利用vSphere Distributed Services Engine和Nvidia DPU增強數(shù)據(jù)中心性能和安全性

利用vSphereDistributedServicesEngine和NvidiaDPU增強數(shù)據(jù)中心性能和安全性技術(shù)創(chuàng)新，變革未來宏觀趨勢痛點客戶需求基于加速器的異構(gòu)基礎(chǔ)架構(gòu)體系架構(gòu)的興起跨分布式云的不一致運維模式能夠跨各種工作負(fù)載統(tǒng)一工作負(fù)載管理的統(tǒng)一運維模式大量現(xiàn)代應(yīng)用對基礎(chǔ)架構(gòu)服務(wù)的需求不斷增加基礎(chǔ)架構(gòu)服務(wù)所消耗的

CPU

容量較大，留給工作負(fù)載的周期較少在不增加基礎(chǔ)架構(gòu)成本的情況下，最大限度地利用工作負(fù)載的計算資源跨多云將企業(yè)邊界擴展到橫向擴展的分布式體系架構(gòu)以

CPU

為中心的傳統(tǒng)安全模式暴露了工作負(fù)載的單點故障能夠在基礎(chǔ)架構(gòu)和工作負(fù)載之間實現(xiàn)更好隔離的穩(wěn)健安全模式?專用的基礎(chǔ)架構(gòu)孤立小環(huán)境增加了運維復(fù)雜性傳統(tǒng)服務(wù)器橫向擴展以滿足基礎(chǔ)架構(gòu)服務(wù)的需求增加了基礎(chǔ)架構(gòu)成本以

CPU

和操作系統(tǒng)為中心的安全模式給關(guān)鍵任務(wù)應(yīng)用帶來了不可接受的安全風(fēng)險?概述將虛擬基礎(chǔ)架構(gòu)擴展到分布式控制架構(gòu)vSphereDistributedServices

EngineDPU計算HypervisorESXi存儲服務(wù)或安全隔離網(wǎng)絡(luò)服務(wù)ESXi裸機

Windows

與Linux

操作系統(tǒng)基礎(chǔ)架構(gòu)管理隔離工作負(fù)載域與基礎(chǔ)架構(gòu)域?跨工作負(fù)載類型的單一、安全的運維模式將基礎(chǔ)架構(gòu)服務(wù)功能負(fù)載分流到

DPU應(yīng)用場景網(wǎng)絡(luò)性能和安全性網(wǎng)絡(luò)性能、安全性和可觀察性在沒有x86

CPU

開銷的情況下提升網(wǎng)絡(luò)性能采用

L4-7

安全策略的分布式防火墻對網(wǎng)絡(luò)性能沒有影響提高網(wǎng)絡(luò)流量的可見性和可觀察性安全加密、隔離和保護云級存儲和分離將存儲功能負(fù)載卸載到DPU存儲功能加速-

壓縮、加密、糾刪碼-

不會影響性能動態(tài)存儲配置文件（IOPS

和容量）以及按需遠程存儲訪問將DPU作為HBA

以及無盤計算裸機和可組合性將DPU

用作裸機服務(wù)器控制器裸機即服務(wù)采用機架級體系架構(gòu)的動態(tài)服務(wù)器定義適用于所有工作負(fù)載（虛擬機、容器和裸機）的NSX

網(wǎng)絡(luò)連接和vSAN

存儲虛擬化裸機工作負(fù)載置備，生命周期管理?跨數(shù)據(jù)中心、邊緣環(huán)境和電信云實現(xiàn)一致性跨混合云采用一致的體系架構(gòu)vSphereDistributedServices

