Intel 7xx Servers, 170 Servers manual Cryptography Performance Test Environment, CSP API Sets

CSP API Sets

User applications can utilize cryptographic services indirectly via i5/OS functions (SSL/TLS, VPN IPSec) or directly via the following APIs:

yThe Common Cryptographic Architecture (CCA) API set is provided for running cryptographic operations on a Cryptographic Coprocessor.

yThe i5/OS Cryptographic Services API set is provided for running cryptographic operations within the Licensed Internal Code.

yJava Cryptography Extension (JCE) is a standard extension to the Java Software Development Kit (JDK).

yGSS (Generic Security Services), Java GSS, and Kerberos APIs are part of the Network Authentication Service that provides authentication and security services. These services include session level encryption capability.

yi5/OS SSL and JSSE support the Secure Sockets Layer Protocol. APIs provide session level encryption capability.

yStructured Query Language is used to access or modify information in a database. SQL supports encryption/decryption of database fields.

8.2 Cryptography Performance Test Environment

All measurements were completed on an IBM System i5 570+ 8-Way (2.2 GHz). The system is configured as an LPAR, and each test was performed on a single partition with one dedicated CPU. The partition was solely dedicated to run each test. The IBM 4764 PCI-X Cryptographic Coprocessor card is installed in a PCI-X slot.

This System i model is a POWER5 hardware system, which provides Simultaneous Multi-Threading. The tools used to obtain this data are in some cases only single threaded (single instruction stream) applications, which don’t take advantage of the performance benefits of SMT. See section 8.6 for additional information.

Cryptperf is an IBM internal use primative-level cryptographic function test driver used to explore and measure System i cryptographic performance. It supports parameterized calls to various i5/OS CSPs. See section 8.6 for additional information.

ŠCipher: Measures the performance of either symmetric or asymmetric key encrypt depending on algorithm selected.

ŠDigest: Measures the performance of hash functions.

Š Sign: Measures the performance of hash with private key encrypt .

ŠPin: Measures encrypted PIN verify using the IBM 3624 PIN format with the IBM 3624 PIN calculation method.

All i5/OS and JCE test cases run at a near 100% CPU utilization. The test cases that use the Cryptographic Coprocessor will offload all cryptographic functions, so that CPU utilization is negligible.

The relative performance and recommendations found in this chapter are similar for other models, but the data presented here is not representative of a specific customer environment. Cryptographic functions are very CPU intensive and scale easily. Adding or removing CPU’s to an environment will change performance, so results in other environments may vary significantly.