OpenStack Summit 2016: Netronome Offers Scalable Zero-Trust Security and Higher-Performance Connectivity with New 25G Adapter

Glen Hunt - Principal Analyst, Transport and Routing Infrastructure
Glen Hunt – Principal Analyst, Transport and Routing Infrastructure

Summary Bullets:

  • Increased east-west server-to-server data center traffic leaves traditional perimeter defense mechanisms challenged to provide adequate trust and privileges for virtual machines (VMs) while current zero-trust mechanisms consume valuable server resources.
  • Netronome’s new Agilio CX intelligent server adapter promises to deliver 25 Gbps of throughput; integration with Open vSwitch firewall and Mirantis OpenStack delivers the benefits of hardware acceleration and improved VM performance.

At the August 2016 OpenStack Summit, Netronome announced enhancements to its Agilio Server Networking Platform with the introduction of the Agilio CX dual-port 25GbE intelligent server adapter (ISA) and Agilio OVS Firewall software. The new platform is integrated with the Mirantis OpenStack solution, with the goal of easing cloud-based provisioning, and promises to improve performance and scale when implementing Linux Firewall-based as well as zero-trust security using OpenStack security groups. As service providers migrate their infrastructures to a data center model to meet growing demands for cloud-based services, issues such as scale and security increase ever more.

The new dual-port 25GbE adapter improves overall server efficiency when running secure data center applications based on a zero-trust security architecture. Netronome noted that the enhancements offload OVS and Linux Firewall features into the adapter hardware while preserving the benefits of live VM migration using innovative open source technologies such as VirtIO technology (disk drive) extensions. As a result, output per server and the level of security for server applications are significantly improved, allowing for significant reduction in total cost of ownership (TCO).

The solution will likely have broad appeal since a high percentage of deployments are based on OpenStack as well as OVS and Linux Firewall. These security applications consume CPU cycles at networking speeds of 10/25GbE and higher, which can adversely impact VM and application performance. The recently ratified, IEEE SFP28-based 25GbE specification enables more than two times the performance of 10GbE with similar connector and cabling costs. As a result, operators gain a breakthrough solution to consider in advancing their objective to scale data center server-to-server traffic and improve VM performance while implementing zero-trust security for all applications.

Leave a Reply