Submit Search
Upload
High Performance Security With SPARC T4 Hardware Assisted Cryptography
•
0 likes
•
1,641 views
Ramesh Nagappan
Follow
Cryptographic Acceleration
Read less
Read more
Technology
Education
Report
Share
Report
Share
1 of 46
Recommended
High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...
Ramesh Nagappan
Infraestructura oracle
Infraestructura oracle
Fran Navarro
CCNP Security-VPN
CCNP Security-VPN
mohannadalhanahnah
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
Linaro
Module 9: CDB Technical Intro
Module 9: CDB Technical Intro
Tail-f Systems
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauser
yfauser
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
Shawn Wells
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
InSync2011
Recommended
High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...
Ramesh Nagappan
Infraestructura oracle
Infraestructura oracle
Fran Navarro
CCNP Security-VPN
CCNP Security-VPN
mohannadalhanahnah
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
Linaro
Module 9: CDB Technical Intro
Module 9: CDB Technical Intro
Tail-f Systems
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauser
yfauser
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
Shawn Wells
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
InSync2011
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
Sandesh Rao
Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 Webcast
Terry Wang
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical Introduction
Tail-f Systems
Oracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explained
Tom Hofte
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
Walton Institute
Chapter 2 overview
Chapter 2 overview
ali raza
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONP
Odinot Stanislas
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
saddepalli
SDN Architecture & Ecosystem
SDN Architecture & Ecosystem
Kingston Smiler
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
LF_OpenvSwitch
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
Michelle Holley
Software defined network and Virtualization
Software defined network and Virtualization
idrajeev
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
Sandesh Rao
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overview
daisuke_tanabe
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
Cisco DevNet
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an Standards
Javier Povedano
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
The Linux Foundation
Oracle Trace File Analyzer Overview
Oracle Trace File Analyzer Overview
Gareth Chapman
Eci sparc
Eci sparc
Fran Navarro
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Fran Navarro
More Related Content
What's hot
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
Shovan Sargunam
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
Sandesh Rao
Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 Webcast
Terry Wang
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical Introduction
Tail-f Systems
Oracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explained
Tom Hofte
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
Walton Institute
Chapter 2 overview
Chapter 2 overview
ali raza
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONP
Odinot Stanislas
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
saddepalli
SDN Architecture & Ecosystem
SDN Architecture & Ecosystem
Kingston Smiler
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
LF_OpenvSwitch
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
LF_OpenvSwitch
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
Michelle Holley
Software defined network and Virtualization
Software defined network and Virtualization
idrajeev
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
Sandesh Rao
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overview
daisuke_tanabe
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
Cisco DevNet
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an Standards
Javier Povedano
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
The Linux Foundation
Oracle Trace File Analyzer Overview
Oracle Trace File Analyzer Overview
Gareth Chapman
What's hot
(20)
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 Webcast
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical Introduction
Oracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explained
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
Chapter 2 overview
Chapter 2 overview
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONP
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
SDN Architecture & Ecosystem
SDN Architecture & Ecosystem
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
Software defined network and Virtualization
Software defined network and Virtualization
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overview
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an Standards
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
Oracle Trace File Analyzer Overview
Oracle Trace File Analyzer Overview
Similar to High Performance Security With SPARC T4 Hardware Assisted Cryptography
Eci sparc
Eci sparc
Fran Navarro
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Fran Navarro
Oracle virtual appliance
Oracle virtual appliance
solarisyougood
Introduction to MySQL
Introduction to MySQL
Ted Wennmark
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Ramesh Nagappan
Oracle super cluster m7
Oracle super cluster m7
OTN Systems Hub
Oracle Sparc M7-8 Servers
Oracle Sparc M7-8 Servers
Ilham Amir
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
Connor McDonald
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
xKinAnx
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
Mohamed Farouk
Simplify IT: Oracle SuperCluster
Simplify IT: Oracle SuperCluster
Fran Navarro
Presentation oracle super cluster t5-8 technical deep dive
Presentation oracle super cluster t5-8 technical deep dive
solarisyougood
Virtual Compute Appliance Oracle IaaS
Virtual Compute Appliance Oracle IaaS
Fran Navarro
New Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
New Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
Orgad Kimchi
Oracle Exalogic X3-02 Elastic Cloud System
Oracle Exalogic X3-02 Elastic Cloud System
Jithin Kuriakose
Why_Oracle_Hardware.ppt
Why_Oracle_Hardware.ppt
EverestMedinilla2
Oracle Key Vault Overview
