|By Don MacVittie||
|November 26, 2012 08:00 AM EST||
I was talking with the team working on our yard – they’re putting in new sidewalks and a patio, amongst other things – and we got on the subject of gutters. When we bought this house, it came with no gutters, and that has, over time, caused some serious damage to the base of the house. Wood and plaster do not take it well when water pours down on them at the rate that, oh, say melting snow in the spring sends it down. So I had them get us an estimate for gutters on the entire house. Some of the work they’re estimating is running the gutters right to the storm drain, which is not normally cheap, but they had both the front and back yards all ripped up, so it is a good time to do it, both cheaper and less messy, since the mess is already there.
So I told them to do it, because I don’t want the sod they’re going to lay to be ripped up in a year when we decide to put the gutters on, and certainly don’t want them to rip up the patio and sidewalks they’re putting in now just to lay pipe later – that would be nearly impossible.
And that, in a nutshell, is the same reason why FPGAs are used in a lot of high-tech firms. If the device is my yard/sidewalks, and I have to choose between a custom ASIC versus an FPGA, the custom ASIC would require me to rip up the yard later, while the FPGA is planning ahead for change.
Let me explain. With an FPGA, the circuits are programmed. Not like software, but code sets up the circuits, and then they are pretty equivalent to having them be hard-wired. With an ASIC, they really are hard-wired. So six months later, a change to the system – be it added functionality or fixes to existing logic – will be far easier with an FPGA than an ASIC. With an FPGA, the design file is opened, the changes made and tested, then the config is compiled and delivered to manufacturing. At that point, the devices produced with the new config file will have the new functionality. With ASICs, you change the design, send it to a manufacturing shop, wait for the shop to produce a small run (working it into their schedule that is), test the result, and then do a full production run. Then the new ASIC has to be put on the assembly line to replace the old ASIC. The difference is astronomical in terms of time required and even more so in terms of cost.
Of course there are some trade-offs. Every architectural choice results in trade-offs, and anyone who tells you differently is indeed trying to sell you something, and they don’t want to admit the trade-offs used to produce what they’re selling.
One of the big concerns out there about FPGAs is that they’re less secure. In the most vague, general sense, this is true. But in practical use scenarios, it most certainly isn’t. Here are the concerns, and why they’re over-rated (note that these notes are adapted from responses to my questions put to Clint Harames of F5<’s most excellent FPGA team, I cannot vouch for other production except to say the other teams I was involved with outside of F5 were similar):
- It’s field programmable! What if it gets modified? In F5’s case, none of the programmability is accessible from the outside. There is no Ethernet or coding hack that can reprogram it, because that functionality is not accessible. Other vendors work to a differing standard, so definitely worth checking, though I would remind you that it is almost never going to be as easy to hack an FPGA as it is to hack software or COTS hardware.
- Okay, but can’t it be erased and destroy the device? In theory yes (though erasing it is only effective until the next boot – non-destructive, so-to-speak), but if “modify” functionality is not accessible, then it can’t be erased easily. The caveat is that there is of course a reset pin on the chip, but if the ne’er-do-well has physical access to your device, time to disassemble the device, and a handy pinout for the FPGA chip you’re using, I’m going to guess you have bigger problems than whether they can reset your FPGA.
- If it’s programmable, can’t the program be read out and modified? Again, that functionality can be enabled on the chip, and you can check with your device manufacturer to see if they leave it enabled for production devices. Remember, it is a twofold story here, in F5’s case, we don’t generally want to reprogram production devices and don’t want to make reverse engineering our product any easier than it has to be, while we want to protect you from someone modifying a production device. So when the design is done and meets all test criteria, we at F5 turn access to this functionality off completely before shipping product is produced. Definitely worth checking with your vendor to find out what they are doing.
Again, your vendor may do things differently, if, for some reason they need the ability to reprogram the FPGA in your device.
For you, the IT staffer, the benefits are pretty straight-forward. The device you purchase will be closer to “up to date” because of the time-to-market benefits of FPGAs, it will be cheaper because of the reduced up-front costs (note that like everything involving costs, economies of scale can change the “cheaper” part to be untrue, depending upon the costs involved), and the resulting device will be far, far faster than the equivalent processing done on a general purpose CPU. In the end, it is hardware doing the processing, and FPGAs have concurrency that general purpose CPUs can only match with a huge number of cores, even then since the OS handles the scheduling on a general purpose CPU, many cores does not normally make up the performance difference.
