Cadence joins with TSMC to boost 5nm FinFET innovation, enabling next-generation SoC production design

Cadence Design Systems Inc. announced Monday that it has collaborated with TSMC to enable customers’ production delivery of next-generation system-on-chip (SoC) designs for mobile, high-performance computing (HPC), 5G and artificial intelligence (AI) applications on TSMC’s 5nm FinFET process technology.

As part of the collaboration, the Cadence digital, signoff and custom/analog tools have been certified for Design Rule Manual (DRM) and SPICE v1.0, and Cadence IP has been enabled for the TSMC 5nm process.

The corresponding process design kits (PDKs) featuring integrated tools, flows and methodologies are now available for traditional and cloud-based environments. Additionally, mutual customers have already completed several tapeouts using Cadence tools, flows and IP for full production development on the TSMC 5nm process technology.

Cadence delivered a fully integrated digital implementation and signoff tool flow, which has been certified on TSMC’s industry-leading 5nm process that has the benefits of process simplification provided by extreme ultraviolet (EUV) lithography.

The Cadence full-flow includes the Innovus Implementation System, Liberate Characterization Portfolio, Quantus Extraction Solution, Tempus Timing Signoff Solution, Voltus IC Power Integrity Solution and Pegasus Verification System.

The Cadence digital and signoff tools that have been optimized for TSMC’s 5nm process technology provide EUV support at key layers and associated new design rules, which enable mutual customers to reduce iterations and achieve performance, area and power (PPA) improvements.

Some of the newest enhancements for the 5nm process include predictive via-pillar-aware synthesis structuring with the Genus Synthesis Solution as well as a pin-access control routing method for cell electromigration (EM) handling in the Innovus Implementation System and Tempus ECO and also statistical EM budgeting analysis support in the Voltus IC Power Integrity Solution. The newly certified Pegasus Verification System supports 5nm rule decks for all TSMC physical verification flows including DRC, LVS and metal fill.

The Cadence custom/analog tools certified on TSMC’s industry-leading 5nm process technology include the Spectre Accelerated Parallel Simulator (APS), Spectre eXtensive Partitioning Simulator (XPS), Spectre RF Option, Spectre Circuit Simulator, Voltus-Fi Custom Power Integrity Solution, Pegasus Verification System as well as the Virtuoso custom IC design platform, which includes the Virtuoso Layout Suite EXL, Virtuoso Schematic Editor and Virtuoso ADE Product Suite.

The Virtuoso R&D team has an ongoing and rich collaboration with the Cadence IP Group, developing 5nm mixed-signal IP using a state-of-the-art custom design methodology built on the latest Virtuoso design platform.

By continually enhancing the design methodologies and capabilities included with the Virtuoso Advanced-Node and Methodology Platform for TSMC’s advanced-node processes, including the 5nm process, customers can achieve better custom physical design throughput versus traditional non-structured design methodologies.

The Virtuoso Advanced-Node and Methodology Platform (ICADVM 18.1) consists of features and functionality required for creating 5nm designs, which include an accelerated, row-based custom placement and routing methodology that enables users to improve productivity and better manage complex design rules.

Cadence introduced several new features that support the 5nm process including stacked gate support, universal poly grid snapping, area-based rule support, asymmetric coloring and voltage-dependent rule support, analog cell support and support for various new devices and design constraints that are part of TSMC’s 5nm technology offering.

Cadence is developing a differentiated advanced-node IP portfolio to support TSMC’s 5nm process, which includes a high-performance memory subsystem, very high-speed SerDes and high-performance analog to meet the demands of HPC, machine learning (ML) and 5G base stations. With the release of TSMC’s 5nm design infrastructure, Cadence and TSMC are actively engaged with customers and enabling next-generation SoC development by addressing the latest IP requirements for evolving application areas.

“TSMC’s 5nm technology offers our customers the industry’s most advanced technology to address the growing demand for computing power driven by AI and 5G,” said Suk Lee, TSMC senior director, Design Infrastructure Management Division. “By collaborating closely with Cadence, we’re enabling customers to effectively differentiate themselves and deliver designs to market faster using our latest technologies.”

“We’re continuing to broaden our collaboration with TSMC to facilitate 5nm FinFET adoption, giving customers access to the latest tools and IP for advanced process design creation,” said Dr. Chin-Chi Teng, senior vice president and general manager of the Digital & Signoff Group at Cadence. “Our R&D team has focused heavily on developing new features and performance improvements so that our digital and signoff and custom/analog tools and IP can be used with complete confidence, enabling customers to achieve first-pass silicon success and deliver end products within aggressive time-to-market schedules.”

