):
---------------------------------
Provider        | Location (Link)           | Send Speed      | Recv Speed      | Ping           
-----           | -----                     | ----            | ----            | ----           
Clouvider       | London, UK (10G)          | 1.05 Gbits/sec  | 998 Mbits/sec   | 7.77 ms        
Eranium         | Amsterdam, NL (100G)      | 1.06 Gbits/sec  | 1.01 Gbits/sec  | 1.48 ms        
Uztelecom       | Tashkent, UZ (10G)        | 249 Mbits/sec   | 926 Mbits/sec   | 87.2 ms        
Leaseweb        | Singapore, SG (10G)       | 211 Mbits/sec   | 880 Mbits/sec   | --             
Clouvider       | Los Angeles, CA, US (10G) | 297 Mbits/sec   | 688 Mbits/sec   | 152 ms         
Leaseweb        | NYC, NY, US (10G)         | 447 Mbits/sec   | 885 Mbits/sec   | 75.3 ms        
Edgoo           | Sao Paulo, BR (1G)        | 208 Mbits/sec   | 525 Mbits/sec   | 241 ms         

Geekbench 6 Benchmark Test:
---------------------------------
Test            | Value                         
                |                               
Single Core     | 1568                          
Multi Core      | 1545                          
Full Test       | https://browser.geekbench.com/v6/cpu/12436433

YABS completed in 15 min 42 sec

There isn't any major difference between SEV and non SEV GB6 score. I expected it to be at least a bit lower than unencrypted.
The biggest difference we see is in fio benchmark. Enabling LUKS2 encryption reduced disk IOPS by at least 2x. We also see slightly lower fio score with SEV enabled.

The fio scores were vastly improved after I applied the steps from long-cat blog (increasing sector size to 4KB, disabling work queues in /etc/crypttab and setting key size to 256 bits). Now IOPS are only slightly behind what they were using an unencrypted drive.

fio scores for FDE (LUKS 4KB sectors) without SEV:

fio Disk Speed Tests (Mixed R/W 50/50) (Partition /dev/mapper/nl2--vg-root):
---------------------------------
Block Size | 4k            (IOPS) | 64k           (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 101.62 MB/s  (25.4k) | 606.45 MB/s   (9.4k)
Write      | 101.89 MB/s  (25.4k) | 609.64 MB/s   (9.5k)
Total      | 203.51 MB/s  (50.8k) | 1.21 GB/s    (19.0k)
           |                      |                     
Block Size | 512k          (IOPS) | 1m            (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 1.04 GB/s     (2.0k) | 1.00 GB/s      (983)
Write      | 1.09 GB/s     (2.1k) | 1.07 GB/s     (1.0k)
Total      | 2.14 GB/s     (4.1k) | 2.08 GB/s     (2.0k)

fio scores for FDE (LUKS 4KB sectors) with SEV:

fio Disk Speed Tests (Mixed R/W 50/50) (Partition /dev/mapper/nl2--vg-root):
---------------------------------
Block Size | 4k            (IOPS) | 64k           (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 94.38 MB/s   (23.5k) | 533.17 MB/s   (8.3k)
Write      | 94.62 MB/s   (23.6k) | 535.98 MB/s   (8.3k)
Total      | 189.00 MB/s  (47.2k) | 1.06 GB/s    (16.7k)
           |                      |                     
Block Size | 512k          (IOPS) | 1m            (IOPS)
  ------   | ---            ----  | ----           ---- 
Read       | 900.74 MB/s   (1.7k) | 930.56 MB/s    (908)
Write      | 948.59 MB/s   (1.8k) | 992.54 MB/s    (969)
Total      | 1.84 GB/s     (3.6k) | 1.92 GB/s     (1.8k)

Those are great results! I expected it to perform much worse, but SEV and non-SEV results are indistinguishable in most benchmarks (fio being the only exception).
Onidel did a great job making sure the SEV option is easily accessible within their panel and can be enabled at any time.
Hopefully more providers will decide to support SEV soon

oloke · June 2025

A few additional benchmarks I ran hoping SEV will fall behind in some workload. (it didn't )

without SEV:

