*VIDEO* Say Hello To HPE ProLiant DX Servers for Nutanix
HPE and Nutanix are partnering to deliver a best-of-breed jointly engineered integrated system as well as a cloud-like pay-as-you-go infrastructure as a Service offering. These hyperconverged infrastructure based solutions deliver a choice of consumption models, configurations, hypervisors, security and clouds. This power of choice provides IT the optimal mix of simplicity and efficiency in running their organizations’ critical workloads.
The HPE Proliant DX for Nutanix is a high-performance HPE server with a broad portfolio of configurations that support a wide range of workloads, only we’ve taken steps to make it the most Nutanix-friendly server lineup possible. We’ve done so by adding factory-installed firmware specific for Nutanix environments and established a cooperative support model, where Nutanix troubleshoots the software and HPE services the hardware and then combining support resources when the root cause is somewhere in-between. The platform supports multiple hypervisors including the Nutanix AHV hypervisor built-in at no additional charge or the option to use VMware ESXi or Microsoft Hyper-V hypervisors.
The HPE ProLiant DX is built on the proven technology and performance of HPE ProLiant DL and Apollo. HPE has taken the best of both and put it to work in Nutanix environments.
Performance & ease of use:
Performance and optimization begins right at the factory, with fine-tuning and software installation done before the server even leaves the building, creating a solution that’s ready to go out-of-the-box. By ensuring servers are ready to go as soon as you receive them, you can save time on setup, limit downtime, and increase performance.
We also enable 1-click firmware updates and upgrades via a single dashboard. This helps reduce administrative overhead as well as routine maintenance time.
Compatibility & service:
Our model ensures any HPE ProLiant DX configuration will work properly within Nutanix environments. From there, Nutanix and HPE cooperative support make sure any hardware and software issues are resolved quickly to limit downtime. And while HPE 3-year Next Business Day Support is included, HPE does also offer additional upgrade options. If spare parts are needed in the future, you can rest assured that the spare sent will be completely compatible with the Nutanix ecosystem.
Also, adding even more choice, customers now have multiple purchase methods. They can opt for the as-a-Service, pay-as-you-use-it route with HPE Greenlake or the more traditional CapEx purchase model—whichever best aligns with their current budgetary requirements. With a pay-as-you-go consumption model HPE GreenLake with Nutanix Enterprise Cloud software provides infrastructure on-demand on-premises that are billed as it is used. There is no-front purchase. In addition to a public cloud-like billing model, customers also have the option to outsource operations to HPE PointNext services.
Overall, the addition of the HPE ProLiant DX is an opportunity for IT customers to move on and move up from their current infrastructure. It’s time to move up with HPE and Nutanix.
Today, every organization faces cyber threats like malware and hacking. HPE has gone to great lengths to develop the world’s most secure industry-standard servers on all levels, including firmware and BIOS—and the HPE ProLiant DX is no exception. The core of the security is HPE Silicon Root of Trust to protect the firmware, along with 24/7 monitoring, predictive machine learning, and HPE iLo Advanced Premium licensing (for endpoint protection), all of which combine to protect and address major enterprise-level cyber risks like data breach, theft, and corruption, including business interruption and cyber extortion.
As a result, HPE is the only systems vendor recognized by global insurer broker and risk advisor Marsh for inclusion in its exclusive Cyber Catalyst program. Customers that deploy products with Cyber Catalyst designation may also be eligible for enhanced terms and conditions on cyber insurance policies.
HPE Silicon Root of Trust: is the foundational element for control plane security that differentiates HPE from all our competition. Dell has been very vocal recently and says that they too, have a silicon root of trust. But, their root of trust is based on the silicon inside the processor, which only verifies part of the BIOS firmware and none of the BMC firmware. Slides. The HPE Silicon Root of Trust is based on and anchored into our BMC silicon that we make ourselves. All of our competitors, buy their BMC silicon “off the shelf” from Aspeed and others, which makes it impossible to anchor their firmware. The HPE BMC silicon, also called iLO5 silicon, has physical changes to the chip that embeds a fingerprint, creating a unique match to all the server firmware in the BMC, BIIOS, CPLD, ME, and SPS. Proof of our HPE superiority, comes from a couple 3rd party independent cyber security testing firms. See the video at about 3 minutes, where HPE is declared as 2 generations ahead of our competitors:
HPE Aruba uses artificial intelligence and machine learning, unlike any other competitor. This capability is based on and contingent upon using 2 products simultaneously: HPE Clearpass and HPE Introspect. Although our competitors have strong firewalls and access points like HPE Clearpass and they have some ability to monitor the network traffic, they do NOT have the ability to detect a potential hacker inside the network and then automatically quarantine that user. HPE has this differentiated ability and it works like this: Users use HPE Clearpass and enter their credentials for validation. Once the accepted user name and password is accurately given, HPE Clearpass allows that person into the Aruba network. Once the user is inside, the HPE Introspect technology uses artificial intelligence to monitor the traffic and based on huge sets of data, can determine through machine learning if any of the users inside the network are exhibiting behaviour that resembles a hacker. HPE Introspect then communicates back to HPE Clearpass that a suspected bad actor is inside the network. HPE Clearpass then automatically blocks that user or quarantines that user, until his or her credentials can be re-verified. Essentially, HPE Aruba networking can prevent a breach to the customer’s IT infrastructure, before any damage is done.
Multi-network role based network access is a specific capability available from HPE Aruba networks. Essentially, this technology provide the ability to have different credentials and log-in passwords for different network authentication protocol.
