SlideShare a Scribd company logo

High Performance Security With SPARC T4 Hardware Assisted Cryptography

Ramesh Nagappan
Ramesh Nagappan

Cryptographic Acceleration

TechnologyEducation
1 of 46
1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. High Performance Security With SPARC T4 Hardware Assisted Cryptography Glenn Brunette, Ramesh Nagappan, Chad Prucha Oracle Corporation
3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Security Impacts the Business
7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. A Careful Balancing Act
8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Performance and Scalability with Security SPARC T4 and Solaris 11
9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Understanding Encryption Overheads •  Adopting to Encryption requires more CPU, memory, and network bandwidth! –  Overhead varies by choice of key algorithm, key size and applied scenarios •  Security becomes more critical demanding predictable latencies, response times, throughput and other QoS characteristics. End-to-end Security – Multi-tier Applications Scenario
11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Performance Impact without Hardware Assist Example: Security Impact on SOA and Web Services • Two-way SSL • RSA-2048 • AES-256
12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. SPARC T4 Cryptographic Acceleration Significant Performance Gains for SSL (Using Hardware) • Two-way SSL • RSA-2048 • AES-256
13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle Hardware Assisted Cryptography •  UltraSPARC T1 – 8 Crypto Accelerators –  Industry’s first on-chip cryptographic accelerators –  Acts as a Crypto coprocessor running in parallel at CPU speeds •  UltraSPARC T2 / T2+ - 8 Crypto Accelerators –  Added support for Symmetric-Key algorithms, Message digests •  SPARC T3 – 16 Crypto Accelerators –  Expanded support for A/Symmetric-key algorithms, Message digests •  SPARC T4 – On-Core Crypto –  Hardware based crypto algorithms available as unprivileged ISA instructions –  Direct access to on-core acceleration for fast processing, no drivers required –  No special permissions and No setup required Oracle SPARC T-Series Processors – Evolution of Crypto Acceleration
14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. SPARC T3 and T4 Operational Models
15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle SPARC T-Series Capabilities Supported Cryptographic Algorithms and Mechanisms Processor / Mechanisms UltraSPARC T2/ T2+ SPARC T3 SPARC T4 Asymmetric / Public Key Encryption RSA, DSA, ECC RSA, DH, DSA, ECC RSA, DH, DSA, ECC Symmetric Key / Bulk Encryption AES, DES, 3DES, RC4 AES, DES, 3DES, Kasumi AES, DES, 3DES, Camellia, Kasumi Message Digest / Hash Functions MD5, SHA-1, SHA- 256 CRC32c, MD5, SHA-1, SHA-256, SHA-384, SHA-512 CRC32c, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Random Number Generation Supported Supported Supported API Support PKCS#11 Standard PKCS#11 Standard PKCS#11 Standard, uCrypto API
16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Role of the Solaris 11 Cryptographic Framework •  Manages access to hardware-assisted cryptography. –  SPARC T-series processors and also supports Intel Westmere (AES-NI) and PKCS#11 based Hardware Security Modules (HSMs) •  Acts as an intermediary gateway between applications and the underlying cryptographic hardware. •  Applications all use an open, standard protocol (PKCS#11) –  Java, OpenSSL, NSS/JSS, Apache, –  Oracle Database and Fusion Middleware •  Additional Solaris Security services –  ZFS Encryption, SSH, Kernel SSL (KSSL), and IPsec
17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. The Role of Solaris Cryptographic Framework Managing Cryptographic Accelerators and HSMs via PKCS#11 SPARC T3/T2/T1 On Chip Accelerators Sun CryptoAccelerator 6000 Hardware Security Module SPARC T4 On Core Crypto Instructions Third Party Accelerators and Hardware Security Modules Oracle Database 11g - Transparent Data Encryption Oracle Fusion Middleware 11g Java JCE PKCS#11 Provider pkcs11_softtoken.so Apache Web Server OpenSSL Shared Libraries libpkcs11.so Pluggable Interface libpkcs11_kernel.so Service Provider Interface Softtoken KeyStore $HOME/.sunw Application User Kernel Scheduler and Load Balancer libsoftcrypto.so
