For CSPs looking to grow their businesses, innovation is essential. PhoenixNAP is working with Intel and VMware to build a cloud solution with enhanced security, incorporating features from the latest Intel® Xeon® Scalable processors and the latest version of the virtualization platform VMware vSphere*. Intel gave phoenixNAP pre-launch access to its new processors, and helped phoenixNAP to identify the business opportunity. This new initiative follows the successful launch of a media transcoding service previously, developed by Intel and phoenixNAP.
“Intel provides CSPs with the ultimate solutions for their business, but it’s not just about the technology. The company also backs it up with ideas and marketing support to help CSPs to build their business, and find new customers.” - William Bell, vp of Products, phoenixNAP
- PhoenixNAP needed to develop new services to differentiate its virtualization offering.
- The data center supporting the new services needed to deliver exceptional performance, to take on the additional processing required by enhanced security without adversely affecting the customer experience.
- Reaching new customers in the fiercely competitive cloud computing sector is difficult.
- PhoenixNAP, Intel, and VMware are developing the Data Security Cloud, which provides the flexibility of cloud computing, backed with security management services.
- A software-defined data center was built using VMware vSphere* 6.5.
- The new Intel Xeon Scalable processor delivers the performance required, and enhanced hardware security features.
Technical Components of Solution
- VMware vSphere* 6.5. The latest version of VMware’s virtualization platform features a simplified experience, and comprehensive built-in security features.
- VMware NSX* Network Virtualization and Security Platform. NSX enables networks to be created in software and embeds them in the hypervisor layer, abstracted from the physical hardware.
- Intel® Xeon® Gold 6142 processor. The new Intel Xeon Scalable processor family represents the latest evolutionary leap forward in disruptive data center design for CSPs, with significant platform innovations across compute, storage, and network infrastructure to accelerate service delivery and efficiency.
- Intel® Solid-State Drives (Intel® SSD) DC P3520 Series. Intel® SSDs set the standard for storage performance, stability, efficiency, and low power consumption. In the phoenixNAP data center, they are used to accelerate the performance of virtual machines.
- Intel® Ethernet Converged Network Adapter X550 (Intel® Ethernet CNA X550). This adapter hosts the Intel® Ethernet X550 Controller a low-cost, single-chip 10GBASE-T solution for today’s server platforms. It simplifies migration to 10GbE with backward compatibility for the existing GbE network infrastructure.
- The solution is being launched in cooperation with Intel and VMware, enabling phoenixNAP to reach more customers.
- Close cooperation with Intel enabled phoenixNAP to access hardware, Intel engineering expertise, and bespoke financial modelling to help optimize the virtual machine density in the data center.
- PhoenixNAP has previously enhanced its reputation by developing and marketing other solutions with Intel.
Enhancing Security in the Cloud
There are intense competitive pressures in the market for Infrastructure as a Service (IaaS), and it can be difficult for CSPs to compete on the quality of the infrastructure when others are competing purely on price. To grow, CSPs need to be able to offer additional services on top of the infrastructure, which assist customers with their core business challenges, and clearly differentiate the CSP.
Over the last five years, phoenixNAP has transitioned from being a regional CSP in the south-west U.S., to offering cloud and data center services globally. Its customers typically have a turnover of between USD1 million and USD1 billion: companies big enough to benefit from phoenixNAP’s service offering, but not so big as to have their own data center infrastructure. PhoenixNAP’s service portfolio includes cloud, dedicated server, colocation, and IaaS.
Virtualization customers most frequently host their back office applications with phoenixNAP, including Microsoft Sharepoint*, enterprise resource planning (ERP) solutions and financial applications. Because phoenixNAP has a partnership with VMware, new customers typically migrate from an on-premises VMware environment, to phoenixNAP’s Infrastructure as a Service.
Managing the security on a multitenant infrastructure can be challenging for cloud customers: it requires engineers to establish and monitor security policies; analysts to review the data generated by the security tools; and architects who can build security features into the core of the infrastructure. For businesses of the size of phoenixNAP’s customers, it’s difficult to find the substantial investment required for the security tools and talent.
PhoenixNAP identified an opportunity to differentiate its service offering through new enhanced security services. The challenge would be to ensure an infrastructure stack that would enable these new security offerings without sacrificing performance or customer experience, while maintaining competitive pricing. Given the fierce competition in the Cloud Service Provider industry, one of the biggest challenges is marketing. PhoenixNAP needed an effective way to get the word out about its new services.
Introducing PheonixNAP Data Security Cloud*
PhoenixNAP is working with Intel and VMware to develop a multitenant virtualization infrastructure with enhanced security, called the Data Security Cloud. The Data Security Cloud provides customers with a virtualization solution that not only includes security monitoring tools, but is also backed with staff who can monitor and manage the security. As such, it solves both the tooling and staffing challenges that customers have in improving the security of their virtual machines. Customers benefit from having a single interface for managing the infrastructure, with simplified firewall, storage and server set-up. PhoenixNAP provides a consultative onboarding process, with its experts managing the migration to its cloud environment.
The security tools include a security information and event management (SIEM) system, with log monitoring and intrusion detection. If there is an incident where security may have been compromised, phoenixNAP can alert the customer or intervene directly on the customer’s behalf. PhoenixNAP also uses tools that work across the multitenant cloud environment for threat management, logging and alerting. Antivirus is provided for the operating systems on virtual machines, helping to keep customers in compliance with the Payment Card Industry Data Security Standard (PCI DSS) which requires antivirus to be on any system that touches card data. PhoenixNAP also participates in ThreatConnect, a single threat intelligence platform where members can aggregate their threat data to identify risks more quickly.