Oracle Key Vault Overview
Troy Kitch
Oracle ExaLogic Overview
Oracle ExaLogic Overview
Peter Doolan
Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5
Luc Wijns
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
ssuser20fcbe
Similar to High Performance Security With SPARC T4 Hardware Assisted Cryptography
(20)
Eci sparc
Eci sparc
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Oracle virtual appliance
Oracle virtual appliance
Introduction to MySQL
Introduction to MySQL
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Oracle super cluster m7
Oracle super cluster m7
Oracle Sparc M7-8 Servers
Oracle Sparc M7-8 Servers
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
Simplify IT: Oracle SuperCluster
Simplify IT: Oracle SuperCluster
Presentation oracle super cluster t5-8 technical deep dive
Presentation oracle super cluster t5-8 technical deep dive
Virtual Compute Appliance Oracle IaaS
Virtual Compute Appliance Oracle IaaS
New Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
New Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
Oracle Exalogic X3-02 Elastic Cloud System
Oracle Exalogic X3-02 Elastic Cloud System
Why_Oracle_Hardware.ppt
Why_Oracle_Hardware.ppt
Oracle Key Vault Overview
Oracle Key Vault Overview
Oracle ExaLogic Overview
Oracle ExaLogic Overview
Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
More from Ramesh Nagappan
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005
Ramesh Nagappan
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed world
Ramesh Nagappan
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperCluster
Ramesh Nagappan
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Ramesh Nagappan
ICAM - Demo Architecture review
ICAM - Demo Architecture review
Ramesh Nagappan
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card Platform
Ramesh Nagappan
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
Ramesh Nagappan
Java Platform Security Architecture
Java Platform Security Architecture
Ramesh Nagappan
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Ramesh Nagappan
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
Ramesh Nagappan
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Ramesh Nagappan
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Ramesh Nagappan
More from Ramesh Nagappan
(13)
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed world
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperCluster
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
ICAM - Demo Architecture review
ICAM - Demo Architecture review
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card Platform
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
Java Platform Security Architecture
Java Platform Security Architecture
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Recently uploaded
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Recently uploaded
(20)
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
High Performance Security With SPARC T4 Hardware Assisted Cryptography
1.
1 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved.
2.
2 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. High Performance Security With SPARC T4 Hardware Assisted Cryptography Glenn Brunette, Ramesh Nagappan, Chad Prucha Oracle Corporation
3.
3 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved.
4.
4 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
5.
5 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Program Agenda • Security and the Business • Hardware Assisted Cryptography • Solaris 11 Security • Competitive Landscape • Next Steps
6.
6 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Security Impacts the Business
7.
7 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. A Careful Balancing Act
8.
8 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Performance and Scalability with Security SPARC T4 and Solaris 11
9.
9 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Program Agenda • Security and the Business • Hardware Assisted Cryptography • Solaris 11 Security • Competitive Landscape • Next Steps
10.
10 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Understanding Encryption Overheads • Adopting to Encryption requires more CPU, memory, and network bandwidth! – Overhead varies by choice of key algorithm, key size and applied scenarios • Security becomes more critical demanding predictable latencies, response times, throughput and other QoS characteristics. End-to-end Security – Multi-tier Applications Scenario
11.
11 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Performance Impact without Hardware Assist Example: Security Impact on SOA and Web Services • Two-way SSL • RSA-2048 • AES-256
12.
12 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. SPARC T4 Cryptographic Acceleration Significant Performance Gains for SSL (Using Hardware) • Two-way SSL • RSA-2048 • AES-256
13.
13 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Oracle Hardware Assisted Cryptography • UltraSPARC T1 – 8 Crypto Accelerators – Industry’s first on-chip cryptographic accelerators – Acts as a Crypto coprocessor running in parallel at CPU speeds • UltraSPARC T2 / T2+ - 8 Crypto Accelerators – Added support for Symmetric-Key algorithms, Message digests • SPARC T3 – 16 Crypto Accelerators – Expanded support for A/Symmetric-key algorithms, Message digests • SPARC T4 – On-Core Crypto – Hardware based crypto algorithms available as unprivileged ISA instructions – Direct access to on-core acceleration for fast processing, no drivers required – No special permissions and No setup required Oracle SPARC T-Series Processors – Evolution of Crypto Acceleration
14.
14 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. SPARC T3 and T4 Operational Models
15.
15 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Oracle SPARC T-Series Capabilities Supported Cryptographic Algorithms and Mechanisms Processor / Mechanisms UltraSPARC T2/ T2+ SPARC T3 SPARC T4 Asymmetric / Public Key Encryption RSA, DSA, ECC RSA, DH, DSA, ECC RSA, DH, DSA, ECC Symmetric Key / Bulk Encryption AES, DES, 3DES, RC4 AES, DES, 3DES, Kasumi AES, DES, 3DES, Camellia, Kasumi Message Digest / Hash Functions MD5, SHA-1, SHA- 256 CRC32c, MD5, SHA-1, SHA-256, SHA-384, SHA-512 CRC32c, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Random Number Generation Supported Supported Supported API Support PKCS#11 Standard PKCS#11 Standard PKCS#11 Standard, uCrypto API
16.
