Intel offers 'server on a card' reference design for network security

OEMs thrown a NetSec Accelerator that plugs into server PCIe slots


RSA Conference Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need.

The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server. It combines an Intel Atom processor, Intel Ethernet E810 network interface, and up to 32GB of memory to offload network security functions.

According to Intel, the new reference design is intended to enable a secure access service edge (SASE) model, a combination of software-defined security and wide-area network (WAN) functions implemented as a cloud-native service.

NetSec Accelerator Reference Design

NetSec Accelerator Reference Design

This includes cloud access security broker (CASB), secure web gateway (SWG), data loss prevention (DLP), and firewall capabilities.

All of this this would typically be delivered as virtualized or containerized services running on a standard server instead of a dedicated network appliance, but the NetSec Accelerator Reference Design offers an alternative approach that reduces the infrastructure footprint by effectively putting that server onto a plug-in card, Intel claims.

One advantage of this approach is that existing security software developed for Intel-based systems should be easily ported to any product based on this reference design, with Intel claiming that developers can run them "practically straight out of the box" on what amounts to a mini-server built on standard Intel technology.

Another potential selling point is that host servers typically have multiple PCIe slots, making it possible for more than one NetSec Accelerator card to be fitted, each running a separate SASE service with its own set of compute, memory, and I/O resources.

However, as with many Intel initiatives, the company does not appear to be interested in offering the product itself, but is rather throwing it over the wall as a reference design for OEMs to pick up to bring it to the market more quickly.

"This reference design enables a PCIe add-in card to deliver the capabilities of a server within a small, power-efficient package. Vendors can integrate SASE functions in this card to maximize the capabilities of their server infrastructure at the edge," said Intel VP for the Network & Edge Bob Ghaffari in a blog post.

The NetSec Accelerator Reference Design has two variations, with differing CPU core counts and network configurations. One is an eight-core design based on the Atom P5721 chip with 2x 25Gbps Ethernet ports, while the other is a 16-core design using the Atom P5742 chip and a single 100Gbps Ethernet port.

Both Atom chips appear to have integrated eight-port Ethernet switch functionality, as well as Intel's QuickAssist Technology (Intel QAT) for accelerating the processing of encryption functions.

According to Intel, ecosystem partners are already developing products based on the reference design, with F5 and Silicom singled out as the first vendors that are expected to come to market.

Both are said to have products on show at the RSA Conference this week, with Silicom unveiling the IAONIC Card said to be compatible with the NetSec Accelerator, while F5 is showcasing a new security application running on it.

The NetSec Accelerator Reference Design makes an interesting comparison with the SmartNICs or DPUs that other vendors are offering for network offload and security processing purposes. Rather than integrate a CPU with a network adapter, Intel has effectively put an entire mini server onto an adapter card. Most SmartNICs or DPUs tend to be based on Arm CPUs, of course. ®

Broader topics


Other stories you might like

  • Linux Foundation thinks it can get you interested in smartNICs
    Step one: Make them easier to program

    The Linux Foundation wants to make data processing units (DPUs) easier to deploy, with the launch of the Open Programmable Infrastructure (OPI) project this week.

    The program has already garnered support from several leading chipmakers, systems builders, and software vendors – Nvidia, Intel, Marvell, F5, Keysight, Dell Tech, and Red Hat to name a few – and promises to build an open ecosystem of common software frameworks that can run on any DPU or smartNIC.

    SmartNICs, DPUs, IPUs – whatever you prefer to call them – have been used in cloud and hyperscale datacenters for years now. The devices typically feature onboard networking in a PCIe card form factor and are designed to offload and accelerate I/O-intensive processes and virtualization functions that would otherwise consume valuable host CPU resources.

    Continue reading
  • Intel is running rings around AMD and Arm at the edge
    What will it take to loosen the x86 giant's edge stranglehold?