Symantec now part of U.S. Department of Defense’s defense industrial base cybersecurity program

Cybersecurity vendor Symantec announced that it has become a member of the United States’ Department of Defense’s (DOD) Defense Industrial Base (DIB) Cybersecurity (CS) program.

The DIB CS program is a voluntary cyber threat information-sharing initiative established by the DOD to enhance and supplement DIB participants’ capabilities to mitigate cyber attacks. The program features a collaborative information-sharing environment where members voluntarily report cyber threats as well as information on how to prevent/mitigate those threats.

Symantec is supporting the mission of the DOD against cyber adversaries by working collaboratively to enhance the security posture of the United States. DIB CS industry partners can benefit from Symantec’s array of cyber security capabilities to enable compliance with the mandates of the National Institute of Standards and Technology’s (NIST) SP 800-171. 

NIST SP 800-171 establishes a set of security requirements for protecting Controlled Unclassified Information (CUI) stored in nonfederal systems and organizations.

Symantec’s Global Intelligence Network is one of the world’s largest threat intelligence networks, composed of threat data from 175 million protected endpoints and 123 million attack sensors worldwide collecting billions of cyber threat telemetry vectors daily.

“This is a prime example of an effective government-industry collaborative partnership. Symantec is proud to work in conjunction with the DOD and its partners to deliver a stronger cyber environment,” said Chris Townsend, Symantec vice president of federal. “The DIB CS program provides an important platform to share threat information and best practices, helping to improve the overall cyber awareness and security posture of all members. Symantec is proud to become a member of this important community.”

OPAQ releases hyperscale security-as-a-service networking offering to simplify digital transformation

Network security cloud company OPAQ announced Monday a new set of offerings that provide up to 15 Gbps of hyperscale security-as-a-service networking to support digital transformation initiatives.

The OPAQ Cloud provides direct Gigabit connectivity to ISP exchanges and comprehensive network security for organizations that require carrier-grade network performance and security for hybrid and multi-cloud environments that span on-premises, Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS) resources.

OPAQ’s cloud platform enables partners to deliver Fortune 100-grade security-as-a-service on infrastructure purpose-built for security and performance.

With OPAQ, service providers are equipped with a simplified ability to centrally monitor security performance and compliance maturity, generate reports, manage security infrastructure, and enforce policies – all through a single interface. This empowers OPAQ partners to grow revenue and margins, eliminate complexity and costs, and establish a competitive advantage that helps them attract and retain customers.

Based in Northern Virginia, OPAQ is privately held and is funded by Greenspring Associates, Columbia Capital, Harmony Partners and Zero-G Inc.

Virtually every organization faces three interconnected challenges: regulatory compliance, security and network bandwidth/latency. For businesses these days, monthly cloud workloads can reach 20-30 terabytes due to big data processing requirements, which demands peak throughput performance in excess of 2 Gbps.

OPAQ’s hyperscale networking fabric scales from 50 Mbps to 15 Gbps, while providing advanced next-generation firewall-as-a-service and endpoint protection-as-a-service that is fully integrated into the OPAQ Cloud. This enables service providers to meet security, compliance and bandwidth requirements of small and large organizations that are increasingly moving business processes and workloads to cloud environments.

“Companies of all sizes are integrating on-premises data centers with cloud workloads and SaaS applications to accelerate digital transformation projects,” said Ken Ammon, Chief Strategy Officer for OPAQ. “These hybrid or multi-cloud environments create network performance and security challenges which are too complex and expensive to address using traditional on-prem security architectures. The OPAQ Cloud integrates patented hyperscale networking with enterprise-grade security features to provide a secure fabric that seamlessly supports these distributed infrastructure processing requirements.”

Dynatrace delivers end-to-end visibility and AI-powered answers from cloud to mainframe with new Software Intelligence Platform

Dynatrace announced that it has extended its AI-powered platform to include IBM Z support for CICS, IMS and middleware. This gives customers precise information about the performance of digital services across hybrid environments; from modern cloud applications to the mainframe.

Mainframes power 30 billion transactions a day and are used by 71 percent of Fortune 500 companies. However, for many organizations, back-end technology layers create blind spots in their current approach to monitoring. 

