Oracle SPARC T7 and M7 Servers - New Secure Computing Platform

If we compare the parameters of the SPARC M7 microprocessor with the parameters of the most advanced SPARC T5 processor released earlier, we find that many parameters have doubled and some have quadrupled (Table 1). The SPARC M7 processor has 32 general-purpose cores, i.e. twice as many as the T5 processor. Also, the SPARC M7 processor has twice as many computing threads and four times more cache for each core, and the new architecture significantly increased the performance of each core. New memory controllers have increased memory bandwidth and memory access speed, and I / O bandwidth has quadrupled. The processor clock speed has also increased. In general, the SPARC M7 processor is about three times faster than the SPARC T5 processor.
Table 1
| SPARC T5 | SPARC M7 | Increase | |
| Number of cores | 16 | 32 | 2 x |
| Number of threads | 128 | 256 | 2 x |
| Cache Capacity per Kernel | 0.5 MB | 2 MB | 4 x |
| Memory bandwidth | 79 GB / s | 160 GB / s | 2 x |
| Memory access speed | 163 ns | 131 ns | 20% |
| I / O Bandwidth | 32 GB / s | 145 GB / s | 4 x |
| Frequency | 3.60 GHz | 4.13 GHz | fifteen% |
But the historical revolutionary step made by Oracle with the new processor is the implementation of software functions directly on the chip. This is security on a chip, i.e., encryption acceleration and hardware memory protection, and, even more important, SQL on a chip, i.e., the world's first hardware-based implementation of SQL query acceleration and decompression for Oracle Database In-Memory.
Safety on a chip
It would seem, and so it is clear, why security is so important, but we will explain something. The number of stolen data rows in the world for 2014, according to the CSO Online Market Pulse report, amounted to hundreds of millions, and the losses incurred by a business are measured in millions and millions of dollars. But, unfortunately, in the corporate security system, database protection is actually the weakest point now. More than 50% of companies believe that the most important and most valuable data is stored in their databases, but most companies invest primarily in network protection, and prefer to spend as little money as possible on protecting databases. As a result, 76% of all successful attacks on corporate data were not stopped precisely by network security.
There are three main types of security risks:
- Vulnerabilities in a Database as a Physical Media
- Vulnerabilities in the operating system leading to the penetration and gain of unauthorized access to data
- Memory access errors
Oracle Database Technologies Solve Database Vulnerability Problems with Built-in Encryption Features In turn, the Oracle Solaris operating system has a number of functions that can minimize the potential and potential damage from unauthorized use of administrative rights of privileged users. And finally, the Oracle Application Data Integrity functionality, which allows you to find the most difficult to detect memory access errors in large, complex programs, as well as prevent unauthorized access to systems, is now integrated into the processor and is called Security in Silicon.
Encryption is an extremely labor intensive and costly process. You always had to pay for security with performance, and only the SPARC M7 release can solve this problem, because this processor has unique functionality that allows transparent data encryption using the 15 most famous encryption algorithms: a specialized mathematical block for processing encryption instructions is built into each processor core, which provides an encryption speed almost equal to the speed of the main core and the speed of working with memory (Fig. 2). Since all algorithms are processed directly in the processor, the performance drop is less than 3%.