    Analysis Supermicro launched a wave of edge appliances using Intel's newly refreshed Xeon-D processors last week. The launch itself was nothing to write home about, but a thought occurred: with all the hype surrounding the outer reaches of computing that we call the edge, you'd think there would be more competition from chipmakers in this arena.

    So where are all the AMD and Arm-based edge appliances?

    A glance through the catalogs of the major OEMs – Dell, HPE, Lenovo, Inspur, Supermicro – returned plenty of results for AMD servers, but few, if any, validated for edge deployments. In fact, Supermicro was the only one of the five vendors that even offered an AMD-based edge appliance – which used an ageing Epyc processor. Hardly a great showing from AMD. Meanwhile, just one appliance from Inspur used an Arm-based chip from Nvidia.

    Continue reading
  • TSMC may surpass Intel in quarterly revenue for first time
    Fab frenemies: x86 giant set to give Taiwanese chipmaker more money as it revitalizes foundry business

    In yet another sign of how fortunes have changed in the semiconductor industry, Taiwanese foundry giant TSMC is expected to surpass Intel in quarterly revenue for the first time.

    Wall Street analysts estimate TSMC will grow second-quarter revenue 43 percent quarter-over-quarter to $18.1 billion. Intel, on the other hand, is expected to see sales decline 2 percent sequentially to $17.98 billion in the same period, according to estimates collected by Yahoo Finance.

    The potential for TSMC to surpass Intel in quarterly revenue is indicative of how demand has grown for contract chip manufacturing, fueled by companies like Qualcomm, Nvidia, AMD, and Apple who design their own chips and outsource manufacturing to foundries like TSMC.

    Continue reading
  • Intel withholds Ohio fab ceremony over US chip subsidies inaction
    $20b factory construction start date unchanged – but the x86 giant is not happy

    Intel has found a new way to voice its displeasure over Congress' inability to pass $52 billion in subsidies to expand US semiconductor manufacturing: withholding a planned groundbreaking ceremony for its $20 billion fab mega-site in Ohio that stands to benefit from the federal funding.

    The Wall Street Journal reported that Intel was tentatively scheduled to hold a groundbreaking ceremony for the Ohio manufacturing site with state and federal bigwigs on July 22. But, in an email seen by the newspaper, the x86 giant told officials Wednesday it was indefinitely delaying the festivities "due in part to uncertainty around" the stalled Creating Helpful Incentives to Produce Semiconductors (CHIPS) for America Act.

    That proposed law authorizes the aforementioned subsidies for Intel and others, and so its delay is holding back funding for the chipmakers.

    Continue reading
  • Intel demands $625m in interest from Europe on overturned antitrust fine
    Chip giant still salty

    Having successfully appealed Europe's €1.06bn ($1.2bn) antitrust fine, Intel now wants €593m ($623.5m) in interest charges.

    In January, after years of contesting the fine, the x86 chip giant finally overturned the penalty, and was told it didn't have to pay up after all. The US tech titan isn't stopping there, however, and now says it is effectively seeking damages for being screwed around by Brussels.

    According to official documents [PDF] published on Monday, Intel has gone to the EU General Court for “payment of compensation and consequential interest for the damage sustained because of the European Commissions refusal to pay Intel default interest."

    Continue reading
  • Intel ships crypto-mining ASIC at the worst possible time
    Chipmaker finally ahead of schedule only to find it arrived too late

    Comment Intel has begun shipping its cryptocurrency-mining "Blockscale" ASIC slightly ahead of schedule, and the timing could not be more unfortunate as digital currency values continue to plummet.

    Raja Koduri, the head of Intel's Accelerated Computing Systems and Graphics group, tweeted Wednesday the company has started initial shipments of the Blockscale ASIC to crypto-mining firms Argo Blockchain, Hive Blockchain and Griid:

    Continue reading
  • Google battles bots, puts Workspace admins on alert
    No security alert fatigue here

    Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

    The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

    As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

    Continue reading

Biting the hand that feeds IT © 1998–2022