18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. End-to-End Security Scenario on Oracle T4 •  Oracle SPARC T4 has been verified to perform acceleration of encryption operations across: –  Oracle Solaris (KSSL and ZFS Encryption), WebLogic (SSL), Web Services Manager (WS-Security and SSL), and Database (Transparent Data Encryption) –  Solaris PKCS#11 Softtoken acts as a unified key store. –  Use SCA-6000 for FIPS-140 requirements
19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle Advanced Security Network Encryption Strong Authentication Solaris 11 Softtoken or SCA-6000 (HSM) Master Key Oracle Wallet TDE Column Encryption TDE Tablespace Encryption Encrypted (and compressed) disk backups Encrypted (and compressed) export filesOracle SPARC T-series Servers CRYPTOGRAPHIC ACCELERATION Transparent Data Encryption using SPARC T4 Acceleration
20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle Database Security •  Oracle Transparent Data Encryption (TDE) has been integrated to use T4 Crypto for “Tablespace and Column-level Encryption” operations. –  Oracle TDE directly access T4 on core cryptography –  Enable configuration using init.ora parameters. –  Availability as part of Oracle 11g R2 (11.2.0.3) release •  Centralized key management and Tamper-proof storage for Master Key Wallet and Network Encryption acceleration. –  T4 Crypto accelerates SSL/TLS supporting SQLNET’s network encryption. •  Oracle Wallet tested and verified to store Master Key in Solaris Softtoken or SCA-6000 (FIPS 140-2 scenarios) Data and Network Encryption using SPARC T4 Crypto
21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Fusion Middleware Security •  WebLogic integrates T4 Crypto via JSSE and Java SunPKCS#11 Provider for SSL •  Oracle Fusion Middleware 11g (11.1.1.4) Security automatically leveragesT4 Crypto via Web Services Manager (OWSM) •  Verified to use JKS, Solaris PKCS#11, SCA-6000 and NSS Softtoken (FIPS mode) •  T4 based Hardware assisted Crypto acceleration •  Weblogic SSL and Fusion Middleware Security via OWSM •  Transport-level Security using Weblogic SSL and Solaris KSSL •  Message-level security using WS-Security and WS- SecurityPolicy defined algorithm suites WebLogic and Oracle Web Services Manager Using SPARC T4 Crypto SPARC T3 and T4 Servers Cryptographic Acceleration Java PKCS#11 Provider     Java Keystore / Solaris PKCS#11 Softtoken     Solaris Cryptographic Framework
22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Reduced Attack Surface •  Expose only required services to the network –  Reduce the operating system network foot print –  Most services are disabled; a few are set to “local only” •  Integrated with Service Management Facility –  Common administrative model for all service operations –  Fully customizable based upon unique site requirements •  Foundation for Additional Protections and Configuration Solaris 11 Secure by Default
24 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Separation of Duty •  Role-based Access Control –  Compose collections of administrative rights for users and roles –  Roles can only be assumed by authorized users –  Accountability is preserved – original UID is always tracked •  New in Solaris 11 –  By default, the root account is now a role –  Role authentication can use either user or role’s password –  CLI for managing users, roles, rights and groups Solaris 11 Role-based Access Control (RBAC)
25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Separation of Duty •  Fine-Grained Process Privileges –  Sandbox users and applications to limit potential for damage –  Decomposes administrative capabilities into discrete privileges –  Eliminates need for many services to start as ‘root’ –  Always enabled and enforced by the Solaris kernel •  New in Solaris 11 –  New privileges: file_read, file_write, and net_access –  Support for “forced privileges” for set-uid root programs –  Stop profile to limit specific commands and authorizations Solaris 11 Fine-Grained Process Privileges
