Sun documentation suggests that we need to assign cryptographic resources to the control domain as part of the initial configuration. I searched the documentation to better understand the purpose of this and know recommendation/limitation. I am doing this for Netra T5220 and wondering if the setting is different based on HW. Thanks!
LDOMs is recommended , or rather suppported only by a couple of new cool thread servers.depending on your configuration, you can follow the standard procedure to create LDOMS.
dlc.sun.com/pdf/820-2183-11/820-2183-11.pdf
I already have installed and configured a control domain and few guest domains on Netra T5220 using LDoms1.1 documentation. It is just this particular point which I am trying to get a better understanding of; i.e. assigning cryptographic resources. What is cryptographic? and what are the setting trade-offs?
Allocate enough MAUs in the LDom, or CPU cycles will be wasted during encrypting/decrypting Plan and test the LDom prior and after configuration
Don't create domains with partially allocated cores (not using all threads in a core) without first considering whether you want to use cryptographic devices, and then checking to see if they are free to be bound to your new domain.
Currently, there is an issue related to dynamic reconfiguration (DR) of virtual CPUs if a logical domain contains one or more cryptographic (mau) units:
DR of virtual CPUs is completely disabled on all active logical domains that contain any cryptographic units (Bug ID 6525647).
So if I am not using cryptographic devices (which does encrypting/decrypting), then I do not need to worry about assigning MAUs; is my conclusion correct? One more thing, is cryptographic device a tool/device within the server or external device? Excuse my questions, but I do not have enough knowledge/experience with these concepts and thanks!
I found some useful information in the BEGINNERS GUIDE TO LDOMS documents (I should have searched here in the first place!):
"The cryptographic devices on the supported platforms, referred to as modular arithmetic units (MAUs), provide high-performance, dedicated cryptographic engines to perform RSA and DSA operations. These can be used for tasks such as encrypting and decrypting network traffic that could occur between a Secure Socket Layer (SSL) web server and an application server.
In Logical Domains software, the cryptographic devices are also virtualized. There are eight MAU units on eight-core platforms with one per core of four virtual CPUs. As they are part of a core, they can be bound only to a domain that contains at least one strand from the parent core. (More information on this is provided in the chapter on �Guidelines and Gotchas.�)"