HPE Community
Servers & Systems: The Right Compute
1758351 Members
1966 Online
108868 Solutions
New Article ๎ฅ‚
 
Subscribe to RSS Feed
|
ComputeExperts

Enabling true factory-to-cloud fleet security with HPE Compute Security

โ€Ž02-07-2024 02:26 PM

Security starts with a trusted supply chain, giving you confidence that your hardware is secure at the source. The HPE trusted supply chain provides a first line of defense against cyberattacks with servers built to the highest security standards in our secured facilities.

By Cole Humphreys, Senior Leader, HPE Global Cyber Security Product Management 

Enabling true feet security_blog_GettyImages-502170988_800_0_72_RGB.jpgAs hybrid cloud infrastructures become larger and more complex, monitoring and managing every server across the landscape, and ensuring that every server is secured against external and internal threats, becomes very challenging.

HPE ProLiant Gen11 servers are engineered to remove complexity and address your constant concerns about compute security by building in security features that provide checks and balances from the supply chain through delivery to your facility, running and operation, to end-of-life.

We start with the HPE silicon root of trust, which is firmware technology that integrates security directly into the hardware level of HPE ProLiant Gen11 servers, making it impossible to tamper with the servers during manufacturing. We extend our security protocol throughout the manufacturing process with our zero trust approach: all devices are considered untrusted until proven otherwise.

Building in trust.png

Trusted supply chain

Security starts with a trusted supply chain, giving you confidence that your hardware is secure at the source. The HPE trusted supply chain provides a first line of defense against cyberattacks with servers built to the highest security standards in our secured facilities. HPE trusted supply chain combines security, processes, and people to deliver protection for the most sensitive applications and data, even before the server is deployed at your site.

Servers manufactured with the HPE trusted supply chain configuration ship with a trusted supply chain sticker, visually ensuring that the server is verified to be free from malicious microcode and counterfeit parts and includes designed-in protections that create a 360ยฐ view for current and emerging cyberthreats.

The silicon root of trust: Security built into the very core of the technology

The HPE ILO ASIC or BMC chip acts as a silicon root of trust, making it virtually impossible to insert any malware, virus, or compromised code that would corrupt the server boot process. A digital fingerprint of the HPE iLO firmware is embedded in the HPE iLO ASIC chip. At startup, the chip verifies the HPE iLO firmware integrity and determines if it is allowed to run. If the HPE iLO firmware fails validation, the system automatically restores the HPE iLO firmware to its original factory condition.

Secure boot
Secure boot ensures that each component launched during the boot process is digitally signed, and that the signature is validated against a set of trusted certificates embedded in the UEFI BIOS.

Firmware verification
This feature allows you to view firmware scan results, set firmware scan policies, and run on-demand or scheduled system firmware scans. System firmware scans detect invalid images and quarantine them when possible. Depending on the system configuration, scans support HPE iLO firmware, system ROM (BIOS), system programmable logic device (CPLD), and more.

System recovery set
By default, a system recovery set is included with every server. This easy-to-use suite of utilities enables you to restore your system to its original factory condition.

Secure remote connection to your server fleet
The HPE GreenLake edge-to-cloud platform is a cloud-based platform that allows you to view and control your hybrid cloud estate, enabling true fleet security from factory to cloud. A secure, authenticated, and encrypted connection from your compute devices to the HPE GreenLake platform and HPE Compute Ops Management ensures you can access your environment and maintain control of it, as well as authenticate every device connection, every time.

Server decommissioning and repurposing

  • When you decommission a product or decide to use it for a different purpose, you can protect your data by using the one-button secure erase or system erase and reset feature. One-button secure erase overwrites all block devices attached to the system, including hard disks, storage systems attached to the server, and the internal storage used by HPE iLO.
  • System erase and reset clears hard drives and allows you to overwrite data on the drives. Depending on the amount of storage installed on a system, the overwrite process can take many hours or even days to complete. You can use this method to select and erase drives on a system that do not support the one-button secure erase feature.

And finallyโ€ฆ.
HPE knows how important security is to your business, and we want you to have peace of mind, knowing you can deploy securely with the compute power of HPE ProLiantโ€”from silicon to software and from factory to cloud.

Learn more @ HPE Compute Security โ€“ Trusted Security by Design | HPE .

~~~

Cole Humphries_left_Headshot.jpgMeet HPE blogger, Cole Humphreys.  Cole leads Global Cyber Security Product Management at HPE with responsibility for the security features and technologies embedded within HPEโ€™s Compute portfolio. Be sure to check out this article that he authored, too.  Securing the edge: trust nothing, verify everything

Compute Experts
Hewlett Packard Enterprise

twitter.com/hpe_compute
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers

Labels:
About the Author

ComputeExperts

Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.

Top Kudoed Authors Last 30 Days
Author
Kudos
ComputeExperts Avatar
ComputeExperts
2
marksimpkins Avatar
marksimpkins
1
View all
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.