Recently, SmartX and Hygon Information Technology Co., Ltd. (hereinafter referred to as “Hygon”) jointly launched the HCT (Hygon Cryptographic Technology) high-availability (HA) encryption solution. Targeted at national cryptography transformation in industries such as finance, the solution deeply integrates the HA capabilities of SmartX ECP with the chip-native encryption capabilities of Hygon CPUs, enabling an integrated delivery of chip-native encryption and virtualization HA.
Background
CPU encryption technologies such as Hygon HCT are widely used in national cryptography transformation due to their superior performance and cost efficiency. However, the hardware-bound nature of passthrough devices often prevents these solutions from being compatible with virtualization HA frameworks. In the event of host failures, recovery typically requires manual intervention, resulting in business downtime lasting hours—insufficient for mission-critical systems demanding high continuity and stability.
To address this challenge, SmartX and Hygon conducted extensive validations across finance and related industries to integrate on-chip native encryption with virtualization HA capabilities. With SmartX ECP 6.3, they provide an industry-first solution to achieve HA support for VMs using Hygon HCT passthrough devices. By employing a device tagging feature, this solution enables unified identification, scheduling, and rebuilding of encrypted virtualized devices, ensuring that VMs benefit from chip-level encryption while achieving cross-node automatic failure recovery.
Solution Details
The joint solution is structured across three key dimensions—encryption implementation, virtualization access, and HA support—forming a cohesive architecture for “Chip-Native Encryption + Passthrough Devices HA”.
- Chip-Native Encryption: Leveraging the HCT cryptographic coprocessor embedded in Hygon CPUs, national cryptography algorithms such as SM2/SM3/SM4 are executed directly on-chip. This approach replaces traditional external hardware security modules, enabling native cryptographic computation with accelerated performance.
- Virtualization Passthrough: Virtual machines access on-chip encryption via HCT passthrough, achieving performance near that of physical machines, with latency significantly lower than external encryption cards.
- HA Support for Passthrough Devices: Built on SmartX ECP 6.3 HA capabilities and the device tagging feature, critical business VMs with HCT encryption can be automatically rebuilt and recovered across nodes in the event of a host failure.
- Unified Resource Pool and Centralized Management: All resources are incorporated into the ECP resource pool and centrally managed and scheduled via CloudTower.
Device Tagging Mechanism
Solution Values
- Enhanced Encryption Capability: Evolved from an external encryption architecture to a chip-native encryption model, moving key storage and cryptographic operations directly onto the local chip. This reduces reliance on external encryption devices, minimizes the overall attack surface, and enhances data security and consistency.
- Cost Optimization: Reduces investment in encryption hardware, integrates encryption into general-purpose computing resources, and improves resource utilization and O&M efficiency, lowering total cost of ownership.
- Improved High Availability: Encrypted business VMs can be automatically rebuilt and recovered across nodes in the event of host failure, reducing downtime from hours to minutes and ensuring 7×24-hour continuous operation for critical business workloads.
- Performance Improvement: Achieves more efficient computational performance in typical scenarios such as SM2/SM3/SM4 and SSL encryption/decryption, and certificate signing/verification, meeting the performance requirements of high-concurrency transactional workloads.
Conclusion
Looking forward, SmartX will continue partnering with Hygon to drive further innovation and solution development, delivering a secure, stable, and high-performance infrastructure for enterprise core systems, and supporting enhanced business continuity and Sinovation-driven transformation.
Learn more about other SmartX joint solutions:
SmartX & Information2: Achieve HCI Disaster Recovery with Near-Zero RPO & RTO