PhoenixNAP is building the solution using Supermicro servers, based on the new Intel Xeon Gold 6142 processor, which enables phoenixNAP to enhance the security in its solutions. Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) is being used to accelerate encryption of virtual machines. Intel and VMware have worked together to incorporate optimizations for Intel® architecture in VMware vSphere, so that encryption algorithms are passed to Intel® AES-NI for improved hardware-optimized performance.
The Data Security Cloud aims to provide an optimal platform to support highly scalable and compliance-sensitive production environments. PhoenixNAP is able to support these workloads by utilizing Intel’s hardware in combination with features in VMware NSX* Network Virtualization and Security Platform. Security, scalability and performance are a priority for phoenixNAP customers, so phoenixNAP uses these features to create a software defined data center (SDDC) solution. This utilizes Intel’s underlying hardware architecture to enable a higher density of virtual machines and faster packet processing, along with offering security features such as Intel® Trusted Execution Technology (Intel® TXT) and trusted platform module (TPM). With the addition of VMware NSX features that allow full micro segmentation to improve security, portability and management, phoenixNAP helps its customers run more secure environments and adopt Zero Trust policies.
The solution is being launched in cooperation with Intel and VMware, helping phoenixNAP to reach a larger potential customer base than it could alone.
Solution Architecture: Data Security Cloud
The solution is based on Supermicro BigTwin servers, which offer four compute nodes and eight Intel® Xeon® Gold 6142 processors in a 2U form factor, running VMware vSphere 6.5. The performance of the server is further enhanced with Intel® Solid State Drive Data Center P3520 Series, which speed up the performance of page tabling, used for managing multiple virtual machines on the same hardware. The Intel Ethernet Converged Network Adapter X550 is used to enable 10Gb networking.
The Data Security Cloud is based on a software defined data center (SDDC), which provides rapid scalability. VMware NSX manages the SDDC’s resources, including the pool of servers used for compute, and the storage pool, which is based on flash storage arrays. Using the SDDC, phoenixNAP is able to avoid the time taken for delivery, installation and testing of proprietary hardware components such as firewalls because these are provided as software features that can be quickly scaled out by allocating new standard hardware resources to them. The architecture uses clusters of resources, and the hypervisor determines where each virtual machine is best suited to run, dynamically reallocating its resources as necessary. Customers rent a pool of resources, which is stretched across the infrastructure to offer a more predictable level of performance. VMware vSphere takes care of resource allocation, and VMware vCenter Server* provides a centralized platform for managing the virtualized environment. The VMware vCloud Director* framework enables customers to consume resources using self-service.
Software from Arista Networks acts as the interface between the legacy network and the software defined data center.
Figure 1: The solution architecture for the software defined data center used for the Data Security Cloud
Alliance with Intel Helps phoenixNAP Grow
PhoenixNAP has a close cooperation with Intel, which has helped it to enhance the security and performance of its virtualization platform. An Intel engineer with deep VMware expertise helped phoenixNAP to identify features in the newest releases of VMware NSX and how they would work with the then upcoming Intel Xeon Scalable processor. Intel, Supermicro and phoenixNAP worked together to develop a proof of concept.
Intel expertise also helped with the business case: using benchmarks and knowledge of phoenixNAP’s workloads, the team was able to advise on the increased performance that the new processor could deliver for phoenixNAP when used with VMware vSphere, helping phoenixNAP to optimize its virtual machine density. The Intel team put together a financial analysis too, which helped phoenixNAP to determine the most suitable processor for its data center.
A close cooperation with Intel has enabled phoenixNAP to begin work on developing the Data Security Cloud as early as possible, helping it to cut its time to market.
PhoenixNAP and Intel invest in marketing together to bring solutions to market. For example, phoenixNAP has previously worked with Intel to deliver cloud solutions for digital transcoding of media, and to present them at the IBC international broadcasting trade show in Amsterdam.
Intel Supports phoenixNAP in Growing Business
The launch of the Data Security Cloud, in cooperation with Intel and VMware, is helping phoenixNAP differentiate its business and give customers new capabilities to protect their sensitive workloads in the cloud.
“Intel has been an amazing ally, helping us to drive innovation into our platform and pushing us to grow our business in ways we hadn’t thought about,” said Bell. “Intel continues to shape the landscape in terms of performance and consolidation, and innovations that help CSPs to make more money.” - William Bell, vp of Products, phoenixNAP
The key lessons that Cloud Service Providers can learn from phoenixNAP’s experience are:
- The Intel Xeon Scalable processor introduces new capabilities to improve security and performance, which can enable CSPs to enhance and differentiate their service offering.
- By partnering with Intel, CSPs can get access to hardware as early as possible and tap into Intel’s engineering expertise.
- Intel works with CSPs to help them to develop and market their cloud solutions, enabling them to reach more prospective customers through trade shows and other Intel promotional activities.
Spotlight on phoenixNAP
Founded in 2009, phoenixNAP is a global IT services provider offering cloud, dedicated server, colocation and IaaS technology solutions. PhoenixNAP is a Premier Service Provider in the VMware vCloud Air* Network Program and is a PCI DSS Validated Service Provider. Its flagship facility in Phoenix, Arizona, is Service Organization Controls (SOC) Type 1 and SOC Type 2 audited.