[RcouF1uZ4gsC]

One thing this scalability bets on is that side channel attacks won’t get better.

Spectre and related attacks already reduced CPU performance.

Shared hardware opens up the door for side channel attacks and hardening against those attacks is going to decrease performance.

[jmillikin]

You'd generally use co-tenancy for workloads that are mutually trusted. Privileged services (authn/authz, machine management, deployable artifact builds) get put onto separate hardware, since their footprint is small enough that the extra 200% cost isn't material.

[pclmulqdq]

This isn't how things always run in the cloud. I think the conventional wisdom is that the isolation of VMs is good enough unless you are very paranoid. Auth services are regularly run on less than full baremetal machines.

AWS serverless, by the way, uses VM isolation.

[jmillikin]

Both AWS and GCP offer the ability to schedule VMs onto isolated machines:

https://aws.amazon.com/ec2/dedicated-hosts/

https://cloud.google.com/compute/docs/nodes/sole-tenant-node...

The AWS offering is pretty much turn-key. I've not used the GCP version, but it seems to be similar if you're willing to create a separate "project" for each security domain.

Once your company has any PII and/or has regulatory obligations (PCI, HIPAA, etc) then it's worth spending a bit extra to make sure sensitive components are running on their own hardware.

[pclmulqdq]

Usually you have to buy the whole host when you do that, and there are many ways to buy the whole machine. I personally think baremetal is a better trade - Amazon insiders have a harder time spying on you if you do that, while they can still pause your dedicated VM to take a peek at what's going on. Regardless, I have seen authentication systems and other sensitive things run on multi-tenant machines.