developer.nvidia.com Open in urlscan Pro
152.199.20.126  Public Scan

Form analysis
2 forms found in the DOM

GET https://developer.nvidia.com/blog/

<form class="gss form-search content-search" action="https://developer.nvidia.com/blog/" method="GET" id="nvidia-site-search-form" accept-charset="UTF-8">
  <div>
    <div class="input-group">
      <input placeholder="Search" class="form-control form-text" type="text" id="edit-term" name="search_posts_filter" value="" size="15" maxlength="128">
      <span class="input-group-btn">
        <button type="submit" class="btn btn-default">
          <i class="fa fa-search" aria-hidden="true"></i>
        </button>
      </span>
    </div>
    <button class="btn element-invisible btn-primary form-submit" type="submit" id="edit-submit" name="op" value="Search">Search</button>
  </div>
  <input type="hidden" name="prxvGOjsY" value="[ARE5KNSm9G]"><input type="hidden" name="kXmAuQ" value="8RvgHyP1AL2l">
</form>

GET https://developer.nvidia.com/blog/

<form class="gss form-search content-search" action="https://developer.nvidia.com/blog/" method="GET" id="nvidia-site-search-form" accept-charset="UTF-8">
  <div>
    <div class="input-group">
      <input placeholder="Search" class="form-control form-text" type="text" id="edit-term" name="search_posts_filter" value="" size="15" maxlength="128">
      <span class="input-group-btn">
        <button type="submit" class="btn btn-default">
          <i class="fa fa-search" aria-hidden="true"></i>
        </button>
      </span>
    </div>
    <button class="btn element-invisible btn-primary form-submit" type="submit" id="edit-submit" name="op" value="Search">Search</button>
  </div>
  <input type="hidden" name="prxvGOjsY" value="[ARE5KNSm9G]"><input type="hidden" name="kXmAuQ" value="8RvgHyP1AL2l">
</form>

Text Content

Over 500 GTC sessions now available free on NVIDIA On-Demand
Watch now
DEVELOPER
 * Home
 * Blog
 * Forums
 * Docs
 * Downloads
 * Training

 * 
   Search
 * Join
 * 


DEVELOPER BLOG

Subscribe
Technical Walkthrough Dec 06, 2021


BUILDING A FOUNDATION FOR ZERO TRUST SECURITY WITH NVIDIA DOCA 1.2

By Scott Ciccone and Ariel Kit
Discuss (0)
Share
0
Like
Tags: BlueField, Cybersecurity / Fraud Detection, DOCA, DPU, Software Tools and
Libraries, technical walkthrough



Today, NVIDIA released the NVIDIA DOCA 1.2 software framework for NVIDIA
BlueField DPUs, the world’s most advanced data processing unit (DPU). Designed
to enable the NVIDIA BlueField ecosystem and developer community, DOCA is the
key to unlocking the potential of the DPU by offering services to offload,
accelerate, and isolate infrastructure applications services from the CPU. 

DOCA is a software framework that brings together APIs, drivers, libraries,
sample code, documentation, services, and prepackaged containers to simplify and
speed up application development and deployment on BlueField DPUs on every data
center node. Together, DOCA and BlueField create an isolated and secure services
domain for networking, security, storage, and infrastructure management that is
ideal for enabling a zero-trust strategy.

The DOCA 1.2 release introduces several important features and use cases. 


PROTECT HOST SERVICES WITH ADAPTIVE CLOUD SECURITY

A modern approach to security based on zero trust principles is critical to
securing today’s data centers, as resources inside the data center can no longer
be trusted automatically.  App Shield enables detection of attacks on critical
services in a system. In many systems, those critical services are responsible
for ensuring the integrity and privacy of the execution of many applications.

Figure 1. Shield your host services with adaptive cloud security

DOCA App Shield provides host monitoring enabling cybersecurity vendors to
create accelerated intrusion detection system (IDS) solutions to identify an
attack on any physical or virtual machine. It can feed data about application
status to security information and event management (SIEM) or extended detection
and response (XDR) tools and also enhances forensic investigations.

If a host is compromised, attackers normally exploit the security control
mechanism breaches to move laterally across data center networks to other
servers and devices. App Shield enables security teams to shield their
application processes, continuously validate their integrity, and in turn detect
malicious activity. 

In the event that an attacker kills the machine security agent’s processes, App
Shield can mitigate the attack by isolating the compromised host, preventing the
malware from accessing confidential data or spreading to other resources. App
Shield is an important advancement in the fight against cybercrime and an
effective tool to enable a zero-trust security stance.

