Dropsafe

by Alec Muffett

#Oracle and the SPARC T5 processor: Larry seems to have actually paid attention #vindicated

Labeled Dave – dude: two L’s or three? – pointed me back at Larryland:

SPARC T5 Deep Dive – An interview with Oracle’s Rick Hetherington:

Q: What about the security features in the T5?

A: The team takes security very seriously. Each core on T5 has an encryption engine that will accelerate all of the most common bulk encryption ciphers like AES and DES. SPARC T5 also supports asymmetric key exchange with RSA and ECC and authentication or hash functions like SHA and MD5. We also have hardware random number generation.

With negligible overhead, customers can build an entire 3-tiered data center and never have to communicate between servers in clear text. It will all be encrypted as we go from the edge of the data center to, let’s say, the backend of the database. What we are trying to do here is provide security for customers that have avoided using full encryption within their data centers because of performance issues. With SPARC T4 and now T5, there is no real reason not to run a data center that is secure from end to end.

I seem to remember having to explain this about the T2 back in 2008 in the face of marketing material to the contrary:

Le Sigh. Skip to about the 12 minute mark for the punchline.

Comments

4 responses to “#Oracle and the SPARC T5 processor: Larry seems to have actually paid attention #vindicated”

  1. Dave Walker

    Three, unless (like Twitter) you have a 16-char username limit. Still, my American pals don’t mind ;-).

    Being able to encrypt everything end-to-end with zero performance degradation is indeed wonderful. However, the problems of scaling key management remain – and various sets of people are going after that problem, in various ways. IKE’s always been a horror to set up – I should have a closer look at what Solaris 11 is doing with it.

    Reply
    1. alecm

      I think you should rename to “labelleddave” and add a new acct to retain your existing name.

      Reply
  2. Max

    Hmm, I know people who would be very scared about encryption all the way through the data centre. If someone can get a payload in, you’ve got no chance of spotting it on the encrypted traffic.
    Whereas, if you get inter server comms in a secure building in plain text you can at least run IDS / sniffers on the traffic.
    I guess it depends how much you trust your admin staff. (either being able to sniff your secrets or being able to let a payload in)
    Hmm, get the encryption tech AND epoxy fill all the USB ports in the room.

    Reply
    1. alecm

      Max: http://securityreactions.tumblr.com/post/31726556638/we-have-an-ids-and-a-waf

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts