Itanium inventor bobs to surface as chip's savior?

[R.A. Hettinga]

<http://www.theregister.co.uk/2004/12/01/secure64_itanium_arrives/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Enterprise ; Servers ;

 Original URL:
http://www.theregister.co.uk/2004/12/01/secure64_itanium_arrives/

Itanium inventor bobs to surface as chip's savior?
By Ashlee Vance in Chicago (ashlee.vance at theregister.co.uk)
Published Wednesday 1st December 2004 18:22 GMT

Exclusive Some start-ups are comprised of wide-eyed wheelers and dealers
with little technical expertise. Others have a decent mix of business types
and technology talents. Then there are start-ups like Secure64 Software
Corp. that have nothing but the richest pedigree of pure, unadulterated
genius running through their giddy veins.

The discovery of Secure64 happened by chance. The company's CEO Peter
Cranstone took exception with one of The Register's Itanium bashing
articles and sent an e-mail extolling the possible virtues of the chip.
This e-mail led to a brief look at Secure64's management team website at
which point jaws dropped and little hamsters started turning in heads.

Without slighting other members of the Secure64 team, we have to admit that
one name in particular caught our attention - Bill Worley, the startup's
CTO. Worley worked on a couple of minor projects during his lengthy tenure
at HP. Little things like being the principal architect of the PA-RISC
processor and later the principal architect of PA-WideWord - known today as
Itanium. Worley, however, didn't just do the initial Itanium designs, he
also led the decision, in 1993, to unite HP and Intel behind the project.
High-end computing has never been the same since - for better or for worse.
And few engineers have a more impressive resume.

Along with Worley, Secure64 has Cranstone, who co-developed the mod_gzip
data compression technology for the Apache web server. Its Chairman is
Denny Georg, former CTO of various parts of HP. Its VP of Product Delivery
is Joe Gersch who once managed HP's research and development organization.

But, as they say late at night, that's not all.

Larry Hambly, one of the first 100 employees at Sun Microsystems, also sits
on Secure64's advisory board along with Rajiv Gupta - the former GM of HP's
e-Speak web services unit and former head of the joint HP/Intel Itanium
development team.

Just an inconsequential, revolutionary OS

So what unambitious project are all these brains working on? Well, just the
creation of an abstracted type of operating system that could create
faster, more stable, more secure servers.

At present, Secure64 has declined requests for interviews with CEO
Cranstone saying the company will have a formal launch early next year.
This makes it a bit difficult to know exactly what the company is up to.
Thankfully, Worley has applied for a couple of patents that give a decent
idea of the direction Secure64 is taking.

At the heart of Worley's recent work is the notion that general purpose
operating systems such as Unix, Linux and Windows don't make the best use
of specific features in processors - namely features in Itanium. The
general purpose nature of today's server market means that systems perform
well on a wide-variety of applications, but the boxes aren't tuned as well
as they could be for specific tasks.

In the past, any number of companies have taken a stab at this problem by
creating server appliances designed to handle a small subset of
applications. Most of these appliances relied on sophisticated software to
make them different from the average server. Of late, other companies have
been trying to tackle the general purposeness of servers with various
add-ons. Products such as TCP/IP and SSL accelerators have arrived to speed
up the performance of boxes in specific areas.

The appliances and accelerators have largely been aimed at web edge types
of workloads - things like serving up web pages, processing web services
protocols and encryption. While load balancers and some security appliances
have been picked up a decent rate, most of these types of products really
haven't enjoyed much interest.

The boys at Secure64 appear to think they've figured out a way to make a
web edge system more attractive to customers.

An extensible application environment for you and me

Not surprisingly, the company's approach relies on making the most out of
Itanium.

When Itanium first hit the market, both Intel and HP spent a lot of time
touting some of the features that separated Itanium from other processors.
(They mention these features less often these days, focusing their
marketing efforts instead on defending the chip's existence.) The four main
"features" of Itanium at play here are its large register sets (128 general
purpose and 128 floating point registers), the fact that it can crank
through 6-8 instructions per cycle, its security compartments technology
and its 4 privilege levels - again for added security.

Secure64 rightly believes that none of the major OSes out there makes
terribly good use of these unique features in Itanium. The chance is there
for a company to build software that can scream on Itanium and do so with
very high levels of security. The company seems to think that the existence
of an OS that can truly make use of all Itanium has to offer will spur
adoption of the processor.

In its patent applications, Secure64 describes its Itanium-friendly
software as a type of "extensible application environment." The good, old
EAE.

