Zero Trust Deployment | DOCA Platform Framework

Overview

The Zero Trust deployment scenario represents DPF for zero trust environments, where the DPU is treated as a host accelerator card and is managed by DPF via BMC and Redfish. In this deployment model, host machines remain outside the DPF management cluster, while the DPU serves as an integrated acceleration resource that enhances the host's capabilities.

This architecture provides secure isolation between the management plane and host systems. DPU services are managed through Kubernetes APIs within the DPF cluster, while host workloads operate independently on their respective machines.

Redfish is used to manage the DPU hardware, including firmware updates and configuration changes.

Use Cases

The Zero Trust model supports various use cases, each optimized for specific networking and acceleration requirements.

Each use case may require tailored configurations on the DPU for optimal performance. Below are the validated user guides with corresponding deployment guides.

HBN

Host Based Networking

DPU Services	Comments
DOCA Host-Based Networking (HBN)	Accelerates underlay BGP routing with ECMP and EVPN-based overlays

VPC

Virtual Private Cloud

DPU Services	Comments
VPC OVN-Controller	OVN-Controller for VPC management and networking
VPC OVN-Node	OVN-Node for VPC networking and connectivity

HBN and SNAP Storage

HBN and SNAP Storage

DPU Services	Comments
DOCA Host-Based Networking (HBN)	Accelerates underlay BGP routing with ECMP and EVPN-based overlays
DOCA SNAP	Provides SNAP storage services for the DPUs

Passthrough

Passthrough

No DPUServices are necessary for this use case.

Prerequisites

Before deploying DPF in zero trust mode, ensure you have the necessary hardware and software prerequisites in place. This includes compatible DPU hardware, host operating system configurations, and network settings. For detailed requirements, refer to the prerequisites guide.

Deployment Steps

To deploy DPF in zero trust mode:

Setup Prerequisites: Ensure all hardware, software, and network requirements are met
Choose Use Case: Select the appropriate deployment scenario based on your requirements
Follow Guide: Use the specific use case documentation for step-by-step deployment
Verify Deployment: Validate the installation and perform basic functionality tests

Support and Troubleshooting

For assistance with zero trust deployments:

Review the specific use case documentation
Check the DPF troubleshooting guide
Consult the release notes for known issues
Engage with the NVIDIA support team for further assistance

Next Steps

Once you've familiarized yourself with the zero trust concept, proceed to:

Review the prerequisites.
Select an appropriate use case.
Begin your DPF zero trust deployment.

Last updated: June 10, 2026