AMD Launches Ryzen PRO CPUs: Enhanced Security, Longer Warranty, Better Qualityby Anton Shilov on June 29, 2017 9:00 AM EST
This morning AMD is introducing their Ryzen PRO processors for business and commercial desktop PCs. The new lineup of CPUs includes the Ryzen 3 PRO, Ryzen 5 PRO and Ryzen 7 PRO families with four, six, or eight cores running at various frequencies. A superset to the standard Ryzen chips, the PRO chips have the same feature set as other Ryzen devices, but also offer enhanced security, 24 months availability, a longer warranty and promise to feature better chip quality.
AMD Ryzen Pro: The Family Portrait
The AMD Ryzen PRO lineup of processors consists of six SKUs that belong to the Ryzen 7, Ryzen 5 and Ryzen 3 families targeting different market segments and offering different levels of performance. As one would expect, the Ryzen 7 PRO models are aimed at workstation applications and thus have all eight cores with simultaneous multithreading enabled, the Ryzen 5 PROmodels are designed for advanced mainstream desktops and therefore have four or six cores with SMT, whereas the Ryzen 3 PRO models are aimed at office workloads that work well on quad-core CPUs without SMT. The specifications of the Ryzen 7 PRO and the Ryzen 5 PRO resemble those of regular Ryzen processors. Meanwhile, the Ryzen 3 PRO are the first chips from the Ryzen 3 lineup and thus give us a general idea what to expect from such products: four cores without SMT operating at 3.1 – 3.5 GHz base frequency along with 2+8 MB of cache.
|AMD Ryzen PRO Specifications|
|Ryzen 7 PRO 1700X||8/16||3.5 GHz||3.7 GHz||4 MB||16 MB||95 W|
|Ryzen 7 PRO 1700||3 GHz||3.7 GHz||65 W|
|Ryzen 5 PRO 1600||6/12||3.2 GHz||3.6 GHz||3 MB|
|Ryzen 5 PRO 1500||4/8||3.5 GHz||3.7 GHz||2 MB|
|Ryzen 3 PRO 1300||4/4||3.5 GHz||3.7 GHz||8 MB|
|Ryzen 3 PRO 1200||4/4||3.1 GHz||3.4 GHz|
Just like other Ryzen CPUs, all the Ryzen PRO chips fully support ECC technology, but with certain limitations when it comes to data transfer rates and memory modules — these are peculiarities of the controller and the PRO moniker cannot change them. One of the things to note is that AMD used only DDR4-2400 memory for their internal testing of the Ryzen PRO CPUs, thus, expect PC makers to use the same speed DRAM for their desktops as well.
In fact, when it comes to their general feature set, all of the AMD Ryzen PRO CPUs support the same capabilities as their non-PRO brethren do, including AMD’s SenseMi, Precision Boost, Extended Frequency Range, Neural Net Prediction and so on. There is even the AMD Ryzen 7 PRO 1700X CPU in the lineup, completely with its extended performance and 95 W TDP (the first for any AMD PRO platform). Meanwhile, there are four things that the Ryzen PRO bring to the table that give it its PRO designation: enhanced security features, enterprise-class manageability, processor and platform longevity, and enhanced quality (which we are going to touch upon later).
With the launch of the Ryzen PRO, AMD is offering pure CPUs for business desktops for the first time ever. Previously the company only offered its A PRO-series of APUs with integrated graphics and TDPs ranging from 35 to 65 W. By contrast, the new CPUs are offered with 65 – 95 thermal envelops, which means that we are not going to see ultra-small form-factor workstations running AMD Ryzen PRO, but may finally see full-sized desktops.
It makes sense to note that all Ryzen PRO CPUs, including the highest performing and the most affordable SKUs, will support all of the advertised enterprise/business-grade capabilities. AMD is especially proud about that because their rival Intel does not support enterprise features (such as vPro) on lower-end Core i3 models. At this point AMD is not disclosing the prices of its Ryzen PRO CPUs, and the only metrics that AMD uses in comparing the PRO chips against competing SKUs is performance, not MSRPs or TDPs.
