Original URL: http://www.theregister.co.uk/2004/12/01/secure64_itanium_arrives/

Itanium inventor bobs to surface as chip's savior?

Secure64 to the rescue

By Ashlee Vance

Posted in Servers, 1st December 2004 18:22 GMT

Exclusive Some start-ups are comprised of wide-eyed wheelers and dealers with little technical expertise. Others have a decent mix of business types and technology talents. Then there are start-ups like Secure64 Software Corp. that have nothing but the richest pedigree of pure, unadulterated genius running through their giddy veins.

The discovery of Secure64 happened by chance. The company's CEO Peter Cranstone took exception with one of The Register's Itanium bashing articles and sent an e-mail extolling the possible virtues of the chip. This e-mail led to a brief look at Secure64's management team website at which point jaws dropped and little hamsters started turning in heads.

Without slighting other members of the Secure64 team, we have to admit that one name in particular caught our attention - Bill Worley, the startup's CTO. Worley worked on a couple of minor projects during his lengthy tenure at HP. Little things like being the principal architect of the PA-RISC processor and later the principal architect of PA-WideWord - known today as Itanium. Worley, however, didn't just do the initial Itanium designs, he also led the decision, in 1993, to unite HP and Intel behind the project. High-end computing has never been the same since - for better or for worse. And few engineers have a more impressive resume.

Along with Worley, Secure64 has Cranstone, who co-developed the mod_gzip data compression technology for the Apache web server. Its Chariman is Denny Georg, former CTO of various parts of HP. Its VP of Product Delivery is Joe Gersch who once managed HP's research and development organization.

But, as they say late at night, that's not all.

Larry Hambly, one of the first 100 employees at Sun Microsystems, also sits on Secure64's advisory board along with Rajiv Gupta - the former GM of HP's e-Speak web services unit and former head of the joint HP/Intel Itanium development team.

Just an inconsequential, revolutionary OS

So what unambitious project are all these brains working on? Well, just the creation of an abstracted type of operating system that could create faster, more stable, more secure servers.

At present, Secure64 has declined requests for interviews with CEO Cranstone saying the company will have a formal launch early next year. This makes it a bit difficult to know exactly what the company is up to. Thankfully, Worley has applied for a couple of patents that give a decent idea of the direction Secure64 is taking.

At the heart of Worley's recent work is the notion that general purpose operating systems such as Unix, Linux and Windows don't make the best use of specific features in processors - namely features in Itanium. The general purpose nature of today's server market means that systems perform well on a wide-variety of applications, but the boxes aren't tuned as well as they could be for specific tasks.

In the past, any number of companies have taken a stab at this problem by creating server appliances designed to handle a small subset of applications. Most of these appliances relied on sophisticated software to make them different from the average server. Of late, other companies have been trying to tackle the general purposeness of servers with various add-ons. Products such as TCP/IP and SSL accelerators have arrived to speed up the performance of boxes in specific areas.

The appliances and accelerators have largely been aimed at web edge types of workloads - things like serving up web pages, processing web services protocols and encryption. While load balancers and some security appliances have been picked up a decent rate, most of these types of products really haven't enjoyed much interest.

The boys at Secure64 appear to think they've figured out a way to make a web edge system more attractive to customers.

An extensible application environment for you and me

Not surprisingly, the company's approach relies on making the most out of Itanium.

When Itanium first hit the market, both Intel and HP spent a lot of time touting some of the features that separated Itanium from other processors. (They mention these features less often these days, focusing their marketing efforts instead on defending the chip's existence.) The four main "features" of Itanium at play here are its large register sets (128 general purpose and 128 floating point registers), the fact that it can crank through 6-8 instructions per cycle, its security compartments technology and its 4 privilege levels - again for added security.

Secure64 rightly believes that none of the major OSes out there makes terribly good use of these unique features in Itanium. The chance is there for a company to build software that can scream on Itanium and do so with very high levels of security. The company seems to think that the existence of an OS that can truly make use of all Itanium has to offer will spur adoption of the processor.

In its patent applications, Secure64 describes its Itanium-friendly software as a type of "extensible application environment." The good, old EAE.

A customer would hypothetically load a CD with the run-time EAE into a low-end Itanium server with the EAE serving as the operating system. The Secure64 EAE would then work its magic, initializing memory and setting up the protection ID keys and compartments available with Itanium. All told, the EAE eats up a minimal set of system resources - say 2 percent - and turns over the rest of the server to the applications.

The first use for such a product will likely be something in the web acceleration realm. The server would boot up with a caching engine, real-time compression (gzip64), SSL64, DDoS, routing functions and support for those third-party TCP/IP offload cards discussed above. Secure64's patent materials describe the EAE-powered boxes generally being used as web servers, secure web servers, proxy servers, secure proxy servers and application servers.

Secure64 documentation obtained by The Register shows that the company believes systems running its software will show a 20x performance improvement on web workloads, while providing much improved scaling. In addition, Secure64 is looking to provide customers with a 100x reduction in the costs associated with churning through web services transactions.

Secure64 is claiming that it will be virtually impossible to write worms or viruses that can attack the EAE, as it makes use of Itanium's rich security features. Third-parties can write applications to the EAE that make similar use of these security functions.

The Secure64 patent application also describes the EAE as having a rich set of partitioning functions. The company has focused on making each partition very stable and secure via the means described above and has also paid attention to ways partitions can be tuned for specific applications.

"The customized execution environment then has direct access and control over the system resources within its partition," Secure64 writes in one application. "That is, there are no operating system abstractions interposed between the customized execution environment and the system resources allocated to the customized execution environment. Advantageously, with the operating system abstractions out of the way, the customized execution environment may implement a computational and/or I/O structure that is simpler, is tuned for a particular application, and can take advantage of certain processor or other system resource features that are not exploited by the (general purpose OS)."

Itanic revival

Not knowing exactly what Secure64 will end up unveiling next year makes it tough to guess how well the technology will be accepted or what exactly it will compete against. Other companies - Sun comes most immediately to mind - have talked about attacking web edge types of workloads with a new class of multicore chips. These processors can handle numerous requests at once, and Sun has discussed similar 20x performance improvements with web services transactions. It's more difficult, however, to guess how well products from Sun and others would stack up on the security front against Secure64.

In some ways, the Secure64 EAE seems like a very sophisticated version of VMware's ESX Server product aimed specifically at the 64-bit computing market. Like ESX Server, the EAE pushes the OS out of the way and provides a nice set of virtualization tools. Again, companies like Sun and HP have been doing similar things with their versions of Unix. Secure64's biggest plus would be that it has tuned its software for Itanium only and thrown out any general purpose OS nonsense that would hamper web workload performance. That certainly makes it a unique player in the market, which is exactly what you want from a start-up.

With its rich ties to HP, it's not hard to imagine Secure64 quickly appearing as an option for HP's Integrity server customers. This is a big "in" since HP accounts for about 85 percent of the Itanium ecosystem.

The appliance idea never seems to take off as well as start-ups hope, and we have our doubts Secure64's play. That said, it sure would be something to see the originator of Itanium bring the chip back to life using his intimate knowledge of the chip's architecture as Secure64's biggest weapon. ®

The present

Secure64
Patent I
Patent II

The past

Worley pushes for Itanium
Worley interview
Cranstone interview

Related stories

IBM, Moore's Law and the POWER 5 chip
How MS will end the Dell - Intel love-in
Intel is killing Itanium one comment at a time
IBM benchmark leaves server rivals breathless
Intel nuances Itanium; Microsoft ignores it