Hpe hub banner.png

HPE's Gen 10s are supposedly the most secure industry standard servers - ever

The Gen 10 servers are built, operated and disposed of with data security at the forefront

Cyber threats across the world are growing more dangerous every year. Hacking groups continue to evolve, sharing information to penetrate robust defences. As time goes on, the IT industry has realised that software layer protections are not enough, and security must extend to the hardware layer, too.

Shoring up a server's cyber defences is easy to say, but more difficult to do. You must consider the vulnerabilities that could have been introduced across the supply chain, as well as other weak spots like the running code and physical connections. Tis was the idea that prompted HPE to develop the Secure Compute Lifecycle (SCL) for its new ProLiant Gen 10 servers: a security process that begins in the factory.

Gen 10 servers were introduced last month, and adhere to the best practices of the National Institute of Standards and Technology (NIST). They are said to be ‘literally impossible to compromise'.

The first step in the SCL is installing the silicon root of trust firmware, containing Integrated Lights Out (iLO), UEFI, CPLD, Innovation Engine and Management Engine. The root of trust is matched to a ‘fingerprint' on the server's silicon; if these do not match, the server simply will not boot. HPE claims to be the only company able to accomplish this, because it is the only one making both its own silicon and firmware.

Jason Shropshire, SVP and CTO at InfusionPoint, said, "One of the things that has really excited us is HP Gen 10's Silicon Root of Trust. It enabled validation of firmware all the way up… We believe this technology will really raise the bar in the industry, for really being able to validate the integrity of the platform firmware. It really puts them [HP] up to two generations ahead of their competitors."

After insertion of the root of trust (which protects the firmware during the production process), HPE ensures that genuine, non-infected components are installed through a proprietary tracking procedure. A chassis intrusion detection device (a hood latch) can also be installed on request.

When a Gen 10 server is first booted, the iLO is the first thing to run, even before the OS. If the root of trust detects a breach, server owners have three options: recover to last known good state; recover to initial factory settings; or do not recover, in which case the server can be taken offline for forensic analysis.

During operation, regulatory compliance is another part of a server's requirements. HPE has applied the NIST 800-53 security controls, which at minimum provides a secure baseline to use an Authority to Operate.

Finally, at end of life, HPE is able to securely dispose of servers using its Intelligent Provisioning Tool or PointNext Services, deleting data according to NIST guidelines.

You may also like

EU to decide fate of $14bn HPE-Juniper Networks merger next month
/news/4333291/eu-decide-fate-usd14bn-hpe-juniper-networks-merger

Mergers

EU to decide fate of $14bn HPE-Juniper Networks merger next month

UK CMA is also investigating the deal

US court clears Mike Lynch of fraud charges
/news/4269317/us-court-clears-mike-lynch-fraud-charges

Law

US court clears Mike Lynch of fraud charges

Lynch, who faced 15 counts of fraud, says he is ‘elated’

Microsoft: Russian hackers are targeting other companies
/news/4167972/microsoft-russian-hackers-targeting-companies

Threats and Risks

Microsoft: Russian hackers are targeting other companies

Nobelium group is linked to Russian intelligence