back to article Intel offers 'server on a card' reference design for network security

Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need. The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card …

  1. Maventi
    Facepalm

    Problem: Computers are insecure. Solution: Add another computer.

    1. Anonymous Coward
      Anonymous Coward

      Totally right at one level

      Much like TPMs, you have another couple million lines of code/billions of transistors to make mistakes with.

      The potential upside is still in reducing the attack surface, because the server on the card will be running a smaller and tighter config. So you can benefit from a drop in device that brokers the link between the parent server and outside world.

      Since smart NICs have been gaining traction again, it makes sense to allow this, and it will increase the pool of people with the needed skill sets. Technically you could do stuff like this 15 years ago, but the cpu architecture was radically different, they cost a fortune, and the processors didn't have a ton of oomph. We used some for SSL and TCP offload from New Zealand back in the day. Great guys.

      I looked at doing something similar when they added padlock to the Via nano, and a friend and I played around with linking the PCI slots to motherboard of another machine to do something similar, but it took a custom PCI interposer, divers, and was a hacked together mess. It was interesting work but my friends company passed on trying to get VIA to make something similar. Outside crypto miners I haven't seen to many people willing to live with the frakensquid problem posed by using linked PCIe slots.

      I look forward to tinkering with one of these things when I can get my hands on one. I'd love to load BSD on one along with SSH, Wireguard, and the native PF firewall would be a good start for things.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like