Author: Randy Evans, Field Solutions Architect, CDW Canada
Like many other events this year, VMworld 2020 was hosted virtually and attended by the CDW solutions team. During this year’s conference VMware announced a technology preview for Project Monterey, which we believe will be very significant for CDW customers. Project Monterey leverages SmartNIC hardware and VMware virtualization to offload software-defined services for networking, security and storage. In addition to the preview, they also announced their latest collaboration with ecosystem partners to deliver Project Monterey solutions, including network interface companies Intel, NVIDIA and Pensando Systems and system companies Dell Technologies, Hewlett Packard Enterprise (HPE) and Lenovo.
What is a SmartNIC?
The central processing unit (CPU) is the core programmable element in most computers, including those with multiple processing cores. There is also the graphics processing unit (GPU) which was originally only used to deliver rich, real-time graphics, as their parallel processing capabilities make them ideal for accelerated computing tasks such as artificial intelligence, machine learning and big data analytics.
Hyperscale data centres not only consist of CPU and GPUs, but also a powerful new category of processor, the data processing unit (DPU). The DPU has become the third member of the accelerated computing model and is a system on a chip (SoC) that combines a multi-core CPU that lives within a high-performance network interface capable of parsing, processing and efficiently transferring data to GPUs and CPUs.
A SmartNIC is a network interface controller with an integrated DPU. In environments where network processing can consume up to 20-30% of CPU cycles, SmartNICs can help data centres achieve higher consolidation ratios and faster workload execution. A shining example of SmartNIC technology is the NVIDIA Mellanox ConnectX-6 Dx SmartNIC, named Best of VMworld 2020: Best of Show winner and Networking and Security 2020 winner by TechTarget. It is available today as an option for HPE, Lenovo and Dell Technologies servers.
Running VMware on Arm and SmartNIC
On September 13, 2020, it was announced that NVIDIA would buy Arm from its parent company SoftBank, for $40 billion, which would be the largest semiconductor acquisition to date. This acquisition is great news for VMware, as VMware has been showing technology previews of its ESXi hypervisor software running on Arm SoCs and SmartNICs, including vSphere cluster features vMotion, Fault Tolerance and vSAN for a couple of years now.
Another advancement includes VMware’s evolution of their VMware Cloud Foundation, which consists of VMware vSphere, vSAN and NSX, to allow it to support SmartNIC technology and maintain compute virtualization on the server CPU while offloading networking and storage I/O functions to the SmartNIC DPU. VMware will rearchitect VMware Cloud Foundation to enable disaggregation of the server including extending support for bare metal servers.
With the new capability of running VMware ESXi on SmartNIC-equipped servers, organizations will be able to manage all their compute infrastructure on a single management framework, whether it be virtualized or bare metal. By decoupling the networking, storage and security functions from the main server, this also allows these functions to be patched and upgraded independently of the server.
Evolving VCF Architecture
To summarize, Project Monterey is a redesign of VMware Cloud Foundation (VCF) that takes advantage of SmartNIC, but moving functionality that typically runs on the server CPU and running it on SmartNIC DPU. The below architecture providers a visual of how Project Monterey has evolved, as shown by VMware in their Project Monterey press release.
This apparently simple change has some significant results, such as:
- ESXi on SmartNIC: Project Monterey can have ESXi running on SmartNIC on an Arm-based processor.
- Two ESXi instances per physical server: There are now two ESXi instances running simultaneously, one on the server CPU and one on the SmartNIC, managed separately or as a single logical instance. This allows for the separation of infrastructure management from application management.
- Bare metal OS support: Because the SmartNIC ESXi can manage the server OS, it can deploy Linux or Windows just as easily as it can deploy ESXi. This is the mechanism through which VCF can now manage bare metal OSes. In addition, VCF can deliver storage and networking services to that bare metal OS because VMware is bringing the full complement of VCF services to SmartNIC.
- Storage and network services: These now run on the SmartNIC and improve storage and network I/O performance while reducing pressure on the server CPU, which leaves more cycles for the apps.
- Host management: The SmartNIC ESXi will now manage the server ESXi, which allows us to improve lifecycle management and other functionality completely transparently to the server managers.
- Security airgap: Having an ESXi instance on the SmartNIC provides greater security isolation between the applications and underlying hypervisor. This means that even if the server ESXi is compromised, the SmartNIC ESXi can still enforce proper network security and other security policies.
- Security services: Each SmartNIC can run a fully-featured stateful firewall and advanced security suite. This will enable enterprises or service providers supporting multiple tenants to isolate tenants from the core infrastructure while automatically deploying security tuned to protect specific application services that make up the application—wrapping each service with intelligent defenses that can shield any vulnerability of that specific service.
Benefits and Use Cases of Project Monterey
There are a number of benefits that Project Monterey delivers, beginning with its ability to help solve the increasing demand for distributed security that we’re seeing. Other benefits it focuses on delivering are:
- Peak performance by offloading network, security and storage processing to SmartNIC
- Unified and consistent operations across all apps – including those on bare metal OSes
- Zero-trust security model, which provides application security capabilities without compromising on application performance
Through conversations with customers about the benefits of Project Monterey, three key use cases came out very clearly:
- Network performance and security: Project Monterey improves network performance and security by allowing you to achieve peak performance with no CPU overhead, and to deliver a distributed L4-7 firewall with no network performance impact.
- Cloud-scale storage and disaggregation: Project Monterey offers more flexibility and simplicity in delivering storage functionality.
- Bare metal and composability: Project Monterey leverage bare metal networking and storage services to simplify operations.
If you are running processor-intensive applications such as artificial intelligence, machine learning or big data analytics but still need to provide scalable network, security and storage services across all physical and virtual machines, you can build out these services using VMware Cloud Foundation in both your data centres and in the public cloud. You may also leverage SmartNIC offloading where needed as the technology of Project Monterey becomes available.
Talk to your CDW account team or visit cdw.ca/solutions to get started today!