Zero-trust is a method of defining and enforcing fine-grained security policies for widely distributed applications, containers, and virtual machines (VMs) at massive scale. Corigine adds value by offloading and accelerating the enforcement of the most comprehensive policies, thereby eliminating the bottlenecks associated with implementation of zero-trust within a server.
Data center zero-trust stateful security can provide enhanced security for east-west traffic within the data center, implemented closest to VMs and containers. It provides the following advantages:
Automated provisioningEasily move/add/change policy for workloads in VMs and containers
Distributed enforcement at every virtual interface
In-kernel, scale-out firewalling performance through distribution
Used with every hypervisor and baked into the platform
Through offload and acceleration of the vSwitch and Linux Netfilter Connection Tracking (Conntrack), the zero-trust stateful security datapath via the Agilio SmartNIC and software solution improves performance while freeing up vital CPU resources to applications running in VMs and containers.
Standard OVS and Conntrack without acceleration struggles with packet processing which ties up valuable server CPU resources and creates a bottleneck that starves applications. Netronome Agilio SmartNIC reclaim up to 50% of the server CPU resources previously dedicated to OVS and stateful security, while at the same time delivering 4X or more of the packet data throughput to more applications.
The standard Agilio SmartNICs and OVS Firewall Software enable zero-trust stateful security while significantly improving server-based networking performance. Provisioning of the zero-trust security policies is enabled through standard OVS interfaces and related OpenStack security group support.
The Agilio OVS Firewall Software augments the Agilio OVS Software product through the addition of Conntrack. This gives users the ability to define more intelligent filtering policies, rules to replicate security groups, access control lists, and stateful firewall applications. Agilio OVS Firewall Software offloads the Conntrack functionality, boosting performance dramatically and eliminating the bottlenecks associated with implementation of zero-trust stateful security.
This ROI calculator compares the CAPEX and three-year OPEX for a virtualized EPC (vEPC) application built using servers with Agilio CX SmartNIC. The comparison assumes an Intel server with 24 physical CPU cores and a 40GbE network interface per server. Additional configurations can be provided upon request.
White Papers | Product Brief |
Chinese
