Home » Posts tagged "hardware"

Yubico 宣佈推出 Lightning 的 U2F 界面...

YubicoCES 2019 上宣佈推出兩用版的 YubiKey,同時支援 USB-CLightning 接頭:「Yubico Launches the Security Key NFC and a Private Preview of the YubiKey for Lightning at CES 2019」。

從照片可以看出來是直接做成兩側各一個頭:

目前是 Private Preview,開發者需要跟 Yubico 申請:

If you are a developer or service that would like to support strong hardware authentication on iOS, we invite you to work with us by applying to participate in the YubiKey for Lightning Program. Selected participants will have access to the private preview of YubiKey for Lightning and also the Yubico Mobile iOS SDK for Lightning.

不過看起來是硬體限制沒辦法朝 NFC 支援?另外如果蘋果下一代 iPhone 換掉變成 USB-C 就搞笑了...

24 Core 的 ARM Server...

在「Banana Pi to Launch a 24-Core Arm Server」這邊看到 Banana Pi 打算推出 24 core 的 ARM server...

看起來還蠻不錯的:

We have 24-core Arm Cortex A53 processor with 32GB RAM (29.4GB seen by the OS) running Ubuntu 18.04.1 LTS with MATE desktop. There aren’t that many 24-core Arm Cortex A53 processors, so unless the company is using an announced processor, it has to be SocioNext SC2A11 processor also found in Linaro Developer Box.

拿來當 desktop 好像也不錯,不知道最終的定價會是多少...

EC2 開始陸續推出支援 100Gbps 網路的機器

AWS 開始陸陸續續在推出有 100Gbps 能力的 EC2 instance 了:「New – EC2 P3dn GPU Instances with 100 Gbps Networking & Local NVMe Storage for Faster Machine Learning + P3 Price Reduction」。

從「Amazon EC2 Instance Types」這邊可以看到先前只有 c5n.18xlarge 有支援 100Gbps 網路,現在推出的 p3dn.24xlarge 是第二個支援的...

另外是 P3 系列的降價消息,比較奇怪的是從 2018/12/06 開始生效,而不是從月初開始。另外區域與條件也有一些複雜,有常在用的人可以翻一下說明...

Vault 出 1.0 版,整合雲上面的 HSM 服務

看到「HashiCorp Vault 1.0」這則消息,Vault 要出 1.0 不是什麼新聞,重點是他把跟 Cloud Auto Unseal 的功能放出來了:

In Vault 1.0, we are open sourcing Cloud Auto Unseal, allowing for all users of Vault to leverage cloud services such as AWS KMS, Azure Key Vault, and GCP CKMS to manage the unseal process for Vault.

可以看在 AWS 上的作法:「Auto-unseal using AWS KMS」。

這樣在雲上的服務可以再降低風險...

AWS 新推出的 Amazon Elastic Inference:GPU 出租方案

AWS 推出了 Amazon Elastic Inference,可以讓你選擇 GPU 的量掛進 EC2 instance:「Amazon Elastic Inference – GPU-Powered Deep Learning Inference Acceleration」。

第一眼看到的時候在想這不是之前出過了嗎... 後來搜尋發現應該是針對圖形運算與 machine learning 的應用拆開使用不同的硬體?

所以在前陣子 AWS 公告將 Amazon EC2 Elastic GPUs 改名為 Amazon Elastic Graphics:「Amazon EC2 Elastic GPUs is now Amazon Elastic Graphics」。

舊的 Amazon EC2 Elastic GPUs (Amazon Elastic Graphics) 應該是針對圖形應用設計,而新的 Amazon Elastic Inference 則是針對 machine learning 設計。

EC2 推出 ARM 架構的機器...

