Seriously beefing up its infrastructure as-a-service (IaaS) efforts, Oracle today announced a compute offering that undercuts Amazon Web Services (AWS) by half and a hardware-based security feature that it says could detect any breach immediately.
It’s all part of a cloud obsession that’s blanketed Oracle OpenWorld in San Francisco this week. Those two announcements came in the afternoon, after Tuesday morning’s launch of Oracle’s new infrastructure as-a-service (IaaS) offering, where customers will be able to rent Oracle cloud servers and storage by the hour or by the month.
Until now, Oracle’s IaaS focus had been on running its own applications — substantially all of which have been retooled for the cloud.
Take That, Amazon
Chairman and CTO Larry Ellison added to the IaaS frenzy by announcing that Oracle will offer dedicated compute resources — that is, servers that you’re not sharing with other cloud customers — at 50 percent of the price of AWS’ shared compute.
Oracle’s policy has been to match Amazon’s relentless price cuts, but not to exceed them — unless technology provides the edge to do so, Ellison said. He didn’t specify what kind of edge Oracle found in compute, but it was apparently enough to prompt a price cut. (He didn’t say anything about the price of Oracle shared compute, nor did he share any specific numbers.)
Ellison also announced a hardware system that extends Oracle’s cloud to the customer premises, running the same software there as Oracle does in its data centers. It’s descriptively named the Oracle Private Cloud Machine for PaaS & IaaS. “We have half the reference manual in the name itself,” Ellison said.
Oracle is also continuing to stack up cloud features, just as AWS, Microsoft Azure, and Google Cloud have been doing. Analytics and application performance monitoring were among the examples launched Tuesday.
Silicon Secured Memory
Ellison’s primary theme on Tuesday afternoon, though, was security. While Oracle and others expect the bulk of software workloads to move to the cloud eventually, that process could get derailed if it can’t be shown that the cloud is secure.
“We need a next-generation security, because we are not winning a lot of these cyber battles,” he said.
To that end, Oracle has added a feature called Silicon Secured Memory to the newly announced Sparc M7 microprocessor. Silicon Secured memory can detect an unauthorized memory access immediately, meaning it could have stopped the Heartbleed or Venom vulnerabilities in their tracks, Ellison claimed.
It works like this: Every time a server asks for memory, the job gets assigned a unique large number. If any other job taps that memory — something launched by an intruder, for instance — the hardware notices the discrepancy and sets off an alarm.
Obviously, this only works if the server runs on an M7. But if even a small percentage of machines are using the chip, the concept holds, Ellison said. “The second that attack hits the M7, we immediately detect it. We know we’re under attack, and once we know we’re under attack, we can do something.”
Down the Stack
Pushing security down to the silicon level isn’t a new idea. Hardware-based security can always run faster than software-based security, making hardware-based security processing required for the highest-end use cases.
But Ellison isn’t out for speed (although he did point out that chips add speed at no cost). His point was that security should be pushed as far down the stack as possible.
It’s the tree-branching effect. If you have a database that runs multiple applications, it’s better to encrypt the database than to secure the applications one by one. “If it’s in the database, every application that uses that database inherits that encryption,” Ellison said.
Extrapolating that logic, Oracle wants some security down in the processor — which runs the operating systems that can be running multiple databases.
Oracle might even take this a step further. Early in his talk, Ellison said Oracle would develop more security features in hardware and might even sell those chips to other companies — but he didn’t elaborate on those plans.