Oracle continues to lead in enterprise security. Oracle's SPARC T5 processors combined with the Oracle Solaris ZFS file system demonstrate faster file system encryption than equivalent x86 systems using the Intel Xeon Processor E5-2600 Sequence chips which have AES-NI security instructions.
Encryption is the process where data is encoded for privacy and a key is needed by the data owner to access the encoded data.
The SPARC T5-2 server is 3.4x faster than a 2 processor Intel Xeon E5-2690 server running Oracle Solaris 11.1 that uses the AES-NI GCM security instructions for creating encrypted files.
The SPARC T5-2 server is 2.2x faster than a 2 processor Intel Xeon E5-2690 server running Oracle Solaris 11.1 that uses the AES-NI CCM security instructions for creating encrypted files.
The SPARC T5-2 server consumes a significantly less percentage of system resources as compared to a 2 processor Intel Xeon E5-2690 server.
Below are results running two different ciphers for ZFS encryption. Results are presented for runs without any cipher, labeled clear, and a variety of different key lengths. The results represent the maximum delivered values measured for 3 concurrent sequential write operations using 1M blocks. Performance is measured in MB/sec (bigger is better). System utilization is reported as %CPU as measured by "iostat" (smaller is better).
The results for the x86 server were obtained using Oracle Solaris 11.1 with performance bug fixes.
Encryption Using AES-GCM Ciphers
|System||GCM Encryption: 3 Concurrent Sequential Writes|
|SPARC T5-2 server||3,918||7||3,653||14||3,676||15||3,628||14|
|SPARC T4-2 server||2,912||11||2,662||31||2,663||30||2,779||31|
|2-Socket Intel Xeon E5-2690||3,969||42||1,062||58||1,067||58||1,076||57|
|SPARC T5-2 vs x86 server||1.0x||3.4x||3.4x||3.4x|
Encryption Using AES-CCM Ciphers
|System||CCM Encryption: 3 Concurrent Sequential Writes|
|SPARC T5-2 server||3,862||7||3,665||15||3,622||14||3,707||12|
|SPARC T4-2 server||2,945||11||2,471||26||2,801||26||2,442||25|
|2-Socket Intel Xeon E5-2690||3,868||42||1,566||64||1,632||63||1,689||66|
|SPARC T5-2 vs x86 server||1.0x||2.3x||2.2x||2.2x|
This benchmark evaluates secure file system performance by measuring the rate at which encrypted data can be written. The Vdbench tool was used to generate the IO load. The test performed 3 concurrent sequential write operations using 1M blocks to 3 separate files.
ZFS encryption is integrated with the ZFS command set. Like other ZFS operations, encryption operations such as key changes and re-key are performed online.
Data is encrypted using AES (Advanced Encryption Standard) with key lengths of 256, 192, and 128 in the CCM and GCM operation modes.
The flexibility of encrypting specific file systems is a key feature.
ZFS encryption is inheritable to descendent file systems. Key management can be delegated through ZFS delegated administration.
ZFS encryption uses the Oracle Solaris Cryptographic Framework which gives it access to SPARC T5 and Intel Xeon E5-2690 processor hardware acceleration or to optimized software implementations of the encryption algorithms automatically.
On modern computers with multiple threads per core, simple statistics like %utilization measured in tools like iostat and vmstat are not "hard" indications of the resources that might be available for other processing. For example, 90% idle may not mean that 10 times the work can be done. So drawing numerical conclusions must be done carefully.
Copyright 2013, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Results as of March 26, 2013.