26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Strong Service Isolation •  Zones –  Restricted operating environment for enhanced security –  Per-zone hardening, RBAC, privileges, resource controls, etc. –  Per-zone system resources, networking, data sets, etc. •  New in Solaris 11 –  Zone Integrity Policies (Flexible, Strict, Fixed, None) –  Delegated Administration (Console, Install, Boot, Shutdown) –  Virtual Networking (NICs, Switches, etc.) Solaris 11 Zones (Containers)
27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Holistic Data Protection •  Encryption policy is set at the ZFS data set level •  Supports delegation of key management operations •  Leverages a dual key model: wrapping vs. encryption key •  Variety of options for format/location of the wrapping key •  Wrapping key inherited by child data sets Solaris 11 ZFS Encryption
28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Comprehensive Monitoring •  Auditing –  Kernel-based fine-grained introspection –  Captured events include: admin. actions, commands, syscalls –  Configurable audit policy at both the system / user level –  Zones can be audited from within the global zone –  Audit logs can be exported as binary, text, or XML files •  New in Solaris 11 –  Auditing on by default with no performance penalty –  Greater visibility into system events with less “noise” Solaris 11 Auditing
29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
SPARC T4 Leads in On-Chip Algorithms IBM & HP
OpenSSL : RSA Sign/Verify (RSA 1024) 0 100000 200000 300000 400000 T4-1 X4270 (Westmere) 48583.5 14629.8 384615.2 188261.3 ops/sec Verify ops/sec Sign ops/sec *Westmere running Solaris10u9 (AES-NI optimized)
Java Crypto : RSA Sign/Verify (RSA 2048) 0 10000000 20000000 30000000 40000000 50000000 60000000 70000000 T4-1 X4270 (Westmere) 18356014 50296420 28942706 61446300 Timeinnsec SHA1withRSA SHA256withRSA No of Clients = 1000 Message size = 1024k bytes
Java Crypto : AES Bulk Encryption 0 5000000 10000000 15000000 20000000 25000000 X4270 (Westmere) T4-1 Timeinnsec AES-128 AES-256 AES-512 *Westmere running Linux (AES-NI optimized) No of Clients = 1000 Message size = 1024k bytes
Fusion Middleware Security On T4 *JAX-WS Application, WS-SecurityPolicy – Basic256, SSL Cipher - TLS_RSA_WITH_AES_128_CBC_SHA • Two-way SSL • RSA-1024
35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Stop by the Oracle Support Stars Bar Moscone West, Level 2 •  Oracle Support experts on hand •  2-minute videos describing key Oracle proactive support tools and mission-critical services •  Live demos •  Enter to win an iPad 2 (Mon-Wed) •  Hours: §  Monday & Tuesday: 10:00 – 6:00 §  Wednesday: 9:00 – 5:00 §  Thursday: 9:00 – 1:00
37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. For More Information / Try Out Today •  Product overview and download –  oracle.com/solaris •  Oracle Technology Network –  oracle.com/technetwork/server-storage/solaris11 •  System administrators community –  oracle.com/technetwork/systems •  @ORCL_Solaris •  facebook.com/oraclesolaris •  Oracle Solaris Insider 37
38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Q&A
39 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
41 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Appendix
42 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll Public Domain Image Courtesy: Sergiev Posad Museum of Toys, Russia
43 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Non-Global Zone Architectural Strategies Building the Nesting Doll A Binaries and Libraries Configuration Files Temporary and Log Files Application Data ZFS Encrypted Data Set A Delegated Application Administration Secure by Default / Hardening
44 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll System Resources Monitoring / Auditing Delegated Admin. Packet Filtering System Resources Monitoring / Auditing Delegated Admin. Packet Filtering System Resources Monitoring / Auditing Delegated Admin. Packet Filtering
45 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Solaris 11 Instance (Global Zone) Architectural Strategies Building the Nesting Doll Monitoring / Auditing Delegated Administration Integrated Cryptography
46 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll Oracle VM Server for SPARC TBD – Insert Images of T4-based Servers

