HPE delivers on promise of trusted security capabilities for Gen11 server

Hewlett Packard Enterprise Co. made a commitment when it introduced its HPE ProLiant Gen11 servers in November, which were engineered for the hybrid world to deliver trusted security by design and optimize performance for workloads.

The company cites various statistics to emphasize its goal: Gen11 added 28 new world records, delivering up to 99% higher performance and 43% more energy efficiency than the previous version.

“Whether it’s the performance, whether it’s the power efficiency, whether it’s security, all of those capacities are in this platform,” said Kevin Depew (pictured), senior director of future server architecture at HPE. “Security is part of our DNA. We put it into the design from the very beginning, and we’ve partnered with AMD to deliver what we think is a very compelling story.”

Depew spoke with theCUBE industry analyst Lisa Martin for a special “HPE ProLiant Gen11 – Trusted Security by Design” launch event during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed HPE’s partner ecosystem, how the company is adding value for customers, and why HPE says Gen11 is “fundamental.” (* Disclosure below.)

Security as a critical component

A good server requires reliability, excellent performance from systems and outstanding power efficiency. HPE has also focused on security, according to Depew, which he referred to as one of the fundamental capabilities of the platform.

“We built on top of capabilities like our Silicon Root of Trust, which ensures that the firmware stack on these platforms is not compromised,” he said. “Those continue in this platform and have been expanded on. We have our trusted supply chain, and we’ve expanded on that as well. We have a lot of security capabilities, our platform certificates, our IDE.”

HPE has had its Silicon Root of Trust since its Gen10 platforms. This time, it has extended that through its Security Protocol and Data Model, or SPDM, a security capability in servers that uses an open standards-based approach to monitor and authenticate devices securely.

The new model

HPE saw a problem in the industry regarding the ability to authenticate option cards and other devices in the system.

“Silicon Root of Trust verified many pieces of firmware in the platform, but one piece that it wasn’t verifying was the option cards,” Depew said.

That posed an issue when HPE realized it could not solve the problem alone because it needed to work with its partners to verify storage option cards, a NIC, or even devices in the future. So, HPE worked with industry standards bodies to create the SPDM specification.

“What that allows us to do is authenticate the option cards in the systems. So that’s one of our new capabilities that we’ve added in these platforms,” he said. “So we’ve gone beyond securing all of the things that Silicon Root of Trust secured in the past to extending that to the option cards and their firmware as well.”

A partner ecosystem and a value add

HPE has since worked with its option card vendors and other industry partners to support SPDM. 

“Everybody agrees that this is a problem that had to be solved. But to solve it, you’ve got to have a partnership,” Depew said. 

To get a method that could authenticate and trust the option cards in the system, HPE was required to work with its option card vendors, using some of the capabilities that it works with some of its processor vendor partners as well.

“Working with partners across the industry, we were able to deliver SPDM so we know that option card, whether it’s a storage card, or a NIC card, or GPUs in the future, those may not be there from day one, but we know that those option cards are what they intended,” Depew said.

HPE has also had a longstanding relationship with AMD and has continued to collaborate on a partnership to improve processors and add value for consumers.

“That partnership allows both parties to create better platforms, because we understand what they’re capable of. They understand what our needs are as a server provider,” Depew said. “So we help them make their processors better, and they help us make our products better.”

Here’s theCUBE’s complete video interview with Kevin Depew:

(* Disclosure: TheCUBE is a paid media partner for the “HPE ProLiant Gen11 – Trusted Security by Design” livestream event. Neither Hewlett Packard Enterprise Co., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE