• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
High-Performance Security for Oracle Applications using SPARC t4 Systems
 

High-Performance Security for Oracle Applications using SPARC t4 Systems

on

  • 1,458 views

This session examines the on-core cryptographic acceleration capabilities of systems based on Oracle’s SPARC T4 processor and how to leverage them for delivering high-performance security. Learn how ...

This session examines the on-core cryptographic acceleration capabilities of systems based on Oracle’s SPARC T4 processor and how to leverage them for delivering high-performance security. Learn how to secure your database and middleware applications with strong encryption techniques without adding performance overhead. The session details the features of the Oracle Solaris 11 cryptographic framework and its applied mechanisms to enable the hardware-assisted encryption capabilities of SPARC T4 processors for applied security scenarios in Oracle Database’s Transparent Data Encryption feature and Oracle Fusion Middleware/Oracle SOA Suite applications.

Statistics

Views

Total Views
1,458
Views on SlideShare
1,455
Embed Views
3

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 3

http://www.docshut.com 2
http://www.slashdocs.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    High-Performance Security for Oracle Applications using SPARC t4 Systems High-Performance Security for Oracle Applications using SPARC t4 Systems Presentation Transcript

    • 1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • High Performance Securityfor Oracle Applications UsingSPARC T4 SystemsGlenn BrunetteRamesh NagappanChad Prucha2 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • The following is intended to outline our general productdirection. It is intended for information purposes only, andmay not be incorporated into any contract. It is not acommitment to deliver any material, code, orfunctionality, and should not be relied upon in makingpurchasing decisions. The development, release, and timingof any features or functionality described for Oracle’sproducts remains at the sole discretion of Oracle.3 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Agenda  Foundational Building Blocks – Oracle SPARC T4 Processor and Oracle Solaris 11 – Oracle Database 11gR2 and Java (JDK 7)  Deployed Customer Application Architectures  Engineered System Example – SPARC SuperCluster T4-44 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Oracle SPARC T4 Processor Hardware Assisted Cryptography Delivers High Performance Security  4th Generation T-Series SPARC processor  64 compute threads / core (8x8)  Integrated virtualization (128 domains / system)  Integrated on-core cryptography (16+ ciphers) – Industry leading performance, negligible performance impact, integration virtualization support, at no additional cost  Cryptographic algorithms accessed using unprivileged instructions – Direct access – no special drivers, permissions or setup needed5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • SPARC T4 Cryptographic Acceleration Significant Performance Gains for SSL (Using Hardware) • Two-way SSL • RSA-2048 • AES-2566 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • SPARC T4 : On-Chip Cryptography Leadership  Comprehensive suite of cryptographic algorithms  Tight integration with Solaris 11 Cryptographic Framework  Key operations and material are Immune to side-channel attacks7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Oracle SPARC T4 vs. Competition Operational Model, Cryptographic Algorithms and Mechanisms Processor / IBM Power 7+ Intel Westmere SPARC T4 Mechanisms (Not Yet Available) /Sandy Bridge Userland unprivileged access to 3 accelerators shared Operational Model Userland on-core cryptographic functions across 8 coresAsymmetric / Public Key Encryption RSA, DH, DSA, ECC RSA, ECC RSA, ECC Symmetric Key / Bulk Encryption AES, DES, 3DES, Camellia, Kasumi AES AES Message Digest / CRC32c, MD5, SHA-1, SHA-224, MD5, SHA-1, - Hash Functions SHA-256, SHA-384, SHA-512 SHA-256, SHA-512 Random Number Generation Supported Supported - API Support PKCS#11, Ucrypto APIs ? Intel IPP libraries Solaris Zones Virtualization Support ? Intel VT Oracle VM for SPARC 8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Oracle Solaris Cryptographic Framework Oracle Database 11g - Apache Oracle Fusion Middleware 11g Transparent Data Encryption Web Server OpenSSL Java JCE Shared Libraries PKCS#11 Provider ApplicationSofttoken Key Store libpkcs11.so $HOME/.sunw pkcs11_softtoken.so Pluggable Interface libpkcs11_kernel.so User libsoftcrypto.so Scheduler and Load Balancer Kernel Service Provider Interface SPARC T4 On Core Crypto SPARC T3/T2/T1 On Chip Sun CryptoAccelerator 6000 Third Party Accelerators and Instructions Accelerators Hardware Security Module Hardware Security Modules 9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Accelerating Oracle Database Cryptography Database