Secure supply chain beyond DFARS: Most IT manufacturers are required to provide protections in their supply chain as directed by the defense federal acquisition regulation supplement or DFARS. HPE goes well above and beyond those standard requirements in several ways that create a definite advantage for us. First, before any server goes into product at the HPE factory, only HPE designs our own BMC and BIOS firmware in the USA. And, the silicon this BMC firmware resides in, is custom designed at the HPE fabrication facility, locking-in our Silicon Root of Trust, before the server goes into production. From there our HPE factories are ISO certified and we check the components (like drives, memory, and processors) for any malware as they arrive. HPE also makes sure our suppliers are certified and can track their components, so we are assured the same genuine hard drive or other component, which we ordered is the same genuine product that gets delivered to our factory. HPE also has TAA products that come from facilities in countries that are part of the trade agreement act, which excludes China facilities. After production, our servers are shipped securely to our customers using bonded and certified shipping companies. HPE uses holographic labels over the seams on our boxes that clearly show if anyone has opened the box. Customers can also order a chassis intrusion device, that gets installed in the factory and registers an alert, if the server cassis is opened at any time through shipping & receiving. Finally, HPE enforces strict anti-counterfeiting and anti-interdiction policies to ensure all HPE products are genuine and free of any malware.
HPE storage has the federal information processing standard (FIPS) 140-2 level 2 certification. Most of our competitors only have level 1 certification. Additionally, our storage creates a strong protection or firewall for back-up data that prevents ransomware from finding that second data set. That is critical, because ransomware today is more insidious and lurks inside the infrastructure, looking for the customers back-up data. Without a secure back-up copy of data that is FIPS certified, ransomware might be able to find that data and render it useless.
Talking about ransomware, only HPE has the ability to more automatically facilitate a recovery and restoration after a ransomware attack. This feature is so unique and strong, that it was published in Forbes magazine: https://www.forbes.com/sites/moorinsights/2018/02/21/hewlett-packard-enterprise-releases-ilo-amplifier-pack-with-server-system-restore/
HPE Pointnext can offer advanced advisory and professional services to help customers build security into their transformation projects. We have developed the HPE Enterprise Security Reference Model based upon industry standards such as NIST, ISO, and CSA to support our client assessments. This provides us with a framework that we use to assess a customer’s current state security, and provide actionable blueprints and roadmap services to help the customer to move to a best practices based security architecture. We also offer operational security services based around vulnerability management and penetration testing to help customers identify weak points and provide mitigation advice, as well as resiliency services to help customers with their disaster recovery planning and business continuity. And if disaster does strike, Pointnext recovery services can help customers to get back up and running.
Only HPE has applied the NIST 800-53 security controls to our solution stack of servers, networking, and storage products. The National Institute of Standards & Technology (NIST) 800-53 are the strongest and most comprehensive controls, in the world, for operating IT equipment.
Only HPE has the Commercial National Security Algorithms (CNSA) level of protection in our servers. HPE has 4 levels of security: production level, high security level, FIPS level and finally CNSA level. Our competition only offers up to FIPS level. CNSA level is used for the most sensitive and classified types of data.
Cyber Catalyst is a well documented designation that HPE has been granted by 8 of the worlds largest cyber security insurance underwriters. See the Marsh.com web site for substantiation that HPE is the only server manufacturer on the planet that has this high level security designation.
Only HPE had our Gen10 server tested by a black hat testing firm against our 3 leading competitors. The independent 3rd party testing firm publically declared HPE as 2 generations ahead of the competition:
Who is Marsh?
Marsh is the largest insurance broker in the world evaluating risk management solutions. They are working with seven of the world’s largest insurers to evaluate and identify solutions they consider effective in reducing cyber risk.
Cyber Catalyst Program
Cyber Catalyst by Marsh is a new program designed to help organizations make more informed choices about cybersecurity products and services to manage their cyber risk. Through Cyber Catalyst, Marsh brings together leading insurers, with technical advisory from Microsoft, to identify cybersecurity solutions they consider effective at reducing cyber risk – giving organizations greater clarity and confidence in an increasingly complex cybersecurity marketplace.
The Cyber Catalyst by Marsh program provides organizations with a clearer understanding of which cybersecurity solutions matter to cyber insurers. The initial group of participating insurers includes Allianz; AXA XL, a division of AXA; AXIS; Beazley; CFC; Munich Re; Sompo International; and Zurich North America, which collectively represent a substantial portion of gross written premiums in the $4 billion global cyber insurance market. The insurers’ evaluation focuses on better equipping organizations to select cybersecurity solutions that can have a meaningful impact on cyber risk. Microsoft is a technical advisor to the program.
What does this mean for HPE and server customers?
HPE is the first and only server vendor to receive the Cyber Catalyst designation
Silicon root of trust has been accepted into the Cyber Catalyst program
HPE Gen10 server customers with iLO 5 enabled servers qualify for this designation
HPE ProLiant (DL, ML, BL), HPE Synergy, HPE Apollo, HPE SimpliVity, and HPE Edgeline 8000
HPE Gen10 server customers qualify for enhanced terms and conditions on individually negotiated cyber insurance policies from participating insurers
Only HPE has Infosight for servers. This new software provides a level of security awareness not available from our competitors. At a single glance, customers can see up to 10,000 servers and if any of those servers have a potential security vulnerability, like IPMI being active or needing the firmware patches for Meltdown & Spectre. We get questions frequently from customers about which servers need to be patched and which are already protected from known vulnerabilities. Only HPE can show that to customers at large scale, with a single screen.