AMD Launches Ryzen PRO CPUs: Enhanced Security, Longer Warranty, Better Quality
by Anton Shilov on June 29, 2017 9:00 AM ESTThis morning AMD is introducing their Ryzen PRO processors for business and commercial desktop PCs. The new lineup of CPUs includes the Ryzen 3 PRO, Ryzen 5 PRO and Ryzen 7 PRO families with four, six, or eight cores running at various frequencies. A superset to the standard Ryzen chips, the PRO chips have the same feature set as other Ryzen devices, but also offer enhanced security, 24 months availability, a longer warranty and promise to feature better chip quality.
AMD Ryzen Pro: The Family Portrait
The AMD Ryzen PRO lineup of processors consists of six SKUs that belong to the Ryzen 7, Ryzen 5 and Ryzen 3 families targeting different market segments and offering different levels of performance. As one would expect, the Ryzen 7 PRO models are aimed at workstation applications and thus have all eight cores with simultaneous multithreading enabled, the Ryzen 5 PROmodels are designed for advanced mainstream desktops and therefore have four or six cores with SMT, whereas the Ryzen 3 PRO models are aimed at office workloads that work well on quad-core CPUs without SMT. The specifications of the Ryzen 7 PRO and the Ryzen 5 PRO resemble those of regular Ryzen processors. Meanwhile, the Ryzen 3 PRO are the first chips from the Ryzen 3 lineup and thus give us a general idea what to expect from such products: four cores without SMT operating at 3.1 – 3.5 GHz base frequency along with 2+8 MB of cache.
AMD Ryzen PRO Specifications | ||||||||
Cores/Threads | Frequency | Cache | TDP | |||||
Base | Boost | L2 | L3 | |||||
Ryzen 7 PRO 1700X | 8/16 | 3.5 GHz | 3.7 GHz | 4 MB | 16 MB | 95 W | ||
Ryzen 7 PRO 1700 | 3 GHz | 3.7 GHz | 65 W | |||||
Ryzen 5 PRO 1600 | 6/12 | 3.2 GHz | 3.6 GHz | 3 MB | ||||
Ryzen 5 PRO 1500 | 4/8 | 3.5 GHz | 3.7 GHz | 2 MB | ||||
Ryzen 3 PRO 1300 | 4/4 | 3.5 GHz | 3.7 GHz | 8 MB | ||||
Ryzen 3 PRO 1200 | 4/4 | 3.1 GHz | 3.4 GHz |
Just like other Ryzen CPUs, all the Ryzen PRO chips fully support ECC technology, but with certain limitations when it comes to data transfer rates and memory modules — these are peculiarities of the controller and the PRO moniker cannot change them. One of the things to note is that AMD used only DDR4-2400 memory for their internal testing of the Ryzen PRO CPUs, thus, expect PC makers to use the same speed DRAM for their desktops as well.
In fact, when it comes to their general feature set, all of the AMD Ryzen PRO CPUs support the same capabilities as their non-PRO brethren do, including AMD’s SenseMi, Precision Boost, Extended Frequency Range, Neural Net Prediction and so on. There is even the AMD Ryzen 7 PRO 1700X CPU in the lineup, completely with its extended performance and 95 W TDP (the first for any AMD PRO platform). Meanwhile, there are four things that the Ryzen PRO bring to the table that give it its PRO designation: enhanced security features, enterprise-class manageability, processor and platform longevity, and enhanced quality (which we are going to touch upon later).
With the launch of the Ryzen PRO, AMD is offering pure CPUs for business desktops for the first time ever. Previously the company only offered its A PRO-series of APUs with integrated graphics and TDPs ranging from 35 to 65 W. By contrast, the new CPUs are offered with 65 – 95 thermal envelops, which means that we are not going to see ultra-small form-factor workstations running AMD Ryzen PRO, but may finally see full-sized desktops.