and Network Encryption using SPARC T4 Crypto  Oracle Transparent Data Encryption (TDE) uses SPARC T4 hardware-assisted cryptography by default for Tablespace Encryption – Oracle TDE directly accesses SPARC T4 on-core cryptography – Availability as part of Oracle 11g R2 (11.2.0.3) release  Oracle Wallet tested and verified on Solaris Softtoken and Oracle Key Manager appliance for Master Key and Network Encryption operations.10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Accelerating Database Encryption11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Accelerated Database Encryption Performance Oracle TDE Performance : SPARC T4 Hardware Assisted vs. Software •AES-256 (Algorithm used)12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Accelerating Java Cryptography  Java Oracle Ucrypto JCE Provider – Seamless integration with SPARC T4 hardware-assist – Exceptional performance for big and small packets – Enabled by default with near-zero overhead  Integrated with Oracle WebLogic and Oracle Fusion Middleware 11g – WebLogic SSL, XML Web Services Security – Oracle Web Services Manager (WS-Security, WS-SecurityPolicy)13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Java Accelerated Cryptographic Performance Example: AES Bulk Encryption 25000000 20000000 Elapsed 15000000 Time AES-128 (nsec) 10000000 AES-256 5000000 AES-512 0 Intel SPARC T4 JDK 7 (JCE Provider) No of Clients = 1000 Message size = 1024k bytes *Intel (X4270 server) running RHEL 6 (Intel IPP installed)14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • End-to-End Security Scenario on SPARC T4 SPARC T4 hardware assisted cryptography can be used to perform most encryption operations automatically: – Negligible performance overhead – Solaris PKCS#11 Softtoken acts as a unified key store (Under FIPS evaluation)15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • End to End Security Performance on SPARC T4 Multi-tier Application Security Scenario With Encrypted ZFS File System 1600 1500 1400 1300 1200 1100 1000 No SSL Software SSL SSL & ZFS Crypto (T4 Accelerated) # of Requests per Second using Two-way SSL, RSA-1024 (SSL, No KeepAlive), AES-128 (ZFS Crypto)16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Accelerated Encryption Performance Practical End-to-end Security 5x more 6x more 5x more 4x more trans/sec trans/sec trans/sec trans/sec Web Oracle SSL Middleware Server Database SSL SSL SSL TDE17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Accelerated Encryption Performance CRM Security – Accelerated and Secured Database Scenario Web Oracle Middleware Server Database 8x more MB/sec18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Accelerated Encryption Performance Database Security – Secured Database and Archive Scenario Web Oracle Middleware Server Database 8x more MB/sec19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • End To End Security With Encryption High Availability with Security – Wide Area Disaster Recovery Web Middle- Oracle SSL SSL Server SSL ware SSL Database SSL TDE IPsec IPsec IPsec Web Middle- Oracle SSL SSL Server SSL ware SSL Database SSL TDE20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • SPARC SuperCluster Cryptography Oracle Database 11gR2 Example Exadata Storage Client SSL Oracle Database RDSv3 Server A-1 A-1 Tablespaces #1 Backups TDE SSL Master Key Certificate Exadata A-1 A-1 Storage Client PKCS #11 Oracle Service Export Files Server Access Wallet Wallet Network #2 Network Partition Zone A Encrypted (10GbE) (QDR IB) Solaris Cryptographic Disk Group A-1 Exadata Framework Storage Server Database Domain 1 ASM Disk Groups #3 SPARC T4 Hardware Intel AES-NI Hardware Assisted Cryptography Assisted Cryptography21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • SPARC SuperCluster Engineered for Security Exadata Storage RDSv3 Tablespace Tablespace Server Client SSL Database A-1 #1 A-1 Service Tablespace Tablespace VLAN A Network Exadata Storage Database Partition Server A-2 Tablespace Tablespace #2 RDSv3 SPARC Tablespace Tablespace Exadata Zone A Storage T4-4 Server Server Domain 1 ASM Disk Groups #3 NFS Client Data Set Data Set B-1 IPsec Application B-1 VLAN B Zone B Service Data Set Data Set Network Sun ZFS Storage Partition Appliance Application C-1 Data Set Data Set #1 NFS Zone C Data Set Data Set Domain 2 ZFS Data Sets22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • For More Information  SPARC SuperCluster Security Principles and Capabilities http://www.oracle.com/technetwork/articles/servers-storage- admin/supercluster-security-1723872.html  High Performance Security for Oracle Database and Fusion Middleware Application using SPARC T4 http://www.oracle.com/us/groups/public/@otn/documents/webcontent/1 577047.pdf23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • Questions24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • 25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
    • 26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.