The white paper is intended for data security practitioners as well as developers and administrators of applications who can benefit from secure communications. The paper presents various strategies for securing applications using Oracle Solaris 11 security and the hardware-assisted cryptographic acceleration features of Oracle’s SPARC processors. The paper unveils the core mechanisms, configuration, and deployment strategies, as well as the role and relevance of using Oracle Solaris Cryptographic Framework and Java Cryptography Extension”“based techniques for delivering a high-performance, end-to-end security solution. With Oracle’s new Software in Silicon capabilities coupled with an innovative cache and memory hierarchy, Oracle’s SPARC M7 processor delivers dramatically higher processing speed and revolutionary protection against malware and software errors.
This document discusses how to secure applications using Oracle Solaris 11 security and the hardware-assisted cryptography capabilities of Oracle’s SPARC servers. This document explores the end-to-end application security scenarios, technical prerequisites, configuration, deployment, and verification guidelines for multitier application deployments running on Oracle Solaris 11–based SPARC servers. In addition, this document covers the Oracle hardware-assisted cryptographic acceleration of the SPARC processor, a key feature when performance and data protection are deemed critical. The derived security benefits can be leveraged into a variety of solutions including
application software, middleware, and infrastructure software.
Target Audience and Assumed Knowledge
This document is intended for security practitioners as well as developers and administrators of applications who
can benefit from secure communications. Developers and administrators should be familiar with Oracle’s SPARC
servers, Oracle Solaris 11, Oracle Advanced Security and its Transparent Data Encryption feature, network
encryption, Oracle HTTP Server, and application security techniques for secure communication using the Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
The Role and Relevance of Oracle’s SPARC Processors
Because security has taken unprecedented importance in all facets of the IT industry, organizations are proactively
adopting cryptographic mechanisms to protect their businesses and information from unauthorized access and
ensure the confidentiality and integrity of data during transit and in storage. Cryptographic operations are heavily
compute-intensive, burdening the host system with additional CPU cycles and network bandwidth and resulting in
significant degradation of the overall throughput of the system and its hosted applications. For example, a host
server capable of processing 1,000 transactions per second can perform only 10 transactions per second after
deploying SSL to secure communications with the hosted application.
To speed up cryptographic performance, security experts often recommend and use cryptographic accelerator
appliances to offload cryptographic operations and save CPU cycles, enhancing the system’s throughput and its
hosted applications. While useful, adopting a specialized appliance for offloading cryptographic operations
introduces a new set of costs, complexities, and issues in terms of procurement, additional installation, configuration,
testing procedures, management, and support that significantly increases the power demands and costs of
deployment projects. Foreseeing the need for special-purpose hardware that can outpace workload demands,
Oracle introduced the industry’s first and fastest on-chip hardware cryptographic capabilities as part of the Ultra
SPARC T1 processor, which was launched during 2005, and then Oracle continued to augment the cryptography
support in each new generation of SPARC processors