How and Why on FPGA-based AWS EC2 F1 instances for Cloud Network Security
November 25, 2019
Cloud-based data centers are changing the way end-user organizations protect their workloads and data.
As service providers move a broad-reaching set of applications and services to public cloud infrastructure, such as Amazon Web Services (AWS), there is a clear need for increased protection and security. From genomics research collaboration, streaming transactional analytics, and real-time video transcoding - all rely on massive data throughput and a corresponding increase in inspection and security.
Reducing OPEX without compromising application performance
The challenge is delivering high degree of inspection performance, predictable latency, and dynamic security delivery for business-critical applications while keeping infrastructure complexity at a minimum. Valtix Elastic Firewall leverages AWS EC2 FPGA F1 instances to accelerate their firewall applications, allowing organizations to realize security-driven networking at the highest performance available, with simplified infrastructure..
“Our compute platform was built to solve incredibly challenging problems requiring predictable, low latency processing with high data throughput.” said Adam Scraba, Director of Data Center Marketing at Xilinx. “The Elastic Valtix Firewall, leveraging AWS F1 FPGA instances, increases cloud service security while simplifying customer’s cloud infrastructure and is a great example of what can be accomplished with the Xilinx real-time computing platform.”
In SC19 in the Xilinx booth, Valtix demonstrated the “Before and After” benchmark comparison between x86 and AWS EC2 F1 — where the same rules are used for TLS-in, TLS-out traffic with Cisco Talos ruleset-based IPS profiles, enabled for AWS C4 x86 and AWS EC2 F1 instances.
The lab results on Valtix Firewall on AWS EC2 F1 are:
- A low variance of delay around 8% indicates providing predictable latency for application performance
- HTTPS connections per second (TLS with ECHDE-RSA2K) with AWS EC2 F1 firewall is over 17x speedup v.s. x86 instance
- Bandwidth (HTTPS - HTTPS) shows a 15x speedup v.s. x86 instance
- Deep API Inspection with fully supported JSON parsing, powered by AWS FPGA integration
Simplify security operations and service consideration with single pass security services
The Valtix firewall is architected and automated with built-in auto scaling, app-aware security policy through a single-pass pipeline for TLS decryption/encryption, advanced firewall, complete IPS and WAF, which operates on a variety of cloud instance types from basic to the most advanced (AWS EC2 C4 to F1 instance).