 Hey everyone, welcome to theCUBE. Lisa Martin here with Kevin DePugh, Senior Director Future Server Architecture at HPE. Kevin, it's great to have you on the program. You're going to be breaking down everything that's exciting and compelling about Gen 11. How are you today? Thanks Lisa, and I'm doing great. Good, good, good. So let's talk about ProLiant Gen 11, the next generation of compute. I read some great stats on hpe.com. I saw that Gen 11 added 28 new world records while delivering up to 99% higher performance and 43% more energy efficiency than the previous version. That's amazing. Talk to me about Gen 11, what makes this update so compelling? Well, you talked about some of the stats regarding the performance and the power efficiency and those are excellent. We partnered with AMD. We've got excellent performance on these platforms. We have excellent power efficiency, but the advantage of this platform go beyond that. Today we're going to talk a lot about cybersecurity and we've got a lot of security capabilities in these platforms. We've built on top of the security capabilities that we've had generation over generation. We've got some new exciting capabilities we'll be talking about. So whether it's the performance, whether it's power efficient, whether it's security, all those capabilities are in this platform. Security is part of our DNA. We put it into the design from the very beginning and we've partnered with AMD to deliver what we think is a very compelling story. The security piece is absolutely critical. We could have an entire separate conversation on the cybersecurity landscape and the changes there, but one of the things I also noticed in the material on Gen 11 is that HPE says it's, quote, fundamental. What do you mean by that and what's new that makes it so fundamental? Well, by saying it's fundamental is security is a fundamental part of the platform. You need systems that are reliable. You need systems that have excellent performance. You need systems that have very good power efficiency. Those things you talked about before, those are all very important to have a good server. But security is a part that's absolutely critical as well. So security is one of the fundamental capabilities of the platform. I had mentioned we built on top of capabilities, capabilities like our Silicon root of trust, which ensures that the firmware stack on these platforms is not compromised. Those are continuing this platform that have been expanded on. We have our trusted supply chain and we've expanded on that as well. We have a lot of security capabilities, our platform certificates, our IDEV IDs. There's just a lot of security capabilities that are absolutely fundamental to these being a good solution because as we said, security is fundamental. It's an absolutely critical part of these platforms. Absolutely. For companies in every industry, I want to talk a little bit about one of the other things that HPE describes Gen 11 as is being uncompromising. And I wanted to understand what that means and what's the value add in it for customers. Yeah, well by uncompromising means we can't compromise on security. Security, to what I said before, it's fundamental. It can't be compromised. You have to have security be strong on these platforms. So one of the capabilities which we're specifically talking about when we talk about uncompromising is a capability called SPDM. We've extended our Silicon Root of Trust which is one of our key technologies we've had since our Gen 10 platforms. We've extended that through something called SPDM. We saw a problem in the industry with the ability to authenticate option cards and other devices in the system. Silicon Root of Trust verified many pieces of firmware in the platform, but one piece that it wasn't verifying was the option cards. And we knew we needed to solve this problem and we knew we couldn't do it 100% on our own because we needed to work with our partners, whether it's a storage option card, a NIC or even devices in the future. We needed to make sure that we could verify that those were what they were meant to be. They weren't compromised. They weren't maliciously compromised and that we could authenticate them. So we worked with industry standards bodies to create the SPDM specification and what that allows us to do is authenticate the option cards in the systems. So that's one of our new capabilities that we've added in these platforms. So we've gone beyond securing all of the things that Silicon Root of Trust secured in the past to extending that to the option cards and their firmware as well. So when we boot up one of these platforms, when we hand off to the OS and to the customer software solution, they can rest assured that all the things that have run, all that that platform is not compromised. A bad guy has not gone in and changed things and that includes a bad guy with physical access to the platform. So that's why we have uncompromised security in these platforms. Outstanding, that sounds like great work that's been done there and giving customers that piece of mind where security is concerned is table stakes for everybody across the organization. Kevin, you mentioned partners. I know HPE is extending protection to the partner ecosystem. I wanted to get a little bit more info on that from you. Yeah, we've worked with our option card vendors, numerous partners across the industry to support SPDM. We were the ones who kind of went to the industry standards bodies and said we need to solve this problem. And we had agreement from everybody. Everybody agrees this is a problem that had to be solved but to solve it, you've got to have a partnership. We can't just do it on our own. There's a lot of things that we HPE can solve on our own. This is not one of them. To be able to get a method that we could authenticate and trust the option cards in the system, we needed to work with our option card vendors. So that's something that we did and we use also some capabilities that we work with some of our processor vendor partners as well. So working with partners across the industry, we were able to deliver SPDM. So we know that option card, whether it's a storage card or a NIC card or GPUs in the future, those may not be there from day one, but we know that those option cards are what they intended because you could do an attack where you compromise the option card. You compromise the firmware in that option card and option cards have the ability to read and write to memory using something called DMA. And if those cards are running firmware that's been created by a bad guy, they can do a lot of very costly attacks. I mean, there's a lot of statistics that show just how costly cybersecurity attacks are. If option cards have been compromised, you can do some really bad things. So this is how we can trust those option cards. And we had to partner with those partners in the industry to both define the spec and both sides had to implement to that specification so that we could deliver the solution we're delivering. HPE such a strong partner ecosystem did a great job of articulating the value in this for customers from a security perspective. I know that you're also doing a lot of collaboration and work with AMD. Talk to me a