New Era: Secure Computing and Convergence with Oracle Systems€¦ · New Era: Secure Computing and...

New Era: Secure Computing and Convergence with Oracle Systems

Manuel Vidal Sales Consulting Director, Systems

Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

Previously Unimaginable Results for Apps & Cloud, Attainable Now

Breakthrough Hardware And Software Co-Engineering

Mid-1990’s Larger Memory

Support, Greater Accuracy

Mid-2000’s Multi-core,

Multi-threaded Computing Today:

32-Core Revolution Software in Silicon: Software Functions on Chip

Open Systems Virtualization & Cloud


Memory intrusion protection

First hardware based memory protection

Always-on memory protection

Improved developer efficiency, security, and reliability

Security In Silicon: Silicon Secured Memory Improved Security & Reliability in Hardware


Security In Silicon: Silicon Secured Memory

Applications Memory

Pointer “Y”

Pointer “R”

GO

Pointer “B” GO

• Protects data in memory

• Hidden “color” bits added to pointers (key), and content (lock)

• Pointer color (key) must match content color or program is aborted

• Set on memory allocation, changed on memory free’

• Protects against access off end of structure, stale pointer access and malicious attacks

M7 Processor


"Oracle's new M7 Silicon Secured Memory has the potential to greatly enhance security

for web applications, in a way that goes beyond what is implemented in firewalls. Since it is implemented in the processor

silicon, the new security protection comes at very minimal impact to performance.”

Jon Oltsik, Senior Principal Analyst Enterprise Strategy Group


Silicon Secured Memory Protection From Read and Write Attacks

A Couple of Famous Examples: Heartbleed & Venom

Buffer Over-Read Attack Buffer Over-Write Attack


Secure Software Made Simple – A Case Study

We Find Bugs For You

• Large enterprise app with memory intensive processing

• Time to value for SPARC M7

– 4 cross platform bugs tagged in 2 days

– 180x faster bug identification

• Other memory validation tool: 3 hours

• Silicon Secured Memory and Discover tool: 1 minute

Integrated. Simple. Fast.

Silicon Secured Memory

Oracle Solaris Studio

+


SPARC M7: Broadest Set Of Ciphers For All Your Apps

32 Crypto Accelerators per Processor

Clear Data In

Encrypted Data Out


M7 performance advantage increases on Wide Key Encryption

End-To-End Security is Now Possible

10

SPARC M7

IBM Power8 6-core

Intel X86 E5 v3 4X Faster vs. X86

11X Faster vs. IBM Power8

AES 128-CBC Cipher: Popular for Cloud and DB. Metric is GB/s

83

22

8


SECURE

SPECjEnterprise: Oracle M7 with Encryption is 4.5x Faster Than Power8 Processor

#1 Database And Java With End-To-End Security

2nd Place 22,543.34 EjOPS

8 processors

UNSECURE

25,093.06 EjOPS 2 processors

1st Place


Not Available on IBM Power or X86 Systems

Hardware Enabled Secure Live Migration

• Mission-critical VM with 128GB of memory securely transferred 95 seconds

• VM encrypted for transmission over network: ensures that secure data is not exposed during move

• Security in Silicon with Strong Encryption: AES256_GCM_SHA384

• Very small performance impact on migrated VM during transference

• Software in Silicon: Memory Versioning Scan quickly finds “dirty” pages

VM VM VM

Oracle T7-1

Oracle T7-1

VM


High Performance Fully Encrypted Data Center

Client Web Tier Middleware Tier

Database Tier

ZFS Storage

SSL TLS

SSL TLS

HTTPS JMS JDBC

SSL TLS

ZFS Encryption

TLS

AES

Archive

TDE

Key Manager

AES

AES

High Performance Security On-Premises or in the Cloud

Industry’s fastest Oracle Transparent Data Encryption

SPARC M7 Security in Silicon


Data Analytics Accelerator


Oracle Database 12c Dual Format Database

15

Memory

SALES

Row Format

Memory

SALES

Column Format

Memory

SALES

Compressed Column Format

• BOTH row and column formats for same table

• Simultaneously active with transactional consistency

• Analytics & reporting use new in-memory Column format

• OLTP uses proven row format


M7 Query Accelerator Engine

• 32 In-Silicon Offload Engines

• Cores/Threads Operate Synchronous or Asynchronous to Offload Engines

• User Level Synchronization Through Shared Memory

• High Performance at Low Power

• 3x more Memory Bandwidth than x86

Decompress

Unpack/ Alignment

Scan, Filter, Join

Result Format/ Encode

Data Input Queues

Local SRAM

Decompress

Unpack/ Alignment


Decompress

Unpack/ Alignment


Decompress

Unpack/ Alignment


Data Output Queues M7 Query

Engine (1 of 32)

On-Chip Network

Data Input Queues

Data Output Queues

On-Chip Network

On-Chip Network

On-Chip Network

Scan, Filter, Join

Scan, Filter, Join

Scan, Filter, Join


DAX: Data Analytics Accelerator

M7 In-Memory Database Advantages

17

• Industry-leading M7 memory bandwidth

• DAX decompresses data at same rate as scan-only

• DAX performs one-step scans, range scans, and assists Bloom filter joins

SQL: select sum(lo_extendedprice*lo_discount) as revenue from lineorder, date_dim where lo_orderdate = d_datekey and d_year = 2012 and lo_quantity between 6 and 25 and lo_discount between 1 and 3

