Building Clouds and Implications

Pages: 1 2

Security Implications

While the majority of the discussion was regarding IT solutions, there were some interesting take-aways for the underlying technology. Security especially, is a huge issue for any sort of cloud computing – companies should take their data (and their customer’s data) very seriously. In recent years, there have been an appalling number of security breaches that have caused substantial financial damage – theft of social security or credit card information, etc. Unfortunately, individuals have relatively little recourse against a company with sloppy security. Businesses are an entirely different story and are much more likely to require excellent security in the first place, and demand and receive compensation for financial harm suffered due to breaches.

Intel’s Trusted eXecution Technology was briefly mentioned as an integral part of many of the reference architectures. TXT compares a computed signature for a booting hypervisor or firmware against the signatures of known good configurations. The idea is to detect and prevent security breaches in the hypervisor or other low level software that might compromise many virtual machines. AMD has a similar set of capabilities called Secure Virtual Machine (SVM), although there are some feature differences.

Ironically, these were first developed for client platforms to enable DRM and prevent piracy at the behest of the entertainment industry. But it seems that the server applications are far more useful. Of course, the key question is the adoption of such security measures throughout the ecosystem. But given the relative benefits to everyone: customers, software and hardware vendors alike, the collaboration should be straight forward.

A logical implication of cloud computing is demand for end-to-end encryption. Working with any sort of outside vendor requires a high degree of trust, but blind trust serves nobody well. Security is not absolute, but rather a statistical game where the goal is to reduce the security risks to an acceptable level. Truly eliminating security risks is for all intents and purposes impossible – mistakes will happen eventually.

Securing all the data in the cloud with encryption is a very sensible approach to this dilemma. Encryption reduces the impact of potential security breaches by reducing the risk of an attacker gaining access to any usable data. Research in Motion’s Blackberry email service provides a compelling argument for encryption, as their security measures are highly valued by businesses – especially those operating in regions of the world that do not share US and European views on privacy and individual rights. While encryption is computationally expensive, companies are already voting with their feet: Google made it the default option for their GMail service as a result of encounters with Chinese hackers in early 2010.

Intel and AMD are pursuing instruction set extensions that will significantly improve cryptography performance and thus enable widespread adoption. Intel introduced 7 new instructions and dedicated hardware for security in the Westmere microarchitecture, and AMD will follow suit with their upcoming Bulldozer based products. As cloud computing requires more security, it is likely that these are just the first steps that Intel and AMD will take to improve the performance and power efficiency of encryption. For example, Niagara II and derivatives were designed to fully saturate two 10GBE ports with a variety of different ciphers (e.g. 3DES, Blowfish, RC4) and not just AES.

Form Factors and Power

Intel also discussed a new microserver form factor and standard. The concept behind microservers is to create very high density and power efficient systems that share resources, like blades, but taken to the extreme. However, microservers sacrifice general purpose performance and only focus on specific workloads that have limited requirements in terms of CPU, memory capacity and I/O. While poorly suited to virtualization or database workloads, microservers may be attractive for low-end web hosting and light weight applications – or situations where physical isolation is desirable.

Most server CPUs dissipate between 65-130W of power, which is far too much for such a compact form factor; microservers are tailored for CPUs with a TDP of 45W or less. Should they prove to be popular with customers, Intel and AMD may create specialized server CPU derivatives with fewer cores and lower clock frequency to address this market. In fact, Intel recently announced future servers products derived from Atom, suggesting an growing interest in server niches.


Cloud computing is still in its infancy and starting to evolve from an amorphous sea of uncertainty to the beginnings of a definite landscape. As to be expected, there are a number of industry groups working to identify and shape this future. Cloud builders is an effort by Intel and its partners to empower IT departments and customers to easily explore cloud computing and tap into the benefits. The advantage to customers is simplicity and leveraging best practices across the industry. In exchange hardware and software vendors can increase their sales and customer base through new cloud deployments. It will take time to see how this effort yields fruit, and how many people will ultimately use the reference implementations, but cutting down the complexity should be a welcome change.

More importantly Intel’s efforts highlight that cloud computing must evolve to complement traditional IT. Treating the two as mutually exclusive or strictly competitive options misses the point entirely and does customers a disservice. The IT industry seems to recognize this and hopefully inter-operability will be a high priority going forward.

From a technical perspective, the reference cloud implementations foreshadow certain future directions for microprocessors and server systems. The most obvious one is an increased investment in security. Intel and AMD have already made a number of changes to the platform and microprocessor itself to improve security and reduce the cost. Instruction set extensions and dedicated hardware for other security standards seem like a very reasonable future direction, especially given the massive transistor counts in coming years. Security measures have a substantial impact on other parts of the system – for example, SSD performance can suffer tremendously from poorly implemented encryption, and would be a good candidate for further work.

Microservers will be quite interesting for the industry, as Intel and AMD begin to aggressively release low power server processors (<20W). The natural first step is to take existing server CPUs and scale them down even further in terms of voltage, frequency and core count, to hit the desired power targets. However, an alternative approach is scaling up low power cores (Intel’s Atom and AMD’s Bobcat) to achieve higher reliability and full support for the necessary server features. Recently, Intel announced they would explore Atom-based servers, giving credibility to this approach. That being said, products are still a ways off, and the customer reaction is unclear.

Pages: « Prev  1 2  

Discuss (18 comments)