VMware Inc.’s Project Monterey, introduced this week at the company’s virtual VMworld event, will ultimately do a lot more than just make data center hardware more efficient. It’s actually a completely new approach to deploying and securing data center resources.

“You can put a whole data center on a chip,” Tom Gillis (pictured), general manager of networking and security at the virtualization giant, said in an interview with SiliconANGLE. “It’s the full VMware stack running on a NIC,” short for a network interface card.

Or, more precisely, a SmartNIC, which is a network interface card outfitted with an embedded microprocessor that offloads functions from the host. VMware is initially partnering with Intel Corp., Nvidia Corp. and Pensando Systems Inc. on hardware for the project but expects to sign on others in the future, Gillis said.

SmartNICs can take over a wide variety of tasks from the host CPU such as retrieving data from storage, tapping into memory on other devices and parceling out tasks to graphics processing units. That enables the CPU to attend to more important tasks while also empowering it to use resources elsewhere on the network via SmartNICs.

GPUs, which are now widely used in machine learning applications, are an initial target. Having multiple GPUs on a system can tax central processors by bogging them down with management tasks that can be handed off to co-processors on the NIC.

The same goes for data processing units, which are a relatively new kind of microprocessor that’s optimized for data processing. As other processor types come on the market, they will also become resources for VMware-enabled SmartNICs to use, Gillis said.

Perhaps the more important potential short-term potential of Project Monterey is to redefine the way cybersecurity is done. Software-defined networks replace black box hardware firewalls with software, which be copied and configured for particular uses. The SmartNIC can deploy these firewalls to guard anything from a database to a software container to a microservice, Gillis said.

“Imagine you could create a little tiny firewall and a little tiny [intrusion prevention system] and attach it to each service,” he said. “You can create very tight controls that prevent lateral movement.” That’s the scenario in which an attacker gains access to a network and then moves around to steal data or plant malware without detection.

Cloud platform providers already use SmartNICs and a similar distributed processing architecture within their infrastructure. With Project Monterey, VMware is aiming to make the same capabilities available to any data center.

Indeed, VMware Chief Executive Pat Gelsinger said during VMworld that Monterey is nothing less than a “major rearchitecture of vSphere itself.” VSphere is the umbrella for the company’s virtualized data center platform available as a cloud service.

Security will be a huge selling point, Gillis said. “With edge computing the whole idea of the hard perimeter is going away,” he said. “We have to think about protecting our data.”

Most security experts now agree that perimeter protection is futile. Every network will be breached, so the attention should be on how to limit the damage an intruder can do.

“We’re going to just assume you’ve been compromised so we want to make it really hard for the intruders to stay,” Gillis said. “The best places to do that is on the endpoint and in the network.”

VMware isn’t saying when Project Monterey will bear fruit, but with the full vSphere stack running on an Arm microprocessor inside a network card, it’s safe to say there’s a lot more to come.

Photo: SiliconANGLE