Intel offers “server-on-board” security reference design • The Register

RSA Conference Intel has released a reference design for a pluggable security card aimed at providing improved networking and security processing without requiring the additional rack space that a discrete appliance would require.

The NetSec Accelerator Reference Design [PDF] is actually a fully functional x86 compute node delivered as a PCIe card that can be integrated into an existing server. It combines an Intel Atom processor, an Intel Ethernet E810 network interface and up to 32 GB of memory to offload network security functions.

According to Intel, the new reference design is intended to enable a SASE (Secure Access Service Edge) model, a combination of software-defined security and wide area network (WAN) functions implemented as a native cloud service.

NetSec Accelerator Reference Design

This includes Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), Data Loss Prevention (DLP), and firewall features.

All of this would typically be delivered as virtualized or containerized services running on a standard server instead of a dedicated network appliance, but the NetSec Accelerator reference design offers an alternative approach that reduces the footprint of the infrastructure by effectively placing this server on a plug-in card, Intel claims.

One benefit of this approach is that existing security software developed for Intel-based systems should be easily ported to any product based on this reference design, with Intel saying developers can run it “virtually from the start.” out of the box” on what amounts to a mini-server based on standard Intel technology.

Another potential selling point is that host servers typically have multiple PCIe slots, allowing multiple NetSec Accelerator cards to be installed, each running a separate SASE service with its own set of compute, memory, and hardware resources. /S.

However, as with many Intel initiatives, the company doesn’t seem interested in offering the product itself, but rather throws it over the wall as a reference design for OEMs to pick up to bring it to market further. rapidly.

“This reference design allows a PCIe expansion card to deliver server capabilities in a small, power-efficient package. Vendors can integrate SASE functions into this board to maximize the capabilities of their edge server infrastructure,” Intel said. VP of Network and Edge Bob Ghaffari in a blog post.

The NetSec Accelerator reference design has two variants, with different CPU core counts and network configurations. One is an eight-core design based on the Atom P5721 chip with 2 x 25Gbps Ethernet ports, while the other is a 16-core design using the Atom P5742 chip and a single 100Gbps Ethernet port.

Both Atom chips appear to have integrated eight-port Ethernet switch functionality, as well as Intel’s QuickAssist Technology (Intel QAT) to speed up the processing of encryption functions.

According to Intel, ecosystem partners are already developing products based on the reference design, with F5 and Silicom named as the first vendors expected to hit the market.

Both would have products on display at the RSA conference this week, with Silicom unveiling the IAONIC card that’s supposed to be compatible with the NetSec accelerator, while F5 showcases a new security application running on it.

The NetSec Accelerator reference design makes an interesting comparison to SmartNICs or DPUs that other vendors offer for network offloading and security processing purposes. Rather than integrating a CPU with a network card, Intel has effectively put an entire mini server on an adapter card. Most SmartNICs or DPUs tend to be based on Arm processors, of course. ®