|AMD Ryzen PRO Competitive Positioning Based on Performance Tier|
|Model||Key Features||Price||Model||Key Features||Price|
|Ryzen 7 PRO 1700X||8C/16T, 3.5/3.7 GHz, 16 MB L3 cache, 95 W||?||-||-||-|
|Ryzen 7 PRO 1700||8C/16T, 3/3.7 GHz, 16 MB L3 cache, 65 W||Core i7-7700||4C/8T, 3.6/4.2 GHz, 8 MB L3 cache, 65 W||$303 - $312|
|Ryzen 5 PRO 1600||6C/12T, 3.2/3.6 GHz, 16 MB L3 cache, 65 W||Core i5-7500||4C/4T, 3.4/3.8 GHz, 6 MB L3 cache, 65 W||$192 - $202|
|Ryzen 5 PRO 1500||4C/8T, 3.5/3.7 GHz, 16 MB L3 cache, 65 W|
|Ryzen 3 PRO 1300||4C/4T, 3.5/3.7 GHz, 8 MB L3 cache, 65 W||Core i3-7100||2C/4T, 3.9 GHz, 3 MB L3 cache, 51 W||$117|
|Ryzen 3 PRO 1200||4C/4T, 3.1/3.4 GHz, 8 MB L3 cache, 65 W||-||-||-|
Such comparison shows that AMD’s Ryzen PRO lineup for desktops can cover a wider range of performance requirements than Intel’s mainstream vPro offerings do. For example, the AMD Ryzen PRO 1700X does not have a direct competitor from Intel – at least, not by AMD's accounting. In addition, AMD’s Ryzen 3 PRO 1200 also does not have a corresponding rival from the Core i3 lineup from performance point of view, based on AMD’s comparison. However, since Intel also offers Core i7 and Core i5 CPUs with TDP reduced to 35 W (for which AMD does not have announced competitors in the Ryzen PRO range), such performance-focused comparison does not draw a complete picture.
New AMD Security Technologies
Now let;'s dive into the security features of the AMD Ryzen PRO platform. For years AMD’s processors for business PCs supported additional security technologies (collectively known as AMD Secure Processor and Platform Security Processor before that) enabled by the ARM TrustZone platform with the ARM Cortex-A5 core. AMD’s previous-gen PRO-series APUs included Secure Boot, Content Protection, per-Application security, fTPM 2.0, and support for Microsoft Device Guard, Windows Hello, fingerprint security, data protection and so on. The Ryzen PRO brings all of these features forward, and also adds Transparent Secure Memory Encryption (TSME) on top of them.
To explain what TSME is, it makes sense to refer to AMD’s Zen memory encryption technologies in general. The Zen microarchitecture features two important technologies: Secure Memory Encryption (SME) and Secure Encrypted Virtualization (SEV) that protect data in DRAM using a dedicated AES-128 engine.
When data is stored on storage devices, it is usually encrypted, but when it is being processed on a CPU or temporarily stored in RAM, it is almost never is, leaving open the possibility of snooping these unprotected areas. As the name suggests, Secure Memory Encryption encrypts content of DRAM in a bid to eliminate data snooping by unauthorized programs or administrators (this is more likely to happen in a server/datacenter environment, but still). This feature will be particularly important for NVDIMMs going forward as they store data even after unplugged from their hosts.
The SME encrypts data when it is written to DRAM and decrypts it when it is read. The AES-128 key is generated by a NIST SP 800-90-compliant hardware RNG and then managed by the AMD-SP hardware (thus, in a secure environment only). Although a dedicated engine performs the encryption/decryption, the process still takes time and thus adds latency to memory accesses. AMD claims that the actual performance impact is not significant, but we will have to test it ourselves before making any conclusions of our own. AMD’s Zen microarchitecture supports full and partial memory encryption for cases when performance is a concern. The one downside to this is that both partial and full encryption modes will require OSes and software to be modified in order to work properly.
More practical for daily workstation use is AMD’s Transparent SME mode. As the name impies, Transparent mode is transpartent to OSes and programs, and thus be used with legacy software. Transparent SME mode stil encrypts DRAM completely, and this mode can be enabled from BIOS. At this point Transparent SME is the only type of SME supported by the Ryzen Pro, but AMD’s EPYC processors support all of them.
Moving on, AMD's other big security feature for the PRO lineup is Secure Virtualized Encyrption (SEV). SEV in many ways resembles the SME, but in this case, it enables owners to encrypt virtual machines, isolating them from each other, hypervisors, and hosting software. The SEV is an extension to AMD’s virtualization architecture that uses the same hardware as the SME to protect/sandbox selected VMs using different AES-128 keys and eliminating some of the security risks involved in using VMs, particularly in datacenter environments. As the SEV uses different keys for different VMs, it does not work with TSME. By contrast, SEV is fully enabled on AMD’s EPYC processors (it will be interesting to see whether Threadripper chips support the feature as well).
One thing that should be noted is that both SME and SEV require support not only at processors themselves, but also at the platform and software levels. Consequently, with the exception of TSME mode (which will still require BIOS/chipset support), it will take some time before actual systems can take advantage of the new technologies supported by AMD’s Zen microarchitecture. A good thing is that owners of the Ryzen PRO will be able to use TSME already this year, and this is where AMD’s new business platform excels Intel’s Core-series offerings.
Enterprise Manageability and Reliability
In addition to the aformentioned security capabilities, business PCs require some other hardware features as well. Specifically, manageability modes.
