Offloading the impact of security 
– piloting DPUs (eResearch Australasia 2020 presentation)

Full description

Designing high performance infrastructure for sensitive data workflows is challenging. A typical research project today will have partners beyond institutional boundaries, and require simulation, image processing and / or AI ideally suited to the scheduling of precious but shared resources (e.g. via HPC, Blazar and Kubernetes), but orchestrated within safe havens. To this end, Nectar Research Cloud users and nodes collaboratively determined firewalls and other security concerns at the project level. However, in today’s cyber landscape more is needed to integrate the robust security operating practices now prolific throughout institutions.

In 2018/19 we piloted a micro-segmentation based security tool to assure sensitive data workflows that flowed across Monash’s own pools of resource (e.g. web, VDI, HPC, AI, etc). When made transparent to the researcher would ultimately scale tighter firewalls and more actively & deeply monitored data workflows. We observed, however, a loss in the order of 10% to the researcher’s allocated computing resources to do this work.

Simultaneously NVIDIA (Mellanox) has developed BlueField, an RDMA enabled Ethernet SmartNIC, also known as Data Processing Units (DPUs). In essence these DPUs extend the ConnectX NIC now prolific in the Research Cloud with Arm cores and supporting APIs. A key use case for this technology is the emerging evolution in security technology to security everywhere.

In this talk we will discuss the collaboration between NVIDIA and Monash that explores micro-segmentation and SOC integrations that scale with cloud size. We will discuss our early findings of precursor experiments, such as off-loaded encryption and introspection.

eResearch Australasia 2020 (https://conference.eresearch.edu.au/2020/09/offloading-the-impact-of-security-piloting-dpus-for-security).