Processes: Decode values (DAX) & Sum aggregation (cores)

Hash Joins (cores) Bloom Filter Joins (DAX & cores)

Scans (DAX) Range Scans (DAX)


Decompress at memory speed >120 GB/sec

SQL In Silicon: Accelerating Oracle Database 12c

18

One step 10X

faster

Decompress More than Doubles data size

Read Software

scan Rea

d

Write

Wri

te

Rea

d

DA

X

Wri

te

Multiple steps

SQL: SELECT count(*) …WHERE lo_orderdate = d_datekey …AND lo_partkey = 1059538 AND d_year_monthnum BETWEEN 201311 AND 201312;

t


Image

M7 Beta

Solaris 11.3 Database 12c

Speed Increases with Diversity of Data

M7 + Database 12c In-Memory Faster Than Flash

Faster 83X Queries

per Hour

In-Memory + SWiS

Flash LUN

3000

2500

2000

1500

1000

500

0

Single Query Execution with DOP=32

Product catalog of major on-line retailer with large number of parts

“How many unique products in stock?” Query:


With Oracle M7 You Can Run Both Analytics and OLTP

Software in Silicon Efficiency for In-Memory

Analytics OLTP

Running 1 TB Database compressed into 120 GB of memory

Analytics

OLTP

Analytics

Analytics

Analytics Oracle T7-1

1 chip, 32 cores

5x Latest Generation HP DL380 10 chips, 180 cores

RHEL

Solaris


Image

One Billion Rows Filtered And Folded Into Cube

Apache Spark with Software-in-Silicon

Faster 6X

With M7 In-memory Analytics Accelerator

Without M7 In-memory Analytics Accelerator

38 seconds

6 seconds


World’s Fastest Microprocessor


SPARC M7: Setting 20 World Records in Performance

#1 SPECint_rate2006: 1,200 peak #1 SPECfp_rate2006: 832 peak #1 SPECjEnterprise2010: 25,093.06 EjOPs #1 SAP-SD 2 processor: 30,800 SAPs And more…


Balanced Design


Balanced Design Principles

Security

Balance

Scalabilty Performance

Reliability

Availability

Bandwidth Predictability

25


Technology That Delivers

Breakthrough Processor and Systems Design

Silicon secured memory and wide key encryption – Designed for Security

Security in Silicon

SQL in Silicon

Hardware SQL acceleration and decompression - Breakthrough Oracle

Integration & Efficiency

World’s Fastest Microprocessor

More cores, more threads, more memory & IO Bandwidth,

lower latency - Extreme Performance for Apps and

Cloud


“This is the most significant advancement in SPARC

microprocessor and systems design in the last decade.”

Matthew Eastwood, Senior Vice President Enterprise Infrastructure and Datacenter Group, IDC


Encryption Speed for AES 128

Architectural Scalability: Scale Security To Your Needs

T7-1

T7-2

T7-4

M7-8

M7-16

83 GB/s Crypto

332 GB/s Crypto

664 GB/s Crypto

1.3 TB/s Crypto

166 GB/s Crypto


SPARC M7 secure 3.8x faster that unsecure Power8, 3.5x faster than unsecure x86 v2

Hadoop Terasort Great performance using public Apache Download

SPARC M7 secure 3.8x faster than unsecure IBM Power8

IBM S822L 8-node Cluster

3.5 Power8

7.5

32.5

(Un-secure Baseline)

Oracle T7-4 1node

29.1

SECURE AES-256-GCM baseline

Oracle T7-4 1node

Terasort 10TB - Perf metric GB/min per processor

3.8x

SPARC M7

Chip Advantage

128 Cores 128 Cores 192 Cores

Perf metric GB/min per processor

IBM S822L 8 node 6c/ch SPARC M7

Terasort 10TB

Oracle Confidential – Highly Restricted


Big Data Performance From One Small Server

NoSQL: Yahoo Cloud Serving Benchmark

Oracle T7-4 128 Cores

1,890,394 Ops/sec

12 x Cisco C240 M3 192 Cores

2X Faster Per chip

Oracle NoSQL Cloud Database

12X Fewer Servers

64 Fewer Cores Much Lower Cost

1,028,868Ops/sec

RHEL Solaris


Open


Developers


6 Processors in 5 Years

Consistent Execution

2013 2011 2010 2013 2013

16 x 2nd Gen cores 4MB L3 Cache

1.65 GHz

8 x 3rd Gen Cores 4MB L3 Cache

3.0 GHz


3.6 GHz


3.6 GHz


3.6 GHz

SPARC T3 SPARC T4 SPARC T5 SPARC M5 SPARC M6 More To Come

Including Software in Silicon

• Silicon Secured Memory • DB Query Acceleration • Inline Decompression • More….

}

2015

32 x 4th Gen Cores 64MB L3 Cache

4.1 GHz

SPARC M7

Today


Scalability: 32 to 512 Cores - 256 to 4,096 Threads

New: T7 And M7 Servers, SuperCluster M7

Most Scalable Systems

Worlds Most Secure

Only Processor with Software in Silicon

Worlds Fastest Processor

New Era: Secure Computing and Convergence with Oracle Systems€¦ · New Era: Secure Computing and...

Documents

Transcript of New Era: Secure Computing and Convergence with Oracle Systems€¦ · New Era: Secure Computing and...