As servers become more critical in a software-defined data center architecture, server security becomes the foundation of overall enterprise security. Servers must emphasize security at both the hardware and firmware level by leveraging an immutable Root-of-Trust that can be used to verify subsequent operations within the server. Dell has established a chain of trust that extends throughout the server life cycle, from deployment through maintenance to decommissioning. Below is the list of security features integrated to the AX nodes.
Dell 14th and 15th generation AX node servers feature an enhanced Cyber Resilient Architecture that provides a hardened server design to Protect, Detect, and Recover from cyberattacks. Some of the key aspects of this architecture are:
Figure 30. Cyber resilient architecture
Dell servers uses an immutable, silicon-based Root-of-Trust to cryptographically attest to the integrity of BIOS, iDRAC, and other critical firmware. This Root-of-trust is based on onetime programmable, read-only public keys that provide protection against malware tampering. In contrast to Security Laggards, Dell works with extensively vetted silicon chip manufacturers to customize the chip and build in this root of trust technology.
Secure Boot checks the cryptographic signatures of UEFI drivers and other code loaded prior to the operating system running.
Dell servers uses digital signatures on firmware updates to assure that only authentic firmware is running on the server platform. iDRAC will scan firmware updates and compare their signatures to what is expected using the silicon-based Root-of-Trust. Any firmware package that fails validation is aborted and an error message is logged into the Lifecycle Log (LCL) to alert IT administrators.
Dynamic System Lockdown which can be enabled without a server reboot by an IT administrator prevents users with lesser privileges from making changes to the server. By enabling lockdown mode, users can prevent configuration drift in their data centers when using Dell EMC tools and agents, and protect against malicious attacks against embedded firmware when using Dell EMC Update Packages.
TPM can also be used to enable the BitLocker™ hard drive encryption feature to address threats of data theft or exposure from lost, stolen, or inappropriately decommissioned systems.
Enterprise Key Management delivers a central key management solution to manage data-at-rest across the organization.
Security-Enhanced Linux operating system (SELinux) operates at the core kernel level on the iDRAC and does not need any input or configuration from users. SELinux logs security messages when an attack is detected. These log messages indicate when and how an attacker tried to break into the system.
Physical I/O ports such as USB inputs can be dynamically disabled using iDRAC. This permits the disablement of these ports for production use but also temporarily grants access for crash cart debugging without rebooting the server.
Shielded VMs are part of the core hypervisor and are protected against inspection, theft, and tampering from malware running on a Hyper-V host as well as the fabric admins administering it.
Lifecycle log is a collection of events that occur in a server over a period. Lifecycle log provides a description of events with timestamps, severity, user ID or source, recommended actions, and other technical information that could come handy for tracking or alerting purposes.
iDRAC provides the capability to configure different event alerts and actions to be performed when a particular Lifecycle Logs event occurs.
Dell servers are provided with hardware intrusion detection and logging feature, with detection working even when no AC power is available. Sensors on the chassis detect when anyone opens or tampers with the chassis, even during transit. Servers that have been opened while in transit generate an entry in the iDRAC Lifecycle log after power is supplied.
Dell servers include two types of recovery:
These features enable rapid recovery from corrupted BIOS or operating system images. In both cases, a special storage area is hidden from run-time software (BIOS, operating system, device firmware, so on). These storage areas contain pristine images that can be used as alternatives to the compromised primary software.
It is recommended to keep firmware updated to ensure servers have the latest features and security updates. However, there may need to rollback an update or install an earlier version if any issues are encountered after an update. Firmware Rollback to the previous version, is also verified against its signature.
At the end of a system’s life cycle, it either must be retired or repurposed. The goal of System Erase is to erase sensitive data and settings from the server storage devices and server non-volatile stores such as caches and logs so that no confidential information unintentionally leaks. It is a utility in Lifecycle Controller that is designed to erase logs, configuration data, storage data, cache, and any embedded apps.
At Dell , hardware devices and drivers are tested as part of the Windows Hardware Compatibility Program using the Microsoft test framework known Windows Hardware Lab Kit or Windows HLK .This is done to ensure that the system which is getting developed is certified as compatible with Windows Server operating systems starting from Windows Server 2016.
Industry-standard UEFI (Unified Extensible Firmware Interface) Secure Boot checks the cryptographic signatures of UEFI drivers and other code loaded prior to the operating system running ensuring only authorized firmware and operating system bootloaders are initialized during the boot process.
TPM can be used to perform public key cryptographic functions, compute hash functions, generate, manage, securely store keys, and do attestation. Attestation and remote attestation solutions can use the TPM technology to take measurements at boot time of a server’s hardware, hypervisor, BIOS, and operating system, and compare them in a cryptographically secure manner against base measurements stored in the TPM. If they are not identical, the server identity may have been compromised and system administrators can disable and disconnect the server either locally or remotely.
Virtualization-based security (VBS) and Windows Hypervisor Code Integrity (HVCI) service create a secure, hardware-isolated environment that effectively isolates memory and critical components to prevent attacks and unauthorized access to critical parts of the operating system.
DRTM is a technology which lets the server boot initially into untrusted code, but shortly after that launches the system into a trusted state by taking control of all CPUs and forcing them down a well-known and measured code path. This has the benefit of allowing untrusted early UEFI code to boot the hypervisor, but then being able to securely transition into a trusted and measured state. The AX nodes based on intel processor comes with the Intel® Trusted Execution Technology (Intel® TXT) whereas the AMD based platforms are with the SKINIT (Secure Init and Jump with Attestation) instruction.
Through the DMA Protection feature (also known as Direct Memory Access Protection), the operating system and the system firmware are protected against malicious and unintended Direct Memory Access (DMA) attacks for all DMA-capable devices (including M.2 PCIe slots) during the boot process and operating system runtime.
The AX nodes are shipped with a unique, factory-generated iDRAC password to provide additional security. They are made available on the pull-out Service Tag on the front of the chassis, adjacent to the server asset label. Users who choose to use this default option must note this password and may use it to log in to iDRAC for the first time, rather than using a universal default password. For security purposes, Dell strongly recommends changing the default password.
The Networking Topologies for Azure Stack HCI Solutions chapter encompasses on various configurations of AX nodes to form the primary compute cluster that is deployed as HCI.