HPE Gen10 Servers—the most secure industry standard servers1—have a strong security foundation to protect against malicious threats. The HPE Secure Compute Lifecycle offers cradle to the grave protection across the life of the server. Today, we're going to take a closer look how the HPE Secure Lifecycle can help boost your customers’ defenses against attacks.
1. Silicon to supply chain
With HPE Gen10 Servers, HPE offers the first industry standard servers to include a silicon root of trust. Before the server is even manufactured, HPE is designing the silicon root of trust which allows firmware to be scanned and monitored through a series of integrity checks that initiate from an immutable link embedded in the silicon. From the custom silicon fabrication facility, the HPE firmware anchored in the silicon root of trust is inserted in a mother board and the server is assembled. Once the server arrives safely at the customer location and it is put into operation, the iLO firmware is the first component to initialize. Over 1 million lines of firmware code run before the operating system is even started and the silicon root of trust acts as an authentication fingerprint, ensuring the server essential firmware has not been compromised.
2. Ongoing operations
While the server is operating, if any unwanted action to gain access to the server's firmware occurs, HPE will notify the customer through an iLO audit log alert. In addition, HPE provides the unprecedented ability to fully recover firmware to a known good state in the unlikely event of a security breach. HPE can automatically recover the server essential firmware through the HPE iLO 5 Advanced Premium Security Edition. This new license gives customers the option of recovering to the last known good state of firmware, the factory settings, or customers may choose to not recover and instead take the server offline for forensic analysis to determine how the breach occurred
3. Data flow
With HPE ProLiant Gen10 Servers, customers can choose from 4 levels of protection:
- CNSA (Commercial National Security Algorithm) Suite:
- HPE is the first server manufacturer to announce support for the new CNSA Suite.
- CNSA provides the very highest levels of protection for handling the most sensitive information.
- FIPS (Federal Information Processing Standards) 140-2
- Increased cryptography
- FIPS Validated
- High Security Mode
- Closes off host interface to traffic
- Higher grade cryptography
- Production Mode
- Secure on network
- Trusts OS authentication
- Maximum interoperability with existing software
4. Compliance Planning
Protection from cyber crime is not the only security customers need to worry about. They must also be sure to comply with a myriad of new data protection regulations. The HPE infrastructure stack, including servers, storage, and networking, has been validated against the National Institute of Standard and Technology (NIST) 800-53 controls —foundation for accelerating regulatory compliance initiatives like EU General Data Protection Regulation (EU GDPR).
5. End of Life
Along the HPE Secure Compute Lifecycle products will eventually reach their natural end of life. It is important to properly dispose of equipment and ensure data is securely erased and cannot be reconstructed or retrieved. Erasing data can be accomplished through the HPE Intelligent Provisioning Tool or through the HPE Point Next Services. HPE Point Next will ensure all data is erased in accordance with NIST guidelines so the information can never be resurrected, even by the most enterprising hacker.
The HPE Secure Compute Lifecycle provides a holistic and comprehensive approach to security for your customers’ server infrastructure. Want to increase security even more? Be sure to pair your customers’ HPE ProLiant Gen10 servers with Windows Server 2016 licensing from HPE. Not only will this ensure they have a complete server solution, but Windows Server 2016 also offers many new and improved security features such as:
- Trusted/Secure Boot: Secures the server environment and data and ensures the OS is not compromised. Protects Windows Server against malware or other tampering.
- Windows Defender: Provides immediate protection- minimizes security exposure during first-run and scheduled updates. Provides always-on protection that monitors and scans all downloads or applications.
- Just in Time (JIT) and Just Enough Administration (JEA): Reduces the number of administrators on the server, enhances security control of particular tasks, and provides improved auditing and reporting of activities.
Have questions about HPE OEM Microsoft products/solutions, Windows Server 2016, or HPE Servers? Join the Coffee Coaching community to keep up with the latest HPE OEM Microsoft news and interact with HPE and Microsoft experts.
Follow us on Twitter | Join our LinkedIn group | Like us on Facebook | Watch us on YouTube | Email us a question
1. Based on external firm conducting cyber security penetration testing of a range of server products from a range of manufactures, May 2017
Willa
Willa manages the HPE | Microsoft Coffee Coaching program. Follow along to learn more about the latest HPE OEM Microsoft product releases and how the HPE Microsoft partnership can benefit partners and customers.
