Nvidia DPU tackles zero trust

0

//php echo do_shortcode(‘[responsivevoice_button voice=”US English Male” buttontext=”Listen to Post”]’) ?>

The pandemic era of remote work has highlighted the need for robust security as endpoints proliferate exponentially and workloads become more distributed. Nvidia’s latest data processing unit (DPU) shows that these distributed computing environments are here to stay, and that hardware has a key role to play in implementing zero-trust security, whether in the data center data or at the edge.

Nvidia’s BlueField-2 DPUs will be deployed in Dell PowerEdge systems to improve the performance of virtualized workloads based on VMware vSphere 8.

The new offering is the result of two years of collaboration with VMware, with a focus on meeting demands for artificial intelligence workloads and security services, said Kevin Deierling, senior vice president of networked at Nvidia, at EE Times. Optimized for the VMware vSphere 8 enterprise workload platform, the Nvidia-Dell combo includes Nvidia BlueField DPUs, Nvidia GPUs, and Nvidia AI Enterprise software.

The DPU is used to offload, isolate, accelerate and secure data center infrastructure services, so that CPUs and GPUs are free to focus on running and processing large volumes of workloads for the ‘AI and other data center applications.

The ever-increasing amount of microservices supporting containerized and virtualized applications distributed across data centers puts a strain on processors, Deierling said.

“CPU capacity is consumed by security aspects, moving data, and running huge amounts of east-west traffic to allow these distributed applications to communicate with each other and in effect share all the data across the network. ‘data set,’ he said. .

Modern applications, including AI, continue to generate massive amounts of data and processing, and this data consumes CPU cycles.

As part of a larger platform developed with VMware, Nvidia’s BlueField-2 is used to offload, isolate, accelerate and secure data center infrastructure services, so CPUs and GPUs are free from focus on running and processing large volumes of workloads for AI and other applications. (Source: Nvidia)

In addition to reducing the strain on CPUs and GPUs, DPU programmability plays a role in enhancing the security of multi-cloud and edge environments, Deierling said. “The increased demand for distributed applications is the other thing that’s happening.”

Instead of a single monolithic application, microservices are distributed across the entire data center and more computations are performed at the edge, all of which needs to be secured.

This is where zero-trust security comes in.

“Zero-trust security really implies that everything inside the data center is untrusted,” he said, noting that it means all users, devices and data must be authenticated. and validated.

The Nvidia platform takes the approach that devices are the foundation of zero-trust security. All firmware being loaded can be authenticated in the boot and runtime environments so that anything running in the data center is trusted.

Encryption, of course, is essential to securing hardware. But, as Deierling noted, this is a very expensive and CPU-intensive process.

The BlueField-2 DPU can take over to accelerate this encryption and decryption with hardware, allowing all data to be encrypted, east-west traffic, both while the data is in motion and in storage.

Nvidia’s BlueField-2 DPUs will be deployed in Dell PowerEdge systems to improve the performance of VMware vSphere 8-based virtualized workloads. (Source: Nvidia)

Other platform features include using the GPU and DPU together to apply AI to detect abnormal behavior, such as quickly entering passwords beyond what a human can type . He said the combination of DPU and AI can examine how people interact with the data center and detect abnormal behavior even when the data is encrypted.

Zero trust as a concept has primarily been the domain of IT managers. And it’s more than technology; it is a cybersecurity philosophy that includes best practices and processes. At the heart of the concept of zero trust, users should only have access to applications, data and services to the extent necessary to do their job. But as threat actors increasingly turn to American industrial control systems (ICS) and target critical infrastructure and especially utilities, securing operational technology (OT) at the hardware level becomes increasingly important.

Even without the zero-trust moniker, adding device-level security is gaining traction, whether it’s memory cards or the network interface. Security features in memory proliferated long before the meteoric growth of edge computing, the Internet of Things, and connected cars: the “S” in the SD card stands for “secure” electrically erasable Programmable Read Only Memory (E2PROM) is preferred for credit cards, SIM cards and keyless entry systems.

Flash-based SSDs have included encryption for years, although there have been qualms as to how this might affect drive performance. Self-encrypting drives, such as those made by Virtium, include dedicated encryption engines using Advanced Encryption Standard (AES) that do not require software to run on the host. CrossBar has recently focused on secure computing with ReRAM and PUF technology.

Hardware-based security features reflect the inevitability of every connected system, and that one compromised device due to hacker tampering can affect a number of different computing platforms, including an autonomous vehicle, which is basically a server on wheels, or industrial, medical and IoT devices connected through the 5G network.

The left-of-device security integration also aligns with the concept of DevSecOps, where developers intend to think about security early in the software application development process, rather than locking it down. afterwards. It also reduces the likelihood of security features degrading application performance, and Nvidia’s approach of shifting security responsibilities to its DPU so that GPUs and CPUs are taxed less fits well with this philosophy.

Related Articles

Connected devices need more secure memory

Memory is only one piece of the security puzzle

CrossBar aims to secure computing with ReRAM

Zero-Trust and the Rise of ICS and OT Security Threats

SSD survey sheds light on encryption and performance misconceptions

Share.

About Author

Comments are closed.