back to article HPE claims new gen-10 ProLiants have more mem persistence, more secure server firmware

HPE today announced its generation-10 ProLiant servers – claiming they have better security and more persistent memory and manageability – while, like Dell, saying nothing much about the coming Skylake server CPUs from Intel. Instead it’s majoring on a new security feature, terabyte levels of persistent memory, a pay-as-you-go …

  1. Anonymous Coward
    Anonymous Coward

    "It calls it silicon root of trust protection, and it includes encryption and breach detection technologies and is complemented by HPE supply chain security and HPE Pointnext security assessment and protection services. HPE claims no other server supplier offers this level of security."

    Presumably the NSA / GCHQ will simply steal the signing keys...

    1. Paul Crawford Silver badge

      If its not open to inspection and to allow you to rebuild/compare with another set of compilers, then you are simply trusting them.

      Sadly that counts for little now that past incompetence and secret courts are well known.

    2. Ian Michael Gumby
      WTF?

      ?WTF?

      Seriously...

      I get you want to poke fun of those certain agencies, but this isn't about them.

      I also have to wonder... how real is the risk from a 'firmware' attack?

      I understand what they did, why they did it, but not sure how critical it is beyond a marketing point.

      1. Paul Crawford Silver badge

        Re: ?WTF?

        Given the piss-poor state of ILOM security in general it might help. But equally it might just be about screwing money out of customers for support contracts as no other update routes are possible,

        But equally, what sort of muppet puts server management ports on the internet at large?

      2. Anonymous Coward
        Anonymous Coward

        Re: ?WTF?

        "I also have to wonder... how real is the risk from a 'firmware' attack?"

        Very. We already know about persistent PC Malware. For instance from Lenovo...

  2. baspax

    I looked at the management platform for iLO and I can't believe what piece of crap it is. A >>RING<< network architecture??

    1. Anonymous Coward
      Anonymous Coward

      "A >>RING<< network architecture??"

      No idea what you are talking about. ILO is standard Ethernet.

  3. Sandtitz Silver badge
    Meh

    Blah.

    The firmware security sounds like marketing talk. Very unlikely stuff IMO.

    I'm more interested whether HPE will resurrect the Proliant 385/585 lines if and when AMD releases their Zen server products.

    The persistent memory also sounds great but how much TB of it will cost? (if I have to ask I can't afford it, right?)

    And how does it work exactly - does the OS see it as an ordinary drive, or do the applications need to support it?

    1. Anonymous Coward
      Anonymous Coward

      Re: Blah.

      "...but how much TB of it will cost? "

      Well seeing as you can get SSDs that are faster, more resilient, newer generation, same or better make to the ones that HP will sell you but cost about a third of the price, expect to be paying many thousands of dollars for a TB.

      So why not use the much better third party SSDs? Ah, because HP Proliants will detect this and will put a permanent amber fault light on the box, and a permanent fault report in the system management tools and will often refuse any support despite having a support contract because they know there are third party drives in there (regardless if the problem could be classed as drive/storage related).

      It wouldn't be so bad if it was just a 10~20% manufacturer premium but 300%! Pah - I've got amber lights on my servers!

  4. David Austin

    Vendor Lockin

    Call my cynical, but the silicon root of trust protection sounds like a good way to squeeze money out of customers: No Support contract, no firmware updates - Possibly even a selective feature shutdown.

    Also trying to wrap my head around how PAYG would work: How would they not lose money to people massively over-provisioning (Which means the hardware needs to be in the box in the first place), then never turning any of it on?

    1. Nate Amsden

      Re: Vendor Lockin

      HP has had a policy of no support no firmware updates for years now..though at least with proliants they don't do anything to really enforce it (e.g. you can download the Proliant service pack cd with a support contract from one system and use it on any other systems you want).

      For me it would be nice if they fixed this in Gen10, which causes my Gen9 systems to hang on boot unless I am really careful(yes I boot from SAN):

      http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04822613&sp4ts.oid=7500984

  5. Anonymous Coward
    Anonymous Coward

    Ho hum

    Here am I, stuck with the unmanageable dross that is Lenovo.

  6. nijam Silver badge

    ... made from custom HPE silicon and iLO firmware.

    Improved attack surface. (At least two possible readings of the phrase are possible, choose whichever you prefer.)

  7. Anonymous Coward
    Anonymous Coward

    Can it boot in under 30 minutes though?

    Seriously.... if they could just make their servers actually boot in less than 10 minutes I'd be happy. Debugging a hardware issue or OS install issue is so painful when each reboot feels like watching paint dry.

  8. razorfishsl

    sounds more like an attempt to control the severs and prevent a second hand market

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021