This makes it hard to identify, analyze and resolve performance problems, which can endanger key business transactions and impact users. A lack of visibility can also result in runaway MIPS usage costs that can reach into hundreds of thousands of dollars due to inefficiencies and errors that go unseen.

Dynatrace provides software intelligence that helps simplify enterprise cloud complexity and accelerate digital transformation. With AI and complete automation, the company’s all-in-one platform provides answers, not just data, about the performance of applications, the underlying infrastructure and the experience of all users.

Unlike other solutions that attempt to connect disparate tools, to stitch together a business transaction, Dynatrace provides end-to-end visibility by automatically discovering and mapping every transaction with a single AI-powered solution. This real time visibility, from cloud to the mainframe, gives enterprises a huge competitive advantage – they can eliminate inefficiencies and consequently, innovate at a faster rate.

“While enterprises are moving applications to modern cloud stacks for agility and competitive advantage, these applications often still depend on critical transactions and ‘crown jewels’ customer data residing on IBM Z mainframes. This puts pressure on these resources to perform tasks that were not envisioned when the mainframes were launched,” said Steve Tack, SVP of products at Dynatrace. “Because Dynatrace provides end-to-end hybrid visibility, customers can optimize new services, catch performance degradations before user impact, and understand exactly who has been impacted by an incident. This enables customers to confidently innovate applications that leverage data from mainframes to increase revenue, build brand loyalty, and create competitive advantage.”

Mercury Systems to provide Intel Select Solution for hardened security with Lockheed Martin

Mercury Systems announced that it will offer an Intel Select Solution for Hardened Security with Lockheed Martin. Designed to help defense and aerospace customers secure mission-critical data, the solution will provide hardened, full stack security that delivers ideal performance which sets new standards of affordability for secure and rugged tactical edge computing.

The U.S.-designed solution will be manufactured and tested in Mercury’s Defense Microelectronics Activity (DMEA)-accredited facilities and is expected to be delivered to the market in mid-2019.

“Mercury has over thirty years of expertise in building secure rackmount, embedded and custom Intel commercial off-the-shelf solutions for deployment into ground, surface, subsurface and airborne environments,” said Scott Orton, Vice President and General Manager of Mercury’s Trusted Mission Solutions group. “Our long-standing partnership with Intel enables us to provide high-performance, sophisticated platforms that meet or exceed the mission requirements of Department of Defense end-customers and industry-leading prime contractors, such as Lockheed Martin.”

Mercury also announced the EnsembleSeries HDS6605 blade server, the embedded computing powerful, general-purpose processing 6U OpenVPX blade server with hardware-enabled support for artificial intelligence (AI) applications.

Powered by second generation Intel Xeon scalable processors, HDS6605 blade servers feature the same cooling, packaging and 100 Gbps in-system switch fabric interconnect technologies found in earlier proven generations of Mercury blades based on Intel Xeon processors. These open systems-compliant technologies have a technology readiness level of nine (TRL-9), making HDS6605 blades well-suited to rugged defense applications and upgrades that require the utmost in processing capability.

HDS6605 blade servers are highly optimized for AI and other extreme compute-intensive general processing workloads typically associated with sensor fusion, complex C4I and deep-learning applications.

Second Generation Intel Xeon Scalable processors feature Intel Deep Learning Boost, which extends Intel Advanced Vector Extensions-512 (Intel AVX-512) to accelerate inference applications like speech recognition, image recognition, language translation, object detection, and more.

Its new set of embedded accelerators (Vector Neural Network Instructions, or VNNIs) speed up dense computations characteristic of convolutional neural networks (CNNs) and deep neural networks (DNNs), delivering up to a 14 times improvement in inference performance compared to the first-generation Intel Xeon Scalable processor launched in July 2017. Along with increased scalability via ultrapath interconnect (UPI) , each blade provides up to 22 cores from a single 1.9GHz device, delivering an industry-topping 2.6 TFLOPS of general-purpose processing power.

Mercury also announced the start of customer engagements for its second generation of the TRRUST-Stor VPX RT line of radiation-tolerant solid state drives (SSD) featuring up to 940GB user capacity in a 6U SpaceVPX form factor.

The new device delivers enhanced versatility with improved error correction code (ECC) and both Serial RapidIO and Peripheral Component Interconnect Express (PCIe) host interfaces. As the first space-qualified storage devices leveraging the SpaceVPX standard for agile interoperability, the TRRUST-Stor VPX RT family enables accelerated system design directly addressing the growing demand for low Earth orbit (LEO) satellites and mission critical systems operating in radiation-intense environments.

