Energy Star Meets Data Security

By Pallab Chatterjee

Security technology and low power typically don’t go together in the same sentence—let alone the same device. That’s starting to change, though. With 2% of the world’s energy being consumed by data centers, the new Energy Star guidelines and their associated tax incentives have been driving IT updates and upgrades since 2009. The security industry isn’t implementing the guideline in the same manner. After all, its products cannot move to hibernate or sleep states to save power and must be constantly in active mode to provide data protection. But power consumption is becoming much more important to the security industry.

The traditional IT environment has implemented the TCP/IP stack as L2-L3, L4, L5-L7, or L4-L7 appliances. Most systems have a number of dedicated hardware appliances that perform load balancing, firewalls, and intrusion protection systems (IPSs) in addition to the server hardware (L5-L7). The low-power IT solution has been targeted for a conversion to Energy Star-rated multicore mobile processors with DDR3 memory to reduce the net energy use per U1 appliance or blade at the same throughput.

As network bandwidths scale from 100 Mbits/s to 1G/10G/40G/100G+, security appliances have to scale as well. The higher bandwidths produce a new security issue of needing inward-facing security to the server environment to offset the theft of data from within. These measures will supplement the traditional outward-facing defenses against hackers, malware, and viruses.

Security appliances have targeted power conservation in two directions. One approach is to combine functions into a single appliance. The second is to add new high-performance hardware onto an existing Energy Star chassis. CrossBeam, for example, has a single appliance that combines two outward- facing load balancers (LBs), eight firewalls, two IPSs, and two inward-facing LBs. This appliance operates with a single-line cord function and replaces the 14 other line cord appliances. It is a single, open Linux/Unix core processor that can be easily configured for most applications while providing 10G throughput. The company plans to release a 40G product in the next several weeks. It will soon be followed by a 100G+ product. The 40G unit promises more than 90% power reduction versus the 14 40G appliance installation. This product is currently FIPS 140/2-compliant.

Meanwhile, Netronome has resuscitated the Intel® networkprocessor family and ported it to the TSMC 65-nm process node. The resulting network flow processor operates in the LB and firewall functions and provides a 40G-to-100G solution through either a PCI generation 2 or QPI interface to a standard IA environment. The revised silicon sports 40 cores with eight threads each for a total of 320 active cores with on-board thermal management in a unified L2-L7 appliance. The product is available either as a plug-in board or a socketed network “coprocessor.” As a result, the Energy Star compliance gets pushed off to the IA-based main processor board with DDR3 memory. Like the Crossbeam product, it supports open-source applications and has built in hardware cryptography.

Black Ridge Products has a similar single-function appliance. The firm’s First Packet Authentication device prevents the IP addresses of the appliance’s clients from being detected. This product uses new, low-power custom silicon that’s integrated into a standard low-power, U1 1A system Unix system that’s Energy Star-approved. Not to be left out, NXP has a new series of passive tags that are both EEPROM and mask programmable with code information. These have been moved to a 140-nm process that can now operate from 1.8 to 5.0 V in both contact and contact-less mode.

The trend in power is centered around the migration to low-power, small-geometry processes for custom security hardware. Those devices are supplemented into existing Energy Star appliances. Alternatively, multiple devices are being merged into single units at higher throughput.

Pallab Chatterjee is regional editor of Chip Design magazine. Chatterjee is a long-time consultant, analyst, and writer in the EDA, mixed-signal, and custom design space. He is president of Silicon Map.