Welcome!

@CloudExpo Authors: Elizabeth White, Ed Featherston, Liz McMillan, Pat Romanski, William Schmarzo

Related Topics: Containers Expo Blog, Industrial IoT, Microservices Expo, IoT User Interface, @CloudExpo, Apache

Containers Expo Blog: Blog Feed Post

Bare Metal Blog: FPGAs - The Benefits and Risks

The use of FPGAs, the risks, trade-offs, and benefits to IT

I was talking with the team working on our yard – they’re putting in new sidewalks and a patio, amongst other things – and we got on the subject of gutters. When we bought this house, it came with no gutters, and that has, over time, caused some serious damage to the base of the house. Wood and plaster do not take it well when water pours down on them at the rate that, oh, say melting snow in the spring sends it down. So I had them get us an estimate for gutters on the entire house. Some of the work they’re estimating is running the gutters right to the storm drain, which is not normally cheap, but they had both the front and back yards all ripped up, so it is a good time to do it, both cheaper and less messy, since the mess is already there.

imageSo I told them to do it, because I don’t want the sod they’re going to lay to be ripped up in a year when we decide to put the gutters on, and certainly don’t want them to rip up the patio and sidewalks they’re putting in now just to lay pipe later – that would be nearly impossible.

And that, in a nutshell, is the same reason why FPGAs are used in a lot of high-tech firms. If the device is my yard/sidewalks, and I have to choose between a custom ASIC versus an FPGA, the custom ASIC would require me to rip up the yard later, while the FPGA is planning ahead for change.

Sidewalk with pipes under itLet me explain. With an FPGA, the circuits are programmed. Not like software, but code sets up the circuits, and then they are pretty equivalent to having them be hard-wired. With an ASIC, they really are hard-wired. So six months later, a change to the system – be it added functionality or fixes to existing logic – will be far easier with an FPGA than an ASIC. With an FPGA, the design file is opened, the changes made and tested, then the config is compiled and delivered to manufacturing. At that point, the devices produced with the new config file will have the new functionality. With ASICs, you change the design, send it to a manufacturing shop, wait for the shop to produce a small run (working it into their schedule that is), test the result, and then do a full production run. Then the new ASIC has to be put on the assembly line to replace the old ASIC. The difference is astronomical in terms of time required and even more so in terms of cost.

Of course there are some trade-offs. Every architectural choice results in trade-offs, and anyone who tells you differently is indeed trying to sell you something, and they don’t want to admit the trade-offs used to produce what they’re selling.

One of the big concerns out there about FPGAs is that they’re less secure. In the most vague, general sense, this is true. But in practical use scenarios, it most certainly isn’t. Here are the concerns, and why they’re over-rated (note that these notes are adapted from responses to my questions put to Clint Harames of F5<’s most excellent FPGA team, I cannot vouch for other production except to say the other teams I was involved with outside of F5 were similar):

  • It’s field programmable! What if it gets modified? In F5’s case, none of the programmability is accessible from the outside. There is no Ethernet or coding hack that can reprogram it, because that functionality is not accessible. Other vendors work to a differing standard, so definitely worth checking, though I would remind you that it is almost never going to be as easy to hack an FPGA as it is to hack software or COTS hardware.
  • Okay, but can’t it be erased and destroy the device? In theory yes (though erasing it is only effective until the next boot – non-destructive, so-to-speak), but if “modify” functionality is not accessible, then it can’t be erased easily. The caveat is that there is of course a reset pin on the chip, but if the ne’er-do-well has physical access to your device, time to disassemble the device, and a handy pinout for the FPGA chip you’re using, I’m going to guess you have bigger problems than whether they can reset your FPGA.
  • If it’s programmable, can’t the program be read out and modified? Again, that functionality can be enabled on the chip, and you can check with your device manufacturer to see if they leave it enabled for production devices. Remember, it is a twofold story here, in F5’s case, we don’t generally want to reprogram production devices and don’t want to make reverse engineering our product any easier than it has to be, while we want to protect you from someone modifying a production device. So when the design is done and meets all test criteria, we at F5 turn access to this functionality off completely before shipping product is produced. Definitely worth checking with your vendor to find out what they are doing.

Again, your vendor may do things differently, if, for some reason they need the ability to reprogram the FPGA in your device.

