At the RSA security conference in San Francisco Tuesday, chipmaker Advanced Micro Devices announced a new, security-enhanced Alchemy Au1550 network processor aimed at bolstering security without bogging down servers and applications.
AMD said the Au1550 — armed to support both SSL and IPsec virtual private network (VPN) protocols with a true random number generator (RNG) — is capable of sustaining an unlimited number of VPN tunnels simultaneously, thanks to technology licensed from SafeNet.
AMD said the security features of the network processor address the needs of enterprise customers, which are designing networked environments that require security along with high performance in a low-power processor that costs less.
“We’ve taken the IP safebox from SafeNet, and moved it into the Au1550 silicon,” AMD product marketing manager Rob Oliver told TechNewsWorld. “What would have been two or more chips is now one.”
Safe and Still Speedy
AMD said the newest Alchemy family processor implements the entire VPN packet protocol in hardware, offloading the job to the CPU so that software doesn’t have to get bogged down in computations.
AMD’s Oliver, who said the Au1550 is intended primarily for the embedded market, argued that with the addition of voice and video to VPN data duties, processing requirements go up.
“You need a higher performance processor,” Oliver said. “Having that capability provides performance headroom so things like gateway products can make use of the [security] functionality.”
Aberdeen Group research director Eric Hemmendinger told TechNewsWorld that the goal of both network and compute-side hardware security products, which have yet to be widely deployed, is speed.
“The balancing act required at some point along the line is what is important to do from a performance perspective that doesn’t cost you from a flexibility perspective,” Hemmendinger said. “When you move it into the silicon, it becomes harder to change.”
AMD, which also has built security enhancements into its Athlon and Opteron processors for use with a new Windows XP service pack, touted the security engine, memory controller and other features of the Au1550, which directly supports Windows .NET, Linux and VxWorks. The Au1550 — priced between US$21 and $34 for versions ranging between 333 MHz and 500 MHz — is currently sampling with production availability expected in the second quarter of this year, AMD said.
Chip king Intel also is moving more security functionality to its Pentium chips, and networking companies such as Cisco are building security into network hardware products, including routers and switches. Among the more prominent changes emerging as chipmakers tackle security is the separation of data and instruction memory, a strategy vendors hope will help address common software vulnerabilities known as buffer overflows.
Hemmendinger, who referred to smaller companies such as Fortinet that are pushing security into silicon as much as they can, said hardware security on the network side represents delivery of security features that might be more economical. On the compute side, however, Hemmendinger said the approach is still “a solution that is in search of a compelling problem.”
Wants over Needs
While AMD said the new Alchemy processor meets the needs of its customers and offers greater flexibility in speed-versus-bandwidth tradeoffs, Hemmendinger indicated that chipmaker moves in the past — such as a similar announcement from Intel at the RSA conference two years ago — have been met with resistance.
“We haven’t seen a huge uptick,” he said of hardware security. “The reason is they are all ubiquity plays.”
Hemmendinger explained that some players in the security and software space were threatened by Intel’s play and, as a result, resisted adopting the security-in-CPU strategy. In addition, the analyst said, silicon and hardware-based security solutions have missed the mark in terms of providing needed security without impacting performance.
“A lot of these products we’ve seen hoisted into the market are more what the buying community wants to do, not what the buying community needs to do,” he said.