Are Secure Enclaves Enough to Level the Stakes for Intel’s New Ice Lake Server Chips?

As inter-gen performance gains shrink, 3rd gen Intel Xeon Scalable messaging highlights hardware security and co-processor performance.

Scott Fulton III, Contributor

April 6, 2021

6 Min Read
3rd Gen Intel Xeon Scalable (Ice Lake Server)

With inter-generation performance gains of the Intel Ice Lake server chips (3rd Gen Intel Xeon Scalable) unremarkable in comparison to what they used to be when Moore’s Law was in full effect, the company’s messaging around the new data center processor family’s launch focused on its much improved secure enclaves capabilities and its effectiveness when using FPGA accelerators.

Intel has fought the CPU battle with AMD before. For years, AMD led that battle on price/performance, building surpluses of mid-range processors with performance just good enough to tip the scales, while Intel countered with world-class manufacturing and upper-tier performance that some thought was worth the premium investment. Earlier this month AMD launched its own third-generation Zen architecture and the performance numbers it shared with reporters appeared to be setting up a very familiar pattern.

But the “tick-tock” clock that used to set the cadence for Intel’s innovation back when Moore’s Law was firing on all cylinders stopped ticking or tocking five years ago already. Now, instead of quantifiable gains that inspired awe and wonder for just how predictable they were, Intel is forced to rely on qualitative arguments, which are hard to make and harder to justify.

Related:Intel Says Its SGX Secure Enclaves Shine in Bare Metal Deployments

With Tuesday’s launch of the Intel Ice Lake server chips the company did march out its new performance promises on schedule. On average, Intel engineers predict, Ice Lake will deliver between 50 and 52 percent greater performance than its previous Cascade Lake generation — a value range so predictable, one imagines Gordon Moore taking a nap through its introduction.

Intel Ice Lake Server Nutrition Facts

The qualitative arguments this time are twofold: One is that Intel Ice Lake server processor performance is something that can best be appreciated when pairing with a new series of Agilex FPGA accelerators, also launched Tuesday. The other is more of a gamble: If you’re tired of exploits such as the SolarWinds trojan (the same 30-year-old vulnerabilities that have plagued servers ever since folks began asking why “Linux” was spelled with an “x”) then surely you’d be amenable to a processor capable of running sensitive services in absolute seclusion.

“On Ice Lake, we are bringing technologies that enable Confidential Computing,” explained Sailesh Kottapali, Intel’s chief architect and senior fellow, in a briefing with reporters and analysts. “These technologies allow for the application to interact with the CPU and establish a secure memory enclave at runtime. These enclaves bypass the OS and hypervisor layers and enable operating on the confidential information without exposure to any of the underlying infrastructure platform.”

Related:AMD Overhauls Its Epyc Server Processors, Aiming Once Again for the Sweet Spot

Enclaves is not a new feature. Intel first introduced it for its Xeon E-2100 series back in late 2018. Technically, it’s a part of the company’s original Software Guard Extensions (SGX), which it described three years ago as “a lockbox inside a system’s memory, helping protect the data while it’s in use during runtime.”

But now, SGX is being rolled out more widely for 3rd gen Xeon Scalable, with a special set of SKUs featuring 512GB of reserved, encrypted enclave memory per processor, compared to the 64GB maximum now supported by the vast majority of Intel Ice Lake server SKUs.

Developers for Intel CPUs have been using so-called multi-buffer “cryptography” libraries through the Data Plane Development Kit (DPDK) since 2017. But those libraries had been limited by Advanced Vector Extension functions that, although 512 bits in length, were only capable of dealing with 128-bit symmetric key sizes. Ice Lake now widens that path to up to four 128-bit blocks in one cycle, with a 512-bit register. Imagine only seeing with two eyes and then suddenly having eight and you’ll get the general idea.

As a result, Intel Ice Lake server cryptography-specific performance is boosted by as much as 4.2 times, compared with Cascade Lake, according to Intel’s data center performance director Ram Ramakrishnan. That coefficient became one of the themes of the company’s press briefing. It was one area where it could rightly be said that speeds had better than quadrupled.

Intel Ice Lake server rendering

intel ice lake rendering slide

At one point during the briefing, Intel showed a recording of two live renderings of an avatar-ized face depicting Lisa Spelman, an Intel VP and general manager of Xeon products, on different generations of Xeon. The Cascade Lake demo on the left was rendered using the 32-bit floating point library (FP32) and the one on the right using a combination of DL Boost and the 8-bit integer (INT8) library on Ice Lake.

That’s an important fact, because INT8 and DL Boost were already producing huge performance boosts over FP32 two years ago, without having to change CPU generations to do it.

“Xeon is not a standstill thing. I know it’s not exciting once you’re in your twentieth year of continually changing the industry, and driving things forward, and being the foundation of cloud architecture and the foundation of a modern, virtualized network,” Spelman said in an interview with DCK. “You take it for granted, but Xeon continues to evolve.

“Go back to where we were five years ago versus where we are now. I know it’s not necessarily the story that makes all the news. But … eighty percent of the world’s inference is done on Xeon for applications. And this carries through to the data center, all the way through to the edge. A tremendous amount of training is done on Xeon, because it’s pervasive and that ecosystem is so solidly built that you can get that capability and performance and better utilize your hardware.”

Balancing Act

The fact that Intel paired Tuesday’s 3rd gen Xeon Scalable announcement with the rollout of its next-generation FPGA accelerators, SSD storage units, and even network accelerator cards says something about Xeon’s present ability to be, to borrow Spelman’s expression, the story. Intel is putting all its cards on the table to place itself on an even footing in the public discourse against a resurgent Arm and a re-invigorated AMD,

Other manufacturers, including Taiwan’s TSMC, have spent the last two years (some of it interrupted by the pandemic) adopting 7nm FPGA manufacturing processes for vendors such as Xilinx. Intel finds itself defending a 10 nm “SuperFin” design that it “launched” two years ago and began shipping in limited quantity in August 2019. Tuesday marks the start of production shipments of Agilex FPGAs to general customers.

“Some of you know that long cycle with the FPGAs,” acknowledged Spelman.

The Xeon general manager touted what Intel claims to be Agilex’s performance-per-watt leadership along with a wide range of adaptability for particular customer requirements. That led to an intriguing question from the press pool: What’s the formula for the break-even point for total cost of ownership (TCO) when determining whether investing in an accelerator is cost-justified?

“In general, TCO for any customer improves when you don’t need to move to an acceleration,” Spelman admitted, “so you’re not adding to the cost of the solution and you’re not adding to the operating cost (the thermals, or whatever) of the configuration. But for Xeon, it’s an especially great TCO if you are using underutilized capacity.” That’s an argument Intel used to make years ago: a better utilized processor beats one that’s accelerated but underutilized.

“There is a crossover point, though, about when a function starts to dominate in a workload,” she continued. Suppose a single function that comprises 20 percent of workloads were accelerated by 10x. That breakeven point may be brought a lot closer to you, and an investment might just make more sense.

It’s an honest point: If accelerators were the solution to every workload sustainability dilemma, we wouldn’t be talking about CPU generational shifts now. And in a way, that’s the problem. Intel needs more people to be talking about those shifts now.

About the Author(s)

Scott Fulton III


Scott M. Fulton, III is a 39-year veteran technology journalist, author, analyst, and content strategist, the latter of which means he thought almost too carefully about the order in which those roles should appear. Decisions like these, he’ll tell you, should be data-driven. His work has appeared in The New Stack since 2014, and in various receptacles and bins since the 1980s.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like