In terrestrial environments, the NAND flash memory devices used in a traditional SSD device are prone to data corruption without the use of ECC. In radiation-exposed environments, data corruption is vastly accelerated due to the occurrence of single-event effects (SEE) and total ionizing dose (TID) degradation which negatively impact the functionality of the NAND flash memory used in the device.

To counter these damaging effects, Mercury has improved the ECC performance of the original 3U TRRUST-Stor VPX RT device. With 30 percent more error corrections built-in, the company’s new 6U device integrates high-reliability defect mitigation thereby enabling normal read and write operations in the presence of harmful ionizing radiation. Additionally, the new SSD features redundant NAND flash to further improve long-term reliability and data integrity.

Kaspersky Lab discovers TajMahal, a spying platform with distinctive functionality and no known links to current threat actors

Kaspersky Lab researchers have uncovered a technically sophisticated cyberespionage framework, TajMahal, which has been active since at least 2013 and appears to be unconnected to any known threat actors. It features around 80 malicious modules and includes functionality never before seen in an advanced persistent threat (APT), such as the ability to steal information from printer queues and grab previously seen files from a USB device.

Kaspersky Lab researchers discovered TajMahal late last year. It is a technically sophisticated APT framework designed for extensive cyberespionage. Malware analysis shows that the platform has been developed and used for at least the last five years, with the earliest sample dated April 2013, and the most recent August 2018. The name TajMahal comes from the name of the file used to exfiltrate the stolen data.

The TajMahal framework is believed to include two main packages, self-named as ‘Tokyo’ and ‘Yokohama’. Tokyo is the smaller of the two, with around three modules. It contains the main backdoor functionality, and periodically connects with the command and control servers. Tokyo leverages PowerShell and remains in the network even after the intrusion has moved to stage two.

Stage two is the Yokohama package: a fully armed spying framework. Yokohama includes a Virtual File System (VFS) with all plugins, open source and proprietary third-party libraries, and configuration files.  There are nearly 80 modules in all, and they include loaders, orchestrators, command and control communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers.

TajMahal is also able to grab browser cookies, gather the backup list for Apple mobile devices, steal data from a CD burnt by a victim as well as documents in a printer queue. It can also request the theft of a particular file from a previously seen USB stick, and the file will be stolen the next time the USB is connected to the computer.

The targeted systems found by Kaspersky Lab were infected with both Tokyo and Yokohama. This suggests that Tokyo was used as first stage infection, deploying the fully-functional Yokohama package on interesting victims, and then left in for backup purposes.

So far, only one victim has been observed - a foreign based, central Asian diplomatic entity, infected by 2014. The distribution and infection vectors for TajMahal are currently unknown.

“The TajMahal framework is a very interesting and intriguing finding. The technical sophistication is beyond doubt and it features functionality we have not seen before in advanced threat actors. A number of questions remain. For example, it seems highly unlikely that such a huge investment would be undertaken for only one victim,” said Alexey Shulmin, lead malware analyst at Kaspersky Lab. “This suggests that there are either further victims not yet identified, or additional versions of this malware in the wild, or possibly both. The distribution and infection vectors for the threat also remain unknown.  Somehow, it has stayed under the radar for over five years. Whether this is due to relative inactivity or something else is another intriguing question. There are no attribution clues nor any links we can find to known threat groups.”

All Kaspersky Lab products successfully detect and block this threat.

In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky Lab researchers recommend use of advanced security tools like Kaspersky Anti Targeted Attack Platform (KATA) and make sure your security team has access to the most recent cyber threat intelligence; update all software used in the organization on a regular basis, particularly whenever a new security patch is released. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes.

The security company also recommended choosing a proven security solution such as Kaspersky Endpoint Security that is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits, and ensuring that staff understand basic cybersecurity hygiene, as many targeted attacks start with phishing or other social engineering technique.

OpenStack Stein boosts bare metal and network management, while launching Kubernetes clusters

The OpenStack community released Stein, the 19th version of open source cloud infrastructure software, which powers over 75 public cloud data centers and thousands of private clouds at a scale of more than 10 million compute cores.

OpenStack is the one infrastructure platform uniquely suited to deployments of diverse architectures—bare metal, virtual machines (VMs), graphics processing units (GPUs) and containers.

