Monday , 23 July 2018
Home >> S >> Security >> HPE’s Gen 10s are supposedly the most secure industry standard servers

HPE’s Gen 10s are supposedly the most secure industry standard servers

Cyber threats across the world are growing more dangerous every year. Hacking groups continue to evolve, sharing information to penetrate robust defences. As time goes on, the IT industry has realised that software layer protections are not enough, and security must extend to the hardware layer, too.

Shoring up a server’s cyber defences is easy to say, but more difficult to do. You must consider the vulnerabilities that could have been introduced across the supply chain, as well as other weak spots like the running code and physical connections. Tis was the idea that prompted HPE to develop the Secure Compute Lifecycle (SCL) for its new ProLiant Gen 10 servers: a security process that begins in the factory.

Gen 10 servers were introduced last month, and adhere to the best practices of the National Institute of Standards and Technology (NIST). They are said to be ‘literally impossible to compromise’.

The first step in the SCL is installing the silicon root of trust firmware, containing Integrated Lights Out (iLO), UEFI, CPLD, Innovation Engine and Management Engine. The root of trust is matched to a ‘fingerprint’ on the server’s silicon; if these do not match, the server simply will not boot. HPE claims to be the only company able to accomplish this, because it is the only one making both its own silicon and firmware.

Jason Shropshire, SVP and CTO at InfusionPoint, said, “One of the things that has really excited us is HP Gen 10’s Silicon Root of Trust. It enabled validation of firmware all the way up… We believe this technology will really raise the bar in the industry, for really being able to validate the integrity of the platform firmware. It really puts them [HP] up to two generations ahead of their competitors.”

After insertion of the root of trust (which protects the firmware during the production process), HPE ensures that genuine, non-infected components are installed through a proprietary tracking procedure. A chassis intrusion detection device (a hood latch) can also be installed on request.

When a Gen 10 server is first booted, the iLO is the first thing to run, even before the OS. If the root of trust detects a breach, server owners have three options: recover to last known good state; recover to initial factory settings; or do not recover, in which case the server can be taken offline for forensic analysis.

During operation, regulatory compliance is another part of a server’s requirements. HPE has applied the NIST 800-53 security controls, which at minimum provides a secure baseline to use an Authority to Operate.

Finally, at end of life, HPE is able to securely dispose of servers using its Intelligent Provisioning Tool or PointNext Services, deleting data according to NIST guidelines.

Further reading

<!–

–>

  • <!–

  • Save this article

  • –>

close
==[ Click Here 1X ] [ Close ]==