Intel offers 'server on a card' reference design for network security

OEMs thrown a NetSec Accelerator that plugs into server PCIe slots

RSA Conference Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need.

The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server. It combines an Intel Atom processor, Intel Ethernet E810 network interface, and up to 32GB of memory to offload network security functions.

According to Intel, the new reference design is intended to enable a secure access service edge (SASE) model, a combination of software-defined security and wide-area network (WAN) functions implemented as a cloud-native service.

NetSec Accelerator Reference Design

NetSec Accelerator Reference Design

This includes cloud access security broker (CASB), secure web gateway (SWG), data loss prevention (DLP), and firewall capabilities.

All of this this would typically be delivered as virtualized or containerized services running on a standard server instead of a dedicated network appliance, but the NetSec Accelerator Reference Design offers an alternative approach that reduces the infrastructure footprint by effectively putting that server onto a plug-in card, Intel claims.

One advantage of this approach is that existing security software developed for Intel-based systems should be easily ported to any product based on this reference design, with Intel claiming that developers can run them "practically straight out of the box" on what amounts to a mini-server built on standard Intel technology.

Another potential selling point is that host servers typically have multiple PCIe slots, making it possible for more than one NetSec Accelerator card to be fitted, each running a separate SASE service with its own set of compute, memory, and I/O resources.

However, as with many Intel initiatives, the company does not appear to be interested in offering the product itself, but is rather throwing it over the wall as a reference design for OEMs to pick up to bring it to the market more quickly.

"This reference design enables a PCIe add-in card to deliver the capabilities of a server within a small, power-efficient package. Vendors can integrate SASE functions in this card to maximize the capabilities of their server infrastructure at the edge," said Intel VP for the Network & Edge Bob Ghaffari in a blog post.

The NetSec Accelerator Reference Design has two variations, with differing CPU core counts and network configurations. One is an eight-core design based on the Atom P5721 chip with 2x 25Gbps Ethernet ports, while the other is a 16-core design using the Atom P5742 chip and a single 100Gbps Ethernet port.

Both Atom chips appear to have integrated eight-port Ethernet switch functionality, as well as Intel's QuickAssist Technology (Intel QAT) for accelerating the processing of encryption functions.

According to Intel, ecosystem partners are already developing products based on the reference design, with F5 and Silicom singled out as the first vendors that are expected to come to market.

Both are said to have products on show at the RSA Conference this week, with Silicom unveiling the IAONIC Card said to be compatible with the NetSec Accelerator, while F5 is showcasing a new security application running on it.

The NetSec Accelerator Reference Design makes an interesting comparison with the SmartNICs or DPUs that other vendors are offering for network offload and security processing purposes. Rather than integrate a CPU with a network adapter, Intel has effectively put an entire mini server onto an adapter card. Most SmartNICs or DPUs tend to be based on Arm CPUs, of course. ®

Broader topics

Other stories you might like

  • Linux Foundation thinks it can get you interested in smartNICs
    Step one: Make them easier to program

    The Linux Foundation wants to make data processing units (DPUs) easier to deploy, with the launch of the Open Programmable Infrastructure (OPI) project this week.

    The program has already garnered support from several leading chipmakers, systems builders, and software vendors – Nvidia, Intel, Marvell, F5, Keysight, Dell Tech, and Red Hat to name a few – and promises to build an open ecosystem of common software frameworks that can run on any DPU or smartNIC.

    SmartNICs, DPUs, IPUs – whatever you prefer to call them – have been used in cloud and hyperscale datacenters for years now. The devices typically feature onboard networking in a PCIe card form factor and are designed to offload and accelerate I/O-intensive processes and virtualization functions that would otherwise consume valuable host CPU resources.

    Continue reading
  • Intel is running rings around AMD and Arm at the edge
    What will it take to loosen the x86 giant's edge stranglehold?

    Analysis Supermicro launched a wave of edge appliances using Intel's newly refreshed Xeon-D processors last week. The launch itself was nothing to write home about, but a thought occurred: with all the hype surrounding the outer reaches of computing that we call the edge, you'd think there would be more competition from chipmakers in this arena.

    So where are all the AMD and Arm-based edge appliances?

    A glance through the catalogs of the major OEMs – Dell, HPE, Lenovo, Inspur, Supermicro – returned plenty of results for AMD servers, but few, if any, validated for edge deployments. In fact, Supermicro was the only one of the five vendors that even offered an AMD-based edge appliance – which used an ageing Epyc processor. Hardly a great showing from AMD. Meanwhile, just one appliance from Inspur used an Arm-based chip from Nvidia.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022