Your Browser is Out of Date

ShareDemos uses technology that works best in other browsers.
For a full experience use one of the browsers below
Dell EMC VxRail: Comprehensive Security by Design

view all chapters

VxRail: The foundation for data center modernization and IT transformation
Introduction Dell EMC PowerEdge servers Dell EMC VxRail HCI system software VMware vSphere VMware vCenter Server VMware ESXi hypervisor VMware virtual networking VMware vSAN VMware vRealize Log Insight VMware Cloud Foundation—including NSX

Dell EMC PowerEdge servers

  • VxRail is built on top of the Dell PowerEdge server platform with embedded hardware and system-level security features to protect the infrastructure with layers of defense. Breaches are quickly detected, allowing the system to recover to a trusted baseline. Differentiated security features in PowerEdge servers include:

    • System lockdown prevents unauthorized or inadvertent changes. This industry-first feature prevents configuration changes that create security vulnerabilities and expose sensitive data.
    • The cyber-resilient architecture with features such as UEFI Secure Boot, BIOS Recovery capabilities, and signed firmware provides enhanced protection against attacks.
    • The server level System Erase feature ensures privacy by quickly and securely erasing all user data from the drive and all non-volatile memory when a server is retired.

    Dell EMC PowerEdge servers are the critical hardware that makes up the nodes in a VxRail cluster. The CPU, memory, and disk resources on each node provide the pooled resources for the cluster, and the network interfaces provide connectivity. Therefore, the secure Dell EMC PowerEdge servers are the foundation for VxRail security.

    PowerEdge servers have an integrated remote access controller, referred to as iDRAC. iDRAC uses secure communication, authentication, and role-based access controls to enable secure remote management and configuration of the physical system. With configurable alerts, iDRAC can send event information to your Security Incident and Event Management (SIEM) system whenever the hardware is accessed, or the configuration is changed. Detecting and reporting unauthorized changes protects the integrity of a VxRail. For more information, see Cyber Resilient Security in 14th Generation of Dell EMC PowerEdge.

    PowerEdge servers use cryptographically signed and verified firmware to build a system of trust. Leveraging security technologies built right into the silicon. Capabilities like Intel's Trusted Execution Technology (TXT) verify that the server executes only the intended version of firmware, BIOS, and hypervisor while preventing the undetected introduction of malware. The following figure illustrates the hardware root of trust:

    Figure 6.                  Hardware Root of Trust

    VxRail can achieve even higher protection levels of server integrity by configuring the nodes with an optional Trusted Platform Management (TPM) module (TPM v1.2 and v2.0). TPM is an international standard for secure cryptoprocessors, a dedicated microcontroller that is designed to provide high security for cryptography keys, and an option for all VxRail nodes.