16 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Role of the Solaris 11 Cryptographic Framework • Manages access to hardware-assisted cryptography. – SPARC T-series processors and also supports Intel Westmere (AES-NI) and PKCS#11 based Hardware Security Modules (HSMs) • Acts as an intermediary gateway between applications and the underlying cryptographic hardware. • Applications all use an open, standard protocol (PKCS#11) – Java, OpenSSL, NSS/JSS, Apache, – Oracle Database and Fusion Middleware • Additional Solaris Security services – ZFS Encryption, SSH, Kernel SSL (KSSL), and IPsec
17.
17 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. The Role of Solaris Cryptographic Framework Managing Cryptographic Accelerators and HSMs via PKCS#11 SPARC T3/T2/T1 On Chip Accelerators Sun CryptoAccelerator 6000 Hardware Security Module SPARC T4 On Core Crypto Instructions Third Party Accelerators and Hardware Security Modules Oracle Database 11g - Transparent Data Encryption Oracle Fusion Middleware 11g Java JCE PKCS#11 Provider pkcs11_softtoken.so Apache Web Server OpenSSL Shared Libraries libpkcs11.so Pluggable Interface libpkcs11_kernel.so Service Provider Interface Softtoken KeyStore $HOME/.sunw Application User Kernel Scheduler and Load Balancer libsoftcrypto.so
18.
18 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. End-to-End Security Scenario on Oracle T4 • Oracle SPARC T4 has been verified to perform acceleration of encryption operations across: – Oracle Solaris (KSSL and ZFS Encryption), WebLogic (SSL), Web Services Manager (WS-Security and SSL), and Database (Transparent Data Encryption) – Solaris PKCS#11 Softtoken acts as a unified key store. – Use SCA-6000 for FIPS-140 requirements
19.
19 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Oracle Advanced Security Network Encryption Strong Authentication Solaris 11 Softtoken or SCA-6000 (HSM) Master Key Oracle Wallet TDE Column Encryption TDE Tablespace Encryption Encrypted (and compressed) disk backups Encrypted (and compressed) export filesOracle SPARC T-series Servers CRYPTOGRAPHIC ACCELERATION Transparent Data Encryption using SPARC T4 Acceleration
20.
20 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Oracle Database Security • Oracle Transparent Data Encryption (TDE) has been integrated to use T4 Crypto for “Tablespace and Column-level Encryption” operations. – Oracle TDE directly access T4 on core cryptography – Enable configuration using init.ora parameters. – Availability as part of Oracle 11g R2 (11.2.0.3) release • Centralized key management and Tamper-proof storage for Master Key Wallet and Network Encryption acceleration. – T4 Crypto accelerates SSL/TLS supporting SQLNET’s network encryption. • Oracle Wallet tested and verified to store Master Key in Solaris Softtoken or SCA-6000 (FIPS 140-2 scenarios) Data and Network Encryption using SPARC T4 Crypto
21.
21 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Fusion Middleware Security • WebLogic integrates T4 Crypto via JSSE and Java SunPKCS#11 Provider for SSL • Oracle Fusion Middleware 11g (11.1.1.4) Security automatically leveragesT4 Crypto via Web Services Manager (OWSM) • Verified to use JKS, Solaris PKCS#11, SCA-6000 and NSS Softtoken (FIPS mode) • T4 based Hardware assisted Crypto acceleration • Weblogic SSL and Fusion Middleware Security via OWSM • Transport-level Security using Weblogic SSL and Solaris KSSL • Message-level security using WS-Security and WS- SecurityPolicy defined algorithm suites WebLogic and Oracle Web Services Manager Using SPARC T4 Crypto SPARC T3 and T4 Servers Cryptographic Acceleration Java PKCS#11 Provider Java Keystore / Solaris PKCS#11 Softtoken Solaris Cryptographic Framework
22.
22 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Program Agenda • Security and the Business • Hardware Assisted Cryptography • Solaris 11 Security • Competitive Landscape • Next Steps
23.
23 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Reduced Attack Surface • Expose only required services to the network – Reduce the operating system network foot print – Most services are disabled; a few are set to “local only” • Integrated with Service Management Facility – Common administrative model for all service operations – Fully customizable based upon unique site requirements • Foundation for Additional Protections and Configuration Solaris 11 Secure by Default
24.
24 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Separation of Duty • Role-based Access Control – Compose collections of administrative rights for users and roles – Roles can only be assumed by authorized users – Accountability is preserved – original UID is always tracked • New in Solaris 11 – By default, the root account is now a role – Role authentication can use either user or role’s password – CLI for managing users, roles, rights and groups Solaris 11 Role-based Access Control (RBAC)
25.