Engine零信任模式和原生安全性增強的可觀察性和運維DPU/SmartNICTanzuKubernetes

Grid私有云邊緣電信云

5G網(wǎng)絡(luò)性能和安全性云級存儲和分離裸機和可組合性?和性能?VirtualDistributedSwitchoffloadonto

DPUVMDirectPath(UPTV2)withvMotionandDRS

support可管理性UnifiedInstalleracrosstheCPUand

DPUSeamlessLifecycleManagementoftheDPUvia

vLCMDPUPerformance&HealthMonitoringvia

vCenter支持NVIDIA

BlueField-2CommerciallyavailableviaOEMs

onlyOEM

支持

(Commercially

available

later

in

the

year)DellPowerEdgeSeriesandVxRAIL

Series性能NSXOverlayandVLAN

offload可觀測性IPFIX,Portmirroring,packet

capture安全DistributedFirewall(Beta

only)網(wǎng)絡(luò)加速Offload

overlay

and

other

network

services

-

Free

up

compute

resourcesforadditional

capacityNSXcoreforwardingfunctionsrunon

NICOverlaytunnelingoffload(CPU

reduction)–

VLAN

encaps/decapsVMDirectPath(UPTv2)with

vMotionSR-IOVequivalentperformancewithvMotion,

DRScompatibilityVisibilityIPFIX,Portmirroring,packet

captureVLANor

OVERLAYPhysical

NetworkHypervisorSmartNICFast-Path

HWNet

servicesAcceleratorNW

virtualization&ServicesSmartNICFast-Path

HWNet

servicesAcceleratorNSX

ManagerHypervisor?上的安全性和可觀察性利用專門為

DFW

服務(wù)構(gòu)建的硬件VLAN、疊加和

EVPN

模式線速

L3

分布式路由線速分布式防火墻

L4慢速路徑中的

L7

安全功能分布式負(fù)載均衡

L4IPFIX、鏡像、Traceflow

等VLAN

或疊加物理網(wǎng)絡(luò)HypervisorDFW裸機裸機NSX

ManagerVIPDPU連接跟蹤Regex

加速器DPU連接跟蹤Regex

加速器(In

beta)?性能軟件定義硬件加速??性能Up

to

~20%

Cores

saved

while

achievingsimilar

or

better

performanceDrivehigherworkloadconsolidationbyutilizingsaved

coresEachhostwith1TB

Memory80IntelXeon8380

Cores@2.3GHz,no

HT521216CoresUsedonPerfNICBasedSystem@36

StreamsRedis

VMsESX

NetworkingFree16141210864201256Cores

SavedMillion

Transactions/sec3 4No.ofRedis

Streams系列1 系列2 系列318

12Cores18

1614121086420Saved7

CoresSaved2

CoresSaved*Numbers

generated

with

Redis.

Mileage

will

be

different

with

other

workloads.*Abovenumbersgeneratedonpre-releaseEngineeringbuilds.Subjecttochangepost

GArelease.?417CoresUsedonPerfNICBased

SystemRedis

VMsESX

Networking性能 相同處理資源下更高的性能27%LessTxn

Latency36%Better

Throughput24%lessLast-levelcache

missesonDPUbased

systemEachhostwith1TB

Memory48IntelXeon8380

Cores@2.3GHz,no

HT*Numbers

generated

with

Redis.

Mileage

will

be

different

with

other

workloads.*Abovenumbersgeneratedonpre-releaseEngineeringbuilds.Subjecttochangepost

GArelease.?Achieving36%highertransactionrateat27%lowerlatency,by

leveragingfreed

CPU

cores

and

better

cachelocality

to

drive

more

workload

trafficRealizeSRIOVlikeperformancewithoutlosingbenefitsofvMotion&

DRSTRADITIONAL

SERVERInfrastructure

ManagementSoftware-Defined

SecuritySoftware-Defined

StorageSoftware-Defined

NetworkingAcceleration

EnginesDPU-ACCELERATED

SERVERNVIDIA

DPUwith

Arm

Cores

and

AcceleratorsInfrastructure

Management Software-DefinedSecuritySoftware-Defined

Storage Software-Defined

NetworkingAcceleration

EnginesCPUNICCPUVMsContainersVMsContainersManualinfrastructuremanagement|securityappliances|storagesystems|staticnetworks|microservices

|east-westtraffic|storageaccess|zero-trust

securityOffloadAccelerationIsolation?20202022BlueField-27Billion

Transistors9

SPECint200

GbpsBlueField-322B

Transistors42

SPECint400

GbpsBlueField-464Billion

Transistors160

SPECint800

Gbps2024DOCA—ONE

ARCHITECTUREPerformance?ProgrammabilitySimplicityand

flexibilityMultipleengineswithperformance/flexibility

balancesMulti-generationsupportthrough

DOCAProgrammable

Compute864bitA72ARMcoreupto

2.75GHz1DDR3200MemoryChannel

(16GB/32GB)Connectivity2*25G/100G,

PAM416PCIe

Gen4AcceleratorsNetworking:RDMA/RoCEv2,

ASAP2Storage:SNAP,NVMeOF,

Compression,DataIntegrity,

De-Dup,Security:TLS/IPSec,RegEx,CT,PKA,

Root-of

Trust?1201020304050607080x86

&Commodity

NICBlueField-2Throughput118B,5K

connections73.82Mpps9.831.805101520253035x86

&Commodity

NICBlueField-2Throughput

@scale118B,500K

connections051015202530x86

&Commodity

NICBlueField-2Server

CoresUtilization~6X?~3X~25less

coresEachSWcoredoes:11.5/4=

~3MToreach~73MinSWweneed~25coresDPUisfullyoffloaded,zero

coresBlueField-2P-series100GbESingle

portAMDEPYC7742@2.2GHz,64-CoreProcessorCommodityNIC–

100GGbps21.688.70102030405060708090100x86&Commodity

NICBlueField-2ThroughputIPSec+VXLAN,single

tunnel0123456x86

&Commodity

NICBlueField-2Performanceper

CoreIPSec+VXLAN,single

tunnel20181614121086420x86

&Commodity

NICBlueField-2Server

CoresUtilizationIPSec+VXLAN,single

tunnel~65less

cores?~4X~5XBlueField-2P-series100GbEsingle

portIntel(R)Xeon(R)CPUE5-2687Wv4@3.00GHz,24

coresHostOS:RHEL8.3(Ootpa),Kernel:

4.18.0CommodityNIC–

100GEachSWcoredoes:21.6/19.2=1.125GToreach~90GinSWweneed~80coresToreach~90Gw/DPUwene