Skip links

Intel offers ‘server on a card’ reference design for network security

Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need.

The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server. It combines an Intel Atom processor, Intel Ethernet E810 network interface, and up to 32GB of memory to offload network security functions.

According to Intel, the new reference design is intended to enable a secure access service edge (SASE) model, a combination of software-defined security and wide-area network (WAN) functions implemented as a cloud-native service.

NetSec Accelerator Reference Design

NetSec Accelerator Reference Design

This includes cloud access security broker (CASB), secure web gateway (SWG), data loss prevention (DLP), and firewall capabilities.

All of this this would typically be delivered as virtualized or containerized services running on a standard server instead of a dedicated network appliance, but the NetSec Accelerator Reference Design offers an alternative approach that reduces the infrastructure footprint by effectively putting that server onto a plug-in card, Intel claims.

One advantage of this approach is that existing security software developed for Intel-based systems should be easily ported to any product based on this reference design, with Intel claiming that developers can run them “practically straight out of the box” on what amounts to a mini-server built on standard Intel technology.

Another potential selling point is that host servers typically have multiple PCIe slots, making it possible for more than one NetSec Accelerator card to be fitted, each running a separate SASE service with its own set of compute, memory, and I/O resources.

However, as with many Intel initiatives, the company does not appear to be interested in offering the product itself, but is rather throwing it over the wall as a reference design for OEMs to pick up to bring it to the market more quickly.

“This reference design enables a PCIe add-in card to deliver the capabilities of a server within a small, power-efficient package. Vendors can integrate SASE functions in this card to maximize the capabilities of their server infrastructure at the edge,” said Intel VP for the Network & Edge Bob Ghaffari in a blog post.

The NetSec Accelerator Reference Design has two variations, with differing CPU core counts and network configurations. One is an eight-core design based on the Atom P5721 chip with 2x 25Gbps Ethernet ports, while the other is a 16-core design using the Atom P5742 chip and a single 100Gbps Ethernet port.

Both Atom chips appear to have integrated eight-port Ethernet switch functionality, as well as Intel’s QuickAssist Technology (Intel QAT) for accelerating the processing of encryption functions.

According to Intel, ecosystem partners are already developing products based on the reference design, with F5 and Silicom singled out as the first vendors that are expected to come to market.

Both are said to have products on show at the RSA Conference this week, with Silicom unveiling the IAONIC Card said to be compatible with the NetSec Accelerator, while F5 is showcasing a new security application running on it.

The NetSec Accelerator Reference Design makes an interesting comparison with the SmartNICs or DPUs that other vendors are offering for network offload and security processing purposes. Rather than integrate a CPU with a network adapter, Intel has effectively put an entire mini server onto an adapter card. Most SmartNICs or DPUs tend to be based on Arm CPUs, of course. ®