Recommended

High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...Ramesh Nagappan
 
Infraestructura oracle
Infraestructura oracleInfraestructura oracle
Infraestructura oracleFran Navarro
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPNmohannadalhanahnah
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLinaro
 
Module 9: CDB Technical Intro
Module 9: CDB Technical Intro Module 9: CDB Technical Intro
Module 9: CDB Technical IntroTail-f Systems
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...Shawn Wells
 
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...InSync2011
 

Recommended

High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...Ramesh Nagappan
 
Infraestructura oracle
Infraestructura oracleInfraestructura oracle
Infraestructura oracleFran Navarro
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPNmohannadalhanahnah
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLinaro
 
Module 9: CDB Technical Intro
Module 9: CDB Technical Intro Module 9: CDB Technical Intro
Module 9: CDB Technical IntroTail-f Systems
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...Shawn Wells
 
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...
Developer and Fusion Middleware 1 _ Kevin Powe _ Log files - a wealth of fore...InSync2011
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUGSandesh Rao
 
Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastOracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastTerry Wang
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionTail-f Systems
 
Oracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explainedOracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explainedTom Hofte
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPOdinot Stanislas
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & EcosystemKingston Smiler
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OpenvSwitch
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OpenvSwitch
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualizationidrajeev
 
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACAIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACSandesh Rao
 
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course OverviewCheck Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overviewdaisuke_tanabe
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesCisco DevNet
 
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsIndustrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsJavier Povedano
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Oracle Trace File Analyzer Overview
Oracle Trace File Analyzer OverviewOracle Trace File Analyzer Overview
Oracle Trace File Analyzer OverviewGareth Chapman
 
Eci sparc
Eci sparcEci sparc
Eci sparcFran Navarro
 
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Fran Navarro
 

More Related Content

What's hot

LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUGSandesh Rao
 
Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastOracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastTerry Wang
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionTail-f Systems
 
Oracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explainedOracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explainedTom Hofte
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPOdinot Stanislas
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & EcosystemKingston Smiler
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OpenvSwitch
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OpenvSwitch
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualizationidrajeev
 
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACAIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACSandesh Rao
 
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course OverviewCheck Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overviewdaisuke_tanabe
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesCisco DevNet
 
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsIndustrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsJavier Povedano
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
 
Oracle Trace File Analyzer Overview
Oracle Trace File Analyzer OverviewOracle Trace File Analyzer Overview
Oracle Trace File Analyzer OverviewGareth Chapman
 

What's hot (20)

LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
15 Troubleshooting Tips and Tricks for database 21c - OGBEMEA KSAOUG
 
Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastOracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 Webcast
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical Introduction
 
Oracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explainedOracle Traffic Director Instances, Processes and High Availability explained
Oracle Traffic Director Instances, Processes and High Availability explained
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONP
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & Ecosystem
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
 
Software defined network and Virtualization
Software defined network and VirtualizationSoftware defined network and Virtualization
Software defined network and Virtualization
 
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RACAIOUG-GroundBreakers-Jul 2019 - 19c RAC
AIOUG-GroundBreakers-Jul 2019 - 19c RAC
 
Check Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course OverviewCheck Point CCSA NGX R71 Course Overview
Check Point CCSA NGX R71 Course Overview
 
NETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network DevicesNETCONF & YANG Enablement of Network Devices
NETCONF & YANG Enablement of Network Devices
 
Industrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an StandardsIndustrial Internet of Things: Protocols an Standards
Industrial Internet of Things: Protocols an Standards
 
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelXPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, Intel
 
Oracle Trace File Analyzer Overview
Oracle Trace File Analyzer OverviewOracle Trace File Analyzer Overview
Oracle Trace File Analyzer Overview
 

Similar to High Performance Security With SPARC T4 Hardware Assisted Cryptography

Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Fran Navarro
 
Oracle virtual appliance
Oracle virtual applianceOracle virtual appliance
Oracle virtual appliancesolarisyougood
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQLTed Wennmark
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Ramesh Nagappan
 
Oracle Sparc M7-8 Servers
Oracle Sparc M7-8 ServersOracle Sparc M7-8 Servers
Oracle Sparc M7-8 ServersIlham Amir
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Connor McDonald
 
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisPresentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisxKinAnx
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesMohamed Farouk
 
Simplify IT: Oracle SuperCluster
Simplify IT: Oracle SuperCluster Simplify IT: Oracle SuperCluster
Simplify IT: Oracle SuperCluster Fran Navarro
 
Presentation oracle super cluster t5-8 technical deep dive
Presentation oracle super cluster t5-8 technical deep divePresentation oracle super cluster t5-8 technical deep dive
Presentation oracle super cluster t5-8 technical deep divesolarisyougood
 
Virtual Compute Appliance Oracle IaaS
Virtual Compute Appliance Oracle IaaS Virtual Compute Appliance Oracle IaaS
Virtual Compute Appliance Oracle IaaS Fran Navarro
 
New Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
New Generation of SPARC Processors Boosting Oracle S/W Angelo RajaduraiNew Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
New Generation of SPARC Processors Boosting Oracle S/W Angelo RajaduraiOrgad Kimchi
 
Oracle Exalogic X3-02 Elastic Cloud System
Oracle Exalogic X3-02 Elastic Cloud SystemOracle Exalogic X3-02 Elastic Cloud System
Oracle Exalogic X3-02 Elastic Cloud SystemJithin Kuriakose
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault OverviewTroy Kitch
 
Oracle ExaLogic Overview
Oracle ExaLogic OverviewOracle ExaLogic Overview
Oracle ExaLogic OverviewPeter Doolan
 
Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5Luc Wijns
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxssuser20fcbe
 

Similar to High Performance Security With SPARC T4 Hardware Assisted Cryptography (20)

Eci sparc
Eci sparcEci sparc
Eci sparc
 
Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)Solaris11 Desayunos Tecnicos Oracle (Solaris)
Solaris11 Desayunos Tecnicos Oracle (Solaris)
 
Oracle virtual appliance
Oracle virtual applianceOracle virtual appliance
Oracle virtual appliance
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQL
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
 
Oracle super cluster m7
Oracle super cluster m7Oracle super cluster m7
Oracle super cluster m7
 
Oracle Sparc M7-8 Servers
Oracle Sparc M7-8 ServersOracle Sparc M7-8 Servers
Oracle Sparc M7-8 Servers
 
Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015Securing data in Oracle Database 12c - 2015
Securing data in Oracle Database 12c - 2015
 
Presentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solarisPresentation deploying oracle database 11g securely on oracle solaris
Presentation deploying oracle database 11g securely on oracle solaris
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
 
Simplify IT: Oracle SuperCluster
Simplify IT: Oracle SuperCluster Simplify IT: Oracle SuperCluster
Simplify IT: Oracle SuperCluster
 
Presentation oracle super cluster t5-8 technical deep dive
Presentation oracle super cluster t5-8 technical deep divePresentation oracle super cluster t5-8 technical deep dive
Presentation oracle super cluster t5-8 technical deep dive
 
Virtual Compute Appliance Oracle IaaS
Virtual Compute Appliance Oracle IaaS Virtual Compute Appliance Oracle IaaS
Virtual Compute Appliance Oracle IaaS
 
New Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
New Generation of SPARC Processors Boosting Oracle S/W Angelo RajaduraiNew Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
New Generation of SPARC Processors Boosting Oracle S/W Angelo Rajadurai
 
Oracle Exalogic X3-02 Elastic Cloud System
Oracle Exalogic X3-02 Elastic Cloud SystemOracle Exalogic X3-02 Elastic Cloud System
Oracle Exalogic X3-02 Elastic Cloud System
 
Why_Oracle_Hardware.ppt
Why_Oracle_Hardware.pptWhy_Oracle_Hardware.ppt
Why_Oracle_Hardware.ppt
 
Oracle Key Vault Overview
Oracle Key Vault OverviewOracle Key Vault Overview
Oracle Key Vault Overview
 
Oracle ExaLogic Overview
Oracle ExaLogic OverviewOracle ExaLogic Overview
Oracle ExaLogic Overview
 
Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
 

More from Ramesh Nagappan

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Ramesh Nagappan
 
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldInteroperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldRamesh Nagappan
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterRamesh Nagappan
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Ramesh Nagappan
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture reviewRamesh Nagappan
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformRamesh Nagappan
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentRamesh Nagappan
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security ArchitectureRamesh Nagappan
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlRamesh Nagappan
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSORamesh Nagappan
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityRamesh Nagappan
 

More from Ramesh Nagappan (13)

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005
 
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldInteroperable Provisioning in a distributed world
Interoperable Provisioning in a distributed world
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperCluster
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture review
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card Platform
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security Architecture
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
 

