"Disaggregation of the server"...
or "a new place for undetectable, persistent malware to run"?
VMware has, as The Register predicted, revealed plans to make the Arm-enabled cut of its ESXi hypervisor a proper product and will run it on SmartNICs in an attempt to better serve demanding applications and bring even bare-metal servers under its umbrella. Announced today ahead of the annual VMworld conference as "Project …
"... or a new place for undetectable, persistent malware to run"
Correct me if I am wrong but it is *your* kit .... so you should have enough control to *know* what is running where !!!
If your confidence is not very high then you need to address your controls and *who* you are allowing to run amok with 'Hobnail boots' in your enterprise !!! :)
Downvotes are below ...... TY :)
[To be fair ... it sounds like something that could be useful .... of course it will need to be tested for stability/usability and VFM.]
NIC development progresses like this:
1. Offload TCP to the NIC
2. Offload TLS to the NIC
3. Allow running of VMs on the NIC ?!
The NIC card now sees all your unencrypted traffic *and* can run arbitrary software. Sure, the admin will choose what they *want* running there - but it's not like there have never been security holes in hypervisors, or that code-signing certs have never been issued to malicious users.
Biting the hand that feeds IT © 1998–2021