Apr 02 2019
Our last blog talked about content delivery networks (CDNs), and the challenges of applying unique encryption keys to thousands (or more) pieces of content simultaneously. In this blog, we will dive a little deeper into this problem, and some of the complexities that make this a critical problem for CDNs to resolve. One of the greatest challenges with encryption for CDNs is the latency inherent in host (server) based encryption. The diagram below illustrates the process that CDNs utilize to create encrypted content. Once a request for protected content is received by the CDN, there are five steps in the process: i) Locate the content the user desires and the access data for it; ii) verify that the user should be able to access this data, and generate an encryption key; iii) encrypt the data; iv) write the data back to storage so it can be sent out when needed; and v) send the encrypted content to the user (the data is typically sent as a series of packets; it is only streamed in the case of live broadcasts ).
There are several issues that add to the latency of this approach. The first of these is that the data has to be read and transferred from storage to the server’s memory. The typical 2 hour HD compressed movie is roughly 8GB in size. If the storage is local (for instance, an NVMe flash SSD), it would take roughly 2 seconds to transmit it over a 4-lane PCI Express® (PCIe) Gen3 bus. Once the data is encrypted, it will take another 2 seconds to store the data back to the NVMe SSD. This must happen for every user request for content. During this time, the server CPU core performing the encryption cannot do any other operations. For a dual-processor server with 28 cores, this means that this latency consumes the equivalent of 25 thousand sessions of CPU time (3,600 seconds divided by four seconds of latency, times 28 cores). If this latency didn’t exist, the server could service 25K more sessions.
In our next blog, we will explore how computational storage can accelerate this process while at the same time reducing the workload encountered by servers for encryption. If you would like to find out more about our Newport real-time computational storage devices, visit our website or contact me. Better yet, come and visit us at the NAB at the Las Vegas Convention Center, April 8-11. We will have our solutions in three locations: The Sprockit Startup Pavilion (North Hall Booth N3735SP-B), AIC’s Booth (South Hall SL4406), and the EchoStreams Booth (South Hall, SL12208). We look forward to seeing you. Thanks!