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

High Performance Security With SPARC T4 Hardware Assisted Cryptography

  • 1. 1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 2. 2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. High Performance Security With SPARC T4 Hardware Assisted Cryptography Glenn Brunette, Ramesh Nagappan, Chad Prucha Oracle Corporation
  • 3. 3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 4. 4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
  • 5. 5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
  • 6. 6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Security Impacts the Business
  • 7. 7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. A Careful Balancing Act
  • 8. 8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Performance and Scalability with Security SPARC T4 and Solaris 11
  • 9. 9 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
  • 10. 10 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Understanding Encryption Overheads •  Adopting to Encryption requires more CPU, memory, and network bandwidth! –  Overhead varies by choice of key algorithm, key size and applied scenarios •  Security becomes more critical demanding predictable latencies, response times, throughput and other QoS characteristics. End-to-end Security – Multi-tier Applications Scenario
  • 11. 11 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Performance Impact without Hardware Assist Example: Security Impact on SOA and Web Services • Two-way SSL • RSA-2048 • AES-256
  • 12. 12 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. SPARC T4 Cryptographic Acceleration Significant Performance Gains for SSL (Using Hardware) • Two-way SSL • RSA-2048 • AES-256
  • 13. 13 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle Hardware Assisted Cryptography •  UltraSPARC T1 – 8 Crypto Accelerators –  Industry’s first on-chip cryptographic accelerators –  Acts as a Crypto coprocessor running in parallel at CPU speeds •  UltraSPARC T2 / T2+ - 8 Crypto Accelerators –  Added support for Symmetric-Key algorithms, Message digests •  SPARC T3 – 16 Crypto Accelerators –  Expanded support for A/Symmetric-key algorithms, Message digests •  SPARC T4 – On-Core Crypto –  Hardware based crypto algorithms available as unprivileged ISA instructions –  Direct access to on-core acceleration for fast processing, no drivers required –  No special permissions and No setup required Oracle SPARC T-Series Processors – Evolution of Crypto Acceleration
  • 14. 14 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. SPARC T3 and T4 Operational Models
  • 15. 15 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle SPARC T-Series Capabilities Supported Cryptographic Algorithms and Mechanisms Processor / Mechanisms UltraSPARC T2/ T2+ SPARC T3 SPARC T4 Asymmetric / Public Key Encryption RSA, DSA, ECC RSA, DH, DSA, ECC RSA, DH, DSA, ECC Symmetric Key / Bulk Encryption AES, DES, 3DES, RC4 AES, DES, 3DES, Kasumi AES, DES, 3DES, Camellia, Kasumi Message Digest / Hash Functions MD5, SHA-1, SHA- 256 CRC32c, MD5, SHA-1, SHA-256, SHA-384, SHA-512 CRC32c, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Random Number Generation Supported Supported Supported API Support PKCS#11 Standard PKCS#11 Standard PKCS#11 Standard, uCrypto API
  • 16. 16 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Role of the Solaris 11 Cryptographic Framework •  Manages access to hardware-assisted cryptography. –  SPARC T-series processors and also supports Intel Westmere (AES-NI) and PKCS#11 based Hardware Security Modules (HSMs) •  Acts as an intermediary gateway between applications and the underlying cryptographic hardware. •  Applications all use an open, standard protocol (PKCS#11) –  Java, OpenSSL, NSS/JSS, Apache, –  Oracle Database and Fusion Middleware •  Additional Solaris Security services –  ZFS Encryption, SSH, Kernel SSL (KSSL), and IPsec
  • 17. 17 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. The Role of Solaris Cryptographic Framework Managing Cryptographic Accelerators and HSMs via PKCS#11 SPARC T3/T2/T1 On Chip Accelerators Sun CryptoAccelerator 6000 Hardware Security Module SPARC T4 On Core Crypto Instructions Third Party Accelerators and Hardware Security Modules Oracle Database 11g - Transparent Data Encryption Oracle Fusion Middleware 11g Java JCE PKCS#11 Provider pkcs11_softtoken.so Apache Web Server OpenSSL Shared Libraries libpkcs11.so Pluggable Interface libpkcs11_kernel.so Service Provider Interface Softtoken KeyStore $HOME/.sunw Application User Kernel Scheduler and Load Balancer libsoftcrypto.so