First off, the Ryzen PRO platforms support the DASH management protocol, allowing PRO systems to be remotely managed using tools based on this industry standard (and typically developed by the individual computer vendors). AMD Pro-series processors have supported DASH for years, so for AMD this is a continuating of status quo.
Secondly, as you'd expect from a business-focused product lineup, AMD’s Ryzen PRO platforms have longer guarantees for platform stability and processor availability. Specifically, AMD is promising that the Ryzen PRO family will offer an 18 month window for platform stability and 24 month of processor availability. In other words, AMD is guaranteeing that the Ryzen PRO chips it launches this year will be available for two more years without changes to software, enabling business customers to buy and deploy new systems running the CPUs without modifying the software they use.
Finally, all AMD Ryzen PRO CPUs are covered with a 36-month limited warranty, up from 12-month warranty for consumer processors. The reason why AMD offers extended warranty for its business CPUs (apart from the fact that its customers demand this) is because it uses wafers with highest yields/least amount of defective parts to build the Ryzen Pro. AMD believes that wafers with the lowest manufacturing variability provide chips that are “set to meet long term reliability”.
Available This Fall
AMD promises to share more information about their Ryzen PRO CPUs and supporting platforms on August 29. The company is not saying that actual systems will be available on this date, but since the firm already disclosed their plans to ship Ryzen PRO in the second half of this year, it is relatively safe to assume that at least some Ryzen Pro-based desktops will ship this fall.
As for vendors, expect the usual workstation/commercial PC makers like Dell, HP, Lenovo and other to offer desktops powered by AMD’s Ryzen Pro.
Post Your CommentPlease log in or sign up to comment.
View All Comments
dave_the_nerd - Thursday, June 29, 2017 - linkThese aren't really "Pro" features, they're "features your IT department likes."
Holliday75 - Friday, June 30, 2017 - linkPlease point on this doll where the bad IT person touched you.
bcronce - Thursday, June 29, 2017 - linkI would think encrypting the memory would have the added benefit of more obvious failures in the case of bit-flips. Attacks like Row Hammer will be more difficult because flipping any bits will completely decimate the current AES block and any blocks after.
vanilla_gorilla - Thursday, June 29, 2017 - linkEveryone keeps talking about ECC support. Can someone confirm (B350) motherboard and RAM combinations that support ECC? The only thing I could find at the correct clock speed that was unbuffered ECC was Kingston ValueRAM. Which, is fine, I've used it in severs for years, although the registered variant, but I'd be fine with that if I could just get confirmation. I want to use Ryzen for a linux workstation slash vm box for dev/test and I'd like to have ECC if possible. Yes, I understand it's limited to correcting single bit errors only.
Glock24 - Thursday, June 29, 2017 - linkFrom the top my head I know the newly announced Mini-ITX Gigabyte GA-AB350N-Gaming WIFI had official ECC support, I also read about an Asus board too, but don't remember the model. More model will come with official ECC support for sure.
vanilla_gorilla - Saturday, July 1, 2017 - linkI've seen a couple boards than claim to support non-buffered ECC memory. But I can't find anyone confirmed motherboard + ECC RAM combinations that are verified to work.
Zan Lynx - Monday, July 3, 2017 - linkMy Ryzen 1700x on an ASUS PRIME X370-PRO with 2x CRUCIAL 16GB D4 2400 ECCUDIMM C17 seems to work. I haven't gotten any error reports yet but Linux seems to be reporting that all of the EDAC is active and scrubbing is running. Note that I'm running Fedora 26 beta with kernel 4.11, and I updated the BIOS in early June. Also note that this board's UEFI does not have any ECC configuration options but it seems to set it up anyway.
Arbie - Thursday, June 29, 2017 - linkThe one and only thing I dislike about by Ryzen 1800X is the decision by AMD to over-report chip temperature by 20 degC. I've read about the reason for it, but this has all the hallmarks of a late and heavy-handed band-aid to a corner case issue. They and/or the mobo manufacturers should offer an option to switch it off. At the very least, Asus (Crosshair VI) should expand the available range on fan control in the BIOS. That's the rub - with a 20C offset my fans can only be set to low or high, with non-existent middle ground for ramping. Sigh.
Aside from that - go AMD!
cilvre - Friday, June 30, 2017 - linkFrom what i recall, this has been fixed through software and bios updates. https://www.eteknix.com/amd-ryzen-master-software-...
systemBuilder - Wednesday, July 5, 2017 - linkJust to summarize, AMD chips experience catastrophic throttling just a few degrees after most fans shift into high gear. Therefore, logically, AMD decided to over-report their tempeature so that the fans would turn on sooner, so that the CPUs would throttle far less. Problem solved. It's more of a problem of Intel setting that standard and AMD having to patch around a stupid standards ~ the cpu itself should have pins selecting clock speeds, but that would screw Intel customers so Intel doesn't allow it ...