As the movement of APIs, data and security processes becomes more splintered to the faraway reaches of global IT systems, the tech needed to manage larger and more complicated processing assignments becomes necessary to reinvent. Legacy data center equipment simply won't cut it anymore for things like genomic mapping, generative artificial intelligence (genAI) apps and other large language model (LLM) workloads.
Gartner predicts by the end of 2025, more than 50% of enterprise-managed data will be created and processed outside of the data center or cloud. This will mark a turning point in the enterprise IT world. As more workloads are deployed in compute nodes at the edge and the need to protect them remains a high priority, Santa Clara, CA-based Intel is working with a set of first-mover companies to develop new networking security hardware and software to deliver these new workloads unbreached by bad actors.
The “more than a processor” maker is filling a major need in the market here in 2024 with a smart peripheral component interconnect express (PCIe)card reference design for network security providers, called Intel® NetSec Accelerator Reference Design. It includes an Intel Atom® processor, Intel Xeon® D processor and Intel Ethernet Controller E810 to deliver the full functionality of a server on a compact PCIe card that can fit into multiple places in a compute node. This is similar to having a swappable, remote-control PC out there on the front lines, feeding and channeling data back to home base as required by the use case.
One of the first Intel partners to put this reference design to work is also based in Santa Clara: Versa Networks. This forward-thinking networking and cybersecurity firm secures and simplifies the management of networks for enterprises, teleworkers and end-users.
Versa specializes in secure access service edge (SASE), a cloud architecture model that combines network and security-as-a-service functions and delivers them as a single cloud service. Using this on a NetSec Accelerator PCIe card containing an Intel processor provides a next-gen solution for getting high-end work done in secure, zero-trust network access (ZTNA) fashion. ZTNA is a product or service that creates an identity- and context-based, logical access boundary around an Application or set of applications and allows for security posture-based access control.
Wherever these types of functions and services can be combined into a single management package, network administrators have been known to bow and thank the originators of such a software platform. Several specialized admins were needed for various aspects of networking security development in the past, which continues to be widespread today.
Now a much smaller, more agile team can keep an enterprise security system up and running effectively by using more centralized controls and automation to do the heavy lifting.
How Versa and Intel came to collaborateVersa had been looking for the right network interface controller (NIC) partner for a long time. Finally, it found the right one, and it happened to be right across town.
“For three or four years, we were trying to find SmartNICs to offload many of the security and other stateful functions we have, but we could not find one,” Versa Vice President of Products Dogu Narin said. “We talked to every vendor out there. Finally, when Intel came to us, we said: 'This is different from the rest of them because it is Intel processor-based, which gives us the opportunity to run all the security functions in whichever way the customer wanted, with no restrictions other than distance.' It was a great matchup.”
The Versa Secure SD-NIC natively integrates a payment card industry (payment card industry (payment card industry (PCI))) card based on the Intel reference design powered by the multicore Intel processor with the proprietary Versa Operating System (VOS). This architecture extends the security parameter directly into compute devices, putting to work advanced stateful L4-L7 features such as ZTNA, adaptive microsegmentation, threat protection and data security, Narin said.
Versa is the first vendor in the industry to provide so-called “SASE on a SmartNIC” functionality for multiple high-value, zero-trust networking use cases, Narin said. This can include virtualized multi-tenant data center, financial and health care applications and deploying secure computing in untrusted environments. Suffice it to say there are plenty of untrusted environments around the world, and you don't want to have to worry about them all the time.
Delivering Versa's Secure SD-NIC on Intel NetSec Accelerator Reference Design enables users to deploy first-class SASE connectivity and security functions found in its other product lines — Versa Secure SD-WAN, Versa SSE and Versa Secure SD-LAN, analytics and multi-tenancy on-premises and in the cloud, Narin said. All of these services are included in the Versa pallet.
Use case: On land, sea, air or spaceUse cases can explain a lot about a technology. One involves the U.S. Department of Defense, where its network operators were looking for ways to deploy SmartNICs in a variety of different compute environments. DoD wanted to acquire a large number of these smart network cards to be able to hot-swap them in and out of compute nodes wherever necessary — on land, sea, air, or space.
“They wanted to have secure connectivity to these assets wherever they are,” Narin said. “They could be hardened compute platforms that are running out in the field for DoD applications, or they could be on a ship. They could be used for anything, but as long as they can take a PCI card they can be deployed. They may be mobile, they may be static, they may be in a base, they may be somewhere in the air, etc. Using these removable network cards, they can have a fast and secure connection to a security template.”
Value of single-pass networkingPart of Versa's secret sauce is single-pass networking, a design principle on which a data packet undergoes all necessary processing only once as it travels through the network. This contrasts with conventional approaches where a packet might be inspected and manipulated by multiple separate functions, potentially requiring it to pass through each function several times.
Obviously, data speed through the system is increased by using this technique. There are two other key benefits to single-pass pipeline architecture:
- Increased efficiency: By processing each packet only once, the overall processing overhead is reduced. This leads to faster performance and lower latency, which is critical for applications that require real-time responsiveness.
- Simplified management: Having a single processing pipeline means there's only one set of policies to manage and configure. This simplifies network administration and reduces the risk of inconsistencies.
Other companies are now coming up with their own customized smart network cards based on the Intel reference design. NoName Security, for one, is modifying its Intel NICs to add a remote machine-learning engine on the card to help direct AI data streams safely to their destinations, even after they get jammed in a buffer zone.
Israel-based Silicom markets IAONIC SmartNIC, which is a commercially available SmartNIC product built on Intel NetSec Accelerator Reference Design. Additionally, Intel's FPGA and IPU-based offerings can be used as building blocks for network function virtualization (NFV) implementations. NFV allows network operators to virtualize network functions traditionally performed by dedicated hardware appliances.