There are some who think the advent of virtualization and virtualized appliances should curb the use of FPGAs, as the virtual version has to include all the functionality. While this is, on the surface, a reasonable argument, it has a flaw. FPGAs are MUCH faster than software will ever be, let alone a VM running on a host with who-knows-how-many other VMs sharing its resources. So in cases like F5, where there is a hardware and a software version, the key is to be able to run in both. TMOS, F5’s OS for traffic management, uses hardware if available, software if not. This offers the best of both worlds – acceptable traffic management in a VM, and high-performance traffic management in hardware.
Next time I’ll delve into specific functionality that on our hardware platforms is implemented in FPGA, and how that helps you do your job in IT, today was more of a “what are the risks, what are the benefits” in a generic sense.
Application availability is not just the measure of “being up”. Many apps can claim that status. Technically they are running and responding to requests, but at a rate which users would certainly interpret as being down. That’s because excessive load times can (and will be) interpreted as “not available.” That’s why it’s important to view ensuring application availability as requiring attention to all its composite parts: scalability, performance, and security.
Oct. 10, 2015 12:00 PM EDT Reads: 444
In their session at DevOps Summit, Asaf Yigal, co-founder and the VP of Product at Logz.io, and Tomer Levy, co-founder and CEO of Logz.io, will explore the entire process that they have undergone – through research, benchmarking, implementation, optimization, and customer success – in developing a processing engine that can handle petabytes of data. They will also discuss the requirements of such an engine in terms of scalability, resilience, security, and availability along with how the archi...
Oct. 10, 2015 12:00 PM EDT Reads: 413
DevOps has often been described in terms of CAMS: Culture, Automation, Measuring, Sharing. While we’ve seen a lot of focus on the “A” and even on the “M”, there are very few examples of why the “C" is equally important in the DevOps equation. In her session at @DevOps Summit, Lori MacVittie, of F5 Networks, will explore HTTP/1 and HTTP/2 along with Microservices to illustrate why a collaborative culture between Dev, Ops, and the Network is critical to ensuring success.
Oct. 10, 2015 12:00 PM EDT Reads: 173
Our guest on the podcast this week is Jason Bloomberg, President at Intellyx. When we build services we want them to be lightweight, stateless and scalable while doing one thing really well. In today's cloud world, we're revisiting what to takes to make a good service in the first place. Listen in to learn why following "the book" doesn't necessarily mean that you're solving key business problems.
Oct. 10, 2015 12:00 PM EDT Reads: 2,242
Overgrown applications have given way to modular applications, driven by the need to break larger problems into smaller problems. Similarly large monolithic development processes have been forced to be broken into smaller agile development cycles. Looking at trends in software development, microservices architectures meet the same demands. Additional benefits of microservices architectures are compartmentalization and a limited impact of service failure versus a complete software malfunction....
Oct. 10, 2015 11:30 AM EDT Reads: 285
For it to be SOA – let alone SOA done right – we need to pin down just what "SOA done wrong" might be. First-generation SOA with Web Services and ESBs, perhaps? But then there's second-generation, REST-based SOA. More lightweight and cloud-friendly, but many REST-based SOA practices predate the microservices wave. Today, microservices and containers go hand in hand – only the details of "container-oriented architecture" are largely on the drawing board – and are not likely to look much like S...
Oct. 10, 2015 11:00 AM EDT Reads: 537
The last decade was about virtual machines, but the next one is about containers. Containers enable a service to run on any host at any time. Traditional tools are starting to show cracks because they were not designed for this level of application portability. Now is the time to look at new ways to deploy and manage applications at scale. In his session at @DevOpsSummit, Brian “Redbeard” Harrington, a principal architect at CoreOS, will examine how CoreOS helps teams run in production. Attende...
Oct. 10, 2015 11:00 AM EDT Reads: 1,281
Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? In his session at DevOps Summit, Fred Simon, Co-founder and Chief Architect of JFrog, will demonstrate how to implement a promotion model for Docker images using a binary repository, and then show h...
Oct. 10, 2015 11:00 AM EDT Reads: 229
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approa...
Oct. 10, 2015 10:00 AM EDT Reads: 183
With containerization using Docker, the orchestration of containers using Kubernetes, the self-service model for provisioning your projects and applications and the workflows we built in OpenShift is the best in class Platform as a Service that enables introducing DevOps into your organization with ease. In his session at DevOps Summit, Veer Muchandi, PaaS evangelist with RedHat, will provide a deep dive overview of OpenShift v3 and demonstrate how it helps with DevOps.