A customer would hypothetically load a CD with the run-time EAE into a
low-end Itanium server with the EAE serving as the operating system. The
Secure64 EAE would then work its magic, initializing memory and setting up
the protection ID keys and compartments available with Itanium. All told,
the EAE eats up a minimal set of system resources - say 2 percent - and
turns over the rest of the server to the applications.

The first use for such a product will likely be something in the web
acceleration realm. The server would boot up with a caching engine,
real-time compression (gzip64), SSL64, DDoS, routing functions and support
for those third-party TCP/IP offload cards discussed above. Secure64's
patent materials describe the EAE-powered boxes generally being used as web
servers, secure web servers, proxy servers, secure proxy servers and
application servers.

Secure64 documentation obtained by The Register shows that the company
believes systems running its software will show a 20x performance
improvement on web workloads, while providing much improved scaling. In
addition, Secure64 is looking to provide customers with a 100x reduction in
the costs associated with churning through web services transactions.

Secure64 is claiming that it will be virtually impossible to write worms or
viruses that can attack the EAE, as it makes use of Itanium's rich security
features. Third-parties can write applications to the EAE that make similar
use of these security functions.

The Secure64 patent application also describes the EAE as having a rich set
of partitioning functions. The company has focused on making each partition
very stable and secure via the means described above and has also paid
attention to ways partitions can be tuned for specific applications.

"The customized execution environment then has direct access and control
over the system resources within its partition," Secure64 writes in one
application. "That is, there are no operating system abstractions
interposed between the customized execution environment and the system
resources allocated to the customized execution environment.
Advantageously, with the operating system abstractions out of the way, the
customized execution environment may implement a computational and/or I/O
structure that is simpler, is tuned for a particular application, and can
take advantage of certain processor or other system resource features that
are not exploited by the (general purpose OS)."

Itanic revival

Not knowing exactly what Secure64 will end up unveiling next year makes it
tough to guess how well the technology will be accepted or what exactly it
will compete against. Other companies - Sun comes most immediately to mind
- have talked about attacking web edge types of workloads with a new class
of multicore chips. These processors can handle numerous requests at once,
and Sun has discussed similar 20x performance improvements with web
services transactions. It's more difficult, however, to guess how well
products from Sun and others would stack up on the security front against
Secure64.

In some ways, the Secure64 EAE seems like a very sophisticated version of
VMware's ESX Server product aimed specifically at the 64-bit computing
market. Like ESX Server, the EAE pushes the OS out of the way and provides
a nice set of virtualization tools. Again, companies like Sun and HP have
been doing similar things with their versions of Unix. Secure64's biggest
plus would be that it has tuned its software for Itanium only and thrown
out any general purpose OS nonsense that would hamper web workload
performance. That certainly makes it a unique player in the market, which
is exactly what you want from a start-up.

With its rich ties to HP, it's not hard to imagine Secure64 quickly
appearing as an option for HP's Integrity server customers. This is a big
"in" since HP accounts for about 85 percent of the Itanium ecosystem.

The appliance idea never seems to take off as well as start-ups hope, and
we have our doubts Secure64's play. That said, it sure would be something
to see the originator of Itanium bring the chip back to life using his
intimate knowledge of the chip's architecture as Secure64's biggest weapon.
.

The present

Secure64 (http://www.secure64.com/)
Patent I
(http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=secure64&OS=secure64&RS=secure64)

Patent II
(http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=2&f=G&l=50&co1=AND&d=PG01&s1=secure64&OS=secure64&RS=secure64)

The past

Worley pushes for Itanium (http://www.hpl.hp.com/news/2001/apr-jun/worley.html)
Worley interview (http://www.hpl.hp.com/news/2001/apr-jun/2worley.html)
Cranstone interview
(http://www.webreference.com/interviews/petercranstone.html)

Related stories

IBM, Moore's Law and the POWER 5 chip
(http://www.theregister.co.uk/2004/11/26/ibm_power5_moores_law/)
How MS will end the Dell - Intel love-in
(http://www.theregister.co.uk/2004/11/24/microsoft_dell_amd/)
Intel is killing Itanium one comment at a time
(http://www.theregister.co.uk/2004/11/19/intel_itanium_mainframes/)
IBM benchmark leaves server rivals breathless
(http://www.theregister.co.uk/2004/11/18/ibm_shatterrs_tpcc/)
Intel nuances Itanium; Microsoft ignores it
(http://www.theregister.co.uk/2004/11/11/intel_ms_itanium_kick/)


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'