VxRail is built on top of the Dell PowerEdge server platform with embedded hardware and system-level security features to protect the infrastructure with layers of defense. Breaches are quickly detected, allowing the system to recover to a trusted baseline. Differentiated security features in PowerEdge servers include:
Dell EMC PowerEdge servers are the critical hardware that makes up the nodes in a VxRail cluster. The CPU, memory, and disk resources on each node provide the pooled resources for the cluster, and the network interfaces provide connectivity. Therefore, the secure Dell EMC PowerEdge servers are the foundation for VxRail security.
PowerEdge servers have an integrated remote access controller, referred to as iDRAC. iDRAC uses secure communication, authentication, and role-based access controls to enable secure remote management and configuration of the physical system. With configurable alerts, iDRAC can send event information to your Security Incident and Event Management (SIEM) system whenever the hardware is accessed, or the configuration is changed. Detecting and reporting unauthorized changes protects the integrity of a VxRail. For more information, see Cyber Resilient Security in 14th Generation of Dell EMC PowerEdge.
PowerEdge servers use cryptographically signed and verified firmware to build a system of trust. Leveraging security technologies built right into the silicon. Capabilities like Intel's Trusted Execution Technology (TXT) verify that the server executes only the intended version of firmware, BIOS, and hypervisor while preventing the undetected introduction of malware. The following figure illustrates the hardware root of trust:
Figure 6. Hardware Root of Trust
VxRail can achieve even higher protection levels of server integrity by configuring the nodes with an optional Trusted Platform Management (TPM) module (TPM v1.2 and v2.0). TPM is an international standard for secure cryptoprocessors, a dedicated microcontroller that is designed to provide high security for cryptography keys, and an option for all VxRail nodes.