Energy Star Meets Data Security

By Pallab Chatterjee

Security technology and low power typically don’t go together in the same sentence, let alone the same device. All of that is starting to change, though.

With 2% of the world’s energy being consumed by data centers, the new Energy Star guidelines and their associated tax incentives have been driving IT updates and upgrades since 2009 . The security industry is not implementing the guideline in the same manner—their products cannot move to hibernate or sleep states to save power and must be constantly in active mode to provide data protection—but power consumption is becoming much more important.

The traditional IT environment has implemented the TCP/IP stack as a L2-L3 appliance, L4 appliances, L5-L7 appliances or a L4-L7 appliance. Most systems have a number of dedicated hardware appliances performing load balancing, firewalls, Intrusion Protection Systems (IPS), in addition to the server hardware (L5-L7).

The low-power IT solution has been targeted at a conversion to Energy Star Rated multicore mobile processors with DDR3 to reduce the net energy use per U1 appliance or blade at the same throughput. As network bandwidths scale up from 100Mb/s to 1G/ 10G/ 40G/ 100G+, the security appliances have to scale also.  The higher bandwidths produce a new security issue of needing inward-facing security to the server environment to offset theft of data from within, in addition to the traditional outward facing defenses against hackers, malware and viruses.

The security appliances have targeted power conservation in two directions. One approach is to combine functions into a single appliance. The second is to add new high-performance hardware onto already an existing Energy Star chassis.  CrossBeam, for example, has a single appliance that combines 2 outward-facing load balancers (LB), 8 firewalls, 2 IPS, and 2 inward-facing Lbs. This appliance operates with a single line cord function and replaces the 14 other line cord appliances.  It is a single open Linux/Unix core processor that can be easily configured for most applications while providing 10G throughput. The company plans to release a 40G product in the next several weeks, soon to be followed by an 100G+ product.  The 40G unit promises more than 90% power reduction vs. the 14 40G appliance installation. This product is currently FIPS 140/2 compliant.

Netronome has resuscitated the Intel ISX network processor family and ported it to the TSMC 65nm process node. The resulting network flow processor operates in the LB and Firewall functions and provides a 40G-100G solution through either a PCI gen 2 or QPI interface to a standard IA environment. The revised silicon sports 40 cores with 8 threads each for a total of 320 active cores, with on-board thermal management, in a unified L2-L7 appliance. As the product is available etiher as a plug in board or as a socketed network “co-processor,” the Energy Star compliance gets pushed off to the IA-based main processor board with DDR3 memory.  Like the Crossbeam product, it supports open source applications and has built in hardware crypto.

Black Ridge Products has a similar single-function appliance, a First Packet Authentication device that hides the IP address of clients of the appliance from being detected.  The product uses new low-power custom silicon that is integrated into a standard low power U1 1A system Unix system that is Energy Star-approved.

Not to be left out, NXP has a new series of passive tags that are both EEPROM and mask programmable with code information. These have been moved to a 140nm process that can now operate from 1.8-5V in both contact and contact-less mode.

The trend in power is centered around migration to low power, small geometry processes for the custom security hardware, and supplementing those devices into existing Energy Star appliances or merging multiple devices into single units at higher throughput.