Manualshelf

Network Security Features of HP-UX 11i v1 and 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
31323334353637383940
Page 28
Superior Encryption Performance
Cryptography-based technologies, such as encryption and digital signatures, are the foundation of secure
network communications. Since cryptographic algorithms are computationally intensive, they can be a
bottleneck that negatively impacts overall system performance. Therefore, the performance of
cryptographic algorithms has a direct impact on the cost-effectiveness of network security solutions. HP
has developed industry-leading implementations of many key encryption algorithms
Taking advantage of unique tools and expertise on the 64-bit PA-RISC and Itanium processors,
researchers at HP Labs have developed highly optimized implementations of the RSA algorithm plus the
five algorithms (DES, 3DES, AES, RC4, SHA-1) chosen by the National Institute of Standards and
Technology (NIST) to determine the Advanced Encryption Standard. They incorporated state-of-the-art
techniques featured in academic implementations and additional proprietary techniques invented at HP.
These implementations have been built into HP-UX products, including HP-UX IPSec, HP-UX Apache
Web Server, and the HP-UX Netscape Directory Server. Several toolkits for developers are available
from HP: GSS-API, OpenSSL, and BSAFE. GSS-API and OpenSSL are available directly from HP and
are described in detail earlier in this paper. BSAFE contains crypto optimizations as described above.
BSAFE is described in detail in the next section of this paper. The results are most dramatic on the
Itanium processor family, especially when larger key sizes (such as 1,024 bit moduli RSA) are required.
In addition, since the encryption performance has been built into the software and processor hardware,
HP-UX compares quite favorably to solutions that rely on additional specialized cryptographic cards
which can become a bottleneck in larger in multiprocessor systems.
Cryptography Performance Published Results
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
10,000
2-CPU 4-CPU 8-CPU 16-CPU
HP-UX 11i v2
IBM-Linux-Xeon
IBM OS/400
SUN*
Figure 6: HP-UX 11i v2 Cryptographic Performance
* SUN results include use of an additional cryptographic accelerator card
Figure 6 displays the cryptography performance of HP-UX 11i v2 on Itanium servers as compared to
other major vendors, posted by the vendors as of February 1, 2004. This benchmark gauges the
performance of web servers using secure (https) connections. Although encryption is just one component
of this benchmark, HP-UX cryptographic performance contributes significantly to its leading results.
Results for some vendors are not displayed in Figure 6 because those vendors had not yet posted results at
the time this document was published. See “Appendix C: SPECWeb99_SSL Results” for details about the
systems used and obtaining the complete posted results from SPECWeb99_SSL.