cryptsetup

$ cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      1718977 iterations per second for 256-bit key
PBKDF2-sha256    3276800 iterations per second for 256-bit key
PBKDF2-sha512    1567378 iterations per second for 256-bit key
PBKDF2-ripemd160  706587 iterations per second for 256-bit key
PBKDF2-whirlpool  573619 iterations per second for 256-bit key
argon2i       4 iterations, 726428 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id      4 iterations, 735889 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#     Algorithm |       Key |      Encryption |      Decryption
        aes-cbc        128b       906.8 MiB/s      2695.9 MiB/s
    serpent-cbc        128b        89.6 MiB/s       660.7 MiB/s
    twofish-cbc        128b       186.6 MiB/s       341.8 MiB/s
        aes-cbc        256b       736.5 MiB/s      2507.9 MiB/s
    serpent-cbc        256b        99.8 MiB/s       639.8 MiB/s
    twofish-cbc        256b       193.9 MiB/s       331.4 MiB/s
        aes-xts        256b      2389.8 MiB/s      2493.6 MiB/s
    serpent-xts        256b       572.1 MiB/s       573.7 MiB/s
    twofish-xts        256b       323.9 MiB/s       318.4 MiB/s
        aes-xts        512b      2222.0 MiB/s      2173.3 MiB/s
    serpent-xts        512b       589.0 MiB/s       566.2 MiB/s
    twofish-xts        512b       324.9 MiB/s       328.1 MiB/s

p7zip

$ 7z b -mmt=1 '-mm=*'

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,1 CPU AMD EPYC 7713 64-Core Processor                 (A00F11),ASM,AES-NI)

AMD EPYC 7713 64-Core Processor                 (A00F11)
CPU Freq: - - - - - - - - -

RAM size:    1930 MB,  # CPU hardware threads:   1
RAM usage:    225 MB,  # Benchmark threads:      1


Method           Speed Usage    R/U Rating   E/U Effec
                 KiB/s     %   MIPS   MIPS     %     %

CPU                      100   3216   3213
CPU                      100   3158   3156
CPU                      100   3225   3223   100   100

LZMA:x1          18137   100   6637   6630   206   206
                 46393   100   3781   3777   117   117
LZMA:x5:mt1       4487   100   5613   5606   174   174
                 47205   100   3986   3982   124   124
LZMA:x5:mt2       5453   100   6822   6813   212   211
                 48638   100   4107   4103   127   127
Deflate:x1       50473   100   6414   6409   199   199
                171616   100   5337   5332   166   165
Deflate:x5       15615   100   6018   6012   187   187
                173384   100   5387   5383   167   167
Deflate:x7        6663   100   7389   7383   229   229
                174281   100   5413   5408   168   168
Deflate64:x5     13869   100   5999   5993   186   186
                179254   100   5611   5607   174   174
BZip2:x1          9015   100   5451   5447   169   169
                 35698   100   3872   3870   120   120
BZip2:x5          7792   100   6508   6503   202   202
                 28873   100   5671   5667   176   176
BZip2:x5:mt2      7820   100   6532   6527   203   203
                 29921   100   5877   5872   182   182
BZip2:x7          2554   100   6624   6619   206   205
                 28810   100   5654   5650   175   175
PPMD:x1           6247   100   6469   6462   201   200
                  5394   100   6359   6352   197   197
PPMD:x5           4801   100   8145   8138   253   253
                  4256   100   7985   7977   248   247
Delta:4         535950   100   3295   3293   102   102
                551699   100   3392   3390   105   105
BCJ            1366302   100   5602   5596   174   174
               1346243   100   5519   5514   171   171
AES256CBC:1     214215   100   5269   5265   163   163
                212054   100   5215   5211   162   162
AES256CBC:2     863837   100   7082   7077   220   220
               5432196   100  11137  11125   346   345
CRC32:1         386126   100   2814   2811    87    87
CRC32:4        1237336   100   2764   2762    86    86
CRC32:8        2425909   100   3293   3290   102   102
CRC64          1144422   100   2346   2344    73    73
SHA256          214486   100   4379   4376   136   136
SHA1            614946   100   5761   5756   179   179
BLAKE2sp        384830   100   8474   8466   263   263

