Re: crypto accelerators, 6Gb/s SAS adapters, quad port gigabit ethernet adapters

To: othyro%freeshell.org@localhost
Subject: Re: crypto accelerators, 6Gb/s SAS adapters, quad port gigabit ethernet adapters
From: "Brian A. Seklecki (CFI NOC)" <seklecki%noc.cfi.pgh.pa.us@localhost>
Date: Sun, 10 Oct 2010 21:48:29 -0400

On 9/21/2010 9:49 AM, othyro%freeshell.org@localhost wrote:

After looking at hifn(4), ubsec(4), and nsp(4), I am uncertain which hardware

In all of our research, we found that CPU accelerators on helped in twoconditions:


1) When the CPU load in a server cluster/environment cannot be
   upgraded (or cannot easily be upgraded) and is over-saturated
   and/or the crypto-related work can't be offloaded elsewhere
   but the systems *can* take the installation of a crypto
   accelerator

2) Embedded platforms with low power requirements with
   embedded-class CPUs

  In almost every other condition (*), its almost always less costly
  to upgrade the CPU, upgrade the overall server, add additional
  servers to the cluster, or offload the work to a secondary
  cluster (even if it compels network infrastructure upgrades)

  You'll understand when you start finding out the unit costs
  from vendors who resell cards with Broadcom Chips (Thales,
  Interface Masters, etc.)

The new Intel Xeon Westermere series (Formally Nehalem-C) has a newinstruction set for improving AES:


      "* A new set of instructions that gives over 3x the
         encryption and decryption rate of Advanced Encryption
         Standard (AES) processes compared to before.[52]
        o Delivers seven new instructions (AES instruction set or
          AES-NI) that will be used by the AES algorithm. Also an
         instruction called PCLMULQDQ (see CLMUL instruction set) that
         will perform carry-less multiplication for use in
         cryptography.[53] These instructions will allow the processor
         to perform hardware-accelerated encryption, not only resulting
         in faster execution but also protecting against software
         targeted attacks.
         o AES-NI may be included in the integrated graphics of
           Westmere."

   Presuambly once OS level support is in place, the softdev engine
   in OpenSSL could just take advantage of it naturally.


 ~BAS

(*)  There's always the possibility that you're buying servers
    from Oracle :)

References:
- crypto accelerators, 6Gb/s SAS adapters, quad port gigabit ethernet adapters
  - From: othyro

Prev by Date: CVSUp Distrib/Self Collection
Next by Date: Re: ENOBUFS when setting SO_SNDBUF
Previous by Thread: Re: crypto accelerators, 6Gb/s SAS adapters, quad port gigabit ethernet adapters
Next by Thread: bwi
Indexes:

Home | Main Index | Thread Index | Old Index