  • 18. 18 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. End-to-End Security Scenario on Oracle T4 •  Oracle SPARC T4 has been verified to perform acceleration of encryption operations across: –  Oracle Solaris (KSSL and ZFS Encryption), WebLogic (SSL), Web Services Manager (WS-Security and SSL), and Database (Transparent Data Encryption) –  Solaris PKCS#11 Softtoken acts as a unified key store. –  Use SCA-6000 for FIPS-140 requirements
  • 19. 19 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle Advanced Security Network Encryption Strong Authentication Solaris 11 Softtoken or SCA-6000 (HSM) Master Key Oracle Wallet TDE Column Encryption TDE Tablespace Encryption Encrypted (and compressed) disk backups Encrypted (and compressed) export filesOracle SPARC T-series Servers CRYPTOGRAPHIC ACCELERATION Transparent Data Encryption using SPARC T4 Acceleration
  • 20. 20 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Oracle Database Security •  Oracle Transparent Data Encryption (TDE) has been integrated to use T4 Crypto for “Tablespace and Column-level Encryption” operations. –  Oracle TDE directly access T4 on core cryptography –  Enable configuration using init.ora parameters. –  Availability as part of Oracle 11g R2 (11.2.0.3) release •  Centralized key management and Tamper-proof storage for Master Key Wallet and Network Encryption acceleration. –  T4 Crypto accelerates SSL/TLS supporting SQLNET’s network encryption. •  Oracle Wallet tested and verified to store Master Key in Solaris Softtoken or SCA-6000 (FIPS 140-2 scenarios) Data and Network Encryption using SPARC T4 Crypto
  • 21. 21 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Fusion Middleware Security •  WebLogic integrates T4 Crypto via JSSE and Java SunPKCS#11 Provider for SSL •  Oracle Fusion Middleware 11g (11.1.1.4) Security automatically leveragesT4 Crypto via Web Services Manager (OWSM) •  Verified to use JKS, Solaris PKCS#11, SCA-6000 and NSS Softtoken (FIPS mode) •  T4 based Hardware assisted Crypto acceleration •  Weblogic SSL and Fusion Middleware Security via OWSM •  Transport-level Security using Weblogic SSL and Solaris KSSL •  Message-level security using WS-Security and WS- SecurityPolicy defined algorithm suites WebLogic and Oracle Web Services Manager Using SPARC T4 Crypto SPARC T3 and T4 Servers Cryptographic Acceleration Java PKCS#11 Provider     Java Keystore / Solaris PKCS#11 Softtoken     Solaris Cryptographic Framework
  • 22. 22 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
  • 23. 23 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Reduced Attack Surface •  Expose only required services to the network –  Reduce the operating system network foot print –  Most services are disabled; a few are set to “local only” •  Integrated with Service Management Facility –  Common administrative model for all service operations –  Fully customizable based upon unique site requirements •  Foundation for Additional Protections and Configuration Solaris 11 Secure by Default
  • 24. 24 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Separation of Duty •  Role-based Access Control –  Compose collections of administrative rights for users and roles –  Roles can only be assumed by authorized users –  Accountability is preserved – original UID is always tracked •  New in Solaris 11 –  By default, the root account is now a role –  Role authentication can use either user or role’s password –  CLI for managing users, roles, rights and groups Solaris 11 Role-based Access Control (RBAC)
  • 25. 25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Separation of Duty •  Fine-Grained Process Privileges –  Sandbox users and applications to limit potential for damage –  Decomposes administrative capabilities into discrete privileges –  Eliminates need for many services to start as ‘root’ –  Always enabled and enforced by the Solaris kernel •  New in Solaris 11 –  New privileges: file_read, file_write, and net_access –  Support for “forced privileges” for set-uid root programs –  Stop profile to limit specific commands and authorizations Solaris 11 Fine-Grained Process Privileges
  • 26. 26 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Strong Service Isolation •  Zones –  Restricted operating environment for enhanced security –  Per-zone hardening, RBAC, privileges, resource controls, etc. –  Per-zone system resources, networking, data sets, etc. •  New in Solaris 11 –  Zone Integrity Policies (Flexible, Strict, Fixed, None) –  Delegated Administration (Console, Install, Boot, Shutdown) –  Virtual Networking (NICs, Switches, etc.) Solaris 11 Zones (Containers)
