NGINX for Intel is a ready-to-run solution with enhanced security and performance. The NGINX for Intel virtual machine (VM) image is packaged with an optimized software stack to utilize The Intel® Advanced Encryption Standard New Instructions set (AES-NI) offered on the 3rd Gen Xeon® Scalable Processor known as Ice Lake. In addition, the Encryption instructions pair with algorithmic and software innovations to deliver breakthrough performance for the industry's most widely deployed cryptographic ciphers.
This Quick Start document is a step-by-step guide to deploy NGINX for Intel packaged by Bitnami on the GCP N2 Ice Lake instances that enables the Intel Optimized Cloud Stack for NGINX.
NGINX for Intel includes the following pre-compiled binaries:
|Intel Optimized Library||Minimum Version|
|Async Nginx (Asynchronous Mode OpenSSL)||0.4.5|
This quick follow-along guide expects the following prerequisites:
- Google account with access to Google Cloud Platform. Visit Get Started with GCP for more information.
- NGINX for Intel package requires an Ice Lake instance.
- To deploy NGINX for Intel using the gcloud command line interface:
- Install Google Cloud SDK.
- Create a Bitnami account, if you don’t already have it. Link Bitnami and Google cloud accounts to access Bitnami Launchpad via gcloud CLI. Please go to Get Started With The Bitnami Launchpad On Google Cloud Platform and follow the required steps.
1. Launch NGINX for Intel on GCP Compute Engine:
Visit the NGINX for Intel GCP Marketplace page and click the LAUNCH button.
2. Configure NGINX for Intel Machine Deployment:
Here is the step-by-step guide to configure NGINX for Intel on the GCP instances:
Ice Lake is currently available in the following regions:
- us-central1-a, us-central1-b, us-central1-c
- europe-west4-a, europe-west4-c
- asia-southeast1-a, asia-souteast1-b
For up-to-date regional availability, visit the GCP regions and zones page.
b. Select the Recommended Machine Type:
Select the series N2. N2 series VM instances run on Ice Lake machines that provide the hardware required for the optimized libraries included in the NGINX for Intel. Next, select the Machine Type.
The predefined machine types N2 standard, N2 high-mem, and N2 high-cpu offer instance sizes between 2-128 vCPUs. N2 instances in ranging from 2-80 vCPUs can be either Cascade Lake or Ice Lake, while N2 instances with over 80 vCPU are Ice Lake only.
If you select a machine type ranging from 2-80 vCPUs, configure the minimum CPU platform from Automatic to Intel Ice Lake or later. Setting the correct CPU platform is the only way to guarantee that the instance runs on an Ice Lake machine.
Visit the GCP CPU platforms page for the up-to-date list of Ice Lake-supported instances.
c. Boot Disk, Networking, and Deploy:
Configure Boot Disk and Networking according to your NGINX software needs. Once all configurations are specified, click Deploy.
Deploy initiates the deployment process and waits for it to complete. Once completed, a green checkmark and NGINX deployment details are displayed.
3. Launch NGINX for Intel Instance Default Webpage:
Click the Site address URL, and the default webpage should launch in the web browser. For further NGINX configuration and functionality guide, visit NGINX Docs.
1. Initialize Gcloud and Configure GCP Environment:
To initialize the gcloud command-line tool, issue the gcloud init command and select the configurations, authentication, and project for GCP. If you select a default Compute Zone and Region, please make sure to choose the correct zone for Ice Lake. Otherwise, configure it during deployment.
Please refer to the gcloud quickstart for further configuration information. The gcloud steps can be scripted or used directly in the CLI.
2. Configuration Details for NGINX for Intel Compute Engine Deployment:
The following parameters for the gcloud compute instances create command are necessary to correctly deploy the NGINX for Intel image on Ice Lake. All other parameters are assumed to be the default that may be updated as needed for your NGINX application.
a. Refer to Section 2 of the GCP marketplace deployment method for zone and machine-type. Ice Lake is only available in the zones and Machine type noted in that section.
b. min-cpu-platform should be set to Intel Ice Lake.
c. It is recommended to use the latest version of the image. You can find the latest image as shown in the command:
gcloud compute images list --project=bitnami-launchpad --filter=nginx-intel
The command returns the list of images and versions as shown below:
d. The image-project for this image is bitnami-launchpad. The bitnami account must be linked to the Google account, and the bitnami-launchpad project is accessible. If not, please refer to the prerequisites.
e. Lastly, Tags apply Network firewall rules to the instance. Port 80 and 443 are not open by default. You can create new firewall policies or use existing policies that you require for your NGINX application. To create a new policy, for port 80 as an example, refer to the following command and its response below:
gcloud compute firewall-rules create "qs-http" --allow=tcp:80 --target-tags=quickstart-network
Upon successful creation, the command returns the details of the firewall policy.
Similarly, you may create a firewall policy for port 443 by updating the tag name and port number:
gcloud compute firewall-rules create "qs-https" --allow=tcp:443 --target-tags=quickstart-network
We can use the target-tags to apply network policy tags to an instance. In this deployment configuration, the target-tags parameter is set to quickstart-network for both port 80 and port 443.
Please refer to gcloud- using firewalls guide for more details on firewall policy creation.
3. Create the NGINX for Intel Compute Engine Instance:
Issue the following command with the parameters detailed above to create the instance for NGINX for Intel:
gcloud compute instances create nginx-intel-quickstart --zone=us-central1-a --machine-type=n2-standard-16 --min-cpu-platform="Intel Ice Lake" --image=bitnami-nginx-intel-0-4-7-13-r07-linux-debian-10-x86-64-nami --image-project=bitnami-launchpad --tags quickstart-network
This command initiates the instance creation, and once completed, the command returns with the instance details such as Name, Zone, Machine Type, and IP address.
For more details on the gcloud create command, visit google cloud SDK CLI reference.
4. Launch NGINX for Intel Instance Default Webpage:
NGINX for Intel instance is now successfully created. You may also go to VM instances page to view your instance.
Copy the EXTERNAL_IP as shown above and paste it into a browser, and the default webpage should launch in the web browser. For further NGINX configuration and functionality guide, visit NGINX Docs.
The GCP Marketplace deployment method may not always deploy on Ice Lake instances as expected. One way to verify that the instance is deployed on Ice Lake is through the Instance details page. First, go to the Compute Engines list for your project. Then, click on the instance you have created to take you to the Instance Details page. Finally, scroll to the Machine Configuration section. The CPU Platform here should be Intel Ice Lake. If it is, you are good to go. If it is Intel Cascade Lake or others, please try deploying the gcloud command-line method.
Connect with us
Product and Performance Information
Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.