I-Ching Wang | Senior Director, Engineering
Intel's AES-NI instructions are extensions to the x86 instruction set to perform AES encryption and decryption directly using Intel CPUs. In addition to being more secure, there are significant performance gains that accrue when using hardware-based encryption. Just as the AES encryption has become a universal and widely adopted standard for symmetric encryption, AES NI-enabled encryption has become the equivalent to a standard for x86-based applications performing hardware encryption starting with Intel’s Westmere processors.
Click to Tweet: ./@Vormetric #DataSecurity for @MongoDB – Encryption with Intel AES-NI is even faster than without http://bit.ly/1AqZg6r
Vormetric’s Transparent Encryption product was originally developed with traditional software-based encryption and reached the performance limits afforded to this mode. In 2011 when the Intel Westmere processors were release, the Vormetric the engineering team recognized the game changing advantages offered by AES NI and redesigned our kernel-based encryption engines to take fullest advantage of this hardware innovation. From the outset, Vormetric’s goals were to boost throughput, parallelization and scalability by aggressively leveraging hardware pipelining capabilities during encryption and decryption. As multi-threaded applications have scaled, and as processors have added power and core counts, Vormetric’s kernel encryption engines have been systematically enhanced to take advantage of these changes. As a result, our encryption performance has increased by fully exploiting hardware encryption without inducing any locking or other scalability inhibitors.
Ongoing Vormetric engineering investments with successive generations of AES NI Intel processors post Westmere, including Sandy Bridge, Ivy Bridge and the newest verion of Intel's Haswell CPUs (the Intel® Xeon® processor E5-2600 v3 product family announced today) have continued to yield impressive performance improvements in encryption speed across a variety of application workloads (Big data, cloud, structured and non-structured data, traditional and non-traditional databases). Today, in fact, the combination of optimized software to work with AES NI capabilities in Haswell, and the increasing speed and efficiency available from the CPU as allowed us to tune our implementation so that our implementation with encryption can actually be faster than performance without encryption enabled.
- Versus the previous Xeon processor E5-2600 v2 family performance increased from 18% (writes) to 147% (reads)
- AND with encryption exceeded performance without encryption from 34% (writes) to 348% (reads)
See more detail on this here: http://bit.ly/1AqZg6r
On the eve of Intel IDF 2014, we’re excited with our engineering accomplishments in this area and look forward to further integration with Intel’s innovations.