Kubernetes is a key container orchestration framework running on OpenStack, with 61 percent of OpenStack deployments indicating they integrate the two platforms, according to the 2018 OpenStack User Survey.

In Stein, OpenStack continues to deliver the core infrastructure management features delivering the bare metal and network functionality that containers need. OpenStack Magnum, a Certified Kubernetes installer, improved Kubernetes cluster launch time significantly—down from 10-12 minutes per node to five minutes regardless of the number of nodes.

With the OpenStack cloud provider, users can now launch a fully integrated Kubernetes cluster with support from the Manila, Cinder and Keystone services to take full advantage of the OpenStack cloud it’s created on.

Neutron, OpenStack’s networking service, has faster bulk port creation, targeting container use cases, where ports are created in groups, while Ironic, the bare metal provisioning service, continues to improve deployment templates for standalone users to request allocations of bare metal nodes and submit configuration data as opposed to pre-formed configuration drives.

Within Neutron, Network Segment Range Management enables cloud administrators to manage segment type ranges dynamically via a new API extension, as opposed to the previous approach of editing configuration files. This feature benefits StarlingX and edge use cases, where ease of management is critical.

For network-heavy applications, it is crucial to have a minimum amount of network bandwidth available. Work began during the Rocky cycle to provide scheduling based on minimum bandwidth requirements, and the feature was delivered in Stein. As part of the enhancements, Neutron treats bandwidth as a resource and works with the OpenStack Nova compute service to schedule the instance to a host where the requested amount is available.

API improvements boost flexibility, adding support for aliases to Quality of Service (QoS) policy rules that enable callers to execute the requests to delete, show and update QoS rules more efficiently.

Blazar, the resource reservation service, introduced a new Resource Allocation API allowing operators to query the reserved state of their cloud resources.

Placement is a new project introduced in the Stein release. Extracted from the Nova project, Placement offers the ability to target a candidate resource provider, easing the task of specifying a host for workload migration. This increases API performance by 50% for common scheduling operations. The internal Placement service in Nova will be removed by the Train release. At that point Nova installations should make use of the separate Placement service.

Sahara, a project for provisioning Hadoop clusters, has been refactored into a core+plugins architecture, making it easier to take advantage of this functionality.

“OpenStack has become a powerful platform for managing Kubernetes clusters in private and multi-cloud deployments,” said Jonathan Bryce, executive director of the OpenStack Foundation. “With Stein, operators gain new capabilities for bare metal management and networking, running high-performance workloads with GPUs, operating NFV deployments, and for a diversity of enterprise application use cases. Stein’s arrival is a tribute to the community’s hard work in delivering open infrastructure services that solve real, pressing problems for operators and users.”

Intel, Google Cloud partner to accelerate hybrid cloud; develop Anthos reference design to simplify deployment

Intel and Google Cloud announced on Tuesday a partnership aimed at helping enterprise customers seamlessly deploy applications across on-premise and cloud environments. The reference design will be delivered by the middle of this year, with expected solution delivery from OEMs and solutions integrators in market later this year.

The two companies will collaborate on Anthos, a new reference design based on the 2nd-Generation Intel Xeon scalable processor and an optimized Kubernetes software stack that will deliver increased workload portability to customers who want to take advantage of hybrid cloud environments. Intel will publish the production design as an Intel Select Solution, as well as a developer platform.

While organizations are embracing multi-cloud solutions to fuel their businesses, many companies remain challenged to find the right hybrid cloud solutions that enable seamless workload migration across clouds. The Anthos reference design will address this challenge by delivering a stack optimized for workload portability, enabling deployment of applications across on-premise data centers and public cloud provider services.

This collaboration is an extension of a technology alliance between the two companies that already spans many infrastructure optimizations, collaboration on high-growth workloads like artificial intelligence, and integration of new technologies into the Google Cloud Platform, such as the 2nd-Generation Intel Xeon Scalable processors and Intel Optane DC Persistent Memory.

“Our collaboration with Google in delivering the infrastructure and software optimizations required to advance their hybrid and multi-cloud solution is a natural fit with Intel’s vision for data-centric computing,” said Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel. “We’re delivering an Intel technology foundation for customers to take advantage of their data, and that requires delivery of architectures that can span across various operating environments. This collaboration will give customers a choice of optimized solutions that can be utilized both in the on-prem as well as cloud environments.”