Security
Headlines
HeadlinesLatestCVEs

Headline

Unleashing the potential of Intel® IPU with Red Hat OpenShift

Red Hat and Intel are collaborating on a joint solution that more seamlessly integrates Intel® IPU with Red Hat OpenShift, propelling cloud and edge computing into a new era of performance and scalability.The solution brings together Intel’s latest leading programmable network device, the Intel® Infrastructure Processing Unit (Intel® IPU) E2000 Series with Red Hat OpenShift. This solution, shown in the following diagram, is designed for performance at scale under real world workloads and opens up a wide array of use cases through the ability to flexibly service chain network functions at

Red Hat Blog
#vulnerability#web#mac#linux#red_hat#kubernetes#intel#ssl

Red Hat and Intel are collaborating on a joint solution that more seamlessly integrates Intel® IPU with Red Hat OpenShift, propelling cloud and edge computing into a new era of performance and scalability.

The solution brings together Intel’s latest leading programmable network device, the Intel® Infrastructure Processing Unit (Intel® IPU) E2000 Series with Red Hat OpenShift. This solution, shown in the following diagram, is designed for performance at scale under real world workloads and opens up a wide array of use cases through the ability to flexibly service chain network functions at the edge.

Integrating network function chaining on the Intel® IPU and orchestrating it with business logic running on OpenShift worker nodes can help conserve energy through optimized resource utilization, enhanced efficiency, reduced overall power consumption, and industry-leading security practices.

OpenShift offers the industry’s leading hybrid cloud application platform powered by Kubernetes, enhancing security across infrastructure. Its capabilities enable integration of security into applications, automated policies for container deployment security, and enhanced protection of the container runtime. This presents systems security as a top priority while maximizing performance and efficiency.

Challenges that exist with traditional infrastructure solutions

As network speeds continue advancing towards 100Gb Ethernet and beyond, and the complexity of supporting and managing new network infrastructure use cases at the edge grows in parallel, it places significant additional demands on components like standard Network Interface Cards (NICs) that were not designed for supporting this increased network complexity at these data rates.

Traditional monolithic applications constructed in virtual machines also do not translate well to how modern microservices are developed independently using containers. The level of agility required to rapidly deploy new edge capabilities on an on-demand basis is difficult with rigid legacy architectures.

Finally, delivering advanced network functions like compression, encryption/decryption, traffic filtering and firewalling at the network edge with greater security imposes new demands that strain traditional shared-resource server models, as they were not designed with strong isolation between edge services and infrastructure processing.

To address these challenges, service providers and enterprises are investing heavily in data center modernization to deliver more efficient compute for cloud native applications and microservices at the edge. The applications delivering these services must have access to high-speed networking infrastructure with a strong security footprint and low latency storage.

Network infrastructure based on the Intel® IPU is optimized for these emerging edge use cases whose potential can be fully realized through interfacing to OpenShift worker nodes to truly deliver innovative real-time applications.

Traditional SmartNICs can accelerate some infrastructure tasks like packet processing through static or semi-programmable logic to offload work from server CPUs. The IPU goes far beyond this by integrating both programmable hardware acceleration and a highly efficient multi-core CPU to enable full offloading and distributed processing of the entire software stack. Infrastructure services such as virtual switching, security, and storage that consume a significant number of CPU cycles can be offloaded to the IPU, freeing up CPU cores for improved application performance.

By leveraging the capabilities of OpenShift, the Intel® IPU-based solution maximizes performance, scalability, efficiency and provides a layered approach to container and Kubernetes security across your network infrastructure.

In parallel to the technical benefits, the key to unlocking this potential lies also in openness and scalability. To that end, Intel and Red Hat are building an open, standards-based solution that is fully Open Programmable Infrastructure (OPI) compliant.

Simplifying infrastructure provisioning

The ease of use associated with provisioning and managing OpenShift is well documented and understood in the industry.

This solution extends the ease of provisioning and management to the IPU through the integration of the Redfish standard from DMTF into the IPU’s Integrated Management Complex (IMC). Integrated with the Intel® IPU Software Development Kit (Intel® IPU SDK), which now comes equipped with Redfish support, administrators can seamlessly perform out-of-band provisioning tasks.

Redfish enables administrators to interact with the IPU through standard web services, such as HTTP and REST APIs. The provided HTTP provisioning interface greatly simplifies the Red Hat Enterprise Linux install process, with clients only needing to know the URI path to access this resource.

Ease of use and manageability

Red Hat provides a comprehensive set of tools to help you manage your newly deployed solution. With Red Hat Enterprise Linux (RHEL) seamlessly running on the IPU, you gain access to all the normal Red Hat manageability tools for free. The IPU is treated just like any other server and can be managed effortlessly using the same familiar tools as any other component in your infrastructure.

The single pane of glass interface provided to all Red Hat subscribers, known as the Red Hat Portal, streamlines management tasks, offering a unified experience for overseeing your entire infrastructure.

The Red Hat Portal is a web-based interface that provides a centralized location for managing Red Hat subscriptions, accessing Red Hat tools and services, and monitoring infrastructure. It allows users to more easily manage their Red Hat environments, including deploying and managing RHEL, Red Hat OpenShift, and other Red Hat solutions.

Red Hat provides security updates for its products through the Red Hat Security Advisories and alerts. These updates are available on the Red Hat Customer Portal and include information on vulnerabilities, patches, and workarounds. This ecosystem helps keep your solution up-to-date with the latest security fixes and empowers you to take steps to protect your system from potential security threats.

In addition, the OpenShift web console provides a graphical user interface to visualize your project data and perform administrative, management, and troubleshooting tasks. The web console is designed to be user-friendly and intuitive, and it provides a wide range of features and capabilities for managing your workloads.

Chaining network functions

Network Function Chaining, also known as Service Function Chaining (SFC), is a technique used in software-defined networking (SDN) that creates a chain of connected network services.

The solution developed by Intel and Red Hat enables the deployment of these network functions on the IPU at the edge where latency, bandwidth and resource constraints are critical. Offloading the chaining of network functions on the IPU is facilitated through its P4-programmable packet processing engine, freeing up valuable CPU resources on the OpenShift worker nodes which can result in decreased capital expenditure (CAPEX) and operational expenditure (OPEX).

The robust security boundary established between the OpenShift worker nodes and the IPU empowers infrastructure administrators with full autonomy to enforce network functionality transparently. This provides confidence that critical network operations cannot be tampered with or disabled from the host side, providing an added layer of protection and reliability.

OpenShift worker nodes can focus on delivering the business logic workflows. Resource intensive packet processing workflows can be executed on the IPU and network functions like firewalls, packet filtering and compression can be chained to deliver complex services with the added benefit of enhanced efficiency and reduced overall power consumption.

Summary

The collaboration between Red Hat and Intel represents a significant leap forward in edge computing. By combining the power of the Intel® IPU with Red Hat’s OpenShift platform, organizations can be poised to achieve unparalleled performance, scalability, flexibility, and robust security.

Red Hat and Intel’s joint solution allows you to embrace the future of edge computing, trusting in the knowledge that your infrastructure is not only high-performing and capable of supporting key revenue-generating use cases, but also that it is more securely positioned from end-to-end.

Red Hat Blog: Latest News

Managed Identity and Workload Identity support in Azure Red Hat OpenShift