Network and Security Articles

Around the globe, security remains at the forefront of business planning. Not only do executives need to ensure protection for their employees, facilities, and corporate data, but increased computer attacks are making security even more critical in Web-enabled environments.

Consumers that are just beginning to use the Internet to conduct business need assurance that their transactions and personal information will remain confidential. At the same time, IT departments are being asked to prove to partners that cross-enterprise solutions are bullet-proof while providing safe access to corporate data for remote workers.

To provide such assurances, many e-business environments rely on Secure Socket Layer (SSL) encryption to keep data from being viewed by unauthorized eyes. But like many good things, SSL comes with a price: system CPUs must dedicate resources to handle cryptographic calculations, often resulting in sluggish performance and dropped connections from processing overloads. In fact, the compute-intensive nature of SSL functions, including session establishment and data encryption and decryption, can slow the transaction processing capabilities of a server by 90 percent or more.

Web server and other SSL-centric environments can, however, provide both secure transactions and fast service delivery with the Sun Crypto Accelerator 1000 board. The latest addition to Sun's new line of encryption products, the Sun Crypto Accelerator 1000 board offloads the compute-intensive SSL functions from a server's CPU, freeing the system processor to handle other critical tasks. As a result, enterprises can speed processing of SSL-based transactions without incurring associated performance hits.

"When using SSL, companies typically experience drops in performance, which promise to only increase as encrypted network traffic requirements grow," notes Anant Agrawal, vice president and general manager of the Networking and Security Products Group at Sun. "With the Sun Crypto Accelerator 1000 board, not only do enterprises reap significant performance gains, but they can scale their systems more cost effectively and better serve users and customers by minimizing time-outs and resulting dropped connections."

Bottom Line Benefits

Because Web server applications account for the majority of SSL implementations, the Sun Crypto Accelerator 1000 board supports both iPlanet Web Server and Apache running on Solaris Operating Environment 8. In iPlanet Web Server environments, the board can achieve speeds of more than 4,300 new SSL operations per second using a 1024-bit RSA algorithm. The PCI based board integrates seamlessly with Sun's iPlanet Web Server Enterprise Edition 6.0, a key component of Sun Open Net Environment (Sun ONE), Sun's vision, architecture, platform, and expertise for the development and delivery of services on demand.

These performance gains are critical in Web server and SSL-centric environments that handle extensive traffic requiring security, particularly for financial and banking institutions, online merchants, and Web-based service providers, such as ISPs, MSPs, and ASPs. By offloading the compute-intensive SSL functions from system CPUs, the Sun Crypto Accelerator 1000 board offers customers the following business benefits:

• Improved scalability. By taking care of SSL compute-intensive cryptographic calculations, the board enables servers to handle increased loads, supporting more efficient deployment of servers as traffic increases. Servers can even handle greater numbers of simultaneous transactions, a boon for Web-based service providers. Enterprises can also deliver additional secure online services cost effectively, helping to provide a competitive edge to companies such as online brokerage firms.
  
  
• Enhanced user and customer satisfaction. Faster processing enables users and customers to access data and complete transactions more quickly, improving their online experience. This improved performance, coupled with significant reductions in connection time-outs, helps foster increased employee and customer loyalty.
  
  
• Increased revenue. Businesses can achieve greater revenue by sustaining a higher level of secure service to complete more transactions.
  
  
• Industry-leading performance. Through fast SSL session establishment and optimized iPlanet Web Server performance, the Sun Crypto Accelerator 1000 board can provide over 4,300 new SSL operations per second.

"The benefits of the Sun Crypto Accelerator 1000 board go far beyond increased performance," notes Wes Wasson, vice president of product marketing for iPlanet E-Commerce Solutions at Sun. "In addition to offering the industry's fastest SSL processing, the board positively impacts a company's bottom line by enhancing both scalability and productivity, resulting in greater revenue."

An Optimized Sun Solution

By implementing an integrated solution using Sun server hardware, Sun's iPlanet Web Server, and the Sun Crypto Accelerator 1000 board, Web server and SSL-centric environments can gain high levels of performance. In fact, a 16-processor Sun Fire 6800 server coupled with the iPlanet Web Server and a single Sun Crypto Accelerator 1000 board delivers the industry's fastest secure Web server implementation, achieving more than 4,300 new SSL operations per second.

The Sun Crypto Accelerator 1000 board is optimized to efficiently perform specific SSL mathematical functions, leaving the system processor to focus on its core strength of application processing. Because the board and iPlanet Web Server both support virtual server technology, customers can even further fine-tune use of processor resources to gain the greatest performance and cost efficiencies.

In addition, customers can rest assured of Sun's commitment to an integrated solution while gaining a single source for support. Later this year, the Sun Crypto Accelerator 1000 board will support both the Sun Fire 15K server and Solaris 9.

"Through our delivery of integrated, optimized solutions, Sun stands out as a leading technology provider for the Tier-1 Web server market," Agrawal adds. "The Sun Crypto Accelerator 1000 board offers heightened security without incurring performance hits or high costs. As a result, companies can meet today's stringent security requirements while deploying a more cost-effective implementation to handle the inevitable transaction load increases of e-business."

Nuts and Bolts

The Sun Crypto Accelerator 1000 board is a PCI-based SSL accelerator board that offloads compute-intensive SSL functions from a server's CPU. It handles SSL operations at speeds much greater than a system CPU can achieve.

The Sun Crypto Accelerator 1000 board is suitable for e-business applications using SSL encryption via NSS and the PCKS11 interface for iPlanet Web Server Enterprise Edition versions 4.x SP9 and v. 6.0 SP1, and via a modified version of OpenSSL v0.9.6b* for Apache 1.3.12. Other key specifications include:

• PCI board with a 33/66-MHz crypto chip and a 32/64-bit bus
• Support for 2048-bit RSA encryption, one of the most widely used public key encryption algorithms
• 3DES bulk encryption support at a rate of 500 Mbps in either a 66 MHz or 33 Mhz PCI slot
• Compatible with most Sun Fire servers and Sun Enterprise servers
• Scalable to four boards on applicable Sun Enterprise servers, supporting dynamic reconfiguration of dynamic system domains

Unit pricing for the Sun Crypto Accelerator 1000 board is $2700 per board. The product can be ordered starting March 12, 2002.

* This product includes software developed by the OpenSSL project for use in the OpenSSL Toolkit. This product includes cryptographic software written by Eric Young. This product includes software developed by Ralf S. Engelschall for use in the mod_ssl project.

Back to Top