VMware clouded the SmartNIC market, didn’t create it • The Register

Analyses About a decade ago, hyperscale clouds realized they couldn’t lease all the cores of their servers because some of them were doing the tedious work needed to make secure multi-tenancy possible. Then they dumped that job into network interface controllers imbued with modest computing capacity, devices known as SmartNICs or Data Processing Units (DPUs).

VMware noticed DPUs and thought they could be useful in traditional data centers. Last week VMware enabled many organizations to implement DPUS with the debut of vSphere 8, which allows you to run a portion of its hypervisor inside a DPU along with a distributed switch and some observability tools.

VMware claims that vSphere 8 and DPUs can free up to 20% of a server’s CPU cores to run applications, not administration tasks.

It is also possible to run VMware’s Distributed East-West Firewall on a DPU, and the company believes it is a useful way to improve security. The virtualization giant claims that firewalls are mostly implemented in the DMZ and do a great job … until something passes. At that point, VMware fears that all infrastructure within the perimeter is vulnerable.

Firewalling all VM-to-VM communications from a DPU then gives users the ability to inspect more traffic more often and nip the bad ones in the bud, instead of waiting for traffic to reach a large firewall farther from the action.

This is all made possible by the fact that the firewall runs as a VM on a DPU. VMware has coded its firewall to take advantage of the privileged position it enjoys running within a hypervisor optimized for that DPU.

As VMware says, adding DPUs to servers therefore offers more power and better security.

The virtue giant claims to have even wrapped it up so that any vSphere 8 user can implement the firewall and let the DPUs free up some server CPU cores without having to do much more than a vanilla installation. Nor do users need a large fleet of boxes to make it useful. I was told that the east-west firewall and other DPU entertainment can be appreciated by users using a small hyperconverged infrastructure.

DPUs cost around $ 2,000 each. VMware is already claiming to be an easy addition to a $ 20,000 server given the resources it will free up.

With vSphere 6.7 soon reaching the end of its life cycle, VMware and its server manufacturer friends are sure to suggest users to upgrade both their software and servers, embrace DPUs, and smile up to the bank.

This is a pleasant scenario for the roughly 300,000 vSphere users out there.

But for the rest of us, the DPU currently offers … very little.

In conversations with VMware executives at the company’s Explore conference last week, I asked what DPUs mean for organizations that prefer to work with established firewall vendors.

VMware executives have recognized that such vendors may someday want to run on vSphere-managed DPUs, but VMware has no immediate plans to help them accomplish this because they believe their firewall and its privileged integration with the hypervisor are an engineering advantage. , which means it has the east-west market for itself.

So good luck if your favorite firewall is from another vendor. Or if you want to run a DPU for purposes that VMware has not yet enabled or anticipated. Virtzilla in her current state of mind doesn’t want to help.

Which is a bit odd given that VMware built its franchise ensuring that complementary technologies found a home in a virtual machine-centric, private cloud world. The storage industry and VMware have worked together for years to mutual benefit. VMware also ensured that any imaginable workload could be virtualized, even when the likes of Oracle or Microsoft (with Exchange) weren’t thrilled with the idea.

But with DPUs, VMware only works with a select group of server manufacturers and DPU vendors and no third-party software houses.

Which again is strange because one of the major producers of DPUs is a small company called Cisco, which suggests adopting DPU for the same reasons as VMware as part of its quiet acquiescence to software-defined networks.

But Cisco also offers an SDK to allow development of workloads to run on its DPUs. We hope it will be useful to many.

The mere existence of such an SDK shows that the DPU market is far from fully formed. VMware made a move, but deliberately isolated itself for self-interest. And it’s far from clear that the company will broaden its ambitions, or that anyone other than its current partners – Intel, Nvidia and AMD – will stick to its vision or be allowed to play.

Meanwhile, many big software players who could benefit from DPUs have yet to take a peek in public.

Recent history suggests VMware’s stance is risky: Intel tried to connect its Optane storage-class memory to its own processors, the software industry mostly shrugged, and Optane became impractical despite being a worthy one. innovation.

And while DPUs emerge as an option, other innovations like computational storage and pooled memory also promise to improve data center operations. It is not at all clear how or if they will interact with the DPUs.

For now, VMware has created something smart for its customers. But once others implement DPUs with their products, the device market will be clouded, not clarified. And this does not benefit anyone. ®

Leave a Reply

%d bloggers like this: