Sun Crypto Accelerator 1000 Board Version 2.0 Installation and User's Guide Table Of ContentsPrevious ChapterNext ChapterBook Index


C H A P T E R  1
Product Overview

This chapter describes the Sun Crypto Accelerator 1000 board. This chapter contains the following sections:

Hardware Overview

The Sun Crypto Accelerator 1000 board is a short PCI board that functions as a cryptographic co-processor to accelerate public key and symmetric cryptography. This product has no external interfaces. The board communicates with the host through the internal PCI bus interface. The purpose of this board is to accelerate a variety of computationally intensive cryptographic algorithms for security protocols in e-commerce applications.


FIGURE 1-1 Sun Crypto Accelerator 1000 Board

Diagram of the Sun Crypto Accelerator 1000 board.


Product Features

The Sun Crypto Accelerator 1000 is a cryptographic accelerator board that enhances the performance of SSL on Sun platforms. The main feature of version 2.0 is the integration with the Solaris Cryptographic Framework. The Sun Crypto Accelerator 1000 now accelerates cryptographic algorithms in hardware, and the Solaris Cryptographic Framework complements software implementations of these algorithms. The reason for this complexity is that the cost of accelerating cryptographic algorithms is not uniform across all algorithms. Some cryptographic algorithms were designed specifically to be implemented in hardware, others were designed to be implemented in software. For hardware acceleration, there is the additional cost of moving data from the user application to the hardware acceleration device, and moving the results back to the user application. Note that a few cryptographic algorithms (for example, ARCFOUR) can be performed by highly tuned software as quickly as they can be performed in dedicated hardware.

The Solaris Cryptographic Framework examines each cryptographic request and determines the best location for the acceleration (host processor or Sun Crypto Accelerator 1000), to achieve maximum throughput. Load distribution is based on cryptographic algorithm, current job loading, and data size.

TABLE 1-1 shows which accelerated algorithms may be off-loaded to hardware and which software algorithms are provided for Sun ONE and Apache Web Servers.


TABLE 1-1 Supported SSL Algorithms

Sun ONE Web Servers

Apache Web Servers

Algorithm

Hardware

Software

Hardware

Software

RSA

X

X

X

X

DSA

X

X

X

X

Diffie-Hellman

 

 

 

X

DES

X

X

X

X

3DES

X

X

X

X

ARCFOUR

 

 

 

X


Dynamic Reconfiguration and High Availability Considerations

The Sun Crypto Accelerator 1000 hardware and associated software provides the capability to work effectively on Sun platforms supporting Dynamic Reconfiguration (DR) and hot-plugging. During a DR or hot-plug operation, the Sun Crypto Accelerator 1000 software layer automatically detects the addition or removal of a board and adjusts the scheduling algorithms to accommodate the change in hardware resources.

For High Availability (HA) configurations, multiple Sun Crypto Accelerator 1000 boards can be installed within a system or domain to insure that hardware acceleration is continuously available. In the unlikely event of a Sun Crypto Accelerator 1000 hardware failure, the software layer detects the failure and removes the failed card from the list of available hardware cryptographic accelerators. Sun Crypto Accelerator 1000 adjusts the scheduling algorithms to accommodate the reduction in hardware resources. Subsequent cryptographic requests will be scheduled to the remaining cards.

Additionally, the Solaris Cryptographic Framework provides the capability to perform all cryptographic operations in software. This feature supports DR or hot-plug removal of all Sun Crypto Accelerator 1000 boards within a system domain with no adverse functional consequences. A significant performance penalty is incurred until the Sun Crypto Accelerator 1000 hardware is restored to the supported configuration.

Note that the Sun Crypto Accelerator 1000 hardware provides a source for high- quality entropy for the generation of long-term keys. If all the Sun Crypto Accelerator 1000 boards within a domain or system are removed, long-term keys are generated with lower-quality entropy.

Load Sharing

The Solaris Cryptographic Framework distributes load across all boards that are installed within the Solaris domain or system. Incoming cryptographic requests are distributed across the boards based on fixed-length work queues. Cryptographic requests are directed to the first board, and subsequent requests stay directed to the first board until it is running at full capacity. Once the first board is running at full capacity, further requests are queued to the first board available that can accept the request of this type. The queueing mechanism is designed to optimize throughput by facilitating request coalescing at the board.

Hardware and Software Requirements

TABLE 1-2 provides a summary of the hardware and software requirements for the Sun Crypto Accelerator 1000 board.


TABLE 1-2 Hardware and Software Requirements

Hardware and Software

Requirements

Hardware

Sun Bladetrademark 150, 1500, 2000, 2500

Sun Firetrademark 280R, V120, V250, V440, V490, V880, V880z, V890, V1280, 2900, 4800, 4810, 6800,

Sun Netratrademark 120, T1 1400/5, T4 (20), 1280

Operating system

Solaris 10

PCI slots

32-bit or 64-bit

33 MHz or 66 MHz

Software

Sun ONE Web Server or Apache Web Server on Solaris 10

Any required patches to run the Sun ONE or Apache Web Servers


Required Patches

Refer to the Sun Crypto Accelerator 1000 Board Version 2.0 Release Notes for required patch information.

 



  Sun Crypto Accelerator 1000 Board Version 2.0 Installation and User's Guide 819-0425-11 Table Of ContentsPrevious ChapterNext ChapterBook Index


Copyright © 2005, Sun Microsystems, Inc. All Rights Reserved.