Why Offload Virtualized Network and Security Services?

This blog is co-authored by Paul Turner, Vice President Product Management vSphere, VMware.

We live in a time where the only true constant is change. Modern organizations continue to experience increasingly larger amounts of data traffic across their IT infrastructures from demanding applications like artificial intelligence, machine learning and big data. At the same time, the location of these applications is moving away from centralized architectures and becoming more distributed across data centers, the network edge and into multi-cloud environments. With an ever-increasing number of cyberattacks, security continues to be a major concern for all organizations.

It’s been very exciting to watch PC/server processing technologies evolve over the years, starting with the basic Central Processing Unit (CPU) which acts as the main controller for all applications and associated services like networking and security, to more recent Graphics Processing Unit (GPU) with parallel processing that helps accelerate computer graphics workloads. The Data Processing Unit (DPU) is the latest innovation in this space, with unique capabilities that include offloading infrastructure services from the CPU and enhancing their performance with built-in hardware accelerators.

Later this year, VMware and Dell Technologies will once again be breaking barriers together with the release of a jointly developed solution under the umbrella of Project Monterey that offloads NSX-T networking and security services to the DPU.

Offloading NSX-T networking services tasks from the server CPU to the DPU will allow the DPU to now take over handling of these services. For example, functions like virtual switching or packet processing leveraging hardware acceleration, will be processed by the DPU. This offloading has two key benefits for IT organizations. First, it saves server CPU cycles for applications and virtualization activities. Secondly, it improves virtual networking function performance using hardware accelerators. Using these accelerators will help meet real-time and delay-sensitive demands for modern applications that are such as distributed databases, video streaming and telco radio networks.

As with networking, the DPU offload of NSX-T security tasks will allow the DPU to relieve the CPU of these services. Offloading virtual security services to the DPU has two key benefits for an IT organization. It will provide distributed layer 4-7 virtual firewall security to take place on the DPU with no network performance impact. Additionally, implementing micro-segmentation on the DPU will help reduce the attack surface for cyberthreats to a minimum and enable a zero-trust architecture inside the data center.

Today’s enterprise organizations are being challenged with the demands of modern workloads and applications. To help with these challenges, a technology shift is occurring for virtual infrastructures with a distributed control fabric architecture by leveraging innovative DPU technology.

Dell and VMware are working closely together to help bring this unique DPU-based solution¹, that will offload virtual network and security services from the CPU to the DPU, with even more innovation to follow. To discover more, please visit Dell’s networking solutions page.

1 Based on internal analysis of publicly available information, June 29, 2022.