Hewlett Packard Enterprise's Gen10 server introduction — which will be featured at Discover — represents the fulfillment of a promise CEO Meg Whitman made when she joined the company in 2011.
"I remember when I first came to HP I said to the server team, ‘I want to be able to build servers that we can advertise with confidence will withstand the scrutiny that we offer the world's most secure server,'" Whitman told CRN. "And with Gen10 we are going to be able to do that.
"If you can legitimately say — which we can — that we offer the world's most secure server, that is a differentiator that I think people will pay for because, listen, security as you well know is at the top of everyone's concerns," she said.
HPE's top executives, in fact, said the Gen10 servers will be "the world's most secure industry-standard servers" thanks to the development of major new firmware directly in its own ASIC aimed at protecting servers from breaches or malicious attacks. While many view security as a feature or as something to be built into premium configurations, HPE's approach is to make hardware-based threat protection a key pillar of an entire generation of servers, said Tim Peters, vice president and general manager of HPE's ProLiant rack and tower servers and SMB solutions.
"By doing so, we're able to, down at the silicon level, have an immutable public key or hash that's used to verify the initial block of the code," he said. "Because that key is embedded in the silicon in the factory, it has supply chain integrity all the way back to when the silicon is first created that ensures no opportunity for a breach of the firmware at any point. And it's digitally signed, it's authenticated code, that's necessary to unlock the steps up through the boot sequence from hardware all the way up through firmware into the operating system."
In the case of malware or, increasingly, a direct attack on the firmware code, the Gen10 servers detect the problem and then securely restart to recover that firmware back to its authenticated state after compromise, he said. This capability will be available from the entry-level Gen10 servers through the company's Synergy converged infrastructure offering, he said.
"The small-business customers that buy entry towers, they have as much protection to protect their continuity of business, to reboot their systems if they're attacked or there's some complication, and get it back to its original state and continue business as a corporation that buys these in their data centers," he said.
More than three years in development, the Gen10 servers mark the first time any company has added encryption and authenticated signatures into the supply chain to protect the servers, according to Peters. "You can't intercept the code from someone back in the supply chain and break it," he said. "This is built into the hardware, as the silicon is being baked."
Security is on the minds of customers as threats to their data center infrastructures grow more sophisticated, said Chris Case, president of Sequel Data Systems, an Austin, Texas-based solution provider that is HPE-exclusive when it comes to servers.
"Sometimes a hardware manufacturer will say they can't prevent attacks because they have no control over the firmware of attached devices," Case said. "Attackers are looking for new ways to attack the servers. So it's important to see HPE focus on the security of its servers."
Marc Lemke, chief technology officer at Camera Corner Connecting Point, a Green Bay, Wis., solution provider and longtime HPE partner, agreed that security is paramount. "Customers are concerned with all the attacks they're seeing on their server infrastructures," he told CRN.
This focus on security will be significant for channel partners, HPE's Peters said, and is included at no extra cost with the Gen10 servers.
"If you're a channel partner [you can] say, ‘Hey, I can put you into a server that is going to run your applications and is going to have the capacity [you need]. Or I can put you into a server that does exactly those things but yet preserves your continuity of business.' It's like buying insurance. Why would you not?"