Mellanox Ups the Ante in Secure Smart NICs


By: R. Scott Raynovich

Mellanox today introduced two new hardware systems with built-in security features such as encryption acceleration and key management. The products include the ConnectX-6 Dx network Smart interface card (Smart NIC) and BlueField-2 Secure Cloud I/O processor unit (IPU), targeting high-performance cloud applications.

Mellanox's NICs are considered best-in-class and were a big draw when NVDIA offered $7 billion to buy the company earlier this year (the deal is still in the process of closing). Smart NICs, which help speed up connections to networks from server arrays, have been growing in importance as the loads on cloud servers scale with high-performance applications such artificial intelligence (AI) and machine learning.

With the push into high-performance security, Mellanox is demonstrating further leadership in smart NICs and I/O processor units (IPUs) targeting a key challenge in cloud networks -- providing high-performance, integrated security at the chip level. The features include cryptography acceleration, key management, and hardware root-of-trust. Hardware security is needed to improve cloud security overall, by providing an additional layer of authentication and security in the hardware itself.

The ConnectX-6 Dx SmartNICs provides as many as two ports of 25, 50 or 100Gb/s, or a single port of 200Gb/s, Ethernet connectivity with 50Gb/s PAM4 SerDes technology and PCIe 4.0 host connectivity. Additional features include IPsec and TLS inline data-in-motion cryptography, advanced network virtualization, RDMA over Converged Ethernet (RoCE), and NVMe over Fabrics (NVMe-oF) storage accelerations.

The BlueField-2 IPU includes all the features of the ConnectX-6 Dx built with Arm processor cores on a single System-on-Chip (SoC). It supports both Ethernet and InfiniBand connectivity up to 200Gb/s. BlueField-2 based embedded controllers are designed for flash storage, security, Internet of Things (IoT), and edge computing platforms.

Futuriom research indicates that root-of-trust, which enables a specific hardware devices to manage encryption keys and control user authentication, is considered a key security feature by IT managers because it enables user-authentication to be linked to specific hardware. Encryption features such as crypto acceleration are needed at the NIC and I/O level in order to make sure that network connections won't be slowed down by encryption processing overhead.

Mellanox is also pushing the envelope with specialized protocols designed to speed up NIC and I/O connectivity. Both the ConnectX-6 Dx and BlueField-2 use Mellanox’s ASAP2 -- Accelerated Switch and Packet Processing technology -- which is an acceleration technology designed for virtualized environments. Mellanox was one of the early proponents of virtualization acceleration technologies such as RoCE and NVMe-oF, which are also part of the new offerings.

In a twist, the "spread" between the price NVDIA has offered for Mellanox and the price of Mellanox shares has widened lately on fears the trade war between the United States and China may lead China to block the deal.

This next set of Mellanox products increases the stakes of the NVDIA deal because it shows the potential of the combination, with NVDIA's leadership in AI processing and Mellanox out front in the NIC market. This will put pressure on competitors such as Intel and Broadcom to respond.