The AEP2000 is a PCI 2.2-compliant Universal half-card providing 2,000 modular exponentiations per second of 1,024 bits each with CRT (Chinese Remainder Theorem). The AEP2000 supports Apache 1.3.14 and iPlanet 4.1 under Hewlett-Packard Co. HP-UX 11.0 and 11.i, Red Hat Linux 6.2 and 7.0, and Sun Microsystems Solaris 2.7 and 2.8. Indeed, my only complaint is the brevity of this list, but this too shall pass: AEP says it is working on Microsoft Windows and IIS support. I tested the AEP2000 with the latest release of its software, which supports Stronghold Web server under Red Hat 7.1.
The AEP2000 supports OpenSSL 0.9.6 and PCKS #11 2.01, and can provide services for SSL 2.0 and 3.0 as well as TLS (Transport Layer Security) 1.0. Unfortunately, it doesn't support WTLS (Wireless TLS).
The latest version of the product is easy to install. In fact, the next release of Stronghold will ship with integrated support for the AEP accelerator. Integration is as easy as adding a single line to the Web server's configuration file.
Kicking Butt
I tested the AEP2000 in an eight-processor (750-MHz) Compaq Computer Corp. system with 1 GB of RAM, running the latest Stronghold secure Web server. After firing up a set of 20 RadView Software WebLoad 4.51 clients, I directed more than 2,000 SSL-encrypted HTTP gets per second at our Web server, determining the peak-load baseline without acceleration.
Multiple tests indicated that an unassisted SSL-enabled Stronghold topped out on the lab configuration at 650 SSL-encrypted gets per second. After activating the AEP2000, I set the clients to barrage the Web server with requests. Over several tests the results were convincing: When Stronghold used the AEP2000 for cryptographic processing, it peaked at 2,000 SSL-encrypted gets per second.
|
Vendor Information
AEP2000, $3,750. Available: Now. Accelerated Encryption Processing, (408) 370-6160; fax (408) 370-6162.
www.AEP-crypto.com
|
The AEP2000 can handle key lengths of up to 4,096 bits for asymmetric operations. It uses the Intel Internet Exchange (IX) architecture framework, the Intel StrongArm processor and the high speed IX bus (4.2 Gbps), along with its proprietary ASIC for modular exponentiations. The card also makes use of a DES/3DES FPGA (Field Programmable Gate Array). Support for RSA, DSA and DH is provided. The random-number generator is FIPS (Federal Information Processing Standard)-compliant and can generate up to 1 MBps of random bits.
AEP admits the AEP2000 is probably too much for less beefy hardware. The company provides PCI cards of 500 and 1,000 modular exponentiations per second for Web servers that don't need the power of the AEP2000.
Lori MacVittie, a technology editor of Network Computing, has been a software developer and a network administrator. Most recently, she was a member of the technical architecture team for a global transportation and logistics organization. Send your comments on this article to her at lmacvittie@nwc.com
REPORTS
ANALYTICS
Follow 
