At its Discover conference this week, HPE is pulling back the curtains on firmware security and advances in software-defined IT aimed to reduce costs and increase system flexibility for its users and help it stay ahead of competitors in next-generation infrastructure.
There is plenty of competition in the market for converged and hyperconverged data center systems, but at the moment HPE has the lead in composable infrastructure, a term gaining currency in the system management world.
Composable infrastructure allows data center managers to deploy infrastructure resources using software commands, notes Patrick Moorhead, founder of Moor Insights and Strategy.
Initially deployed as a feature on HPE’s Synergy family, the idea is that by treating hardware and storage infrastructure as fluid pools of resources that can be deployed at will, enterprises can reduce data center costs and the time it takes to spin up new applications.
“This is an area where HPE has the lead,” Moorhead says. “I see this as a continuum where there’s converged, hyperconverged and then composable infrastructure.”
But the competition, notably Dell-EMC, is closing in on composable IT technology, notes Moorhead. So this week in Las Vegas, HPE is showing off innovations meant to keep it a step ahead.
Essential to HPE software-defined infrastructure enhancements is HPE OneView 3.1, which will support the company’s Gen 10 servers. “OneView is a huge enabler of our composablity; that’s really the software behind how we take pieces of server storage networking as a fluid resource that can be composed,” said Doug Strain, server management product manager at HPE.
Among enhancements to OneView is intelligent system tuning, which allows systems to boost processor performance for certain workloads while also modulating frequency using a technique known as jitter smoothing. Jitter smoothing helps ensure that data is not lost while boosting core performance. This enables trading systems in which trade data can not be lost, for example, to take advantage of core boosting when high performance is required.
The new version of OneView also offers more than a dozen preset workload settings to make it easier for customers to tune systems for certain types of applications. The feature includes presets for low latency, graphics processing, web e-commerce and virtualized power-efficient workloads.
HPE is also pushing the boundaries on persistent memory technology, which brings together the performance of DRAM with the persistence of flash. The company essentially has combined a layer of DRAM, a layer of flash and an integrated power source — a Smart Storage Battery that sits behind the drive cage and plugs into the motherboard through memory slots.
Up to now, HPE has been offering persistent memory in the form of NVDIMM modules, which fit into standard server DIMM slots. Applications in NVDIMM can run much faster in persistent memory than they do in standard block storage devices since data doesn’t have to move back and forth between the CPU and the hard drive, for example. Data is also retained if a server crashes.
HPE is announcing at Discover that capacity on NVDIMM modules will be expanded from 8GB to 16GB. But the big advance, also set to be demonstrated this week, will come with terabyte-scalable persistent memory that resides right on the memory bus.
“When you start getting up into terabyte level persistent memory you are starting to open the door for different use cases,” says Bret Gibbs, HPE’s persistent memory product manager.
While NVDIMMS can handle smaller databases, transaction logs and index files, scalable persistent memory can handle large-scale, high-performance systems such as the Hekaton in-memory database for OLTP workloads built into Microsoft SQL server and the systems used by, for example, high-frequency traders.
While NVDIMMs cost more than, say, DRAM modules, persistent memory can lower overall system costs, Gibbs said. Users can get better performance out of their servers using persistent memory, reducing the number of core pairs needed in servers, and since server pricing is often based on the number of cores, overall costs can come down, he noted.
HPE is also touting enhancements to server security at the firmware level via what it calls a “silicon root of trust.” Although firmware attacks are on the rise, it’s a topic that needs a higher profile, according to industry association ISACA. “Many vulnerabilities are present in an area not frequently addressed within the infrastructure of almost all organizations: firmware,” ISACA reported in a recent security survey.
HPE is fusing cryptographic algorithms and custom code into the silicon for the iLO firmware chips it builds at its own factories, creating what company officials call a digital “fingerprint.” Malware would change the bits in the firmware and create a mismatch with the fingerprint embedded in the silicon, which would then prevent the server from booting up until a recovery process is completed.
It’s a twist on the hardware root of trust already in place in other systems and mobile devices. The difference is that the silicon root of trust not only protects the UEFI (Unified Extensible Firmware Interface) — the modern BIOS — but all aspects of the firmware management processor and logic that drives the voltage and regulation to get systems up and running, according to Mark Potter, HPE’s CTO.
In addition, since the silicon root of trust is essentially burned into the silicon at HPE’s own plants, the company can protect firmware along the whole supply chain up to the users’ facilities, Potter added. The technology will be available on any HPE server running iLO 5.0.
With the Gen 10 platform, HPE is also offering behavior-analytics security technology it acquired with the purchase of Niara earlier this year, which the company is integrating with Aruba’s ClearPass Policy Manager access control platform. Niara uses machine learning and big data analytics to detect anomalous user behavior, among other things.
The Gen 10 platform also offers the Commercial National Security Algorithm Suite (CSNA) promoted by the U.S. National Security Agency (NSA) as well as Federal Information Processing Standard (FIPS) 140-2, which the government uses to approve cryptographic modules.
Anyone hoping to go to Las Vegas to get the latest speeds, feeds and pricing information on HPE’s updated server lines will be disappointed, though, since the company’s new Gen 10 servers are not being officially launched yet. Details on processors, for example, will have to wait until Intel launches its latest generation Xeon chips with Skylake architecture, likely sometime in the third quarter.
HPE did, however, say that the following servers will be released in the third quarter: the ProLiant BL460c Gen10 Server Blade; the ProLiant DL360, DL380 and DL560 Gen10 servers; and the Synergy 480 and 660 Gen10 Compute Modules.
Slated for delivery in the fourth quarter are ProLiant Gen10 models ML110, ML350, DL120, DL160, DL180 and DL580 servers.
OneView will eventually rolled out across the breadth of HPE’s server system portfolio.