General Microsystems’ S1U401-MD Cyclone 1U rackmount, multi-domain server and multi-port Ethernet switch/router is based on the Intel Xeon E5 server CPU. Each of its two isolated domains (Red/Black) boasts six times the functionality of traditional imported motherboard-based blade-servers—making the 1U Cyclone a twelve-time improvement over traditional systems. Equally notable is the USA design and manufacturing, removing risk and doubt about foreign-sourced server motherboards.
Isolating Red and Black network domains to ensure security or designing for redundancy is normally accomplished by at least two chassis: one full depth box for each Red and each Black network domain. S1U401-MD adds:
- two physically separate servers with extreme speed PCIe Gen 3 backbones
- two separate Ethernet multi-port switches with 1/10/40 Gigabit Ethernet (GbE) ports on separate secure subnets
- two separate optional routers
- eight encrypted RAID-ready removable Gen 3 speed NAS drives
- two add-in PCIe expansion slots for encryption or GPGPU processing
- up to eight add-in sites for military I/O such as MIL-STD-1553 or CANbus
Each S1U401-MD has two domains—one for Red networking and one for Black networking. Each domain has up to an 18-core Intel Xeon E5 server-class CPU and can be powered via 110/220 VAC or 28VDC per MIL-STD-1275. Each domain’s CPU can support 36 virtual machines, or a whopping 72 VMs for the entire S1U401-MD system in 1U space. There is up to 512 GB of error-correcting DDR4 at 2133MTS per CPU domain. Cyclone utilizes all the processor’s available 40x PCIe Gen 3 lanes at 8 Gbits/s to communicate with the drives, networking and I/O in each domain.
Cyclone has four front panel removable drives per domain (eight total drives), and each SAS/SATA/NVMe drive is accessed at the industry’s fastest Gen 3 speeds via SATA III, SAS-3 or PCIe Gen 3. Drives can be encrypted for ultimate security, and they function as network-attached storage (NAS). At 12 TB/drive, S1U401-MD has an impressive 96 TB of total storage. Cyclone supports RAID 0, 1, 5, 10, and 50 via software or the onboard encrypting hardware RAID controller. On-the-fly encryption to/from the drives is unique and essential for secure Red/Black networks. Low latency NVMe drives use PCIe Gen 3 and can be 50 percent faster due to the direct CPU-to-drive PCIe connection.
Each of the two high-assurance isolated domains (Red/Black) shares no resources, not even the power supply, and starts with one 1GbE and two 10GbE ports for lowest cost. A fully equipped system adds (per domain) two 40GbE fiber ports and twelve additional secure 1GbE ports, each with their own subnet mask—giving the entire S1U401-MD a total of 26x 1GbE, 4x 10GbE and 4x 40GbE ports. This security architecture is unique and provides each LAN port its own subnet mask to avoid data crossover between the ports except at the CPU itself. Enterprise-class software routers from Cisco (1000V Series Cloud Services Router (CSR)) and Juniper are available. Each domain supports power-over-Ethernet (POE+).
Additional standard I/O for each domain includes four USB 3.0 ports, one 1GbE Ethernet, and a DVI-I port for a user console interface. S1U401-MD can also interface to legacy defense systems as well as communicate with all manner of sensors by adding I/O such as MIL-STD-1553, CANbus, or Serial Ports, using two SAM I/O™ (PCIe-Mini) sites. There is also a PCIe add-in slot that can accept any industry-standard low-profile PCIe Gen 3 card such as GPU, GPGPU or hardware RAID controller. S1U401-MD’s architecture is U.S. Army VICTORY conformant.
Besides the Red/Black separation, a zeroize function (“panic”-initiated) is available to securely erase all non-volatile storage in each domain—a non-trivial feature designed to avoid a repeat of the US/China Hainan Island incident. As well, GMS owns the BIOS, which offers users assurance against malware and rootkits, plus allows modification for special security functions such as Anti-Tamper/Intruder Alert. There’s a TPM 2.0 for root of trust and to verify crypto keys. An optional BMC Management Module provides out-of-band management via LAN.
For more information, a S1U401-MD datasheet is available. General Micro Systems Inc., Rancho Cucamonga, CA. 800-307-4863.