看到 AWS 推出使用 ARM 架構的 EC2 instance 了:「New – EC2 Instances (A1) Powered by Arm-Based AWS Graviton Processors」。

在 Quick Start 頁面有 Ubuntu 18.04 (ARM) 可以選,開起來後操作跟標準的 Ubuntu 差不多... 連進去後 uname -a 可以看到是 aarch64:

ubuntu@ip-172-30-2-207:~$ uname -a
Linux ip-172-30-2-207 4.15.0-1028-aws #29+nutmeg8-Ubuntu SMP Tue Nov 20 02:59:41 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux

然後來看硬體規格,從最大台的 a1.4xlarge 來看是 16 vCPU + 32 GB RAM,定價是 $0.408/hr (這邊都拿 us-east-1 比較)。

對照 General Purpose 的 m5.4xlarge 是 16 vCPU + 60 GB RAM,定價是 $0.768/hr。如果看記憶體比較接近的 m5.2xlarge 則是 8 vCPU + 31 GB RAM,定價是 $0.384/hr。

對照 Compute Optimized 的 c5.4xlarge 是 16 vCPU + 68 GB RAM,定價是 $0.68/hr。

實際跑一些測試,包括 md5、sha256 與 aes (最後 aes 這個通常都有硬體加速),都用 -mutli 16 跑。

ARM 的 a1.4xlarge

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5            1064103.21k  2484789.44k  4436178.60k  5521370.45k  5943380.65k  5963896.15k
sha256         2059690.93k  5652827.82k 11792656.30k 16108863.15k 18086602.36k 18250851.29k
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128 cbc    1593981.48k  1723960.38k  1752940.20k  1767321.94k  1770212.01k  1768281.43k
aes-192 cbc    1400010.40k  1496414.83k  1516962.99k  1527643.82k  1529834.15k  1527563.26k
aes-256 cbc    1222067.79k  1296972.50k  1313348.18k  1321350.83k  1322947.93k  1321850.20k
blowfish cbc   1384982.01k  1500548.63k  1529793.02k  1540091.22k  1540937.05k  1540767.74k

Intelm5.4xlarge

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5            1370869.17k  3276978.66k  5929591.13k  7441276.93k  8026330.45k  8071796.05k
sha256          592719.47k  1325135.04k  2506009.09k  3184234.50k  3455729.66k  3480365.74k
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128 cbc    1060996.96k  1121951.87k  1135376.21k  1141487.96k  1143270.06k  1143499.43k
aes-192 cbc     890438.97k   934047.98k   943446.44k   947576.49k   948857.51k   949026.82k
aes-256 cbc     768686.53k   800152.85k   806883.93k   809804.12k   810784.09k   810937.00k
blowfish cbc   1735490.97k  1884059.78k  1923876.10k  1932711.94k  1934477.99k  1928680.79k

Intel 的 c5.4xlarge

type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
md5            1501870.92k  3593434.20k  6503591.25k  8162811.90k  8804605.95k  8855147.86k
sha256          650179.22k  1453635.18k  2749318.83k  3492912.13k  3791164.76k  3818105.51k
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128 cbc    1163898.98k  1230539.07k  1244414.63k  1252080.98k  1254110.55k  1254206.12k
aes-192 cbc     976610.23k  1024570.03k  1034886.66k  1039442.26k  1040872.79k  1041143.13k
aes-256 cbc     843184.42k   877695.30k   885125.46k   888408.06k   889503.74k   889766.83k
blowfish cbc   1877162.34k  2056925.74k  2107008.26k  2119893.67k  2121979.22k  2115720.53k

這些數字頗有趣的... 看起來 ARM 上面應該有對某些演算法加速,使得常見的情境會快很多。不過如果是其他應用的話看起來就會比較辛苦了... 目前就價錢來看未必有絕對的優勢,還是得看應用來決定。

AWS 推出使用 AMD CPU 的 m5a 與 r5a

Amazon EC2 推出使用了 AMD Epyc 的機種,分別為 m5a.*r5a.*:「New Lower-Cost, AMD-Powered M5a and R5a EC2 Instances」。

這個系列的重點在於價位相較於 m5.*r5.* 大約低了 10% 的費用:

The newest EC2 instances are powered by custom AMD EPYC processors running at 2.5 GHz and are priced 10% lower than comparable instances.

目前開放的區域只有五區:

These instances are available now and you can start using them today in the US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), and Asia Pacific (Singapore) Regions in On-Demand, Spot, and Reserved Instance form.

