HPE Secures its Server Supply Chain
A trusted supply chain initiative launched this week by Hewlett-Packard Enterprise addresses growing demand for domestically manufactured and secure servers.
HPE announced Thursday (Oct. 1) it has shipped the first ProLiant DL380T servers manufactured in a secure facility and integrating advanced security features. The company said its secure servers and the supply chain that delivers them meet growing U.S. government and public sector demand for U.S.-sourced hardware with “verifiable cyber assurance.”
The shift to trusted, domestic hardware manufacturing reflects supply chain vulnerabilities exposed by the pandemic as well as ongoing tensions with China, where many server vendors use contract equipment manufacturers.
HPE said it plans to expand its trusted supply chain to the rest of its server portfolio during 2021.
The company (NYSE: HPE) claims to be the first hardware maker to embed silicon-based security features into industry standard servers. That move reflects a marked shift toward embedding security features into hardware, rather than relying of software updates, and doing so as early as the chip design process.
The company said its secure servers come with a pre-installed “layer of hardened security” before units are shipped to customers. HPE’s root of trust framework prevents the booting of compromised operating systems and tampering with server firmware and hardware via a server “configuration lock.”
Other security features include an embedded alarm and physical lock. An intrusion detection latch inserted into the server chassis registers unauthorized access even if power is off. Additionally, servers are shipped in a security mode to authenticate users and protect the more than 4 million lines of firmware code.
The secured servers also come with embedded network security for wired and wireless networks as well as zero trust capabilities for service authentication across cloud, application container and on-premise infrastructure.
“We are guaranteeing that our customers will have full visibility and cyber assurance of their servers,” said John Grosso, vice president of HPE’s Global Operations Engineering, Supply Chain unit.
Along with federal customers and government contractors, HPE said the trusted server supply chain also meets growing demand in the financial services, banking and healthcare sectors. Additionally, domestic production provides a secure second source for hardware in response to pandemic-induced supply chain disruptions earlier this year.
Chip makers have stepped up efforts to secure component supply chains via trusted foundries and new security tools like “digital twins,” or replicas of physical assets.
The HPE effort illustrates how those efforts are moving up the hardware supply chain to systems like servers.
In a report released this week, Frost & Sullivan identified supply chain diversification as critical to riding out the pandemic. “In the near term, companies should focus on diversifying supply chains and leveraging new opportunities arising from changing customer demands,” said analyst Murali Krishnan
“The supply chain industry is creating radical innovations with augmented reality, virtual reality, advanced robotics, real-time inventory tracking and exploring how 3D printing could completely disrupt the supply chain in the next 10 years,” Frost & Sullivan said.
Along with expanding its secure server supply chain in the U.S., HPE said it would offer a similar supply chain service in Europe beginning next year.
George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).