Composable Disaggregated Infrastructure

Composable Disaggregated Infrastructure

The needs of business IT is continuously changing, steadily driving towards more data, faster processing, lower latency, lower energy consumption, and lower cost per computation.

The shift to cloud enabled companies to rapidly adjust and scale out to meet their requirements for computing, storage and networking. Data centres help to keep capital costs low with their “pay as you go model”, scaling up or down depending on needs without having to purchase or maintain any hardware. The model certainly has many benefits but also some drawbacks.

Cost – CapEx vs OpEx. At some point, the Capital Expense savings will be exceeded by the additional Operating Expenses, even more so with high utilization factors using rented virtual hardware from cloud service providers.

Performance – latency sensitive workloads such as HPC, AI/ML can suffer from being located at a physically distant data centre, affecting the round-trip-time and bandwidth delay product.

Security Risks – it takes a lot of time, cost and effort to secure data being transferred to and from a 3rd party data centre. Data at rest or lingering in dynamic memory on remote virtual servers may be unacceptable risk for some entities, such as government agencies and defence organisations.

In many cases the only way to address these problems is to move data and processing closer together. A CDI, Composable Disaggregated Infrastructure, uses its resource pool of assets to quickly assemble a system configuration that is suited to for any given task. The resources are returned to the pool as soon as the requirement changes or seizes to exist.

Compute             CPU, GPU

Acceleration       FPGA, DPU, IPU

Storage                DDR, Flash, NVMe-oF, HDD

Memory              DDR, PCIe, HDD, Smart SSD,

Network              Ethernet, InfiniBand, CXL, SmartNIC

Composing systems on-demand is an attractive solution that can scale like cloud computing, but offering both low-latency and high-performance at the same time. Management software for these systems gives IT users the ability to define and modify the characteristics of their systems.

Performance      Bare-Metal operates directly on the Hardware, without layers of OS + software  Zero-copy in shared memory architectures benefits from pointer redirection

Flexibility             Create systems that can scale, without constraints of server based systems

Cost                      Reduce underutilization and overprovisioning, fewer idle cycles, lower consumption

Market Opportunities

Market Reaserch suggests that Composable Disaggregated Infrastructure is gaining momentum and is expected to grow strongly. Businesswire, a Berkshire Hathaway company, is forecasting the global composable market to reach USD 5.7B over the next 5 years with CAGR of 28%.

These opportunities have created a number of start-ups, Liqid, Fungible, GigaIO and others that are offering solutions that can manage and combine resources, orchestrate and deploy on-demand. Traditional hardware vendors such as Western digital, HGST, HPE and offering solutions that address needs in this market.

Composable Re-configurable Systems

Composable architectures allow different devices to be added and removed on-demand, and the device must join securely each time with a minimum of time spent on authorization and authentication. The complexity of establishing and maintaining a chain of trust increases in a heterogeneous system as more device classes are allowed. Some of these devices are themselves configurable, such as FPGAs which are commonly used as domain specific accelerators. FPGAs are re-configurable devices that can perform any compute function, subject to the limitations of their logic resources. They can also be configured for a practically endless number of different functions, subject to the contents of the bitstream. We could say that FPGAs are composable at the chip scale.

FPGAs from Intel(Altera) and AMD(Xilinx) can accept partial reconfiguration, PR, which allows resources in each device to be swapped dynamically, on-demand, during run-time. The gives system designers the opportunity to compose even more efficient systems that are better suited for changing needs. However, the number of security threats increase as there are more opportunities for malicious code to enter by frequently loading new logic functions. The system composer must be certain that the function which has been placed into FPGA is the intended function, it has loaded correctly, and that it has not been tampered with. Its authorization and authentication should be quick and just as secure as any other part of the chain of trust.

A Security Solution for FPGA

Chevin Technology has a filed a patent pending (USA, Europe & UK), A METHOD AND SYSTEM FOR PERMITTING ONE OR MORE FEATURES ON A COMPUTER PROGRAM, which is used in the Chevin Technology’s security solution for FPGA IP authorization and authentication. The solution ensures that the intended function is authorized to run on authenticated hardware, and can be included in any FPGA function such as a partially reconfigured logic or an entire FPGA image.

The Auth Server is located on board the FPGA, or a remote location such as a data centre. The Auth Server operates in a trusted environment, such as encrypted HDL, or a trusted remote server.The solution uses a PUF, a Physically Unclonable Function whenever the Auth Server is located within an FPGA. Unique and immutable, it serves as a hardware root of trust that is built into the silicon, and ensures we know which hardware we’re running.

An Auth Client is located inside every function that needs secure protection. Often an FPGA will contain one or more IP cores, each containing an Auth Client that is combined and encrypted along with the function in a trusted environment.

The solution can be deployed on an FPGA with both static and reconfigurable regions that change dynamically. The Auth Server confirms each client’s authenticity and authorizes each function, using a patent pending method that is both quick and secure. The solution protects each feature independently, making sure that only the intended function is running and that it has not been tampered with.

The solution occupies a small amount of FPGA resources and can be scaled to support a large number of reconfigurable functions simultaneously in each FPGA device.