little bit about that and the value in it for your joint customers. Yeah, absolutely. AMD is a longstanding partner. We actually started working with AMD about 20 years ago when we delivered our first AMD Opturon based platform, the HP Proline DL585. So we've got a long engineering relationship with AMD and we've been making products with AMD since they introduced their Epic Generation processor in 2017. That's when AMD really up their security game. They created capabilities with their AMD secure processor, their secure encryption virtualization, their memory encryption technologies. And we work with AMD long before platforms actually release. So they come to us with their ideas, their designs. We collaborate with them on things we think are valuable when we see areas where they can do things better, we provide feedback. So we really have a partnership to make these processors better and it's not something where we just work with them for a short amount of time and deliver a product. We're working with them for years before those products come out. So that partnership allows both parties to create better platforms because we understand what they're capable of, they understand what our needs are as a server provider. And so we help them make their processors better and they help us make our products better. And that extends in all areas, whether it's performance, power efficiency, but very importantly in what we're talking about here, security. So they've got an excellent security story with all of their technologies. Again, memory encryption, they've got some exceptional technologies there, all their secure encryption virtualization to secure virtualized environments. Those are all things that they excel at and we take advantage of those in our designs. We make sure that those work with our servers as part of a solution. Sounds like a very deeply technically integrated and longstanding relationship that's really symbiotic for both sides. I wanted to get some information from you on HPE Server Security Optimized Service. Talk to me about what that is. How does that help HPE, help its customers get around some of those supply chain challenges that are persistent? Yeah, what that is is with our previous generation of products, we announced something called our HPE trusted supply chain. And, but that was focused on the US market. With the solution for Gen 11, we've expanded that to other markets. It's available from factories other than the ones in our US. It's available for shipping products to other geographies. So what that really was is taking the HPE trusted supply chain and expanding it to additional geographies throughout the world which provides a big benefit for our non-US based customers. And what that is is we're trying to make sure that the server that we ship out of our factories is indeed exactly what that customer is getting. So try to prevent any possibility of attack in the supply chain going from our factories to the customer. And if there isn't attack, we can detect it and the customer knows about it. So they won't deploy a system that's been compromised because there have been high profile cases of supply chain attacks. We don't want to have that with our customers buying our Proline products. So we do things like enable UEFI secure boot which is an ability to authenticate the what's called a UEFI option ROM driver on option cards. That's enabled by default. Normally that's not enabled by default. We enable our high security mode in our ILO product. We include our intrusion detection technology option which is an optional feature but it's there standard when you buy one of the boxes with this capability is trusted supply chain capability. So there's a lot of capabilities that get enabled at the factory. We also enable server configuration lock which allows a customer to detect and get a bad guy modify anything in the platform when it transits from our factory to them. So what it allows a customer to do is get that platform and know that it is indeed what it is intended to be and that it hasn't been attacked and we've now expanded that to many geographies throughout the world. Excellent. So much more coverage across the world which is so incredibly important as cyber attacks continue to rise year over year the ransomware becomes a household word the ransoms get even more expensive especially considering the cybersecurity skills gap. I'm just wondering what are some of the ways in which everything that you've described with Gen 11 and the HPE partner ecosystem with AMD for example how does that help customers to get around that security skills gap that is present? Well, the key thing there is we care about our customer security. So as I mentioned, security is in our DNA. We do, we consider security in everything we do every update the firm where we make when we do the hardware design whatever we're doing, we're always considering what could a bad guy do? What could a bad guy take advantage of and attempt to prevent it? And AMD does the same thing. You can look at all the technologies they have in their AMD processor, they're making sure their processor is secure we're making sure our platform is secure so that the customer doesn't have to worry about it. So that's something the customer can trust us they can trust that AMD so they know that that's not the area where they have to expend their bandwidth. They can extend their bandwidth on the security on other parts of the solution versus knowing that the platform and the CPU is secure. And beyond that, we create features and capabilities that they can take advantage of. In the case of AMD, a lot of their capabilities are things that the software stack and the OS can take advantage of. We have capabilities on the client side that the software and that they can take advantage of whether it's server configuration lock or whatever we try to create features that are easy for them to use to make their environments more secure. So we're making things, they can trust the platform they can trust the processor they don't have to worry about that. And then we have features and capabilities that lets them solve some of the problems easier. So we're trying to help them with that skills gap by making certain things easier and making certain things that they don't even have to worry about. Right, it sounds like allowing them to be much more strategic about the security skills that they do have. My last question for you, Kevin is Gen 11 available now where can folks go to get their hands on it? So Gen 11 was announced earlier this month the products will actually be shipping before the end of this year, before the end of 2022. And you can go to our website and find all about our compute security. So all that information is available on our website. Awesome, Kevin, it's been a pleasure talking to you unpacking Gen 11, the value in it, why security is fundamental the uncompromising nature with which HPE and its partners have really updated the system and the rest of world coverage that you guys are enabling. We appreciate your insights and your time, Kevin. Thank you very much, Lisa. Appreciate it. We want to let you and the audience know check out hpe.com slash info slash compute for more info on Gen 11. Thanks for watching.