Cryptic Comparison

Sun began shipping the SPARC T1 CPU in servers in 2005. That CPU had a cryptographic accelerator in it. Later, the SPARC T2 improved things by implementing a crypto engine in each of the 8 cores. This was further enhanced in the recently released SPARC T3. Over the past few months I have seen vague statements about cryptographic acceleration in the newest Intel CPUs, but did not see any details. I wondered if each implementation had strengths and weaknesses. Understanding those could help people when choosing a CPU architecture.

Joerg Moellenkamp offers a brief comparison and links to additional details.

Comments:

Jeff Writes, "SPARC T1...That CPU had a cryptographic accelerator in it. Later, the SPARC T2 improved things by implementing a Crypto engine in each of the 8 cores."

The move from 1 to 8 was not with the Crypto units, but with the Floating Point Unit, when moving from the T1 to the T2 processor.

http://www.sun.com/blueprints/0306/819-5782.pdf
Page 5
"The eight MAUs, one for each core, are driven by the Niagara Crypto Provider (NCP) device driver in the Solaris 10 OS for both UltraSPARC T1 and T2 processors.
On systems with UltraSPARC T1 processors, NCP supports hardware assisted acceleration of RSA and DSA cryptographic operations. On systems with UltraSPARC T2 processors, NCP supports RSA, DSA, DH, and ECC cryptographic operations"

The T1 implemented 8 Crypto engines.
The T2 implemented 8 enhanced Crypto engines (with additional algorithms supported.)
The T3 implemented 16 steroid enhanced Crypto engines (with even more Crypto algorithms supported.)

The new instruction in the Intel chip was to assist in Crypto work, but the CPU has to stall while it works on it, if I remember correctly.

Contrast this to the T Series - the Crypto units are completely parallel... simply speaking, the CPU dump a pointer to the Crypto core to work on on a set of bytes to encrypt/decrypt, the Crypto core ends a message back to the CPU when it is done.

I think this is pretty close to how it all works, considering that I did not design the CPU's.

In total, for workloads that are heavily encrypted (databases, file systems, web servers, middleware, etc.) - the T processors are the processor of choice. It makes NO SENSE to buy CPU's without Crypto engines (i.e. Intel) where the central processing power that you are paying licensing points for has to burn those license points doing Crypto work instead of off-loading the work to 8 or 16 different crypto engines (for free) and then only pay your licensing for the work that the CPU is really doing for your applications.

I hope this clears things up a bit!

Posted by DavidH on February 09, 2011 at 09:44 AM EST #

Post a Comment:
Comments are closed for this entry.
About

Jeff Victor writes this blog to help you understand Oracle's Solaris and virtualization technologies.

The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today