Workshops Cloud & Datacentres Quantum Security for Hyperscale Networks
Cloud & Datacentres Full Day Workshop

Quantum Security for Hyperscale Data Centre Network Infrastructure

This workshop equips data centre network engineers with practical strategies to migrate hyperscale network infrastructure to post-quantum cryptography.

Full day (6 hours + Q&A)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

Hyperscale data centre networks handle millions of TLS terminations per second at the edge, encrypt inter-DC traffic over MACsec and IPsec tunnels, and authenticate routing announcements via BGP sessions. Each of these layers uses classical cryptography that a cryptographically relevant quantum computer would break. The migration challenge is that these systems operate at line rate with extremely tight latency budgets, and PQC algorithms impose measurably larger keys, certificates, and handshake computations.

This workshop works through that migration layer by layer. Participants examine TLS 1.3 hybrid key exchange performance at scale on production load balancers (F5, NGINX, HAProxy), MACsec PQC key agreement on switch ASICs, IPsec IKEv2 PQC on VPN concentrators, and BGP authentication with RPKI post-quantum signatures. The session includes concrete performance data for ML-KEM and ML-DSA on SmartNIC and DPU hardware (NVIDIA BlueField, Intel IPU, AMD Pensando) and covers DPDK-accelerated PQC for scenarios where software-based cryptography cannot meet throughput requirements. Migration sequencing starts at the internet-facing edge and works inward, with rollback procedures for each network segment.

What participants cover

  • TLS termination migration: hybrid TLS 1.3 (ML-KEM + X25519) handshake overhead at 100,000+ connections/second, certificate chain size impact, and phased ingress deployment
  • Inter-DC WAN encryption: MACsec PQC key agreement on IEEE 802.1AE switch ASICs, IPsec IKEv2 PQC throughput benchmarks, and optical transport layer 1 encryption readiness
  • Routing security: BGP TCP-AO with ML-DSA, RPKI post-quantum ROA signatures, and DNSSEC PQC zone signing for authoritative DNS
  • Hardware acceleration: DPDK-accelerated PQC on SmartNICs and DPUs, FPGA-based offload for 100/400 GbE, and CPU cycle budgets without hardware offload
  • Compliance: NIST FIPS 203/204/205, CNSA 2.0, and CSA CCM v4 requirements for data centre network infrastructure
  • Migration sequencing: internet-facing TLS first, then inter-DC WAN, then control plane, then internal east-west. Rollback procedures for each phase.

Preliminary Agenda

Full-day session structure with scheduled breaks. Content is configurable to your network topology, switching vendor environment, and traffic encryption architecture.

# Session Topics
1 The Quantum Threat to Data Centre Network Infrastructure Why hyperscale networks face unique PQC migration challenges
2 TLS Termination and Load Balancer Migration PQC at the internet-facing edge
  • TLS 1.3 hybrid key exchange (ML-KEM + X25519): handshake overhead at 100,000+ connections per second on F5, NGINX, and HAProxy load balancers
  • Certificate chain size impact: ML-DSA-65 leaf + intermediate + root certificates increase TLS ServerHello by approximately 8 KB versus ECDSA chains
  • Phased deployment: enabling hybrid TLS on ingress first, monitoring connection success rates, and handling client compatibility during transition
Break, after 50 min
3 Inter-Data-Centre WAN Encryption MACsec and IPsec migration for backbone traffic
  • MACsec (IEEE 802.1AE): PQC key agreement for point-to-point data centre interconnects, switch ASIC support timelines, and line-rate performance requirements
  • IPsec IKEv2 PQC: ML-KEM integration for SA establishment, hybrid mode configuration, and throughput benchmarks on existing VPN concentrators
  • Dark fibre and DWDM encryption: layer 1 encryption appliance PQC readiness and migration sequencing for optical transport networks
4 BGP Session Authentication and Routing Security Securing the control plane with post-quantum algorithms
  • BGP TCP-AO with PQC: replacing MD5-authenticated BGP sessions with ML-DSA-signed route announcements
  • RPKI PQC: post-quantum signatures on Route Origin Authorisations (ROAs) and router certificate validation
  • DNSSEC PQC: ML-DSA zone signing for authoritative DNS within data centre networks and response size implications
Break, after 40 min
5 SmartNIC, DPU, and Hardware Acceleration PQC performance on network offload hardware
  • DPDK-accelerated PQC: ML-KEM and ML-DSA performance on NVIDIA BlueField DPUs, Intel IPU, and AMD Pensando
  • Hardware cryptographic acceleration: FPGA-based PQC offload for line-rate encryption on 100/400 GbE interfaces
  • Performance budgets: CPU cycles per PQC handshake versus ECDH/ECDSA on commodity server NICs without offload
6 Migration Sequencing and Compliance Ordering the transition for internet-facing versus internal segments
  • Migration priority: internet-facing TLS termination, then inter-DC WAN, then BGP/control plane, then internal east-west traffic
  • NIST FIPS 203/204/205 compliance timelines, CNSA 2.0 deadlines, and CSA CCM v4 cloud security requirements
  • Rollback planning: maintaining classical fallback for each network segment during the transition period
7 Q&A and Migration Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and data centre network engineering.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

CL

Network Infrastructure Partners

Domain expertise and operational validation

Network infrastructure workshops are co-delivered with specialists who bring direct operational experience in hyperscale data centre networking, including load balancer management, WAN encryption, and BGP operations at scale.

Commission This Workshop

Sessions are configured around your network topology, switching vendor environment, traffic encryption architecture, and compliance deadlines. Get in touch to discuss requirements and schedule a date.

Contact Us
Cloud & Datacentres Workshops All Consulting Services All Workshops