Introduction: In order to support users to resume work and classes online during the COVID-19 outbreak, Tencent Conference expanded 1 million core computing resources in 8 days. Tencent Education has also supported more than 100 million students in China to take online courses. Where business goes, security goes. “New infrastructure” such as 5G, data centers and artificial intelligence on the fast track is driven and guaranteed by computing power and security.
New infrastructure challenges: Security demands computing power
On the “digital soil” of new infrastructure, industrial Internet is being fast-forward. The rapid development of industrial Internet has put forward higher requirements in network, computing power, algorithm and security. From the aspect of network security, due to the unique nature of massive data processing, multi-strategy and multi-scene, and high real-time requirements, the network security under the background of new infrastructure has put forward unprecedented requirements for computing power.
1. Mass data processing
Tencent’s business scale and network traffic are among the world’s first tier. As the safety of the bottom base, it is necessary to have strong computing power to support the smooth sailing of this huge ship. Moreover, hacking attacks can lurk in any small corner of the network. As a result, a security threat to a business can be a fleeting trace in a vast network stream, or an anomaly hidden among billions of digital nodes. In order to fully detect threats and trace their origin, this involves far more computation than normal business.
2. Multi-policy and multi-service scenarios
After more than 20 years of war, Tencent can be said to be one of the world’s largest Internet attack shooting range. In the accumulation of precipitation of massive attack samples at the same time, Tencent has been advancing with The Times to study new attack and defense techniques. In recent years, the enemy tends to cooperate in fighting, from lone Wolf hackers to highly cooperative group army, technical means highly engineered and diversified. In order to cope with the endless attack methods, the magnitude of security policies and defense rules is also increasing rapidly, which brings enormous computing pressure and overhead.
3, high real-time requirements
IoT+5G+IPv6 provides conditions for Internet services with high real-time requirements and high bandwidth demands, and also puts forward higher requirements for security detection and response. In offensive and defensive confrontations, hacking is usually done in milliseconds, which requires the defense to have enough computing power to achieve real-time processing power in milliseconds.
To sum up, high performance and stability determine how many security problems can be solved by the system platform, as well as the reliability of security perception and response ability. In this sense, the development of computing power has brought great improvement to security protection, and powerful computing power helps build security capabilities as strong as steel.
Tencent security technology collaboration practice: multi-dimensional exploration of software and hardware to break through the limit of computing power
Under the new infrastructure, with the diversified evolution of Tencent’s cloud business scenarios, the huge scale of traffic from emerging formats such as IoT devices has put forward increasingly stringent requirements on the support of computing power for “the first line of defense of network security”. In order to meet the increasing demand of cloud services for traffic computing, Tencent TEG Security Platform Department, together with Tencent Cloud Xingxinghai, Cloud Ding Lab and other teams, has made a lot of attempts and practices in hardware customization optimization, operation mechanism upgrade and other aspects.
1. Tencent Cloud Xingxinghai server customization optimization, single performance increased by 300%
At the hardware level, with the help of Tencent Cloud Xingxinghai AMD models bring strong computing power, Tencent T-SEC network intrusion protection system in 2019 single-core TCO decreased by 46%. By adapting new models in 2020, the single-machine performance will be improved by 3 times, the single-core TCO will be reduced by 20%, and the detection cost of network traffic per 10G will be reduced by 57%. Therefore, through software and hardware co-adaptation and technological exploration, the huge cost reduction and efficiency enhancement benefits based on Tencent Cloud Xingxinghai server are finally realized.
2. Upgrade the operation mechanism to achieve a 10-fold leap in platform performance
In terms of operation mechanism, the security r&d team abandoned the traditional thinking and independently researched and developed the industry’s leading run-time compilation technology. By upgrading the operating mechanism, the platform performance has been improved by a full 10 times, and the technology has been awarded more than 30 national patents. With high performance of honing force, platform of network traffic to further improve coverage, support terabytes two-way mirror the global flow across the Region, with microsecond network protocol parsing and millisecond flow analysis ability, support of computing peak initial version upgrade more than 50 times, year-on-year growth of 70%, supporting processing flow.
Extend security capability with computing power: Not only “escort”, but also “combustion”
Computing power drives the quality, efficiency and potential of network security. For the digital industry, security with strong computing power is not only a “escort” role, but also a “fuel” for business development.
In a growing work force, tencent reference data from data warehouse to lake architecture to upgrade ideas, with the aid of AI algorithm and the underlying the research and development technology, realize the global source multiprotocol traffic real-time acquisition, processing, analysis, produce clear clean, have business tags and attributes of the fingerprint data effectively, a classification of intelligent computing marking traffic data, Therefore, it can provide more comprehensive, accurate, real-time and valuable business decision basis for different businesses.
At present, the output of core capabilities of Tencent network intelligent PaaS and the technology linkage and coordination mechanism have played a positive role in Tencent cloud and internal business practice. For example, the joint security Platform Department of Yunding Laboratory, based on the processing capacity of massive network traffic, has effectively realized the precise attack and compliance governance of malicious violations on the cloud, and is committed to maintaining the healthy ecology of the industrial Internet in the digital era.
In the IoT+5G+IPv6 era, network attacks under new infrastructure will extend from the network space to the physical space, and the destructive and destructive scope is increasing day by day, which brings severe tests to security and the computing power behind security. On the other hand, the new digital infrastructure has also infinitely stimulated the potential of computing power, which will accelerate the Internet security of combustion industry, escort the digital industry, and continue to transport the hard core capacity.