The Most-Secure and Efficient Platform for the Cloud

Version 1

    by Janani Ramakrishnan

     

    The benefits of starting the cloud journey with Oracle's SPARC platform

     

    Over 90 percent of enterprises believe that cloud computing enables faster innovation and frees them from capital expenditures. The flexibility of cloud computing offers an opportunity for increased collaboration while providing streamlined management and easier disaster recovery capabilities. Oracle is committed to offering the best integrated solutions for IT deployments and for public cloud infrastructures, with breakthrough efficiency, effortless security, and straightforward simplicity. A key part of that strategy is delivered by Oracle's SPARC platform, which has been designed and optimized to improve the delivery of business-critical workloads and scale-out applications. Oracle's SPARC platform has the highest per-core performance for Java and database. The platform's Software in Silicon technology helps ensure application data protection, enables encryption with essentially no performance impact, and is ideal for the cloud.

     

    Efficiency

     

    Oracle's SPARC processor–based servers have demonstrated a continuous and dramatic increase in per-core and per-processor performance by leveraging the superior SPARC architecture and integrating key technologies on chip. In contrast,  Intel x86 processors have shown nearly flat or slightly declining per-core performance over the last four years.

     

    Cloud-based applications are often built on Java or run over a Java Virtual Machine. They also perform online transaction processing (OLTP) and data analytics. In order to provide the best infrastructure for the cloud, the hardware platform must excel at processing Java and database workloads. Oracle's new SPARC S7 processor–based systems, such as the SPARC S7-2 server, show a 1.7x per-core efficiency advantage for Java and 1.6x better per-core efficiency for database benchmarks compared to x86-based Intel Xeon E5 v4 systems, as shown in Figure 1. The higher core efficiency of the SPARC systems is a result of coengineering hardware and software together, and can significantly reduce software costs for the data center.

     

    f1.png

    Figure 1. The SPARC S7-2 server offers massive core performance for the cloud.

     

    In addition to core efficiency, cloud computing demands the flexibility of supporting multiuser and multitenant applications; thus, efficient virtualization capabilities are key to building the most-reliable clouds. The SPARC platform provides outstanding virtualization capabilities with near-zero overhead, even in heavily virtualized environments, compared to commodity systems that can sometimes scale to more than 25 percent overhead. Due to the efficient hypervisor design of SPARC systems, all the compute power is utilized to process application workloads without overhead.

     

    Because they are a secure and reliable platform that scales effortlessly and provides the best performance on bare-metal and scale-out infrastructures, SPARC systems are the best building blocks for building the most-efficient enterprise clouds.

     

    Security

     

    Today, companies are constantly facing the threat of hacking, data breaches, and sabotage. By not acknowledging the reality of the connected world, even the most successful company can be a victim of digital crime. Regardless of the size of a company and what workloads are being deployed, a key factor to be considered is security.

     

    Oracle's SPARC processors have unique security features, embedded in the silicon itself, and these Software in Silicon features are complemented by advanced security features in the Oracle Solaris operating system. These security features include Silicon Secured Memory, encryption acceleration, fine-grain access control, and compliance verification, among others, and together they provide the most-secure platform for enterprise computing.

     

    Silicon Secured Memory is an end-to-end implementation of memory-access validation done in hardware. It prohibits unauthorized memory access due to programming errors or buffer overruns. Figure 2 depicts how Silicon Secured Memory protects against unauthorized memory access.

     

    f2.png

    Figure 2. Silicon Secured Memory offers protection from read and write attacks.

     

     

    The Silicon Secured Memory feature enables the detection of memory reference errors. A key in each memory pointer is used to indicate the memory version. During the process of memory allocation, a corresponding code is written to memory. When this memory is accessed by any pointer, the key of the pointer attempting the access and the code of the memory being accessed are compared by the hardware. If there is a match, the access is legal; if there is no match, the memory reference error is caught immediately. This requirement prevents malicious buffer over-read and buffer over-write attacks, such as Heartbleed and Venom, from accessing restricted memory locations.

