We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
The immediate need is for smaller more energy efficient systems which are capable of managing extremely high volumes of data traffic. Virtualisation, therefore, is becoming a necessity if data centres are to make the best use of their space, energy consumption and performance.
All of these factors mean that data centre managers need to look for small form factor and affordable yet high-performance ways to manage secure data traffic. They need technology that is highly advanced, but designed to integrate smoothly with existing systems, boosting the data centre’s ability to handle high volumes of secure traffic quickly and reliably.
For large data centres, investing in a dedicated solution is the best solution, but this is often too expensive for other data centres, which need the technology to handle numerically complex tasks and also the flexibility to maintain the current server set-up.
Flexible solutions for data centres
Data centres are increasingly looking for a solution that they can implement themselves, using minimal software development that can be customised to meet their current and future requirements. A pre-requisite for these requirements is a solution that is flexible, scalable, cost-effective and power efficient.
In many cases the use of an add-in server accelerator card is an ideal solution. These cards, available in many formats including PCI Express, use highly advanced processors optimised for numerically intensive tasks such as SSL offloading and data compression. Whilst these server adapter cards are available from a variety of manufacturers, the majority feature processors from Cavium, who estimate that over 80 percent of the SSL transactions are processed by Cavium processors.
Advantages of an accelerator card
For the purposes of this article we will concentrate on the Cavium Nitrox family of acceleration cards, which at the time of going to press, consist of a range of seven cards, three based on the older Nitrox PX technology and four based on the latest Nitrox III processors. All cards are optimised for high I/O bandwidth.
High performance
The cards are optimised for security applications, with the entry-level cards capable of over 8,000 1024-bit RSA encryption/decryption operations per second, rising to 800,000 for the high-end card. When handling IPsec data flows, throughputs as high as 60Gbps can be achieved. Newer generation cards also natively support data compression and virtualisation, improving functionality and flexibility.
Scalability, low power and small form-factor
All cards in the range are software compatible, providing the underlying feature is supported on the card. Once the application software is written then the solution can easily be scaled by either upgrading to a higher-performance adapter or by adding additional adapter cards.
These adapter cards are designed to have very low power, with low-end cards consuming around 6W and high-end cards consuming around 23W, with form-factors from 54mm x 168mm to 64mm x 210mm.
Typical applications
The accelerator cards are generally used for processing numerically intensive tasks such as RSA encryption/decryption, SSL off-loading and compression, and can be co-located in an existing or dedicated server or within a load balancer.
The cards are designed to support all of the current encryption standards, and can be quickly reconfigured to support newer standards when they emerge. Current support includes OpenSSL-1.0.1b, Protocol versions SSLv3 and TLSv1, a wide variety of commonly used algorithms including AES, 3DES, ARC4, MD5, SHA-1, SHA-2, RSA 2048, RSA 4096, Kasumi and EC-DH, as well as some highly secure, industry-specific protocols like FIPS, which is widely used in financial institutions. Newer cards can handle the SSL handshake mechanism, improving data flow throughout the system. The Nitrox card can manage unlimited numbers of certificates, as all certificates and keys are stored on the host machine and not on the processor card.
Virtualisation is becoming a “must have”, and is being driven by data centres’ need for appliance scaling. It drives consolidation in a multi-tenancy application, and is natively supported on any accelerator card based on Nitrox III processors.
Application development
All cards are supported by Cavium’s Nitrox software development kit (SDK) which allows software developers to easily develop applications using the accelerator cards. Within the kit are drivers for widely used operation systems such as Windows, Linux and FreeBSD along with support for hypervisors (Xen and KVM) and common application stacks (Openssl, Kame IPsec and Zlib).
Summary of benefits
In data-centre applications, accelerator cards offer a cost-effective solution to the current challenges being faced by the industry, which are manifesting themselves in the need for greater security and higher traffic. These accelerator cards provide:
• The highest SSL and compression performance
• The only security processor with virtualisation
• Compact size and low power
• Scalable range of products to address all performance needs, and
• Full software compatibility across the product range.
Specialist technical support on Cavium accelerator cards, from Acal BFi, enables businesses to integrate the most suitable accelerator card to their application supporting an increase in data traffic, regulatory compliance for SSL security and improved server management in the future. www.acalbfi.co.uk/cavium