CPU                      100   3251   3249
------------------------------------------------------
Tot:                     100   5385   5379   167   167

zstd

$ zstd -b1 -e15
 1#Synthetic 50%     :  10000000 ->   3154228 (x3.170),  449.9 MB/s  2078.6 MB/s
 2#Synthetic 50%     :  10000000 ->   3129137 (x3.196),  372.3 MB/s, 1968.7 MB/s
 3#Synthetic 50%     :  10000000 ->   3230847 (x3.095),  191.9 MB/s, 1508.7 MB/s
 4#Synthetic 50%     :  10000000 ->   3345685 (x2.989),  170.5 MB/s, 1321.0 MB/s
 5#Synthetic 50%     :  10000000 ->   3296620 (x3.033),   94.0 MB/s, 1311.9 MB/s
 6#Synthetic 50%     :  10000000 ->   3284857 (x3.044),   86.1 MB/s, 1332.9 MB/s
 7#Synthetic 50%     :  10000000 ->   3328432 (x3.004),   82.4 MB/s, 1249.4 MB/s
 8#Synthetic 50%     :  10000000 ->   3319322 (x3.013),   72.3 MB/s, 1273.1 MB/s
 9#Synthetic 50%     :  10000000 ->   3357642 (x2.978),   68.4 MB/s, 1167.5 MB/s
10#Synthetic 50%     :  10000000 ->   3363183 (x2.973),   62.2 MB/s, 1152.2 MB/s
11#Synthetic 50%     :  10000000 ->   3363177 (x2.973),   48.5 MB/s, 1121.7 MB/s
12#Synthetic 50%     :  10000000 ->   3362876 (x2.974),   32.5 MB/s, 1114.4 MB/s
13#Synthetic 50%     :  10000000 ->   3354692 (x2.981),   15.4 MB/s, 1128.2 MB/s
14#Synthetic 50%     :  10000000 ->   3354678 (x2.981),   13.0 MB/s, 1117.4 MB/s
15#Synthetic 50%     :  10000000 ->   3353801 (x2.982),   9.91 MB/s, 1057.1 MB/s

with SEV:

cryptsetup

$ cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1      1836385 iterations per second for 256-bit key
PBKDF2-sha256    3679214 iterations per second for 256-bit key
PBKDF2-sha512    1615679 iterations per second for 256-bit key
PBKDF2-ripemd160  780190 iterations per second for 256-bit key
PBKDF2-whirlpool  608222 iterations per second for 256-bit key
argon2i       4 iterations, 718445 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id      4 iterations, 746060 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#     Algorithm |       Key |      Encryption |      Decryption
        aes-cbc        128b       862.6 MiB/s      2778.8 MiB/s
    serpent-cbc        128b        97.7 MiB/s       643.5 MiB/s
    twofish-cbc        128b       179.5 MiB/s       326.6 MiB/s
        aes-cbc        256b       702.6 MiB/s      2530.5 MiB/s
    serpent-cbc        256b        97.0 MiB/s       660.8 MiB/s
    twofish-cbc        256b       194.7 MiB/s       341.2 MiB/s
        aes-xts        256b      2533.0 MiB/s      2503.3 MiB/s
    serpent-xts        256b       590.0 MiB/s       580.9 MiB/s
    twofish-xts        256b       311.3 MiB/s       326.1 MiB/s
        aes-xts        512b      2261.8 MiB/s      2274.7 MiB/s
    serpent-xts        512b       592.3 MiB/s       578.8 MiB/s
    twofish-xts        512b       327.6 MiB/s       319.8 MiB/s

p7zip

$ 7z b -mmt=1 '-mm=*'

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,1 CPU AMD EPYC 7713 64-Core Processor                 (A00F11),ASM,AES-NI)

AMD EPYC 7713 64-Core Processor                 (A00F11)
CPU Freq: - - - - - - - - -

RAM size:    1801 MB,  # CPU hardware threads:   1
RAM usage:    225 MB,  # Benchmark threads:      1


Method           Speed Usage    R/U Rating   E/U Effec
                 KiB/s     %   MIPS   MIPS     %     %

CPU                      100   3156   3153
CPU                      100   3205   3201
CPU                      100   3130   3127   100   100

LZMA:x1          18047   100   6606   6598   211   211
                 47201   100   3848   3843   123   123
LZMA:x5:mt1       4292   100   5371   5362   172   171
                 47043   100   3974   3968   127   127
LZMA:x5:mt2       5366   100   6714   6704   215   214
                 46195   100   3901   3896   125   125
Deflate:x1       49531   100   6297   6289   201   201
                169572   100   5275   5269   169   168
Deflate:x5       15258   100   5881   5875   188   188
                169780   100   5276   5271   169   169
Deflate:x7        6493   100   7204   7195   230   230
                172325   100   5353   5347   171   171
Deflate64:x5     14218   100   6151   6144   197   196
                170506   100   5339   5333   171   171
BZip2:x1          8474   100   5126   5120   164   164
                 35518   100   3855   3850   123   123
BZip2:x5          7837   100   6551   6541   209   209
                 29446   100   5786   5779   185   185
BZip2:x5:mt2      7676   100   6414   6407   205   205
                 28386   100   5578   5571   178   178
BZip2:x7          2533   100   6572   6564   210   210
                 29108   100   5715   5708   183   183
PPMD:x1           6037   100   6252   6245   200   200
                  5439   100   6413   6406   205   205
PPMD:x5           4954   100   8407   8397   269   268
                  4198   100   7876   7867   252   252
Delta:4         545577   100   3355   3352   107   107
                555975   100   3419   3416   109   109
BCJ            1328674   100   5448   5442   174   174
               1351494   100   5541   5536   177   177
AES256CBC:1     211603   100   5206   5200   166   166
                204288   100   5026   5021   161   161
AES256CBC:2     830176   100   6808   6801   218   217
               5460337   100  11193  11183   358   358
CRC32:1         385423   100   2809   2806    90    90
CRC32:4        1229695   100   2748   2745    88    88
CRC32:8        2501487   100   3395   3392   109   108
CRC64          1144793   100   2347   2345    75    75
SHA256          214738   100   4385   4381   140   140
SHA1            627305   100   5877   5872   188   188
BLAKE2sp        373115   100   8216   8209   263   262

CPU                      100   3203   3200
------------------------------------------------------
Tot:                     100   5302   5295   170   169

zstd

$ zstd -b1 -e15
 1#Synthetic 50%     :  10000000 ->   3154228 (x3.170),  450.9 MB/s, 2067.1 MB/s
 2#Synthetic 50%     :  10000000 ->   3129137 (x3.196),  357.2 MB/s, 1975.5 MB/s
 3#Synthetic 50%     :  10000000 ->   3230847 (x3.095),  191.6 MB/s, 1516.2 MB/s
 4#Synthetic 50%     :  10000000 ->   3345685 (x2.989),  170.6 MB/s, 1318.3 MB/s
 5#Synthetic 50%     :  10000000 ->   3296620 (x3.033),   89.4 MB/s, 1300.0 MB/s
 6#Synthetic 50%     :  10000000 ->   3284857 (x3.044),   82.4 MB/s, 1286.5 MB/s
 7#Synthetic 50%     :  10000000 ->   3328432 (x3.004),   78.6 MB/s, 1201.0 MB/s
 8#Synthetic 50%     :  10000000 ->   3319322 (x3.013),   70.1 MB/s, 1211.6 MB/s
 9#Synthetic 50%     :  10000000 ->   3357642 (x2.978),   68.4 MB/s, 1113.1 MB/s
10#Synthetic 50%     :  10000000 ->   3363183 (x2.973),   59.4 MB/s, 1096.4 MB/s
11#Synthetic 50%     :  10000000 ->   3363177 (x2.973),   47.6 MB/s, 1098.1 MB/s
12#Synthetic 50%     :  10000000 ->   3362876 (x2.974),   30.4 MB/s, 1099.8 MB/s
13#Synthetic 50%     :  10000000 ->   3354692 (x2.981),   14.3 MB/s, 1106.5 MB/s
14#Synthetic 50%     :  10000000 ->   3354678 (x2.981),   12.3 MB/s, 1112.4 MB/s
15#Synthetic 50%     :  10000000 ->   3353801 (x2.982),   9.50 MB/s, 1103.5 MB/s

onidel · June 2025

Great benchmarks @oloke - really love the detailed work!

One caveat with supporting AMD SEV is the loss of live migration capability for SEV-enabled VMs. At Onidel, we regularly perform live migrations to apply updates, carry out maintenance, and rebalance workloads across nodes - all without affecting VM uptime. This helps us maintain consistent performance and reliability across the platform.

With SEV-enabled VMs, however, our process needs to adapt. Specifically, we will now provide advance notice for planned maintenance, during which SEV-enabled VMs will need to be temporarily shut down. The downtime is typically brief - thanks to our distributed storage cluster, migrations usually take only a few seconds to a few minutes.

Despite this limitation, we believe SEV is a valuable option for customers seeking greater privacy and data protection. We are also actively working on supporting SEV-ES and SEV-SNP, which will involve additional work such as rebuilding the EFI firmware (-ES and -SNP do not work with Secure Boot enabled).

Motion3549 · June 2025

This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

and how to get sev-enable node @onidel ?

onidel · June 2025

@Motion3549 said:
This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

and how to get sev-enable node @onidel ?

