CPUs and GPUs meet your new friend, DPUs
CPUs and GPUs meet your new friend, DPUs
www.mgireservationsandbookings.co.uk
Dell, Nvidia and VMware partner to boost data center speed
For much of the history of computer virtualization, workloads have been limited by the power of CPUs and to a lesser extent GPUs, in order to handle computation, networking, storage, security and artificial intelligence (AI) requirements. There is, however, another way.
At the VMware Explore conference, Dell Technologies and Nvidia officially announced the launch of a new data center solution that integrates Dell PowerEdge servers, the new VMware vSphere 8 virtualization platform, alongside Nvidia GPUs and for the first time Nvidia BlueField 2 DPUs (data processing unit) as well.
A DPU is a dedicated piece of silicon hardware designed to handle certain data processing tasks. Those tasks can include security and network routing for data traffic, in an approach that is intended to help reduce the load on CPUs and GPUs for core computing tasks.
Google launches vulnerability reward program to secure open-source software
Google just announced the launch of the Open Source Software Vulnerability Rewards Program (OSS VRP), which offers rewards of up to $31,337 for researchers who can find bugs in the open-source ecosystem.
Many organizations rely on open-source software to fulfill critical services and operations, but have next to no control over how these components are maintained. Because of this, Google's launch highlights that a crowdsourced approach to security has the potential to mitigate vulnerabilities in widely used (but traditionally underfunded and under-maintained) open-source projects, and eliminate potential entry points into enterprise environments.
How self-supervised learning may boost medical AI progress
Self-supervised learning has been a fast-rising trend in artificial intelligence (AI), as researchers seek to take advantage of large-scale unannotated data to develop better machine learning models.
According to Pranav Rajpurkar, assistant professor of biomedical informatics at Harvard Medical School, developments in self-supervised learning have created momentum toward developing and applying self-supervised learning methods in medicine and healthcare, and likely for other industries that also have the ability to collect data at scale.
?
?
? For much of the history of computer virtualization, workloads have been limited by the power of CPUs and to a lesser extent GPUs, in order to handle computation, networking, storage, security and artificial intelligence (AI) requirements. There is however another way.
At the VMware Explore conference today, Dell Technologies and Nvidia are officially announcing the launch of a new data center solution that integrates Dell PowerEdge servers, the new VMware vSphere 8 virtualization platform, alongside Nvidia GPUs and for the first time Nvidia BlueField 2 DPUs (data processing unit) as well.
Harnessing Data & AI to drive action in your organization
A DPU is a dedicated piece of silicon hardware designed to handle certain data processing tasks. Those tasks can include security and network routing for data traffic, in an approach that is intended to help reduce the load on CPUs and GPUs for core computing tasks related to a given workload. VMware had been working together with Nvidia on an effort known as Project Monterey for the last two years to enable the vSphere virtualization platform to support the BlueField DPUs and that effort has finally come to fruition.
“Modern applications such as AI, are continuing to generate massive amounts of data and processing that data is consuming CPU cycles,” Kevin Deierling, senior vice president of networking at Nvidia explained during a press briefing.
Deierling commented that another issue impacting CPU utilization is the way that modern applications are now built. Modern virtualized and container-based applications are no longer single monolithic stacks, but rather are composed with a set of distributed micro-services that consume more CPU cycles.
?“CPU capacity is being consumed both with the security aspects of moving data around and the?massive amounts of east-west traffic to allow these distributed applications to communicate with each other and actually share all of the data,” Deierling said. “So that’s the problem that we’re able to solve with this new BlueField DPU data processing unit integrated with vSphere.”
The new era of DPUs for CPU offload is here
The move toward more usage of DPUs as well as infrastructure processing units (IPUs) is part of an emerging industry trend.
Back on June 21, the Linux Foundation launched a new initiative around DPUs called the Open Programmable Infrastructure Project (OPI), which counts Nvidia, Intel, Dell and Marvell among its members. The goal of OPI is to help develop industry open standards around DPUs and IPUs. Marvell has been building out its own Octeon DPU technology, while Intel has been developing its infrastructure process unit (IPU) approach.
Deierling explained that the Nvidia BlueField is a new class accelerated computing processor that runs the infrastructure software of the data center. The BlueField combines networking accelerators and embedded ARM CPU cores.?