It makes sense to note that all Ryzen PRO CPUs, including the highest performing and the most affordable SKUs, will support all of the advertised enterprise/business-grade capabilities. AMD is especially proud about that because their rival Intel does not support enterprise features (such as vPro) on lower-end Core i3 models. At this point AMD is not disclosing the prices of its Ryzen PRO CPUs, and the only metrics that AMD uses in comparing the PRO chips against competing SKUs is performance, not MSRPs or TDPs.
AMD Ryzen PRO Competitive Positioning Based on Performance Tier | |||||||
AMD | Intel | ||||||
Model | Key Features | Price | Model | Key Features | Price | ||
Ryzen 7 PRO 1700X | 8C/16T, 3.5/3.7 GHz, 16 MB L3 cache, 95 W | ? | - | - | - | ||
Ryzen 7 PRO 1700 | 8C/16T, 3/3.7 GHz, 16 MB L3 cache, 65 W | Core i7-7700 | 4C/8T, 3.6/4.2 GHz, 8 MB L3 cache, 65 W | $303 - $312 | |||
Ryzen 5 PRO 1600 | 6C/12T, 3.2/3.6 GHz, 16 MB L3 cache, 65 W | Core i5-7500 | 4C/4T, 3.4/3.8 GHz, 6 MB L3 cache, 65 W | $192 - $202 | |||
Ryzen 5 PRO 1500 | 4C/8T, 3.5/3.7 GHz, 16 MB L3 cache, 65 W | ||||||
Ryzen 3 PRO 1300 | 4C/4T, 3.5/3.7 GHz, 8 MB L3 cache, 65 W | Core i3-7100 | 2C/4T, 3.9 GHz, 3 MB L3 cache, 51 W | $117 | |||
Ryzen 3 PRO 1200 | 4C/4T, 3.1/3.4 GHz, 8 MB L3 cache, 65 W | - | - | - |
Such comparison shows that AMD’s Ryzen PRO lineup for desktops can cover a wider range of performance requirements than Intel’s mainstream vPro offerings do. For example, the AMD Ryzen PRO 1700X does not have a direct competitor from Intel – at least, not by AMD's accounting. In addition, AMD’s Ryzen 3 PRO 1200 also does not have a corresponding rival from the Core i3 lineup from performance point of view, based on AMD’s comparison. However, since Intel also offers Core i7 and Core i5 CPUs with TDP reduced to 35 W (for which AMD does not have announced competitors in the Ryzen PRO range), such performance-focused comparison does not draw a complete picture.
New AMD Security Technologies
Now let;'s dive into the security features of the AMD Ryzen PRO platform. For years AMD’s processors for business PCs supported additional security technologies (collectively known as AMD Secure Processor and Platform Security Processor before that) enabled by the ARM TrustZone platform with the ARM Cortex-A5 core. AMD’s previous-gen PRO-series APUs included Secure Boot, Content Protection, per-Application security, fTPM 2.0, and support for Microsoft Device Guard, Windows Hello, fingerprint security, data protection and so on. The Ryzen PRO brings all of these features forward, and also adds Transparent Secure Memory Encryption (TSME) on top of them.
To explain what TSME is, it makes sense to refer to AMD’s Zen memory encryption technologies in general. The Zen microarchitecture features two important technologies: Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) that protect data in DRAM using a dedicated AES-128 engine.
When data is stored on storage devices, it is usually encrypted, but when it is being processed on a CPU or temporarily stored in RAM, it is almost never is, leaving open the possibility of snooping these unprotected areas. As the name suggests, Secure Memory Encryption encrypts content of DRAM in a bid to eliminate data snooping by unauthorized programs or administrators (this is more likely to happen in a server/datacenter environment, but still). This feature will be particularly important for NVDIMMs going forward as they store data even after unplugged from their hosts.
The SME encrypts data when it is written to DRAM and decrypts it when it is read. The AES-128 key is generated by a NIST SP 800-90-compliant hardware RNG and then managed by the AMD-SP hardware (thus, in a secure environment only). Although a dedicated engine performs the encryption/decryption, the process still takes time and thus adds latency to memory accesses. AMD claims that the actual performance impact is not significant, but we will have to test it ourselves before making any conclusions of our own. AMD’s Zen microarchitecture supports full and partial memory encryption for cases when performance is a concern. The one downside to this is that both partial and full encryption modes will require OSes and software to be modified in order to work properly.
More practical for daily workstation use is AMD’s Transparent SME mode. As the name impies, Transparent mode is transpartent to OSes and programs, and thus be used with legacy software. Transparent SME mode stil encrypts DRAM completely, and this mode can be enabled from BIOS. At this point Transparent SME is the only type of SME supported by the Ryzen Pro, but AMD’s EPYC processors support all of them.
Moving on, AMD's other big security feature for the PRO lineup is Secure Virtualized Encyrption (SEV). SEV in many ways resembles the SME, but in this case, it enables owners to encrypt virtual machines, isolating them from each other, hypervisors, and hosting software. The SEV is an extension to AMD’s virtualization architecture that uses the same hardware as the SME to protect/sandbox selected VMs using different AES-128 keys and eliminating some of the security risks involved in using VMs, particularly in datacenter environments. As the SEV uses different keys for different VMs, it does not work with TSME. By contrast, SEV is fully enabled on AMD’s EPYC processors (it will be interesting to see whether Threadripper chips support the feature as well).
One thing that should be noted is that both SME and SEV require support not only at processors themselves, but also at the platform and software levels. Consequently, with the exception of TSME mode (which will still require BIOS/chipset support), it will take some time before actual systems can take advantage of the new technologies supported by AMD’s Zen microarchitecture. A good thing is that owners of the Ryzen PRO will be able to use TSME already this year, and this is where AMD’s new business platform excels Intel’s Core-series offerings.
Enterprise Manageability and Reliability
In addition to the aformentioned security capabilities, business PCs require some other hardware features as well. Specifically, manageability modes.
First off, the Ryzen PRO platforms support the DASH management protocol, allowing PRO systems to be remotely managed using tools based on this industry standard (and typically developed by the individual computer vendors). AMD Pro-series processors have supported DASH for years, so for AMD this is a continuating of status quo.
Secondly, as you'd expect from a business-focused product lineup, AMD’s Ryzen PRO platforms have longer guarantees for platform stability and processor availability. Specifically, AMD is promising that the Ryzen PRO family will offer an 18 month window for platform stability and 24 month of processor availability. In other words, AMD is guaranteeing that the Ryzen PRO chips it launches this year will be available for two more years without changes to software, enabling business customers to buy and deploy new systems running the CPUs without modifying the software they use.
Finally, all AMD Ryzen PRO CPUs are covered with a 36-month limited warranty, up from 12-month warranty for consumer processors. The reason why AMD offers extended warranty for its business CPUs (apart from the fact that its customers demand this) is because it uses wafers with highest yields/least amount of defective parts to build the Ryzen Pro. AMD believes that wafers with the lowest manufacturing variability provide chips that are “set to meet long term reliability”.
Available This Fall
AMD promises to share more information about their Ryzen PRO CPUs and supporting platforms on August 29. The company is not saying that actual systems will be available on this date, but since the firm already disclosed their plans to ship Ryzen PRO in the second half of this year, it is relatively safe to assume that at least some Ryzen Pro-based desktops will ship this fall.
As for vendors, expect the usual workstation/commercial PC makers like Dell, HP, Lenovo and other to offer desktops powered by AMD’s Ryzen Pro.
75 Comments
View All Comments
EasyListening - Monday, July 3, 2017 - link
tryhardK_Space - Monday, July 3, 2017 - link
You have -unintentionally- raised a valid point: Anton, are you sure about your clarification for platform stability and processor availability? I thought they were referring to RAS (Reliability, availability and serviceability) given the nature of the environment in which the processor will be deployed in.... that's quite different to: "AMD is guaranteeing that the Ryzen PRO chips it launches this year will be available for two more years without changes to software, enabling business customers to buy and deploy new systems running the CPUs without modifying the software they use."See: https://en.wikipedia.org/wiki/Reliability,_availab...
Outlander_04 - Tuesday, July 4, 2017 - link
Its easy to spot the intel fanboys , and how challenged their world view is