The Intel^® NetSec Accelerator Reference Design Enables Scale and Flexibility

Speed development of efficient, high-performance networking and security solutions for the enterprise edge

Enterprise organizations are more distributed than ever before. The volume of endpoints and services is exploding, as is the bandwidth needed to support these connections across varied locations, including the edge. Traditional perimeter-focused security and fixed-deployment models no longer do the job. And though software-defined services like SD-WAN offer agility and cost-efficiency, they can expand network attack surfaces and make organizations vulnerable to cyber threats.

Enhanced security measures are essential to protect employees and data while enabling scalable access to resources and business applications—from anywhere and on any device. Secure access service edge (SASE) allows software-defined wide-area network (SD-WAN) and security functionalities to be converged into virtualized or containerized services. This approach empowers organizations to deploy workloads where they are most needed. At the same time, they can apply security at the per-workload, per-user, and per-device level to address the attack surface.

Today, I’m excited to talk about our new  Intel® NetSec Accelerator Reference Design.   We created the design to help edge network and security solution providers quickly build, deploy, and scale networking and security functions within SASE stacks without adding rack space. This reference design enables a PCIe add-in card (AIC) to deliver the capabilities of a server within a small, power-efficient package. Vendors can integrate SASE functions in this card to maximize the capabilities of their server infrastructure at the edge.

Delivering server-class performance in a conservative power envelope

Network security infrastructure is typically deployed in power and real estate constrained edge environments. That’s why the reference design delivers an independent, fully functional compute node on an AIC for server-class performance and reliability within a power-efficient envelope. At its core is the Intel Atom^® processor, which provides high throughput for security and networking workloads in an energy-efficient system-on-chip (SoC) form factor.

The highly integrated device incorporates the Intel^® Ethernet Network Adapter E810, a network switch, cost-efficient on-board DDR4 memory, and hardware accelerators into the SoC package. Together, they provide low-latency networking and drive significant advantages in reduced equipment cost, space/server requirements, and energy consumption. Intel^® QuickAssist Technology is included within the SoC, communicating directly with the onboard Ethernet controller to shorten packet data paths, enabling inline IPsec.

Providing flexibility while creating space and cost efficiencies

With SASE, enterprises of all sizes can benefit from cloud-hosted network security services—including zero-trust network access, cloud access service brokering (CASB), secure web gateway (SWG) functionality, data loss prevention (DLP), and firewall-as-a-service (FWaaS). In most cases, these services are delivered within fully integrated server stacks to support secure, automated connectivity between remote workers as well as both on- and off-premise data center and edge resources.

The Intel NetSec Accelerator Reference Design offers an augmented approach to SASE function integration beyond conventional servers. This approach can dramatically reduce the infrastructure footprint while accelerating network and security workloads with dedicated hardware. Ultimately, the design enables the isolation of workloads to support a higher density of connections, reserve CPU capacity on the server, and accelerate processor-intensive use cases associated with network security, such as IPsec, SSL/TLS, firewall, and AI.

In addition, the networking complex within the Intel Atom SoC empowers SASE vendors to speed up SD-WAN and other security workloads. The small, pluggable design facilitates rapid scale, increased density, and efficiency while preserving valuable and costly rack space. We expect the AICs built on the design to be delivered in a standard format that fits existing PCIe slots within host servers—and they won’t require additional space to realize more functionality and performance.

Accelerating time to market with industry-standard Intel^® Architecture

Original equipment manufacturers (OEMs) and original design manufacturers (ODMs) working with network and security solutions providers can use the reference design to develop and manufacture AICs, bringing network security accelerators to market faster. Because the Intel NetSec Accelerator Reference Design is based on Intel^® Architecture, developers can quickly port x86 applications to the card, running them practically straight out of the box on what amounts to a mini-server built on standard Intel technology.

Intel is already working with several partners to develop products based on the reference design, allowing systems vendors, solutions integrators, and end customers to choose from various technology vendors. Silicom and F5 will be among the first to utilize it to offer integration and offloading of networking and security functions for rapid scale and time to market.

At the RSA Conference 2022, Silicom is unveiling their IAONIC Card that is compatible with our new reference design. In addition, F5 is showcasing a new security application running on the Intel NetSec reference-based design. Stop by Intel’s exhibit at the conference to check out a demonstration of the Silicom and F5 products.

To get more information about how you can partner with Intel to accelerate your enterprise networking and security at the edge, read our Intel NetSec Accelerator Reference Design solution brief. 

Intel technologies may require enabled hardware, software or service activation.

No product or component can be absolutely secure. 

Your costs and results may vary. 

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries.  Other names and brands may be claimed as the property of others.