HyperScale Data Centers Featured Article


Cavium's 48 Core Workload Optimized ThunderX_SC Processors for Helping Secure Data Centers


April 22, 2015

Let’s face it, security has not become an overriding concern across IT. As recent headlines have unfortunately highlighted, the bad guys are constantly probing with alarming success “E”verything.  This includes all parts of the data center’s three pillars—Compute, Storage and Networking.  Indeed, no aspect of data center operations can or should be ignored as bad actors certainly are not ignoring anything. 

It is with this expansion of the vectors of vulnerability surrounding data center security requirements as a priority that San Jose, California-based processor specialist Cavium, Inc., this week is showcasing at RSA its 48 core, dual socket capable ThunderX_SC family of ARMv8-A based processors with integrated security accelerators.

As Cavium explains, as a result of the explosive growth of literally everything as a service (PaaS, SaaS, IaaS, etc.) data centers, particularly hyperscale ones, are now hosting a large number of users and applications with different levels of security requirements on the same underlying infrastructure. What this means is that more and more physical resources such as processors, memory, storage and networks are being shared, i.e., creating opportunities for exploitation. The frequency and sophistication of recent major attacks on cloud compute and telecom infrastructures has only heightened security concerns.

Cavium also observes that many existing servers in data centers typically implement complex security algorithms in software which results in poor performance per watt and performance per dollar.  In short, they need a boost in the form of hardware acceleration. That is where the ThunderX_SC fits the need. For widely used security protocols and algorithms Cavium says it significantly improves both performance per watt and performance per dollar metrics.

A look under the hood

Thunder_X SC integrates Cavium's NITROX technology along with other hardware accelerators enabling the ThunderX_SC family of server SoCs to deliver superior performance for Layer 3 to Layer 7 security.

The ThunderX_SC includes hundreds of accelerator engines for transport/transaction level security such as:

  • Ipsec
  • SSL and application level security such as firewalls
  • IPS/IDS
  • Anti-virus
  • Anti-Malware
  • Deep Packet Inspection

In addition the ThunderX_SC supports industry standard cryptography acceleration APIs through OpenSSL and provides kernel cryptography acceleration for protocols including IPSec, which is widely supported by leading Linux and FreeBSD distributions enabling seamless migration.

How it works

There are a few thing you need to know concerning implementation.  First, secure links are required to connect to cloud data centers. IPSec and SSL VPNs are also required to provide secure remote access to corporate server resources. For secure inter and intra-rack connectivity, secure protocols like IPSec and VPN tunneling are deployed for an added layer of security.

Cavium also says that in case of service provider networks and cloud, where IPsec is also commonly deployed to encrypt user data traffic over backhaul links for the wired and wireless infrastructure, “The ThunderX_SC meets the varied security needs of cloud data center and service provider workloads to build optimized and energy efficient front-end web server, mail server, file server, proxy server, application server and centralized C-RAN server with integrated security.”

"The rapid adoption of Cloud Infrastructure for Data Center and Telco mandates security at every node," Gopal Hegde, VP/GM Data Center Processor Group. "Cavium is a leader in security. The ThunderX_SC SKU integrates our industry leading security IP into best in class ARMv8-A based ThunderX Data Center processors enabling world class solutions for secure cloud and telco data centers with industry leading performance/$ and performance/watt."

The good news is that samples and reference software and hardware platforms are now available. 

Securing the data center as noted at the top really is about taking a holistic approach, and as this announcement illustrates that means right down to assuring that your security software has the processing power behind it to obtain optimal performance at optimized cost. 




Edited by Dominick Sorrentino

Article comments powered by Disqus







Click here to share your opinion - What is the "next big thing" to software define in your enterprise or data center?






Featured Blog Entries

Day 4, Cisco Live! 2017 - The Wrap

Day 4 was the final day of our first ever Cisco Live! We had a great show, with many great conversations and new connections with existing and potential end users, resellers, partners and job hunters.

Day 3, Cisco Live! 2017

Day 3 of Cisco Live is history! For Fiber Mountain, we continued to enjoy visits from decision makers and influencers who were eager to share their data center and structured cabling challenges.

Day 2, Cisco Live! 2017

Tuesday was Day 2 of Cisco Live for Fiber Mountain and we continued to experience high levels of traffic, with many high value decision makers and influencers visiting our booth. One very interesting difference from most conferences I attend is that there are no titles on anyone's show badges. This allows open conversations without people being pretentious. I think this is a very good idea.

Day 1, Cisco Live! 2017

Fiber Mountain is exhibiting at Cisco Live! In Las Vegas for the first time ever! Our first day was hugely successful from just about any perspective - from quantity and quality of booth visitors to successful meetings with customers.

Industry News