Sun Microsystems 240 Server User Manual


 
Based on the Broadcom BCM5822 co-processor, the SCA 500 board accelerates a variety of computation-inten-
sive cryptographic algorithms for security protocols in e-commerce applications. The SCA 500 daughter board off-
loads SSL functionality normally performed by system CPUs. Using 3DES, it accelerates various operations such as
authentication and bulk encryption. The SCA 500 board further speeds SSL processing by optimizing the complex
mathematical operations involved in SSL operations.
Since acceleration performance/cost is not uniform across all algorithms and because some cryptographic
algorithms are designed specifically to be implemented through hardware while others are designed to imple-
mented through software, the SCA 500 board provides cryptographic algorithms through both hardware and soft-
ware. The SCA 500 daughter card examines each cryptographic request and determines the best location for
acceleration (the host processor or the SCA 500 board) to achieve maximum throughput. Load distribution is
based on cryptographic algorithm, current job loading, and data size. Table 2-1 lists the accelerated software and
hardware algorithms that the SCA 500 provides for Sun Java™ System Web Server and Apache Web server software.
Table 2-1: The Sun Crypto Accelerator 500 module supports SSL algorithms through both hardware and software.
Algorithm Sun Java System Web Server Apache Web Server
Hardware Software Hardware Software
RSA XX XX
DSA X X X X
Diffie-Hellman X X
DES XX XX
3DES X X
Arcfour X
The SCA 500 daughter card interfaces with specific drivers based on the Web server software deployed on the
server and selects appropriate authentication and encryption modules. For example, the SCA 500 module uses
Network Secure Server (NSS) via the PKCS 11 public interface for Java System Web Server and OpenSSL via the
mod_ssl libraries for Apache Web server software (Figure 2-6).
Sun Microsystems, Inc.P12 Netra 240 Server Architecture
Sun Java System Web Server
Sun Java System Portal Server
NSS
(Sun Java System SSL)
PKCS #11
Sun Crypto Accelerator 500
Drivers
mod_ssl
(module to link SSL)
OpenSSL
Apache Web Server
Public Interface
Public Interface
(EAPI)
Public Interface
Private Interface
Private InterfacePrivate Interface
Figure 2-6: The Sun Crypto Accelerator 500 module accelerates Sun Java System Web Server and Apache Web
server authentication as well as bulk encryption via appropriate protocols and methods.