All nodes in Amsterdam support SEV. If you have a VM in Amsterdam, you can enable SEV from our control panel.
Sydney, Singapore and New York (launching soon) will also support SEV. ETA in 2-3 weeks.

Motion3549 · June 2025

@onidel said:

@Motion3549 said:
This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

and how to get sev-enable node @onidel ?

All nodes in Amsterdam support SEV. If you have a VM in Amsterdam, you can enable SEV from our control panel.
Sydney, Singapore and New York (launching soon) will also support SEV. ETA in 2-3 weeks.

any promo ?

oloke · June 2025

@Motion3549 said:
This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

I was using clevis binded to vTPM.

$ clevis luks bind -d /dev/vda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,7"}'

Preferably, bind it to a Tang server that you fully control since vTPM could be compromised.

Motion3549 · June 2025

@oloke said:

@Motion3549 said:
This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

I was using clevis binded to vTPM.
$ clevis luks bind -d /dev/vda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,7"}'
Preferably, bind it to a Tang server that you fully control since vTPM could be compromised.

Using systemd-cryptenroll ?

oloke · June 2025

@Motion3549 said:
@oloke said:

@Motion3549 said:
This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

I was using clevis binded to vTPM.
$ clevis luks bind -d /dev/vda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,7"}'
Preferably, bind it to a Tang server that you fully control since vTPM could be compromised.
Using systemd-cryptenroll ?

Using clevis but systemd-cryptenroll should work too

https://community.frame.work/t/guide-setup-tpm2-autodecrypt/39005#configuration-explaination-2

Motion3549 · June 2025

@oloke said:
@Motion3549 said:
@oloke said:

@Motion3549 said:
This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

I was using clevis binded to vTPM.
$ clevis luks bind -d /dev/vda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,7"}'
Preferably, bind it to a Tang server that you fully control since vTPM could be compromised.
Using systemd-cryptenroll ?
Using clevis but systemd-cryptenroll should work too

https://community.frame.work/t/guide-setup-tpm2-autodecrypt/39005#configuration-explaination-2

Seeing from short searching about vtpm, any particular reason not using Clevis server? vtpm setup looks significantly harder.

oloke · June 2025

@Motion3549 said:
@oloke said:
@Motion3549 said:
@oloke said:

@Motion3549 said:
This is great, thanks @oloke , are you using clevis/tang to auto unlock boot ?

I was using clevis binded to vTPM.
$ clevis luks bind -d /dev/vda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,7"}'
Preferably, bind it to a Tang server that you fully control since vTPM could be compromised.
Using systemd-cryptenroll ?
Using clevis but systemd-cryptenroll should work too

https://community.frame.work/t/guide-setup-tpm2-autodecrypt/39005#configuration-explaination-2
Seeing from short searching about vtpm, any particular reason not using Clevis server? vtpm setup looks significantly harder.

I don't think it's much harder. If you mean why not using Tang server (Clevis is just a client), I already mentioned it's better to use it. I just wanted to test onidel's vTPM implementation.
Normally I would go with Tang server for remote unlocking.

I'm also not an expert on this stuff so you should do your own research and decide what works best for you

vicaya · June 2025

@onidel said:

Update:

We are now offering licensed Windows VMs through SPLA program. That means Evaluation Windows templates are no longer available. The license costs $6.5 / vCPU / month. Hourly billing supported. RDP SAL is available as an optional add-on.

On second note, you can now enable AMD-SEV for VMs in Amsterdam location directly via the control panel. AMD-SEV is a hardware-based security feature on AMD EPYC CPUs that encrypts VM memory, enhancing protection against unauthorised access and increasing data privacy. This feature will also be available in Sydney and Singapore soon as we are setting up new nodes.

NY launch is very close ...

Sydney when? Itching to check it out...

onidel · June 2025

New nodes in Singapore are being deployed and we hope to have it all done this weekend.

Another upstream will be added to our Singapore network next week as well

borkedascii · June 2025

@onidel said:
New nodes in Singapore are being deployed and we hope to have it all done this weekend.

Another upstream will be added to our Singapore network next week as well

Spill the name

Does hostuniversal remain primary or the new one?

onidel · June 2025

it was expected to have new Singapore nodes deployed last weekend, but …

the server shipment to Singapore delayed from 1-2 weeks initially to 6 weeks now. vendor shipped servers to the DC with cpu, ram, disk not installed. missing NICs.

deeply disappointing and extremely frustrating experience

muffin · June 2025

@onidel said:
it was expected to have new Singapore nodes deployed last weekend, but …

the server shipment to Singapore delayed from 1-2 weeks initially to 6 weeks now. vendor shipped servers to the DC with cpu, ram, disk not installed. missing NICs.

deeply disappointing and extremely frustrating experience

I know a green local handyman who might be up for the job

ksk · June 2025

@onidel said: new Singapore nodes

Looking forward to the legendary return at A$15.60 per year — does the Asia-Pacific Bandwidth Pool include the new locations?

FAT32 · June 2025

@muffin said:

@onidel said:
it was expected to have new Singapore nodes deployed last weekend, but …

the server shipment to Singapore delayed from 1-2 weeks initially to 6 weeks now. vendor shipped servers to the DC with cpu, ram, disk not installed. missing NICs.

deeply disappointing and extremely frustrating experience

I know a green local handyman who might be up for the job

I know a teddy bear might be up for the job for Japan nodes...

DP · June 2025

@FAT32 said:

@muffin said:

@onidel said:
it was expected to have new Singapore nodes deployed last weekend, but …

the server shipment to Singapore delayed from 1-2 weeks initially to 6 weeks now. vendor shipped servers to the DC with cpu, ram, disk not installed. missing NICs.

deeply disappointing and extremely frustrating experience

I know a green local handyman who might be up for the job

I know a teddy bear might be up for the job for Japan nodes...

There's also someone else willing to fly to SG to meet up for food.

nullnothere · June 2025

@DP said:

@FAT32 said:

@muffin said:

@onidel said:
it was expected to have new Singapore nodes deployed last weekend, but …

the server shipment to Singapore delayed from 1-2 weeks initially to 6 weeks now. vendor shipped servers to the DC with cpu, ram, disk not installed. missing NICs.

deeply disappointing and extremely frustrating experience

I know a green local handyman who might be up for the job

I know a teddy bear might be up for the job for Japan nodes...

There's also someone else willing to fly to SG to meet up for food.

There's also a resident benchmeister who missed some choice drinks last time around and so is (or could/should be) more than willing to fly to SG to meet up for those missed apertifs.

Just to be sure @cybertech notices.

cybertech · June 2025

@nullnothere said:

@DP said:

@FAT32 said:

@muffin said:

@onidel said:
it was expected to have new Singapore nodes deployed last weekend, but …

the server shipment to Singapore delayed from 1-2 weeks initially to 6 weeks now. vendor shipped servers to the DC with cpu, ram, disk not installed. missing NICs.

deeply disappointing and extremely frustrating experience

I know a green local handyman who might be up for the job

I know a teddy bear might be up for the job for Japan nodes...

There's also someone else willing to fly to SG to meet up for food.

There's also a resident benchmeister who missed some choice drinks last time around and so is (or could/should be) more than willing to fly to SG to meet up for those missed apertifs.

Just to be sure @cybertech notices.

wassssuuup

in Guangzhou now.

sure why not 😁

Arirang · July 2025

Any update on NYC?

onidel · July 2025

@Arirang said:
Any update on NYC?

hopefully next week ...

we have migrated Singapore VMs to a new rack. Most VMs were live migrated, resulting in only a few seconds of network disruption during traffic rerouting.

Singapore VMs now support AMD SEV-SNP (kernel support required)

We will be enabling a new upstream (SG.GS) next week.

onidel · July 2025

SG.GS has been enabled! We are now multi-homed in SG. Customers can benefit from improved network, better routing redundancy, and potentially lower latency to regional networks.

Arirang · July 2025

@onidel said:
SG.GS has been enabled! We are now multi-homed in SG. Customers can benefit from improved network, better routing redundancy, and potentially lower latency to regional networks.

And I wish you had floating ip between vms!

onidel · July 2025

@Arirang said:

@onidel said:
SG.GS has been enabled! We are now multi-homed in SG. Customers can benefit from improved network, better routing redundancy, and potentially lower latency to regional networks.

And I wish you had floating ip between vms!

it is in progress

onidel · August 2025

Automatic failover will soon be enabled for Singapore VMs at no additional cost

Howdy, Stranger!

Categories

In this Discussion

Onidel Cloud's Thread - Announcements, Feedbacks and Discussions!

Comments

Update:

Update:

Update:

Howdy, Stranger!

Quick Links

Categories

In this Discussion

Onidel Cloud's Thread - Announcements, Feedbacks and Discussions!

Comments

Update:

Update:

Update: