2Sun Crypto Accelerator 4000 Board Installation and User’s Guide • May 2003
Key Features■Gigabit Ethernet with either copper or fiber interface
■Accelerates IPsec and SSL cryptographic functions
■Session establishment rate: up to 4300 operations per second
■Bulk encryption rate: up to 800 Mbps
■Provides up to 2048-bit RSA encryption
■Delivers up to 10 times faster 3DES bulk data encryption
■Provides tamper-proof,centralized security key and certificate administration for
Sun ONE WebServer for increased security and simplified key management
■Designed for FIPS 140-2 Level 3 certification
■Low CPU utilization—frees up server system resource and bandwidth
■Secure private key storage and management
■Dynamic reconfiguration (DR) and redundancy/failover support on Sun’s
midframe and high-end servers
■Load balancing for RX packets among multiple CPUs
■Full flow control support (IEEE 802.3x)
The Sun Crypto Accelerator 4000 boards are designed to comply with the security
requirements for cryptographic modules as documented in the Federal Information
Processing Standard (FIPS) 140-2, Level 3.
Supported Applications■Solaris 8 and 9 operating environments (IPsec VPN)
■Sun ONE WebServer
■Apache WebServer
Supported Cryptographic ProtocolsThe board supports the following protocols:
■IPsec for IPv4 and IPv6, including IKE
■SSLv2, SSLv3, TLSv1
The board accelerates the following IPsec functions:
■ESP (DES, 3DES) Encryption
The board accelerates the following SSL functions:
■Secure establishment of a set of cryptographic parameters and secret keys
between a client and a server
■Secure key storage on the board—keys are encrypted if they leave the board