Gilles Gravier's Weblog

UltraSPARC T1 - Cool threads? Cool crypto!

Now that you've read all about how the new UltraSPARC T1 processor is great for saving energy, operating at lower temperatures, all while delivering impressive performance, there is something more for those of us who need to do cryptography as part of our daily jobs.

The UltraSPARC T1 processor includes a Modular Arithmetic Unit (also known as : MAU). Actually, there is one MAU per core, and the UltraSPARC T1 contains 8 cores (at 4 threads per core). The MAU handles some of the compute intensive operations that are used by some of the more popular cryptographic functions like RSA (this is a public key encryption algorithm used, most often, to encrypt things like session keys which will then be used for encrypting the actual traffic with a symetric algorithm like AES, IDEA, or GOST), DSA (this is an algorithm used for digital signatures), and DH (the Diffie-Hellman key exchange used when initating key exchanges in establishing encrypted links like SSL that enable secure access to web sites).

Of course, this is not really interesting if you have to change everything around it to benefit from this. Fortunately, Solaris has done things extremely well in this area (as it has, just about everywhere else). On top of UltraSPARC T1 processors comes, on Solaris, a library called NCP (for Niagara Cryptographic Provider - Niagara being the internal code name for the UltraSPARC T1 processor at the time it was created). This library is then seen and used transparently by the Solaris Cryptographic Framework.

And the magic, here, is that automatically, all applications that use the Solaris Cryptographic Framework immediately benefit from the NCP, which uses the MAU... which gives significant performance increases in cryptographic functions. Examples? Java. Use Java 1.5 on Solaris on a machine with an UltraSPARC T1 processor (such as our new T1000 and T2000 machines) and automatically your Java application does hardware accelerated cryptography. Use any application that involves the OpenSSL library of Solaris (or the PKCS#11 engine it provides) and same thing... your web server, your application server, your SSH server, your portal server... all go much faster, or with much less load on the CPU. Imagine doing around 600 RSA operations per second with just around 5% of CPU use. It's a reality with the UltraSPARC T1.

Say you are running a portal for a telco. You are getting thousands of hits per second. You want to put a security reverse proxy in front of the server farm. The reverse proxy needs to control the security of all the connections, and you want it to act as an SSL end point as well. This is an ideal situation for a T1000 or T200 server which will feel right at home.

Why does it matter? Because in today's world, we all want to run more secure applications, we want them to scale to thousands or hundreds of thousands or millions of users, and we want all that to be cost and energy efficient. And with an UltraSPARC T1 system from Sun, this is done almost entirely automatically for you.

Posted at 03:55PM Dec 14, 2005 by gravax in Security  |