back to article VMware names virtual firewalls as first workload it will offload to SmartNICs

VMware has revealed that it has firewall vendors in its sights by announcing that the security appliances will be virtualised to run on SmartNICs under its ‘Project Monterey’ plan to relieve CPUs from the chore of running network functions. SmartNICs, also known as “DPUs”, are network interface cards that perform such devices …

  1. Mike 137 Silver badge

    security?

    A key contributor to the security offered by firewalls is (or at least used to be) out of band configuration. The secured channel and the configuration channel were (or should be) completely independent and non-interacting so a malicious actor couldn't use the secured channel to reconfigure the firewall. I have a niggling concern that using a NIC as a firewall element breaks this fundamental principle.

    1. Anonymous Coward
      Anonymous Coward

      Re: security?

      What I read into this is "whatever your devs want to allow, they can" which is the antithesis of a firewall because i rate developers just worse than hackers.

  2. Sparkus

    so, turning expansion cards into appliances that happen to fit into a standard server card slot?

  3. Pascal Monett Silver badge
    Trollface

    Fundamental principle ?

    Haven't you heard ? It's almost 2021 - we're following Boeing's stellar lead and are getting rid of those now.

    Now the goal is to ensure that the NSA has easy access to everything and, if anything goes wrong, we blame it on China.

  4. IGnatius T Foobar !

    Understand NSX-T to understand what's happening here.

    For those who are not familiar with VMware NSX-T -- one of the things it provides is an overlay fabric that allows virtual networks to operate without using VLANs. Each hypervisor has a TEP (Tunnel EndPoint) which handles encapsulation/decapsulation of frames on the fabric. Each hypervisor also has a distributed firewall engine, which allows security and forwarding to occur directly between virtual machines, on the same host or on different hosts, without connecting through a central firewall. It does this *today*. But it does it in the kernel.

    With a Smart NIC, these engines will move into the NIC, freeing up the host to use 100% of its CPU to do actual work. This is kind of a big deal.

    By the way ... hyperscale cloud providers have been doing this for quite some time now. What VMware is doing here, brings it to everyone else.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like