developer.nvidia.com
Open in
urlscan Pro
152.199.20.126
Public Scan
Submitted URL: http://email.nvidianews.com/MTA4LUlPTi01NTYAAAGBMFUE-JOjF0DHCkd9XUxxxEplqQrFwDVhHb2-Ba6534VveGwA4X4SYa8uv5gRmjvSBBlha8I=
Effective URL: https://developer.nvidia.com/blog/nvidia-introduces-doca-1-2/?ncid=em-prod-199179
Submission: On December 06 via api from SE — Scanned from DE
Effective URL: https://developer.nvidia.com/blog/nvidia-introduces-doca-1-2/?ncid=em-prod-199179
Submission: On December 06 via api from SE — Scanned from DE
Form analysis
2 forms found in the DOMGET https://developer.nvidia.com/blog/
<form class="gss form-search content-search" action="https://developer.nvidia.com/blog/" method="GET" id="nvidia-site-search-form" accept-charset="UTF-8">
<div>
<div class="input-group">
<input placeholder="Search" class="form-control form-text" type="text" id="edit-term" name="search_posts_filter" value="" size="15" maxlength="128">
<span class="input-group-btn">
<button type="submit" class="btn btn-default">
<i class="fa fa-search" aria-hidden="true"></i>
</button>
</span>
</div>
<button class="btn element-invisible btn-primary form-submit" type="submit" id="edit-submit" name="op" value="Search">Search</button>
</div>
<input type="hidden" name="prxvGOjsY" value="[ARE5KNSm9G]"><input type="hidden" name="kXmAuQ" value="8RvgHyP1AL2l">
</form>
GET https://developer.nvidia.com/blog/
<form class="gss form-search content-search" action="https://developer.nvidia.com/blog/" method="GET" id="nvidia-site-search-form" accept-charset="UTF-8">
<div>
<div class="input-group">
<input placeholder="Search" class="form-control form-text" type="text" id="edit-term" name="search_posts_filter" value="" size="15" maxlength="128">
<span class="input-group-btn">
<button type="submit" class="btn btn-default">
<i class="fa fa-search" aria-hidden="true"></i>
</button>
</span>
</div>
<button class="btn element-invisible btn-primary form-submit" type="submit" id="edit-submit" name="op" value="Search">Search</button>
</div>
<input type="hidden" name="prxvGOjsY" value="[ARE5KNSm9G]"><input type="hidden" name="kXmAuQ" value="8RvgHyP1AL2l">
</form>
Text Content
Over 500 GTC sessions now available free on NVIDIA On-Demand Watch now DEVELOPER * Home * Blog * Forums * Docs * Downloads * Training * Search * Join * DEVELOPER BLOG Subscribe Technical Walkthrough Dec 06, 2021 BUILDING A FOUNDATION FOR ZERO TRUST SECURITY WITH NVIDIA DOCA 1.2 By Scott Ciccone and Ariel Kit Discuss (0) Share 0 Like Tags: BlueField, Cybersecurity / Fraud Detection, DOCA, DPU, Software Tools and Libraries, technical walkthrough Today, NVIDIA released the NVIDIA DOCA 1.2 software framework for NVIDIA BlueField DPUs, the world’s most advanced data processing unit (DPU). Designed to enable the NVIDIA BlueField ecosystem and developer community, DOCA is the key to unlocking the potential of the DPU by offering services to offload, accelerate, and isolate infrastructure applications services from the CPU. DOCA is a software framework that brings together APIs, drivers, libraries, sample code, documentation, services, and prepackaged containers to simplify and speed up application development and deployment on BlueField DPUs on every data center node. Together, DOCA and BlueField create an isolated and secure services domain for networking, security, storage, and infrastructure management that is ideal for enabling a zero-trust strategy. The DOCA 1.2 release introduces several important features and use cases. PROTECT HOST SERVICES WITH ADAPTIVE CLOUD SECURITY A modern approach to security based on zero trust principles is critical to securing today’s data centers, as resources inside the data center can no longer be trusted automatically. App Shield enables detection of attacks on critical services in a system. In many systems, those critical services are responsible for ensuring the integrity and privacy of the execution of many applications. Figure 1. Shield your host services with adaptive cloud security DOCA App Shield provides host monitoring enabling cybersecurity vendors to create accelerated intrusion detection system (IDS) solutions to identify an attack on any physical or virtual machine. It can feed data about application status to security information and event management (SIEM) or extended detection and response (XDR) tools and also enhances forensic investigations. If a host is compromised, attackers normally exploit the security control mechanism breaches to move laterally across data center networks to other servers and devices. App Shield enables security teams to shield their application processes, continuously validate their integrity, and in turn detect malicious activity. In the event that an attacker kills the machine security