  • 27. 27 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Holistic Data Protection •  Encryption policy is set at the ZFS data set level •  Supports delegation of key management operations •  Leverages a dual key model: wrapping vs. encryption key •  Variety of options for format/location of the wrapping key •  Wrapping key inherited by child data sets Solaris 11 ZFS Encryption
  • 28. 28 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Comprehensive Monitoring •  Auditing –  Kernel-based fine-grained introspection –  Captured events include: admin. actions, commands, syscalls –  Configurable audit policy at both the system / user level –  Zones can be audited from within the global zone –  Audit logs can be exported as binary, text, or XML files •  New in Solaris 11 –  Auditing on by default with no performance penalty –  Greater visibility into system events with less “noise” Solaris 11 Auditing
  • 29. 29 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
  • 30. SPARC T4 Leads in On-Chip Algorithms IBM & HP
  • 31. OpenSSL : RSA Sign/Verify (RSA 1024) 0 100000 200000 300000 400000 T4-1 X4270 (Westmere) 48583.5 14629.8 384615.2 188261.3 ops/sec Verify ops/sec Sign ops/sec *Westmere running Solaris10u9 (AES-NI optimized)
  • 32. Java Crypto : RSA Sign/Verify (RSA 2048) 0 10000000 20000000 30000000 40000000 50000000 60000000 70000000 T4-1 X4270 (Westmere) 18356014 50296420 28942706 61446300 Timeinnsec SHA1withRSA SHA256withRSA No of Clients = 1000 Message size = 1024k bytes
  • 33. Java Crypto : AES Bulk Encryption 0 5000000 10000000 15000000 20000000 25000000 X4270 (Westmere) T4-1 Timeinnsec AES-128 AES-256 AES-512 *Westmere running Linux (AES-NI optimized) No of Clients = 1000 Message size = 1024k bytes
  • 34. Fusion Middleware Security On T4 *JAX-WS Application, WS-SecurityPolicy – Basic256, SSL Cipher - TLS_RSA_WITH_AES_128_CBC_SHA • Two-way SSL • RSA-1024
  • 35. 35 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Program Agenda •  Security and the Business •  Hardware Assisted Cryptography •  Solaris 11 Security •  Competitive Landscape •  Next Steps
  • 36. 36 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Stop by the Oracle Support Stars Bar Moscone West, Level 2 •  Oracle Support experts on hand •  2-minute videos describing key Oracle proactive support tools and mission-critical services •  Live demos •  Enter to win an iPad 2 (Mon-Wed) •  Hours: §  Monday & Tuesday: 10:00 – 6:00 §  Wednesday: 9:00 – 5:00 §  Thursday: 9:00 – 1:00
  • 37. 37 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. For More Information / Try Out Today •  Product overview and download –  oracle.com/solaris •  Oracle Technology Network –  oracle.com/technetwork/server-storage/solaris11 •  System administrators community –  oracle.com/technetwork/systems •  @ORCL_Solaris •  facebook.com/oraclesolaris •  Oracle Solaris Insider 37
  • 38. 38 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Q&A
  • 39. 39 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 40. 40 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
  • 41. 41 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Appendix
  • 42. 42 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll Public Domain Image Courtesy: Sergiev Posad Museum of Toys, Russia
  • 43. 43 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Non-Global Zone Architectural Strategies Building the Nesting Doll A Binaries and Libraries Configuration Files Temporary and Log Files Application Data ZFS Encrypted Data Set A Delegated Application Administration Secure by Default / Hardening
  • 44. 44 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll System Resources Monitoring / Auditing Delegated Admin. Packet Filtering System Resources Monitoring / Auditing Delegated Admin. Packet Filtering System Resources Monitoring / Auditing Delegated Admin. Packet Filtering
  • 45. 45 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Solaris 11 Instance (Global Zone) Architectural Strategies Building the Nesting Doll Monitoring / Auditing Delegated Administration Integrated Cryptography
  • 46. 46 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Architectural Strategies Building the Nesting Doll Oracle VM Server for SPARC TBD – Insert Images of T4-based Servers