What happened to the MAUs on T4?
By jsavit on Jun 05, 2012
One of the powerful features of the SPARC T-series servers is its hardware crypto acceleration, which dramatically speeds up the compute intensive algorithms needed to encrypt and decrypt data.
The SPARC T1, T2, T2+ and SPARC-T3 all have MAUs ("modular arithmetic units", named after the original function provided with the T1). Subsequent models added cryptographic algorithms to accelerate RSA, DSA, Diffie-Hellman, RC4, DES, 3DES, AES, MD5, SHA-1, SHA-n, and ECC, but they were still packaged as a separate resource on each T-series core. That changed with the SPARC T4, which is discussed below.
Administrators setting up logical domains on the older T-series servers had to explicitly
assign crypto resources to domains that had a significant crypto workload (say, an SSL based web server). This could be an administrative burden, as you had to choose which domains got the crypto units, and issue the appropriate
ldm set-mau N mydomain commands. Further, not all domains that could benefit from hardware-based crypto acceleration could benefit it. (In practice, this could only happen if you allocated very small domains that use only part of a CPU core, since each core had its own MAU. One wouldn't do that for a domain with serious performance requirements anyway.)
The T4 changes things
The T4 is fast. Really fast. Its clock rate and out-of-order (OOO) execution that provides the single-thread performance that T-series machines previously did not have. If you have any preconceptions about T-series performance, or SPARC in general, based on the older servers (which, it must be said, were absolutely outstanding for multi-threaded applications), those assumptions are now obsolete. The T4 provides outstanding. performance for all kinds of workload, as illustrated at https://blogs.oracle.com/bestperf.
While we all focused on this (did I mention the T4 is fast?), another feature of the T4 went largely unnoticed: The T4 servers have improved crypto acceleration, described at https://blogs.oracle.com/DanX/entry/sparc_t4_openssl_engine. It is "just built in" so administrators no longer have to assign crypto accelerator units to domains - it "just happens". Every physical or virtual CPU on a SPARC-T4 has full access to hardware based crypto acceleration at all times.
This is much better since you have crypto everywhere by default without having to manage it as a discrete and limited resource. It's a feature of the processor, like doing an integer add. With T4, there is no management necessary, you just have HW crypto everywhere all the time seamlessly.
This change hasn't been widely advertised, and some administrators have wondered why there were unable to assign a MAU to a domain as they did with T2 and T3 machines. The answer is that there is no longer any separate MAU, so you don't have to take any action at all - just leave the default of 0. For completeness sake, it's worth noting that the T4 adds more crypto algorithms, and accelerates Camelia, CRC32c, and more SHA-x.
Besides being much faster than its predecessors, the T4 also integrates hardware crypto acceleration so its seamlessly available to applications, whether domains are being used or not. Administrators no longer have to control how they are allocated - it is available to all CPUs and virtual environments without any administrative effort.