然後在「Amazon EC2 Pricing」這頁已經可以看到價錢,但大概是某些非技術性的因素,可以發現沒有列出 ECU... 不過從沒有推出 c5a.* 系列大概可以猜測效能應該打不贏 c5.* 所以沒有打算推出對應的產品線?(不過也難說,等看看有沒有人測試出來吧...)

另外文章最後提到會有 t3a.* 的計畫,如果價錢會再比現在的 t3.* 低一些的話,看起來頗值得期待的:

PS – We are also working on T3a instances; stay tuned for more info!

AWS 提供 6TB/9TB/12TB RAM 的機器...

AWS 推出了超大記憶體的機器,代碼 u-{6,9,12}tb1.metal,分別對應 6TB/9TB/12TB 的 RAM:「Now Available – Amazon EC2 High Memory Instances with 6, 9, and 12 TB of Memory, Perfect for SAP HANA」。

這記憶體比我桌機的硬碟還大... 然後還打算出更大台的機器 XDDD:

We’re not stopping at 12 TiB, and are planning to launch instances with 18 TiB and 24 TiB of memory in 2019.

不過目前從 web console 上沒看到可以選擇,似乎沒有開放零租 (i.e. 以分計費,或是以小時計費),在價錢頁「Amazon EC2 Pricing」這邊沒看到,在 Reserved Instance (RI) 的頁面「Amazon EC2 Reserved Instances Pricing」這邊也沒看到。

從文章裡的描述知道目前在 us-east-1 & ap-northeast-1 有提供,但從後台情況以及文章語氣推測,似乎要另外開 support ticket 才能選用:

These instances are now available in the US East (N. Virginia) and Asia Pacific (Tokyo) Regions as Dedicated Hosts with a 3-year term, and will be available soon in the US West (Oregon), Europe (Ireland), and AWS GovCloud (US) Regions. If you are ready to get started, contact your AWS account team or use the Contact Us page to make a request.

而且看起來這個階段像是一次只給買三年?

GCP 推出 Cloud HSM (beta)

這算是 Google Cloud Platform 在補產品線,讓那些有強制使用 HSM 的需求的應用 (通常是遇到一定要 FIPS 140-2 的規範) 可以搬上雲端:「Introducing Cloud HSM beta for hardware crypto key security」。

從圖片上可以看到 LiquidSecurity,應該是「LiquidSecurity® General Purpose HSM Adapters and Appliances」這個產品:

如同 AWSCloudHSM 服務,GCP 的 Cloud HSM 也是提供 FIPS 140-2 Level 3:

Cloud HSM allows you to host encryption keys and perform cryptographic operations in FIPS 140-2 Level 3 certified HSMs (shown below).

演算法上,支援 AESRSAECC (NIST 的 P-256 與 P-384):

In addition to symmetric key encryption using AES-256 keys, you can now create various types of asymmetric keys for decryption or signing operations, which means that you can now store your keys used for PKI or code signing in a Google Cloud managed keystore. Specifically, RSA 2048, RSA 3072, RSA 4096, EC P256, and EC P384 keys will be available for signing operations, while RSA 2048, RSA 3072, and RSA 4096 keys will also have the ability to decrypt blocks of data.

目前只支援 us-east1us-west1,另外價錢也比軟體服務版本的 Cloud KMS 貴不少:

Billable itemFor keys with protection level SOFTWAREFor keys with protection level HSM
Active AES-256 and RSA 2048 key versions$0.06 per month$1.00 per month
Active RSA 3072, RSA 4096 or Elliptic Curve key versions$0.06 per month$2.50 per month for the first 2,000
$1.00 per month thereafter
Destroyed key versionsFreeFree
Key operations: Cryptographic$0.03 per 10,000 operations$0.03 per 10,000 operations for AES-256 and RSA 2048 keys
$0.15 per 10,000 operations for RSA 3072, RSA 4096, and Elliptic Curve keys
Key operations: AdminFreeFree

不過一般情況應該不會得用 CloudHSM,先有個印象就好...

Archives