Sun Microsystems 240 manual Rsa Dsa

Page 16

P12 Netra 240 Server Architecture

Sun Microsystems, Inc.

Based on the Broadcom BCM5822 co-processor, the SCA 500 board accelerates a variety of computation-inten- sive cryptographic algorithms for security protocols in e-commerce applications. The SCA 500 daughter board off- loads SSL functionality normally performed by system CPUs. Using 3DES, it accelerates various operations such as authentication and bulk encryption. The SCA 500 board further speeds SSL processing by optimizing the complex mathematical operations involved in SSL operations.

Since acceleration performance/cost is not uniform across all algorithms and because some cryptographic algorithms are designed specifically to be implemented through hardware while others are designed to imple- mented through software, the SCA 500 board provides cryptographic algorithms through both hardware and soft- ware. The SCA 500 daughter card examines each cryptographic request and determines the best location for acceleration (the host processor or the SCA 500 board) to achieve maximum throughput. Load distribution is based on cryptographic algorithm, current job loading, and data size. Table 2-1 lists the accelerated software and hardware algorithms that the SCA 500 provides for Sun Java™ System Web Server and Apache Web server software.

Table 2-1: The Sun Crypto Accelerator 500 module supports SSL algorithms through both hardware and software.

Algorithm

Sun Java System Web Server

Apache Web Server

 

Hardware

Software

Hardware

Software

 

 

 

 

 

RSA

X

X

X

X

DSA

X

X

X

X

Diffie-Hellman

X

X

DES

X

X

X

X

3DES

X

X

Arcfour

X

The SCA 500 daughter card interfaces with specific drivers based on the Web server software deployed on the server and selects appropriate authentication and encryption modules. For example, the SCA 500 module uses Network Secure Server (NSS) via the PKCS 11 public interface for Java System Web Server and OpenSSL via the mod_ssl libraries for Apache Web server software (Figure 2-6).

Sun Java System Web Server Sun Java System Portal Server

Public Interface

NSS

(Sun Java System SSL)

Public Interface

PKCS #11

Apache Web Server

Public Interface (EAPI)

mod_ssl

(module to link SSL)

OpenSSL

Private Interface

Private Interface

Drivers

Private Interface

Sun Crypto Accelerator 500

Figure 2-6: The Sun Crypto Accelerator 500 module accelerates Sun Java System Web Server and Apache Web server authentication as well as bulk encryption via appropriate protocols and methods.

Image 16
Contents Netra 240 Server Architecture Technical White Paper JanuaryPage Table of Contents Pii Table of Contents Introduction ChapterTarget Audience Network Equipment Providers NEPsWireless Operators Wireline Service ProvidersNetra 240 Server Service Providers SPsCable/Broadband Key Features Expandability and Management InterfacesTarget Applications for the Netra 240 Server Netra 240 Server Architecture Inside view of the Netra 240 serverFront Access MotherboardUltraSPARC IIIi Processor CPUMemory Subsystem Bus Interconnect and JIO Hostbridge ASICsInternal Mass Storage South Bridge AsicNetworking and I/O Expansion Sun Crypto Accelerator 500 Board Ether SerialRSA DSA System Configuration Card DiagnosticsRackmount Enclosure and Power Power-On Self-TestEnvironmental and Safety Specifications Enclosure and power specifications of the Netra 240 serverSolaris Operating System Software for Deploying Highly-Available ServicesSolaris JumpStart Software Solaris Live Upgrade Software Remote Management SoftwareSolaris Flash Software Advanced Lights Out Management AlomSolaris Resource Manager Software Resource Management SoftwareSolaris Bandwidth Manager Software Netra High Availability HA Suite Software Web Services SoftwareStorage Management Tools Service Solutions Professional ServicesWorkforce Development Solutions SunSM Remote Services Event Monitoring ProgramProactive System Management SunToneSM Certification and Branding ProgramConclusion White Paper Netra 240 Server Architecture