Oracle Strengthens Security, Database Features In Sparc Chip

Oracle aims to make Sparc M7 server chip relevant with new, built-in security and database features, dubbed "software in silicon."

Charles Babcock, Editor at Large, Cloud

October 29, 2015

6 Min Read
<p align="left">(Image: id-work/iStockphoto)</p>

9 Ways To Bulletproof Your Privacy Policy

9 Ways To Bulletproof Your Privacy Policy

9 Ways To Bulletproof Your Privacy Policy (Click image for larger view and slideshow.)

Oracle's ability to deliver a server with built-in security processing and optimized database functions gives it an advantage in delivering cloud services, whether on-premises or in the Oracle public cloud, according to a top Oracle hardware executive.

Getting on-premises enterprise systems to work with systems in the cloud will be one of the central challenges for IT over the next decade. "We are determined, as the only company with the premium hardware and software (for both locations), to help you bridge that gap," Oracle's John Fowler declared at the end of his Wednesday, Oct. 28, talk at Oracle OpenWorld in San Francisco.

Fowler, formerly chief Sparc server spokesman for Sun Microsystems, is filling that role once again as executive VP for Systems at Oracle. Much of his talk encompassed the features built into Oracle's latest Sparc M7 chip and how they fit into Oracle's current public cloud and enterprise on-premises database services. The M7, with its 10 billion transistors, serves as the basis for M7 and T7 servers and M7 SuperClusters.

Oracle has built a high-speed compression/decompression engine into the chip so that compressed data may be loaded into server memory, then be acted on directly by SQL queries or application calls and decompressed as it's needed by the hardware routines. The process can be done without incurring any noticeable overhead, Fowler said. That significantly expands the amount of data that can be held in server memory, allows more applications to operate at in-memory speeds, and reduces the number of I/Os to disk.

[Want to learn more about the Oracle User Group Perspective? See Oracle Users Not Rushing To The Cloud.]

In addition, Oracle has embedded sophisticated, 128-bit encryption in the M7 chip. Data in server memory is much more secure when sitting there in an encrypted state. Encryption as a hardware routine means encrypted data can be called out of a large memory cache and acted on with a SQL query without incurring significant overhead. Oracle has published benchmarks on capabilities, and one claimed the M7 was 4.5 times faster than the IBM Power8 CPU.

"We think this is a big step forward in terms of what your data center is going to look like three to five years from today," said Fowler. More applications will run at higher speeds, relying on data stored only in random access memory or Flash memory with direct access to the CPUs.

In addition to built-in encryption, Oracle has added a second security function for in-memory data where the memory needed by an application is assigned a "color" bit, and only that memory can be accessed by the routines of the application. That code guards against malicious code creeping into operations and foraging for data beyond the application's assigned memory. The processor automatically checks the color key of an application request with the color of the location where the data is mapped. If they don't match, it knows something is wrong.

"Data in memory is much less secure than data on disk … It can be subject to a buffer overflow attack that corrupts the data. The potential for breaches in in-memory operations is a giant step backward in security," said Juan Loaiza, Oracle senior VP for Oracle database architecture, asked by Fowler to explain some of the database functionality in the chip.

The color bits amount to a lock on a set of data in memory so that only its rightful owner can access it, he said. The color-bit assignment is an operation embedded in the chip and can't be seen by the application logic or application users, Loaiza said.

The combination of new security features, including the SQL query language embedded as a hardware function, is dubbed "Security in Silicon."

Added to that, the M7 Sparc chip, with up to 32 cores "is optimized to run simple database functions extremely fast," Fowler said in his Oracle OpenWorld presentation. A 32-core M7 has 32 specialized database acceleration engines as well, with one available in each core to receive database functions off-loaded from the central processor unit. The acceleration engine is embedded in the same core, and is not a co-processor, such as a graphics processing unit, located alongside it on a motherboard.

Historically, Sparc chips differed from their x86 contemporaries in that they were designed as server chips, not personal computing CPUs. That meant they adopted multi-threading early and often, with today's M7 capable of running eight separate threads at a time. A thread is usually a sequence of processing instructions that can be executed as a separate unit. Running multiple threads greatly speeds up the ability of the chip to devour an application's instructions in parallel gulps.

With 32 cores per CPU and eight threads per core, an M7 is capable of running as many as 256 different processes at the same time. A SuperCluster with 32 CPUs would have 1,024 cores and 8,192 threads, as well as 64TB of RAM.

In the x86 world, Intel's Nehalem processor was the first to go beyond single-threaded to two threads, and juggling threads remains a chip designer's art. Registers and data caches must be cleared as one thread is executed, then makes way for the next. AMD claimed when Nehalem chips first came out that its single-threaded Opteron was faster on some applications than the double-threaded Nehalem Xeon.

Private clouds or plain old enterprise data centers running the M7 Sparc servers or clusters would also run Solaris, the former Sun Microsystems operating system for Sparc. And that left unanswered how much work would be needed to coordinate the Sparc/Solaris database servers and clusters with the x86 side of the data center running Windows Server and Linux.

Oracle is positioning itself as the best vendor to supply the components needed for the coming decade of hybrid cloud computing, when many workloads will run in a public cloud but a substantial enterprise data center will continue to operate. And while it says it's the best vendor to supply both private and public cloud computing, it's not clear how many workloads it wants to migrate to its new Sparc servers based on M7 versus how it expects to remain on the commonplace x86 servers that its customers already use.

For that matter, Oracle's own data-oriented appliances, Exalogic and Exadata, are based on recent Intel x86 Xeon processors for maximum performance and ease of integration with the rest of the data center, with a new Exadata cloud service available as well.

"Having a public cloud is a requirement for future success," said Dave Donatelli, the former HP executive who now works as Oracle's executive VP of hardware, as he discussed future Oracle converged hardware and software stacks with the crowd Wednesday morning.

Exactly how far his listeners will wish to go in making use of joint Sparc and x86 sets of servers, either in their own data centers or in the public cloud, remains to be seen. But the M7 Sparc, with its ultra-modern security and database features, is going to at least get Sparc back into the discussion.

About the Author(s)

Charles Babcock

Editor at Large, Cloud

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse University where he obtained a bachelor's degree in journalism. He joined the publication in 2003.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights