The Meltdown and Spectre microprocessors-based attacks are prime demonstrations for why the attempt to secure data or infrastructure via host-based solutions (i.e. host software or host processor) is destined to fail. When the security controls and the attacker share the same trust domain (the host) it is most likely to result in an undetected security breach. The only trusted way to protect the data center infrastructure is to separate the security controls from the host.
The Mellanox BlueField SmartNIC-based model for data center security solves both the security problems and the performance problems of edge-centric policy models, while allowing for significantly better scaling and cost savings. BlueField completely isolates the security controls from the host, where shared resources can be exploited at both the software level – and now, the hardware level.
In order to deliver networking capabilities in a more scalable, agile, and cost-effective manner, the networking environment in modern datacenters is transforming towards extreme speed and simplicity – pushing functionality that traditionally lived in the network onto host machines themselves.
Only on the edge of the network can granular visibility and security controls be effective on a per-workload basis. Security policy, therefore, is distributed and enforced using host-based SDN models at the server-access layer. The end-result is massive scalability.
However, having a smarter edge brings significant performance and security challenges that must be addressed:
- The server CPU cannot handle today’s exponential data growth. As more functionality is now implemented at the host, fewer compute resources are dedicated to running applications and tenant workloads.
- Endpoint protection suffers from an inherent issue as security controls are found on the same trust domain as that of the attacker. As such, a successful attack against the host is most likely to result in the security controls being subverted and the security policy violated.
Therefore we cannot trust the software running on a host – nor can we trust the CPU executing that software. We must provide a way to run infrastructure functionality (such as network, storage, and security) in a way that would not allow the enforced policy to be subverted even if the host is compromised. Cloud providers and enterprises, for example, need to trust their infrastructure functionality even when under attack. The Meltdown and Spectre microprocessors-based attacks are prime demonstrations for why this approach is a must for modern data center security.
Using the BlueField SmartNIC, the control and data planes of infrastructure functions (networking, storage, and security) are fully implemented in, and offloaded by, the smart network adapter in a manner that does not allow the host to interfere with their operation. Infrastructure functionality runs securely as it operates independent of the host in an isolated manner on a separate trust domain (the smart network adapter). A successful attack against the host, or one of the workloads using it, does not warrant the ability to alter the policies applied to infrastructure functions; those are enforced by the smart network adapter.
Additionally, with these key networking, storage, and security functions now being fully offloaded by the SmartNIC with zero host CPU utilization, more capacity is available per server.
This, combined with the ability to isolate and protect each individual workload, allows BlueField to control risk at the edge of the network, and enables distributed security to be built into the DNA of the data center infrastructure.