agent’s processes, App Shield can mitigate the attack by isolating the compromised host, preventing the malware from accessing confidential data or spreading to other resources. App Shield is an important advancement in the fight against cybercrime and an effective tool to enable a zero-trust security stance. BlueField DPUs and the DOCA software framework provide an open foundation for partners and developers to build zero-trust solutions and address the security needs of the modern data center. Together, DOCA and BlueField create an isolated and secure services domain for networking, security, storage, and infrastructure management that is ideal for enabling a zero-trust strategy. CREATE TIME-SYNCHRONIZED DATA CENTERS Precision timing is a critical capability to enable and accelerate distributed apps from edge to core. DOCA Firefly is a data center timing service that supports extremely precise time synchronization everywhere. With nanosecond-level clock synchronization, you can enable a new broad range of timing-critical and delay-sensitive applications. Figure 2. Precision time-synchronized data center service DOCA Firefly addresses a wide range of use cases, including the following: * High-frequency trading * Distributed databases * Industrial 5G radio access networks (RAN) * Scientific research * High performance computing (HPC) * Omniverse digital twins * Gaming * AR/VR * Autonomous vehicles * Security It enables data consistency, accurate event ordering, and causality analysis, such as ensuring the correct sequencing of stock market transactions and fair bidding during digital auctions. The hardware engines in the BlueField application-specific integrated circuit (ASIC) are capable of time-stamping data packets at full wire speed with breakthrough nanosecond-level accuracy. Improving the accuracy of data center timing by orders of magnitude offers many advantages. With globally synchronized data centers, you can accelerate distributed applications and data analysis including AI, HPC, professional media production, telco virtual network functions, and precise event monitoring. All the servers in the data center—or across data centers—can be harmonized to provide something that is far bigger than any single compute node. The benefits of improving data center timing accuracy include a reduction in the amount of compute power and network traffic needed to replicate and validate the data. For example, Firefly synchronization delivers a 3x database performance gain to distributed databases. DOCA HBN BETA The BlueField DPU is a unique solution for network acceleration and policy enforcement within an endpoint host. At the same time, BlueField provides an administrative and software demarcation between the host operating system and functions running on the DPU. With DOCA host-based networking (HBN), top-of-rack (TOR) network configuration can extend down to the DPU, enabling network administrators to own DPU configuration and management while application management can be handled separately by x86 host administrators. This creates an unparalleled opportunity to reimagine how you can build data center networks. DOCA 1.2 provides a new driver for HBN called Netlink to DOCA (nl2doca) that accelerates and offloads traditional Linux Netlink messages. nl2doca is provided as an acceleration driver integrated as part of the HBN service container. You can now accelerate host networking for L2 and L3 that relies on DPDK, OVS, or now kernel routing with Netlink. NVIDIA is adding support for the open-source Free Range Routing (FRR) project, running on the DPU and leveraging this new nl2doca driver. This support enables the DPU to operate exactly like a TOR switch plus additional benefits. FRR on the DPU enables EVPN networks to move directly into the host, providing layer 2 (VLAN) extension and layer 3 (VRF) tenant isolation. HBN on the DPU can manage and monitor traffic between VMs or containers on the same node. It can also analyze and encrypt or decrypt then analyze traffic to and from the node, both tasks that no ToR switch can perform. You can build your own Amazon VPC-like solution in your private cloud for containerized, virtual machine, and bare metal workloads. HBN with BlueField DPUs revolutionizes how you build data center networks. It offers the following benefits: * Plug-and-play servers: Leveraging FRR’s BGP unnumbered, servers can be directly connected to the network with no need to coordinate server-to-switch configurations. No need for MLAG, bonding, or NIC teaming. * Open, interoperable multi-tenancy: EVPN enables server-to-server or server-to-switch overlays. This provides multi-tenant solutions for bare metal, closed appliances, or any hypervisor solution, regardless of the underlay networking vendor. EVPN provides distributed overlay configuration, while eliminating the need for costly, proprietary, centralized SDN controllers. * Secure network management: The BlueField DPU provides an isolated environment for network policy configuration and enforcement. There are no software or dependencies on the host. * Enabling advanced HCI and storage networking: BlueField provides a simple method for HCI and storage partners to solve current network challenges for multi-tenant and hybrid cloud solutions, regardless of the hypervisor. * Flexible network offloading: The nl2doca driver provided by HBN enables any netlink capable application to offload and accelerate kernel based networking without the complexities of traditional DPDK libraries. * Simplification of TOR switch requirements: More intelligence is placed on the DPU within the server, reducing the complexity of the TOR switch. Additional DOCA 1.2 SDK updates: * DOCA FLOW – Firewall (Alpha) * DOCA FLOW – Gateway (Beta) * DOCA FLOW remote APIs * DOCA 1.2 includes enhancements and scale for IPsec and TLS DLI COURSE: INTRODUCTION TO DOCA FOR THE BLUEFIELD DPU In addition, NVIDIA is introducing a Deep Learning Institute (DLI) course: Introduction to DOCA for the BlueField DPU. The main objective of this course is to provide students, including developers, researchers, and system administrators, with an introduction to DOCA and BlueField DPUs. This enables students to successfully work with DOCA to create accelerated applications and services powered by BlueField DPUs. TRY DOCA TODAY You can experience DOCA today with the DOCA software, which includes DOCA SDK and runtime accelerated libraries for networking, storage, and security. The libraries help you program your data center infrastructure running on the DPU. The DOCA Early Access program is open now for applications. To receive news and updates about DOCA or to become an early access member/partner, register on the DOCA Early Access page. For more information, see the following resources: * NVIDIA Introduces BlueField DPU as a Platform for Zero Trust Security with DOCA 1.2 * Register for the North American NVIDIA DPU Hackathon * Take the Introduction to NVIDIA DOCA for BlueField DPUs DLI Course * DPU-Based Hardware Acceleration: A Software Perspective ABOUT THE AUTHORS About Scott Ciccone Scott is currently the Director of Product Marketing at NVIDIA, after joining as part of the Cumulus Networks acquisition in 2020. Scott has over 20 years of experience in a variety of Product Marketing and Product Management roles, specializing in kick starting new lines of business within high growth environments including Cumulus Networks, Palo Alto Networks, Cisco and Sun Microsystems. Scott received his BS Degree from Rochester Institute of Technology in Biomedical Computing and his MBA in Marketing from Babson College. View all posts by Scott Ciccone About Ariel Kit Ariel Kit is director of product marketing for Networking at NVIDIA. Ariel manages the strategy and delivery of the NVIDIA BlueField DPU software portfolio and cybersecurity. Ariel brings more than 6 years of experience in product development in the fields of cybersecurity and embedded system-on-chip, backed up by over 12 years in R&D managerial roles. He holds a B.Sc. in communication systems engineering and an MBA. View all posts by Ariel Kit COMMENTS START THE DISCUSSION AT FORUMS.DEVELOPER.NVIDIA.COM TOPICS + Automotive + Computer Vision + Conversational AI + CUDA+ Data Science+ Edge Computing+ Game Development+ Healthcare & Life Sciences+ HPC + Networking+ News+ Recommenders + Robotics+ Simulation + technical walkthrough * FEATURED IVA/IoT Developing and Deploying Your Custom Action Recognition Application Without Any AI Expertise Using NVIDIA TAO and NVIDIA DeepStream AI / Deep Learning NVIDIA Announces TensorRT 8.2 and Integrations with PyTorch and TensorFlow AI / Deep Learning Boosting NVIDIA MLPerf Training v1.1 Performance with Full Stack Optimization RELATED POSTS IVA/IoT Developing and Deploying Your Custom Action Recognition Application Without Any AI Expertise Using NVIDIA TAO and NVIDIA DeepStream AI / Deep Learning Optimizing T5 and GPT-2 for Real-Time Inference with NVIDIA TensorRT AI / Deep Learning Accelerating Inference Up to 6x Faster in PyTorch with Torch-TensorRT AI / Deep Learning Boosting NVIDIA MLPerf Training v1.1 Performance with Full Stack Optimization Data Science Fingerprinting Every Network User and Asset with NVIDIA Morpheus NVIDIA Copyright © 2021 NVIDIA Corporation * Legal Information * Privacy Policy * Cookie policy 18 Shares Share Tweet Email Share Pin * Search * Join * * Home * Blog * Forums * Docs * Downloads * Training More topics