Bookmark and Share
RSS

Recent Posts

z14 Beyond the Conference Handout

November 26, 2018

For my last two posts, I have explored the z14 hardware a bit like a science fair project. You see, I am mainly a career-long software engineer with a degree in music. I do have other technical degrees, but I have been largely removed from computer hardware. However, I have noticed its astonishing rate of growth and change. With this post, I finish out this brief series on the dance between hardware and software.

While Doing My Research
When I attended the Enterprise Computing Community Conference this past June at Marist College, I picked up an index card-like document that contained shorthand details on the hardware characteristics of the IBM z14. There is a lot of important information on the card, but there are other items that I picked up doing my research that really stirred me up.  

Crypto Accelerator
I have blogged a lot about security this year. The topic is everywhere, from newspapers to cable news and journals and magazines. In March, I wrote a post where my focus was the special attributes of computer security hardware. Because of this, I was especially interested to read of IBM Z pervasive encryption because its value is that it reduces risk, auditing effort and cost.

In practice, it’s used to pervasively encrypt data in flight and at rest with no application changes and no impact to service-level agreements (SLAs). You could only make this happen effectively with a comprehensive, system-wide design optimized through silicon, firmware, OS and the middleware stack. Jonathan Bradbury, senior engineer and lead ISA architect for IBM Z lists these three main features in z14 that support crypto acceleration.

1. Redesigned crypto engines for 4x-7x bandwidth versus z13
  • Pipeline and parallelize advanced encryption standard (AES) and hash operations employing Galois/counter mode (GCM)
  • Execute two AES rounds in three cycles
  • Overlap multiple rounds where possible (i.e., non-cipher block chaining encryption)
  • Push limits of cycle time (low-Vt cells)
2. Faster engines required redesign of interfaces to/from cache
  • New firmware instruction to copy up to 256B from D$ to co-processor
  • Branch-avoidance to not slow down data delivery
  • Optimized prefetching for source and destination to not starve engine
3. OpenSSL AES-256-XTS speed test with 4KB blocks yields 13.2GB/sec per core  

These are very technical descriptions, but you certainly pick up on the main ideas in each of the three areas. AES is an important topic that is discussed in “Parallel AES Algorithm for Fast Data Encryption on GPU” and many other places on the web.

Bradbury also has a discussion of Galois Counter Mode (GCM), which is used with AES to encrypt and authenticate messages. With z14, IBM adds new instructions to directly implement the AES-GCM algorithm as orchestration of AES and Ghash engines. The abstract of this conference article will give you an idea of the role of the GHASH module.

Role with Commercial Workloads
IBM z14 is designed for massive scale commercial workloads. How is this achieved? There are many components working in concert to push the limits expanding capabilities and providing needed focus in areas like security. With IBM z14, you have a central processor chip with L3 cache and a system control chip with L4 cache. This features 14nm SOI technology and 5.2GHz cycle speed in a water-cooled enterprise server. The central processor chip has 6.1B transistors with 14 miles of wire. The system control chip has 9.7B transistors with 13.5 miles of wire.

There are up to 240 physical cores in a four-drawer shared-memory symmetric multiprocessing. There are 170 configurable customer CPUs, plus IO assist and firmware CPUs. The z14 also has micro-architectural and architectural enhancements for wide variety of workloads such as binary encodings of decimal numbers (BCD) for COBOL, garbage collection for Java and compression for databases, to name a few examples.

What Did I Learn
As I have confessed with every post on this topic, I am not a hardware person, so researching and writing about the z14 gave me some worry. Could I understanding and communication important details? I survived and am happy that I explored the topic over the space of a few weeks and had a chance to read for myself, at my own pace, what makes up the z14.

I have come away realizing that it’s an amazing technical achievement containing an integrated solution built on research, innovation, testing and benchmarking and the intellectual commitment of many IBM engineers. In a recent NASDAQ article, it was stated that the IBM z14 is built to support 12 billion encrypted transactions each day, almost equivalent to 400 Cyber Mondays. It’s a completely remarkable machine.

Posted November 26, 2018| Permalink

comments powered by Disqus