《20230614_B-102_Brew.PDF》由会员分享,可在线阅读,更多相关《20230614_B-102_Brew.PDF(14页珍藏版)》请在三个皮匠报告上搜索。
1、Protecting the Crown Jewels of Your Data:SmartNICs and AI for High-Speed Storage ProtectionShai Tsur Global Networking Lead for Startups,NVIDIAMichael Brew Technical Specialist,BloombaseNVIDIA DOCA 2.0Software framework for BlueField DPUsOffload,accelerate,and isolate infrastructure processingSuppor
2、t for hyperscale,enterprise,supercomputing and hyperconverged infrastructureSoftware compatibility for generations of BlueField DPUsRich partner ecosystemNVIDIA Morpheus AI Cybersecurity PlatformCybersecurity is a data problemGPU Accelerated SDK Build on core AI technologyEnables developers to tackl
3、e complex workflowsMini modules create pipelines for specific workflows and use cases3Bloombase StoreSafe Intelligent Storage FirewallApplication transparent,Agentless,On-the-fly data-at-rest encryptionBump-in-the-wire encryption over multiple network storage protocols:NVMe-oF(NVMe/RoCE,NVMe/TCP,NVM
4、e/FC),FCP,iSCSI,NFS,SMB,CIFS,S3,REST,etcNIST FIPS 140-2 validated cryptographic moduleIEEE 1619 compliant:XTS-AESPost-quantum cryptography(PQC):CRYSTALS-Dilithium,CRYSTALS-Kyber,FALCON,SPHINCS+Exotic ciphers:Camellia(Japan),SEED and ARIA(Korea),Kalyna(Ukraine),GOST(CIS),SM4(China),ECDSA,etcExternal
5、centralized key management:PKCS#11 HSMs,OASIS KMIP,AWS CloudHSM,Azure Key Vault,GCP KMS,etcZero operational impact to software applications and end clientsNo costly hardware retrofitting required at storage backend4ApplicationHostTrusted Usersand AppsCleartextStorageBad Guys?!$8Yn+=Bloombase StoreSa
6、feBloombase StoreSafe for NVIDIA BlueField DPUBloombase StoreSafe with DOCA SDK and BlueField DPU for high bandwidth,low latency encryption for all-flash arrays(AFAs)Bloombase StoreSafe with Morpheus AI and GPU for sensitive data detection and automated protection5ApplicationHostTrusted Usersand App
7、sCleartextStorageBad Guys?!$8Yn+=Bloombase StoreSafefor NVIDIA BlueField DPUMorpheus AI and Tensor Core GPUDOCA SDK andBlueField DPUBloombase StoreSafe with NVIDIA BlueField DPULow latency encryption for high-speed all-flash arrays(AFA)and storage servicesCiphertext storage backend over NVMe-oF is p
8、resented as virtual-plaintext local storage resource over NVMe/PCIe for servers accessAES hardware cryptographic offloading to BlueField DPU6All-Flash ArrayCleartextTrusted Usersand AppsBloombase StoreSafe on NVIDIA BlueField DPUBad Guys?!$8Yn+=ServerBloombase StoreSafe with NVIDIA BlueField DPU7Cle
9、artextBlueField DPUStorageConnectXManagementStoreSafe bdev$8Yn+=NVMe-oFSPDK SNAPDOCABloombase StoreSafeApplicationHostPQC Crypto ModuleNVMe TargetVirtIO-FSXTS CryptoInline CryptoArm SOCBlueFieldStoreSafeNVMe/PCIHypervisorOSVMsAppsSensitive Data Detection with NVIDIA Morpheus AI and GPUSensitive info
10、rmation classification using Morpheus AI pre-trained model powered by Tensor Core GPULifecycle data protection:automatic data rekey8Bloombase StoreSafeTrusted Usersand AppsCleartextStorageApplicationHostBad Guys?!$8Yn+=Morpheus AI and Tensor Core GPUSensitive Data Detection with NVIDIA Morpheus AI a
11、nd GPU9CleartextBloombase StoreSafeTensor Core GPUStorageCleartextApplicationHostNVIDIA MorpheusPre-trained ModelPub/SubStorage FirewallPQC Crypto ModuleAccess ControlCleartextPost-processingPre-processingCleartextCleartextTop secretSecretConfidentialSensitiveUnclassified$8Yn+=Write plainInputOutput
12、Infer+/-Log levelForwardWrite,tag,encryptRegular I/OData classification and security hardeningData Security Hardening PluginRead virtual-plainRead encrypted+/-Acc controlRekeyScore:Fn(address,bank account,credit card number,email address,government id number,full name,password,phone number,secret ke
13、ys,and usernames)Data security hardening:audit log level,log details,SNMP trap messages to SIEM,notify owner,read access,write access,read-only access,write-once access,SMB password,CHAP password,S3 access key,IP restriction,NFS user mapping,LUN masking,schedule to rekey,rekey no wait,rekey scheduli
14、ng,encrypt all,decrypt all,encrypt per score,PQC encrypt per score,etc12345678CleartextPerformance Benefits06080100120140Bloombase StoreSafeon COTSBloombase StoreSafeon NVIDIA DPUI/O Latency with PQC Encryption(us)4050607080Bloombase StoreSafeon COTSBloombase StoreSafeon NVIDIA
15、 DPUI/O Throughput with PQC Encryption(Gbps)905020406080100Bloombase StoreSafeon COTSBloombase StoreSafeon NVIDIA DPUHost CPU Utilization(%)600.006070Bloombase StoreSafewithout Morpheus AIBloombase StoreSafewith Morpheus AIMean Time to Detect Sensitive Data(s)20027307 20027307 20027307 De
16、mo11All-Flash ArrayCleartextTrusted Usersand AppsBloombase StoreSafe on NVIDIA BlueField DPUBad Guys?!$8Yn+=ServerAbout BloombaseCybersecurity company with specialization in intelligent storage firewall technologiesHQ in Redwood City,CA with offices in Vancouver,Canada and Frankfurt,GermanyMore than 2,000 installed-base in over 20 countriesCustomers from Global 2000-scale organizations and public sectorMember of NVIDIA Inception Program since 2022For more,check out our demos at https:/bloombase.tv12Questions?Comments?13Thank you!14