BlueField DPUs and the DOCA software framework provide an open foundation for
partners and developers to build zero-trust solutions and address the security
needs of the modern data center. Together, DOCA and BlueField create an isolated
and secure services domain for networking, security, storage, and infrastructure
management that is ideal for enabling a zero-trust strategy.


CREATE TIME-SYNCHRONIZED DATA CENTERS

Precision timing is a critical capability to enable and accelerate distributed
apps from edge to core. DOCA Firefly is a data center timing service that
supports extremely precise time synchronization everywhere. With
nanosecond-level clock synchronization, you can enable a new broad range of
timing-critical and delay-sensitive applications. 

Figure 2. Precision time-synchronized data center service

DOCA Firefly addresses a wide range of use cases, including the following:

 * High-frequency trading
 * Distributed databases
 * Industrial 5G radio access networks (RAN)
 * Scientific research
 * High performance computing (HPC)
 * Omniverse digital twins
 * Gaming
 * AR/VR
 * Autonomous vehicles
 * Security

It enables data consistency, accurate event ordering, and causality analysis,
such as ensuring the correct sequencing of stock market transactions and fair
bidding during digital auctions. The hardware engines in the BlueField
application-specific integrated circuit (ASIC) are capable of time-stamping data
packets at full wire speed with breakthrough nanosecond-level accuracy. 

Improving the accuracy of data center timing by orders of magnitude offers many
advantages. 

With globally synchronized data centers, you can accelerate distributed
applications and data analysis including AI, HPC, professional media production,
telco virtual network functions, and precise event monitoring. All the servers
in the data center—or across data centers—can be harmonized to provide something
that is far bigger than any single compute node.

The benefits of improving data center timing accuracy include a reduction in the
amount of compute power and network traffic needed to replicate and validate the
data. For example, Firefly synchronization delivers a 3x database performance
gain to distributed databases.


DOCA HBN BETA

The BlueField DPU is a unique solution for network acceleration and policy
enforcement within an endpoint host. At the same time, BlueField provides an
administrative and software demarcation between the host operating system and
functions running on the DPU. 

With DOCA host-based networking (HBN), top-of-rack (TOR) network configuration
can extend down to the DPU, enabling network administrators to own DPU
configuration and management while application management can be handled
separately by x86 host administrators. This creates an unparalleled opportunity
to reimagine how you can build data center networks.

DOCA 1.2 provides a new driver for HBN called Netlink to DOCA (nl2doca) that
accelerates and offloads traditional Linux Netlink messages. nl2doca is provided
as an acceleration driver integrated as part of the HBN service container. You
can now accelerate host networking for L2 and L3 that relies on DPDK, OVS, or
now kernel routing with Netlink. 

NVIDIA is adding support for the open-source Free Range Routing (FRR) project,
running on the DPU and leveraging this new nl2doca driver. This support enables
the DPU to operate exactly like a TOR switch plus additional benefits. FRR on
the DPU enables EVPN networks to move directly into the host, providing layer 2
(VLAN) extension and layer 3 (VRF) tenant isolation.

HBN on the DPU can manage and monitor traffic between VMs or containers on the
same node. It can also analyze and encrypt or decrypt then analyze traffic to
and from the node, both tasks that no ToR switch can perform. You can build your
own Amazon VPC-like solution in your private cloud for containerized, virtual
machine, and bare metal workloads.

HBN with BlueField DPUs revolutionizes how you build data center networks. It
offers the following benefits:

 * Plug-and-play servers: Leveraging FRR’s BGP unnumbered, servers can be
   directly connected to the network with no need to coordinate server-to-switch
   configurations. No need for MLAG, bonding, or NIC teaming.
 * Open, interoperable multi-tenancy: EVPN enables server-to-server or
   server-to-switch overlays. This provides multi-tenant solutions for bare
   metal, closed appliances, or any hypervisor solution, regardless of the
   underlay networking vendor. EVPN provides distributed overlay configuration,
   while eliminating the need for costly, proprietary, centralized SDN
   controllers.
 * Secure network management: The BlueField DPU provides an isolated environment
   for network policy configuration and enforcement. There are no software or
   dependencies on the host. 
 * Enabling advanced HCI and storage networking: BlueField provides a simple
   method for HCI and storage partners to solve current network challenges for
   multi-tenant and hybrid cloud solutions, regardless of the hypervisor.
 * Flexible network offloading: The nl2doca driver provided by HBN enables any
   netlink capable application to offload and accelerate kernel based networking
   without the complexities of traditional DPDK libraries. 
 * Simplification of TOR switch requirements: More intelligence is placed on the
   DPU within the server, reducing the complexity of the TOR switch.