Oct. 10, 2015 10:00 AM EDT Reads: 691
What Is Emergent About Emergent Architecture? By @TheEbizWizard | @DevOpsSummit #DevOps #BigData #API
All we need to do is have our teams self-organize, and behold! Emergent design and/or architecture springs up out of the nothingness! If only it were that easy, right? I follow in the footsteps of so many people who have long wondered at the meanings of such simple words, as though they were dogma from on high. Emerge? Self-organizing? Profound, to be sure. But what do we really make of this sentence?
Oct. 10, 2015 08:00 AM EDT Reads: 430
Containers are changing the security landscape for software development and deployment. As with any security solutions, security approaches that work for developers, operations personnel and security professionals is a requirement. In his session at @DevOpsSummit, Kevin Gilpin, CTO and Co-Founder of Conjur, will discuss various security considerations for container-based infrastructure and related DevOps workflows.
Oct. 10, 2015 06:00 AM EDT Reads: 283
There once was a time when testers operated on their own, in isolation. They’d huddle as a group around the harsh glow of dozens of CRT monitors, clicking through GUIs and recording results. Anxiously, they’d wait for the developers in the other room to fix the bugs they found, yet they’d frequently leave the office disappointed as issues were filed away as non-critical. These teams would rarely interact, save for those scarce moments when a coder would wander in needing to reproduce a particula...
Oct. 10, 2015 05:00 AM EDT Reads: 345
Last month, my partners in crime – Carmen DeArdo from Nationwide, Lee Reid, my colleague from IBM and I wrote a 3-part series of blog posts on DevOps.com. We titled our posts the Simple Math, Calculus and Art of DevOps. I would venture to say these are must-reads for any organization adopting DevOps. We examined all three ascpects – the Cultural, Automation and Process improvement side of DevOps. One of the key underlying themes of the three posts was the need for Cultural change – things like t...
Oct. 10, 2015 05:00 AM EDT Reads: 363
It is with great pleasure that I am able to announce that Jesse Proudman, Blue Box CTO, has been appointed to the position of IBM Distinguished Engineer. Jesse is the first employee at Blue Box to receive this honor, and I’m quite confident there will be more to follow given the amazing talent at Blue Box with whom I have had the pleasure to collaborate. I’d like to provide an overview of what it means to become an IBM Distinguished Engineer.
Oct. 10, 2015 04:00 AM EDT Reads: 289
The cloud has reached mainstream IT. Those 18.7 million data centers out there (server closets to corporate data centers to colocation deployments) are moving to the cloud. In his session at 17th Cloud Expo, Achim Weiss, CEO & co-founder of ProfitBricks, will share how two companies – one in the U.S. and one in Germany – are achieving their goals with cloud infrastructure. More than a case study, he will share the details of how they prioritized their cloud computing infrastructure deployments ...
Oct. 10, 2015 03:00 AM EDT Reads: 760
Ten years ago, there may have been only a single application that talked directly to the database and spit out HTML; customer service, sales - most of the organizations I work with have been moving toward a design philosophy more like unix, where each application consists of a series of small tools stitched together. In web example above, that likely means a login service combines with webpages that call other services - like enter and update record. That allows the customer service team to writ...
Oct. 10, 2015 02:45 AM EDT Reads: 476
As we increasingly rely on technology to improve the quality and efficiency of our personal and professional lives, software has become the key business differentiator. Organizations must release software faster, as well as ensure the safety, security, and reliability of their applications. The option to make trade-offs between time and quality no longer exists—software teams must deliver quality and speed. To meet these expectations, businesses have shifted from more traditional approaches of d...
Oct. 10, 2015 02:15 AM EDT Reads: 259
Between the compelling mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at DevOps Summit, Charles Kendrick, CTO and Chief Architect at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how busine...
Oct. 10, 2015 02:00 AM EDT Reads: 328
If you are new to Python, you might be confused about the different versions that are available. Although Python 3 is the latest generation of the language, many programmers still use Python 2.7, the final update to Python 2, which was released in 2010. There is currently no clear-cut answer to the question of which version of Python you should use; the decision depends on what you want to achieve. While Python 3 is clearly the future of the language, some programmers choose to remain with Py...
Oct. 10, 2015 02:00 AM EDT Reads: 284