25 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Separation of Duty • Fine-Grained Process Privileges – Sandbox users and applications to limit potential for damage – Decomposes administrative capabilities into discrete privileges – Eliminates need for many services to start as ‘root’ – Always enabled and enforced by the Solaris kernel • New in Solaris 11 – New privileges: file_read, file_write, and net_access – Support for “forced privileges” for set-uid root programs – Stop profile to limit specific commands and authorizations Solaris 11 Fine-Grained Process Privileges
26.
26 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Strong Service Isolation • Zones – Restricted operating environment for enhanced security – Per-zone hardening, RBAC, privileges, resource controls, etc. – Per-zone system resources, networking, data sets, etc. • New in Solaris 11 – Zone Integrity Policies (Flexible, Strict, Fixed, None) – Delegated Administration (Console, Install, Boot, Shutdown) – Virtual Networking (NICs, Switches, etc.) Solaris 11 Zones (Containers)
27.
27 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Holistic Data Protection • Encryption policy is set at the ZFS data set level • Supports delegation of key management operations • Leverages a dual key model: wrapping vs. encryption key • Variety of options for format/location of the wrapping key • Wrapping key inherited by child data sets Solaris 11 ZFS Encryption
28.
28 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Comprehensive Monitoring • Auditing – Kernel-based fine-grained introspection – Captured events include: admin. actions, commands, syscalls – Configurable audit policy at both the system / user level – Zones can be audited from within the global zone – Audit logs can be exported as binary, text, or XML files • New in Solaris 11 – Auditing on by default with no performance penalty – Greater visibility into system events with less “noise” Solaris 11 Auditing
29.
29 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Program Agenda • Security and the Business • Hardware Assisted Cryptography • Solaris 11 Security • Competitive Landscape • Next Steps
30.
SPARC T4 Leads
in On-Chip Algorithms IBM & HP
31.
OpenSSL : RSA
Sign/Verify (RSA 1024) 0 100000 200000 300000 400000 T4-1 X4270 (Westmere) 48583.5 14629.8 384615.2 188261.3 ops/sec Verify ops/sec Sign ops/sec *Westmere running Solaris10u9 (AES-NI optimized)
32.
Java Crypto :
RSA Sign/Verify (RSA 2048) 0 10000000 20000000 30000000 40000000 50000000 60000000 70000000 T4-1 X4270 (Westmere) 18356014 50296420 28942706 61446300 Timeinnsec SHA1withRSA SHA256withRSA No of Clients = 1000 Message size = 1024k bytes
33.
Java Crypto :
AES Bulk Encryption 0 5000000 10000000 15000000 20000000 25000000 X4270 (Westmere) T4-1 Timeinnsec AES-128 AES-256 AES-512 *Westmere running Linux (AES-NI optimized) No of Clients = 1000 Message size = 1024k bytes
34.
Fusion Middleware Security
On T4 *JAX-WS Application, WS-SecurityPolicy – Basic256, SSL Cipher - TLS_RSA_WITH_AES_128_CBC_SHA • Two-way SSL • RSA-1024
35.
35 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Program Agenda • Security and the Business • Hardware Assisted Cryptography • Solaris 11 Security • Competitive Landscape • Next Steps
36.
36 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Stop by the Oracle Support Stars Bar Moscone West, Level 2 • Oracle Support experts on hand • 2-minute videos describing key Oracle proactive support tools and mission-critical services • Live demos • Enter to win an iPad 2 (Mon-Wed) • Hours: § Monday & Tuesday: 10:00 – 6:00 § Wednesday: 9:00 – 5:00 § Thursday: 9:00 – 1:00
37.
37 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. For More Information / Try Out Today • Product overview and download – oracle.com/solaris • Oracle Technology Network – oracle.com/technetwork/server-storage/solaris11 • System administrators community – oracle.com/technetwork/systems • @ORCL_Solaris • facebook.com/oraclesolaris • Oracle Solaris Insider 37
38.
38 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Q&A
39.
39 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved.
40.
40 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved.
41.
41 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Appendix
42.
42 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll Public Domain Image Courtesy: Sergiev Posad Museum of Toys, Russia
43.
43 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Non-Global Zone Architectural Strategies Building the Nesting Doll A Binaries and Libraries Configuration Files Temporary and Log Files Application Data ZFS Encrypted Data Set A Delegated Application Administration Secure by Default / Hardening
44.
44 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll System Resources Monitoring / Auditing Delegated Admin. Packet Filtering System Resources Monitoring / Auditing Delegated Admin. Packet Filtering System Resources Monitoring / Auditing Delegated Admin. Packet Filtering
45.
45 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Solaris 11 Instance (Global Zone) Architectural Strategies Building the Nesting Doll Monitoring / Auditing Delegated Administration Integrated Cryptography
46.
46 Copyright ©
2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll Oracle VM Server for SPARC TBD – Insert Images of T4-based Servers