According to the results of comparative testing of the performance of a system of two single-processor servers based on SPARC M7 operating in protected mode and a system of two 4-processor servers manufactured by the closest competitor operating in unencrypted mode, a system based on SPARC M7 showed a performance of 25,093.06 EjOPS, and the opponent is only 22,543.34 EjOPS. This also means that in terms of one SPARC M7 processor, systems operating in protected mode are approximately 4.5 times faster than the closest competitors operating in unprotected mode.
SPARC M7-based systems also offer hardware support for secure domain migration, which no competitor simply has. During migration, a virtual machine with critical data is transferred through the network, and the image of the virtual machine is encrypted for transmission. Moreover, the data is protected during transmission by a complex encryption algorithm. This ensures the protection of the transmitted data with minimal impact on the performance of the migrating virtual machine during the transfer.
Finally, it is crucial to ensure the security of direct memory access. Most viruses for RISC / UNIX systems attempt to directly address memory beyond the limits of the buffers allocated to them, and use either stack overflow mechanisms or buffer overflow mechanisms for this. For the first time in history, the SPARC M7 system has hardware memory protection and prevents unauthorized access to memory at the level of hardware processor resources. This feature prevents malicious programs from accessing application memory and any functions of the operating system, while it does not affect performance and cannot be bypassed. As a result, we not only get safer systems, but also more efficient systems from a development point of view.
In fact, the virtual addresses that the M7 processors work with are not limited to 64 bits. When a memory area is allocated for an application, four bits in excess of the standard 64 are used as a color mark, which is assigned to this memory area and transmitted along with a pointer to this area. This avoids the possibility of accessing memory areas outside the allocated array. This mechanism has rather thin protection at the level of memory pages, 64 bytes in size. Since the labels are hardware, they are added by the processor and transferred directly with the pointer to the program, they are inaccessible to any software tools and neutralize any viruses that have not yet been created that use stack and buffer overflow mechanisms.
I must say that the operating system Oracle Solaris 11.3 supports all of the above functionality. In addition, Solaris has a number of features that provide an additional level of security. For example, in Solaris 11.3 there is a mechanism of read-only zones, and once you create this zone, you can be sure that none of its parameters can ever be changed by anyone. In addition, Solaris has a special automated mechanism for updating the operating system that creates a fully certified stack of all updates and at the same time provides a very quick rollback to the latest working version in the event of a failure. The system can also automatically generate reports on the compliance of the system with security requirements and transfer them to an independent external server. Finally,
SQL on a chip
Before discussing the SQL in Silicon functionality - processing database queries implemented directly on the processor - we need to recall the In-Memory functionality implemented back in Oracle Database 12.1 by creating a dedicated memory area in which the information from the tables is stored, unlike traditional line-by-line representation, in column format. Already release 12.1 provided extremely fast reporting and analytics, and in release 12.2 these operations were accelerated 3-10 times. In version 12.1, scanning and combining data from several tables is performed, which is much more efficient on a column view than regular joins, and in version 12.2, even faster joins are implemented at the dictionary level, not data level.
The SPARC M7 processor has specialized accelerators of SQL instructions that work independently, in synchronous and asynchronous mode. And if with the transition to In-Memory the instruction processing speed amounted to millions of lines per second, then using specialized accelerators in the M7 processor it reached billions of lines per second. The maximum result achieved in internal tests of Oracle was 170 billion rows per second on SPARC M7 processors using the In-Memory mechanism and built-in coprocessors. Built-in coprocessors not only increase the speed of processing SQL queries, but also free up general-purpose processor cores for other applications - OLTP queries, etc.
As a result, analytics on SPARC M7 is more than eight times faster than on the system architecture of the x86 platform. OLTP runs about three times faster. This means that where five dual-processor servers were previously required for OLTP processing and analytics, you can now get by with one single-processor server based on SPARC M7, which will simultaneously process both OLTP and analytical requests. Savings on equipment, licenses, space, electricity and IT administrator’s time are guaranteed.
The more complex the query, the greater the amount of data that systems based on the SPARC M7 processor have to work with, the more pronounced is the increase in performance. One of Oracle’s major online trading customers, when testing the SPARC T7-4 server based on SPARC M7 processors with Oracle Database 12.1.0.2 and the In-Memory option, received an increase in query processing speed by 83 times. And this is not an isolated example. Systems based on SRARC M7 have already been tested by Accenture PLC, DZ Bank AG, HPCVL, Infosys Limited, MSC Software Corporation, SAS, Siemens AG, Software AG, Temenos, UZ Leuven and several other companies, including some Russian ones. They all confirmed that the performance of the SPARC M7 system is quite high and that all applications of these companies continue to work on SPARC M7 systems with a sufficiently high level of efficiency.

We emphasize once again that Oracle continues to develop the SPARC architecture, investing much more resources in it than in the past Sun Microsystems. At the same time, Oracle is developing SPARC as a platform that primarily provides the highest level of performance. And finally, although Oracle optimizes the SPARC architecture for Oracle software and you can never find a system that works better with Oracle products than systems based on SPARC processors, products from third-party software vendors also work quite well and efficiently on the SPARC platform - as proved by beta testing in a number of international and Russian corporations, as well as on examples of Oracle partners who work with SPARC systems.