Java and security bits
Crypto acceleration included
Today Sun announced two truly terrific servers, the Sun Fire T2000 and the T1000. For many workloads, they are simply the fastest 2RU/1RU machines on the planet. Just check out the benchmarks. Plus, they are cheaper than the competition and use very little power. Lot's to read about it in various blogs. I could go on, but I don't want to sound like a marketing droid.
The reason I am writing about these systems is that the processor they incorporate has another interesting feature. The UltraSPARC T1 processor, maybe better known under its Niagara codename, has crypto acceleration built in. In particular, each core also incorporates a dedicated crypto unit.
This means that those RSA operations that used be rather slow suddenly become really fast. How fast? Let's say more than 10000 RSA private key operations per second for 1024-bit keys. This is far more than other processors and even more than dedicated PCI crypto acceleration cards. Not only that, but the CPU cores can continue to execute application code while the crypto unit performs the RSA operation.
So far so good, but how do you take advantage of that feature in your Java apps? The answer is just run your existing Java 5 application! It will benefit immediately. No code changes required. No configuration changes. It simply works.
Under the covers, the extensible Java Cryptography Architecture combined with the PKCS#11 work in JDK 5.0 and the Solaris Cryptographic Framework make it happen. All you need is a JDK 5.0 runtime. As always, for best results we recommend that you run the latest update release.
So go ahead and secure your web pages with HTTPS, digitally sign your SOAP messages, or try something creative. If you run a T2000 or a T1000 server, performance will not be an issue.
PS: I find it reassuring that Sun's competitors immediately went into FUD mode claiming that the T1 processor is a niche chip that is not relevant for real applications. If such transparent nonsense that can easily be proven wrong by just looking at public benchmark results is the best they can do, they don't stand a chance.
PPS: full Verilog design for a state of the art microprocessor available under an open source license, how cool is that?
Posted at 01:56 Dec 07, 2005 by Andreas Sterbenz in Java |