Additional DOCA 1.2 SDK updates:

 * DOCA FLOW – Firewall (Alpha)
 * DOCA FLOW – Gateway (Beta)
 * DOCA FLOW remote APIs
 * DOCA 1.2 includes enhancements and scale for IPsec and TLS


DLI COURSE: INTRODUCTION TO DOCA FOR THE BLUEFIELD DPU

In addition, NVIDIA is introducing a Deep Learning Institute (DLI) course:
Introduction to DOCA for the BlueField DPU. The main objective of this course is
to provide students, including developers, researchers, and system
administrators, with an introduction to DOCA and BlueField DPUs. This enables
students to successfully work with DOCA to create accelerated applications and
services powered by BlueField DPUs.


TRY DOCA TODAY

You can experience DOCA today with the DOCA software, which includes DOCA SDK
and runtime accelerated libraries for networking, storage, and security. The
libraries help you program your data center infrastructure running on the DPU.

The DOCA Early Access program is open now for applications. To receive news and
updates about DOCA or to become an early access member/partner, register on the
DOCA Early Access page.

For more information, see the following resources:

 * NVIDIA Introduces BlueField DPU as a Platform for Zero Trust Security with
   DOCA 1.2
 * Register for the North American NVIDIA DPU Hackathon
 * Take the Introduction to NVIDIA DOCA for BlueField DPUs DLI Course
 * DPU-Based Hardware Acceleration: A Software Perspective


ABOUT THE AUTHORS

About Scott Ciccone
Scott is currently the Director of Product Marketing at NVIDIA, after joining as
part of the Cumulus Networks acquisition in 2020. Scott has over 20 years of
experience in a variety of Product Marketing and Product Management roles,
specializing in kick starting new lines of business within high growth
environments including Cumulus Networks, Palo Alto Networks, Cisco and Sun
Microsystems. Scott received his BS Degree from Rochester Institute of
Technology in Biomedical Computing and his MBA in Marketing from Babson College.
View all posts by Scott Ciccone
About Ariel Kit
Ariel Kit is director of product marketing for Networking at NVIDIA. Ariel
manages the strategy and delivery of the NVIDIA BlueField DPU software portfolio
and cybersecurity. Ariel brings more than 6 years of experience in product
development in the fields of cybersecurity and embedded system-on-chip, backed
up by over 12 years in R&D managerial roles. He holds a B.Sc. in communication
systems engineering and an MBA.
View all posts by Ariel Kit


COMMENTS


START THE DISCUSSION AT FORUMS.DEVELOPER.NVIDIA.COM



TOPICS



+ Automotive + Computer Vision + Conversational AI + CUDA+ Data Science+ Edge
Computing+ Game Development+ Healthcare & Life Sciences+ HPC + Networking+ News+
Recommenders + Robotics+ Simulation + technical walkthrough
 * 

FEATURED

IVA/IoT Developing and Deploying Your Custom Action Recognition Application
Without Any AI Expertise Using NVIDIA TAO and NVIDIA DeepStream
AI / Deep Learning NVIDIA Announces TensorRT 8.2 and Integrations with PyTorch
and TensorFlow
AI / Deep Learning Boosting NVIDIA MLPerf Training v1.1 Performance with Full
Stack Optimization

RELATED POSTS

IVA/IoT Developing and Deploying Your Custom Action Recognition Application
Without Any AI Expertise Using NVIDIA TAO and NVIDIA DeepStream
AI / Deep Learning Optimizing T5 and GPT-2 for Real-Time Inference with NVIDIA
TensorRT
AI / Deep Learning Accelerating Inference Up to 6x Faster in PyTorch with
Torch-TensorRT
AI / Deep Learning Boosting NVIDIA MLPerf Training v1.1 Performance with Full
Stack Optimization
Data Science Fingerprinting Every Network User and Asset with NVIDIA Morpheus
NVIDIA
Copyright © 2021 NVIDIA Corporation
 * Legal Information
 * Privacy Policy
 * Cookie policy


18 Shares
Share
Tweet
Email
Share
Pin

 * 
   Search
 * Join
 * 

 * Home
 * Blog
 * Forums
 * Docs
 * Downloads
 * Training

More topics