[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] 3Com / Microsoft: neue Abhaengigkeiten fuer den User?
- To: debate@fitug.de
- Subject: [FYI] 3Com / Microsoft: neue Abhaengigkeiten fuer den User?
- From: "Axel H. Horns" <Horns@t-online.de>
- Date: Sat, 11 Sep 1999 13:22:20 +0200
- Comment: This message comes from the debate mailing list.
- Comments: Sender has elected to use 8-bit data in this message. If problems arise, refer to postmaster at sender's site.
- Organization: PA Axel H. Horns
- Sender: owner-debate@fitug.de
[Man lese diesen Text vor der Hintergrund der Diskussion ueber die
Zweit- und Drittkeys in Microsofts Krypto-APIs .... --AHH]
http://www.3com.com/products/dsheets/3cr990.html
------------------------------- CUT -------------------------------
[...]
3Com has developed a revolutionary family of client and server
Network Interface Cards (NICs) to optimize the offload capabilities
of Windows 2000. 3Com’s vision, developed in tandem with Microsoft,
was to use Windows 2000 capabilities to reduce CPU utilization,
offload key TCP/IP functions and maximize system and network
performance. This new generation of NICs for desktops, workstations,
and servers includes a 3Com-developed ASIC, the 3XP processor, that
combines a 10/100 Ethernet MAC and an embedded ARM9 RISC processor.
The integrated 3XP processor enables customers to exploit new
advanced features in Windows 2000 resulting in lower CPU utilization
and exceptional system performance. These new generation NICs, for
which nine patents have been submitted, represent a significant
technical advance. The 3XP processor facilitates the most efficient
Windows 2000 networking, including offloads such as TCP segmentation
and TCP/IP checksum. In addition, these NICs include a 3DES
encryption chip, which accelerates and offloads the CPU-intensive
IPSec encryption algorithms from Windows 2000, allowing customers to
implement high-speed LAN security without sacrificing system
performance. The outstanding performance results include a 33%
savings of CPU utilization while running IPSec, and a 13% savings of
CPU utilization when running TCP segmentation processing.
Encrypt data without sacrificing system performance
When most people think of network security, they think of securing
against intrusion from outside the enterprise. However the FBI
Computer Crime Unit says that more than 80% of all network security
breaches are "inside jobs," coming from inside the enterprise itself,
where the firewall does no good. Even if the enterprise has employed
tunnel-mode security to protect data between routers, significant
breaches can easily occur as the data is transmitted to the client
PC, workstation or server.
Although many companies have no need for enterprise-wide security,
almost every organization has departments, such as human resources or
finance, where at least interdepartmental security from the server to
the desktop would be considered useful.
But IPSec, or Internet Protocol Security, has historically come with
a price. Encryption and hashing algorithms, which have traditionally
been performed by the host CPU, place a huge burden on the PC,
workstation, or server. Windows 2000 includes new Application
Programming Interfaces (APIs), which allow the NIC to assume the
burden of processing the compute-intensive encryption and hashing
algorithms, includingn 3DES, DES, MD5 and SHA-1.
The integrated 3XP processor sends the data to the dedicated
encryption chip, which leaves the host CPU free. Early tests show
when implementing LAN security through software only, throughput
degrades 77%. By contrast, when using 3Com NICs with encryption co-
processing to deliver LAN security, throughput is maintained and CPU
utilization is reduced 33%. 3Com is the first in the industry to
implement IPSec encryption acceleration on the NIC, allowing
customers to experience the advantages of true end-to-end security
without sacrificing performance. IPSec is a standard feature of
Windows 2000; no additional software is necessary to offload IPSec.
Encryption acceleration is an integral, standard feature with this
new NIC product family.
Increase performance while processing TCP segmentation
Any desktop, workstation, or server running bandwidth intensive
applications needs to devote maximum CPU cycles to processing
applications and avoid expending cycles on processing network
traffic. The host CPU has historically been called upon to perform
segmentation whenever a data block exceeds the maximum Ethernet frame
size of 1513 bytes. This transaction, which requires data
segmentation, duplication of IP headers, and creation of unique TCP
headers for each new segment of data, becomes a drain when
transmitting large files or when the host CPU is trying to run
bandwidth intensive applications. This is because while the CPU is
processing network traffic, it is unavailable to do anything else.
Windows 2000 has also created A PIs to offload this process. Windows
2000 offloads the entire block of data from the host CPU to 3Com’s
integrated 3XP processor. The 3XP processor performs the task of
segmentation and IP header duplication, then creates a TCP header
"template," called a pseudo header. The unique fields in the TCP
header are then filled in, saving even more time and processing
power. The host CPU is free during the entire transaction to continue
handling applications, running searches, etc. This results in an
impressive savings on use of the host CPU to process network traffic.
[...]
------------------------------- CUT -------------------------------