Paper
Intel: Providing the Foundation for
Strong, High-Performance Encryption
Intel worked closely with SAP to develop
the SAP HANA platform, and security
continues to be an important area of
collaboration. Intel provides hardware-
based security technologies in Intel® Xeon®
processors that help strengthen the
security of the Virtustream and Vormetric
solution, while sustaining the performance
levels that are required to support real-
time business processes.
TXT was discussed previously. Intel also
provides Intel® Data Protection Technology
with Advanced Encryption Standard New
Instructions (AES-NI) and Secure Key.
5
Advanced Encryption Standard
New Instructions (AES-NI)
In the past, customers had to sacrice
application performance if they wanted
to encrypt their data. Encryption and
decryption are compute-intensive
processes that can add latency to data
access times and consume substantial
computing resources. In the real-time
business environments supported by SAP
HANA, such delays and overheads are not
acceptable.
Intel solves this challenge with AES-NI,
which provides seven instructions to
accelerate the most compute-intensive
AES algorithms. By ofoading this
processing to dedicated circuits within
the processor, much of the latency is
eliminated, and server processors are free
• Predictable backup and replication
services in accordance with published
terms and conditions or as specied in
customer service level agreements.
• Trusted infrastructure for
application workloads. Virtustream
takes advantage of Intel® Platform
Protection Technology with Trusted
Execution Technology (TXT).
4
TXT
cryptographically veries platform and
hypervisor integrity when systems are
booted. The system can launch only
into a “known good state,” which helps
ensure that no malware of any kind
has been inserted during or prior to
launch. TXT also provides information
that can be used to enforce and validate
compliance.
• Monitoring of infrastructure and
transaction logs with GRC applications.
These applications use sophisticated, real-
time analytic algorithms to identify and
alert IT staff to a wide range of potential
security breaches, including APTs.
• Full audit capability. Customers can
validate compliance with their own
requirements and with government and
industry regulations.
Virtustream also provides complete
professional services and support for
feasibility assessment, migration and
onboarding, and application support. A
key component of this service is to ensure
that the security and compliance solution
takes into account the unique needs of
the customer in a veriable manner.
to focus on their primary data-processing
functions. AES-NI is supported in all
current Intel® Xeon® processors, including
the Intel Xeon processor E7 family, which
is used in the SAP HANA platform.
AES-NI not only accelerates encryption,
but also strengthens it. Software-
based encryption algorithms can be
vulnerable to sophisticated side-channel
attacks that use indirect methods to
decipher encryption keys. Ofoading key
encryption processes to dedicated circuits
within the processor provides better
protection against such attacks.
Secure Key
Encryption is only as secure as the keys
that are used to encrypt the data. If an
encryption key is stolen or compromised,
the associated data is at risk. Traditionally,
security vendors have relied on the
software-based pseudo random number
generators (RNGs) in today’s operating
systems to generate encryption keys.
However, aws have been found in pseudo
RNGs that can be used to compromise
data security using side-channel attacks to
decipher encryption keys.
Secure Key provides high quality keys
using a hardware-based RNG that is
included in the latest generation of
Intel Xeon processors. Secure Key
generates truly random numbers based
on unpredictable thermal uctuations
within the chip. The RNG is automatically
detected and used by leading operating
systems. It is completely transparent to
applications and supports scalable key
generation for demanding enterprise
applications.
6
Security in the Cloud for SAP HANA*