For you, the IT staffer, the benefits are pretty straight-forward. The device you purchase will be closer to “up to date” because of the time-to-market benefits of FPGAs, it will be cheaper because of the reduced up-front costs (note that like everything involving costs, economies of scale can change the “cheaper” part to be untrue, depending upon the costs involved), and the resulting device will be far, far faster than the equivalent processing done on a general purpose CPU. In the end, it is hardware doing the processing, and FPGAs have concurrency that general purpose CPUs can only match with a huge number of cores, even then since the OS handles the scheduling on a general purpose CPU, many cores does not normally make up the performance difference.

There are some who think the advent of virtualization and virtualized appliances should curb the use of FPGAs, as the virtual version has to include all the functionality. While this is, on the surface, a reasonable argument, it has a flaw. FPGAs are MUCH faster than software will ever be, let alone a VM running on a host with who-knows-how-many other VMs sharing its resources. So in cases like F5, where there is a hardware and a software version, the key is to be able to run in both. TMOS, F5’s OS for traffic management, uses hardware if available, software if not. This offers the best of both worlds – acceptable traffic management in a VM, and high-performance traffic management in hardware.

Next time I’ll delve into specific functionality that on our hardware platforms is implemented in FPGA, and how that helps you do your job in IT, today was more of a “what are the risks, what are the benefits” in a generic sense.

Read the original blog entry...

More Stories By Don MacVittie

Don MacVittie is currently a Senior Solutions Architect at StackIQ, Inc. He is also working with Mesamundi on D20PRO, and is a member of the Stacki Open Source project. He has experience in application development, architecture, infrastructure, technical writing, and IT management. MacVittie holds a B.S. in Computer Science from Northern Michigan University, and an M.S. in Computer Science from Nova Southeastern University.

@CloudExpo Stories
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, will compare the Jevons Paradox to modern-day enterprise IT, e...
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Whether they’re located in a public, private, or hybrid cloud environment, cloud technologies are constantly evolving. While the innovation is exciting, the end mission of delivering business value and rapidly producing incremental product features is paramount. In his session at @DevOpsSummit at 19th Cloud Expo, Kiran Chitturi, CTO Architect at Sungard AS, will discuss DevOps culture, its evolution of frameworks and technologies, and how it is achieving maturity. He will also cover various st...
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Bradley Holt, Developer Advocate a...
SYS-CON Events announced today that Niagara Networks will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
SYS-CON Events announced today that Secure Channels will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The bedrock of Secure Channels Technology is a uniquely modified and enhanced process based on superencipherment. Superencipherment is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm.
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
So, you bought into the current machine learning craze and went on to collect millions/billions of records from this promising new data source. Now, what do you do with them? Too often, the abundance of data quickly turns into an abundance of problems. How do you extract that "magic essence" from your data without falling into the common pitfalls? In her session at @ThingsExpo, Natalia Ponomareva, Software Engineer at Google, provided tips on how to be successful in large scale machine learning...
If you had a chance to enter on the ground level of the largest e-commerce market in the world – would you? China is the world’s most populated country with the second largest economy and the world’s fastest growing market. It is estimated that by 2018 the Chinese market will be reaching over $30 billion in gaming revenue alone. Admittedly for a foreign company, doing business in China can be challenging. Often changing laws, administrative regulations and the often inscrutable Chinese Interne...
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
SYS-CON Events announced today that eCube Systems, a leading provider of middleware modernization, integration, and management solutions, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. eCube Systems offers a family of middleware evolution products and services that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the protocols that communicate data and the emerging data analy...
Fifty billion connected devices and still no winning protocols standards. HTTP, WebSockets, MQTT, and CoAP seem to be leading in the IoT protocol race at the moment but many more protocols are getting introduced on a regular basis. Each protocol has its pros and cons depending on the nature of the communications. Does there really need to be only one protocol to rule them all? Of course not. In his session at @ThingsExpo, Chris Matthieu, co-founder and CTO of Octoblu, walk you through how Oct...
We’ve been doing it for years, decades for some. How many websites have you created accounts on? Your bank, your credit card companies, social media sites, hotels and travel sites, online shopping sites, and that’s just the start. We do it often without even thinking about it, quickly entering our personal information, our data, in a plethora of systems. Sometimes we’re not even aware of the information we are providing. It could be very personal information (think of the security questions you ...