     

    Moving on to the encryption aspect, it is interesting to note that Oracle's SPARC processors implement cryptographic accelerators inline with the instruction pipeline, thereby increasing the overall efficiency of the encryption and decryption process. As shown in Figure 3, the cryptographic accelerators in the SPARC processors are able to handle the largest set of the commonly used cryptographic algorithms, ensuring usability across a wide range of applications. Implementing hardware-based encryption instead of software-based encryption drastically accelerates the encryption process, resulting in a near-zero performance impact and offloading the processor cores to continue running other workloads. Thus, with Oracle's SPARC servers, data can always be encrypted at rest and in motion, providing end-to-end security for the database, application, and web tiers with no compromise on system performance.

     

    f3.png

    Figure 3. On-chip cryptographic accelerators offload cores and incur a near-zero performance penalty.

     

    The SPARC systems provide unmatched encryption capabilities compared to commodity hardware. As shown in Figure 4, the SPARC S7 processors perform 2.3x times faster encryption for AES 256-CFB, which is a popular algorithm for cloud applications.

     

    f4.png

    Figure 4. SPARC S7 processor provides advantages for the highest-security ciphers.

     

    Oracle Solaris 11.3 offers advanced security features that allow users and administrators to safeguard their data more efficiently and securely. Oracle Solaris 11.3 has a unique security compliance tool that users can run to ensure systems are compliant with industry standards. The tool offers a simple and comprehensive report to analyze compliance on each of the tested environments, as well as showing the process that must be followed in order to fix each compliance failure. Compliance standards can also be customizable based on specific requirements. Oracle Solaris has greatly improved and simplified the auditing process. Oracle Solaris 11 allows data logs to be transferred securely over an encrypted network or to the host OS without writing to the local disk. This capability prevents malicious attackers from deleting security logs (thus hiding their identity) and adds another security layer on the infrastructure. Even if a server suffers a root-level breach, the logs will be kept safe.

     

    Virtualized partitions on SPARC servers allow applications to access specific memory, processing, and system I/O resources, while separating workloads on the same consolidated platform. These partitions include an option to dedicate resources to logical domains (LDoms), Oracle Solaris Zones, and Oracle Solaris Kernel Zones to add granularity and control on top of the virtualized domains, which can be made to be read-only. These Oracle Solaris Immutable Zones have been a great milestone in terms of security, and cannot be modified by an attacker or a privileged user. Immutable zones are particularly useful for deploying mission-critical virtual environments or migrating virtual machines within a cloud environment.

     

    The security features of the SPARC servers combined with those of Oracle Solaris reinforce Oracle's vision of building the most-secure and efficient enterprise clouds using the most-advanced hardware and software platform.

     

    Simplicity

     

    Cloud infrastructures must be simple to deploy, manage, and protect. The SPARC platform not only offers outstanding features in performance and security, but it also offers the most straightforward simplicity when it comes to the deployment and scalability of clouds.

     

    One of the platform's outstanding features for lifecycle management is unified updating. In a typical cloud environment, different tools are required to update different levels of software (from the firmware, hypervisor, and OS to the database and applications) because many times, they come from different vendors. Oracle Solaris provides a simple way to automatically distribute patches on all layers of the stack. It is a simple, one-step process through which all patches are automatically distributed. This capability is critical for clouds. Moreover, rolling back to a previous patch is as simple as rolling forward to the next update.

     

    Package dependencies are drastically simplified by making use of the Oracle Solaris Image Packaging System (IPS). IPS is an integrated package management tool that automatically detects and configures the dependencies of any package a user wants to install or remove without any human intervention. This technology is leveraged and fully integrated into OpenStack, so a system can be simply and straightforwardly updated within minutes.

     

    The Solutions

     

    Oracle's SPARC platform is the focus of continuous innovation and offers a full portfolio of cloud solutions including public, private, and hybrid clouds. Currently, the SPARC platform offers a subscription-based dedicated compute capacity in Oracle Cloud, which is called the SPARC Model 300. This solution allows users to subscribe to a dedicated system at the same per-core pricing as Oracle's x86 based service. Users can create their own virtual machines and deploy their workloads using SPARC Model 300, and then let Oracle manage the rest while they enjoy maximum security and performance. This way, users get the most value from their investment in a platform based on the world's fastest processor.

     

    On the other hand, Oracle also offers a secure private cloud as an optimized solution that users can customize and build with the help of Oracle's expertise. The optimized solution—called Oracle Optimized Solution for Secure Enterprise Cloud Infrastructure—allows for 5x faster deployment than traditional do-it-yourself private clouds and provides seamless integration and built-in virtualization at no additional cost.

     

    Conclusion

     

    Cloud computing is changing the way businesses operate today. Even though the advantages of the cloud are eminent, transition to the cloud is not a straightforward process for enterprises, which require integrated hardware and software solutions that are specifically engineered for the cloud. Oracle's SPARC servers are optimally designed to address the challenges of building the most-secure cloud infrastructures by ensuring that the cloud performs at its peak efficiency level, is always secure throughout the entire stack, and is simple to deploy and manage.

     

    About the Author

     

    Janani Ramakrishnan is a product manager within the SPARC Systems Engineering Group at Oracle. She is responsible for on-premises based cloud solutions as well as for carrying forward the SPARC cloud strategy. She joined Oracle in 2016 after completing her master's degree in electrical engineering at Georgia Institute of Technology.

     

    Benchmark Disclosures:

     

    SPEC and the benchmark name SPECjbb are registered trademarks of Standard Performance Evaluation Corporation (SPEC). Results from www.spec.org as of 6/29/2016. SPARC S7-2 (16-core) 65,790 SPECjbb2015-MultiJVM max-jOPS, 35,812 SPECjbb2015-MultiJVM critical-jOPS; IBM Power S812LC (10-core) 44,883 SPECjbb2015-MultiJVM max-jOPS, 13,032 SPECjbb2015-MultiJVM critical-jOPS; SPARC T7-1 (32-core) 120,603 SPECjbb2015-MultiJVM max-jOPS, 60,280 SPECjbb2015-MultiJVM critical-jOPS; Huawei RH2288H v3 (44-core) 121,381 SPECjbb2015-MultiJVM max-jOPS, 38,595 SPECjbb2015-MultiJVM critical-jOPSHP ProLiant DL360 Gen9 (44-core) 120,674 SPECjbb2015-MultiJVM max-jOPS, 29,013 SPECjbb2015-MultiJVM critical-jOPS; HP ProLiant DL380 Gen9 (44-core) 105,690 SPECjbb2015-MultiJVM max-jOPS, 52,952 SPECjbb2015-MultiJVM critical-jOPS;; Cisco UCS C220 M4 (44-core) 94,667 SPECjbb2015-MultiJVM max-jOPS, 71,951 SPECjbb2015-MultiJVM critical-jOPS; Huawei RH2288H V3(36-core) 98,673 SPECjbb2015-MultiJVM max-jOPS, 28,824 SPECjbb2015-MultiJVM critical-jOPs; Lenovo x240 M5 (36-core) 80,889 SPECjbb2015-MultiJVM max-jOPS,43,654 SPECjbb2015-MultiJVM critical-jOPS; SPARC T5-2 (32-core) 80,889 SPECjbb2015-MultiJVM max-jOPS, 37,422 SPECjbb2015-MultiJVM critical-jOPS; SPARC S7-2 (16-core) 66,612 SPECjbb2015-Distributed max-jOPS, 36,922 SPECjbb2015-Distributed critical-jOPS; HP ProLiant DL380 Gen9 (44-core) 120,674 SPECjbb2015-Distributed max-jOPS, 39,615 SPECjbb2015-Distributed critical-jOPS; HP ProLiant DL360 Gen9 (44-core) 106,337 SPECjbb2015-Distributed max-jOPS, 55,858 SPECjbb2015-Distributed critical-jOPS; HP ProLiant DL580 Gen9 (96-core) 219,406 SPECjbb2015-Distributed max-jOPS, 72,271 SPECjbb2015-Distributed critical-jOPS; Lenovo Flex System x3850 X6 (96-core) 194,068 SPECjbb2015-Distributed max-jOPS, 132,111 SPECjbb2015-Distributed critical-jOPS.

     

    Follow us:
    Blog | Facebook | Twitter | YouTube