“This combination simplifies infrastructure and management, boosts performance and strengthens security,” Deierling said. “And now this is all fully integrated with VMware vSphere running on the BlueField DPU.”
How Nvidia BlueField will accelerate security and AI for VMware
The new VMware vSphere 8 release will now support Nvidia BlueField2 DPUs which will have a significant impact on networking, storage and AI workloads.
Part of VMware’s overall virtualization platform is the company’s NSX software defined networking technology. NSX in recent years has also played a strong role in VMware’s security strategy, enabling networking isolation and firewall capabilities.
“With the NSX security running on the DPU, enterprises can now put a firewall in every server,” Deierling said.?
The benefit of having an NSX-based firewall with the Nvidia BlueField DPU is that it can help organizations to support zero-trust efforts. The basic idea behind zero trust is to have continuous authentication and pervasive encryption to help protect data. Deierling added that having NSX networking security running on the BlueField DPU also provides a new layer of isolation between the application and the infrastructure processing domains.?
Nvidia also expects that the integration of its DPU technology with VMware’s vSphere will also accelerate AI workloads. Deierling noted that the DPU optimization is fully integrated with Nvidia AI enterprise running on VMware vSphere as both virtual machines and containers.
For developers and existing applications, getting the benefit of the new BlueField-2 DPUs will happen automatically.
“One of the things that we strive to do is preserve all of the existing API’s and interfaces and we’ve worked very closely with VMware,” Deierling said. “The API’s and all of the things that you might use, you’ll call those and then instead of it executing on an x86 CPU, it will actually simply be offloaded and accelerated onto the BlueField-2, so really from an application perspective the consumption of those APIs is identical.”
General availability of the new Dell Technologies servers with Nvidia BlueField-2 DPU and VMware vSphere 8 is set for later this year. Nvidia has also set up an environment with its LaunchPad service to let users virtually try out the technology before it is physically available.
?
?
?
?
?
? Open-source software security is in need of a massive overhaul. So many organizations rely on open-source software to fulfill critical services and operations, but have next to no control over how these components are maintained.?
For this reason, more and more private organizations are stepping up to the plate to help identify and fix vulnerabilities before attackers can exploit them.?
?
领英推荐
?
?
Open-source software security is in need of a massive overhaul. So many organizations rely on open-source software to fulfill critical services and operations, but have next to no control over how these components are maintained.?
For this reason, more and more private organizations are stepping up to the plate to help identify and fix vulnerabilities before attackers can exploit them.?
Just today, Google announced the launch of the Open Source Software Vulnerability Rewards Program (OSS VRP), which offers rewards of up to $31,337 for researchers who can find bugs in the open-source ecosystem.?
The launch highlights that a crowdsourced approach to security has the potential to mitigate vulnerabilities in widely used (but traditionally underfunded and under-maintained) open-source projects, and eliminate potential entry points into enterprise environments.?
Restoring confidence in the software supply chain??
The release of the OSS VRP comes as anxiety over attacks on the software supply chain has reached an all-time high, following the discovery of zero-day vulnerabilities like Log4j and Log4Shell and monumental data breaches impacting providers including SolarWinds and Codecov.?
This anxiety was well-founded, as threat actors were also actively looking to target vulnerabilities in the software supply chain, with attacks targeting the open-source software supply chain increasing 650% between 2020 and 2021.?
When combined together, these factors have severely impacted confidence in the security of open-source software. Research shows that 41% of organizations don’t have high confidence in their open-source software security.?
However, providers like Google are aiming to restore confidence in the software supply chain by financially incentivising researchers to identify and fix vulnerabilities.?
“Google develops and maintains more than ten thousand open source projects. Many of these projects are used extensively in critical infrastructure (e.g. Golang,?Tensorflow). Finding and fixing vulnerabilities in these critical projects will help improve the security posture of the open source ecosystem and other user,” said Open Source Security Technical Program Manager, Francis Perron.
As part of the new initiative, researchers will receive a payout according to the severity of the vulnerability discovered, with the biggest rewards going to those who discover vulnerabilities found in sensitive projects such as Bazel, Angular, Golang, Protocol buffers and Fuchsia.?
