HPE ProLiant Gen10 Plus servers with AMD EPYC processors are the world’s most secure industry-standard servers. Find out what gives them the capabilities to defend against threats inside and out.
Security is an ever-present concern for every IT professional, and despite the alarming increase in high-profile breaches in recent months, the state of readiness for most companies when it comes to cyber security is lacking. Nearly 80% of senior IT employees and security leaders believe their companies lack sufficient protection against cyber-attacks—despite increased IT security investments made in 2020.
Hackers are becoming more sophisticated with each new wave of attacks, and simply protecting software and networks is no longer enough. Organizations need to take a holistic approach to security that begins with everything that goes into their servers, right down to the silicon.
HPE provides an intelligent, 360-degree view of security that begins at the manufacturing supply chain and concludes with a safeguarded, end-of-life decommissioning:
HPE ProLiant Gen10 Plus servers are the world's most secure industry-standard servers. This claim is based on the unique HPE-exclusive silicon root of trust technology, along with several other differentiating security technologies that are available only on HPE servers with AMD EPYC processors.
The HPE silicon root of trust protects against firmware attacks, detects previously undetectable compromised firmware and malware, and, in the event of an attack, helps the server recover rapidly to a known and secure state, with trusted firmware, and without manual intervention.
Available on HPE ProLiant Gen10 Plus servers, the HPE silicon root of trust is based on a hardware-validated boot process, ensuring that only HPE signed firmware will boot, by validating through the silicon root of trust, ensuring that your booted firmware is safe.
This involves an anchor for the boot process rooted in hardware that cannot be updated or modified in any way. When combining this foundation with a cryptographically secured signature, there are no easily accessible gaps for hackers to exploit. If a hacker inserts a virus or compromised code into the server firmware, the configuration of the firmware is changed, creating a mismatch to the digital fingerprint embedded in the silicon.
HPE iLO 5 is a remote server management processor (and firmware) embedded on the system boards of all HPE ProLiant Gen10 Plus servers. iLO 5 includes server management software that enables you to securely configure, monitor, and update your HPE servers seamlessly, from anywhere in the world.
As it initiates, iLO 5 firmware validates the basic input/output system and looks for the “digital fingerprint” of iLO firmware burned into the silicon chip. That immutable fingerprint verifies all the firmware code is valid and uncompromised. If the validation fails at any level, iLO 5 and the HPE silicon root of trust will not allow the server to power on. Because HPE makes its own silicon chip and firmware, it creates a bond that cannot be broken between the two.
Building on iLO 5, HPE iLO Advanced gives you premium security capabilities that protect your HPE servers from attacks and detect intrusions allowing you greater server security through innovations that protect your HPE servers from attack, detect potential intrusions, and allow users to recover their firmware securely.
HPE ProLiant DL3x5 Gen10 Plus servers feature AMD EPYC processors that are designed with a sophisticated suite of security features call AMD Infinity Guard. Built-in at the silicon level Infinity Guard offers the advanced capabilities required to help defend against internal and external threats—all with minimal impact on system performance.
Today, many security threats come from inside the organization. AMD Infinity Guard includes Secure Memory Encryption (SME) that helps protect against attacks on the main memory (such as certain cold-boot attacks) by encrypting the data. High-performance encryption engines integrated into the memory channels help speed performance, and all of this is accomplished without modifications to your application software.
With 2nd and 3rd Generation AMD EPYC™ processors, Infinity Guard helps safeguard privacy and integrity by encrypting each virtual machine with AMD Secure Encrypted Virtualization (SEV), which uses one of up to 509 unique encryption keys known only to the processor. This aids in protecting the confidentiality of your data even if a malicious virtual machine finds its way into your virtual machine’s memory, or a compromised hypervisor reaches into a guest virtual machine.
3rd Gen AMD EPYC processors feature the next layer of SEV called Secure Nested Paging (SEV-SNP). SEV-SNP adds strong memory integrity protection capabilities to help prevent malicious hypervisor-based attacks such as data replay, memory re-mapping, and more, to create an isolated execution environment.
AMD Infinity Guard helps secure the boot process, encrypts the entire main memory with SME, and secures virtualized environments and containers with SEV. Now, with SEV-SNP, 3rd Gen AMD EPYC processor security is stronger than ever, helping to cryptographically isolate and secure more than 500 virtual machines per server.
HPE ProLiant DL3x5 Gen10 Plus servers with AMD EPYC processors deliver peace of mind by helping you protect and grow your business:
Find out more
Hewlett Packard Enterprise