It’s worth noting that this announcement comes hot on the heels of Google’s participation in the NIST/NSF/OMB’s U.S. Open-Source Software Security Initiative Workshop and will help it work toward fulfilling the organization’s $10 billion commitment to improving cybersecurity.?
The wider open-source security landscape?
Google isn’t the only organization looking to play a greater role in defining open source security.?
Earlier this year, at the White House Open Source Security Summit II organized by the Linux Foundation?and the Open Source Software Security Foundation (OpenSSF), 90 executives from 37 companies came together to discuss how to secure the open-source supply chain.
At the event, providers including Amazon, Microsoft, Ericsson, Intel, VMware and Google pledged to contribute over $30 million collectively to enhance the security of open-source software.?
At this moment, Microsoft is offering consulting services for the OSS SSC Framework, to help organizations establish a governance program to manage the use of open-source software, yet there is a limited amount of bug bounty programs focused on open-source projects rather than closed product ecosystems.?
The most comparable initiative is HackerOne’s bug bounty program, which rewards researchers for discovering vulnerabilities impacting open-source software projects and offers an average bounty of $500.?
Going forward, we can expect to see more vulnerability disclosure and bug bounty programs come to light as more organizations recognize the value of crowdsource security in reducing the risks of open-source software.
Google launches vulnerability reward program to secure open-source software?
Open-source software security is in need of a massive overhaul. So many organizations rely on open-source software to fulfill critical services and operations, but have next to no control over how these components are maintained.?
For this reason more and more private organizations are stepping up to the plate to help identify and fix vulnerabilities before attackers can exploit them.?
Just today, Google announced the launch of the Open Source Software Vulnerability Rewards Program (OSS VRP), which offers rewards of up to $31,337 for researchers who can find bugs in the open-source ecosystem.?
The launch highlights that a crowdsourced approach to security has the potential to mitigate vulnerabilities in widely used (but traditionally underfunded and under maintained) open-source projects, and eliminate potential entry points into enterprise environments.?
Restoring confidence in the software supply chain??
The release of the OSS VRP comes as anxiety over attacks on the software supply chain has reached an all-time high, following the discovery of zero-day vulnerabilities like Log4j and Log4Shell and monumental data breaches impacting providers including SolarWinds and Codecov.?
This anxiety was well-founded, as threat actors were also actively looking to target vulnerabilities in the software supply chain, with attacks targeting the open-source software supply chain increasing 650% between 2020 and 2021.?
When combined together, these factors have severely impacted confidence in the security of open-source software. Research shows that 41% of organizations don’t have high confidence in their open-source software security.?
However, providers like Google are aiming to restore confidence in the software supply chain by financially incentivizing researchers to identify and fix vulnerabilities.?
As part of the new initiative, researchers will receive a payout according to the severity of the vulnerability discovered, with the biggest rewards going to those who discover vulnerabilities found in sensitive projects such as Bazel, Angular, Golang, Protocol buffers and Fuchsia.?
It’s worth noting that this announcement comes hot on the heels of Google’s participation in the NIST/NSF/OMB’s U.S. Open-Source Software Security Initiative Workshop, and will help it work toward fulfilling the organization’s $10 billion commitment to improving cybersecurity.?
The wider open-source security landscape?
Google isn’t the only organization looking to play a greater role in defining open-source security.?
Earlier this year, at the White House Open Source Security Summit II organized by the Linux Foundation and the Open Source Software Security Foundation (OpenSSF), 90 executives from 37 companies came together to discuss how to secure the open-source supply chain.
At the event, providers including Amazon, Microsoft, Ericsson, Intel, VMware and Google pledged to contribute over $30 million collectively to enhance the security of open-source software.?
Currently, Microsoft is offering consulting services for the OSS SSC Framework, to help organizations establish a governance program to manage the use of open-source software, yet there is a limited amount of bug bounty programs focused on open-source projects rather than closed product ecosystems.?
The most comparable initiative is HackerOne’s bug bounty program, which rewards researchers for discovering vulnerabilities impacting open-source software projects and offers an average bounty of $500.?
Going forward, we can expect to see more vulnerability disclosure and bug bounty programs come to light as more organizations recognize the value of crowdsource security in reducing the risks of open-source software.
?
????
.