 Welcome back everyone to our CUBE special programming on securing compute engineered for the hybrid world. We've got Cole Humphries with HPE global server, security product manager and Mike Farron Jones with Intel. He's the product manager for data security technology. Gentlemen, thank you for coming on this special presentation. All right, thanks for having us. So securing compute, I mean compute, everyone wants more compute, you can't have enough compute as far as we're concerned. You know, more bits are flying around the internet, hardware's mattering more than ever, performance, market's hot right now for next gen solutions. When you're talking about security, it's at the center of every single conversation. And Gen 11 for the HPE has been big time focus here. So let's get into the story. What's the market for Gen 11, Cole, on the security piece? What's going on? How do you see this impacting the marketplace? Hey, you know, thanks. I think this is again, just a moment in time where we're all working towards solving a problem that doesn't stop. You know, because we're looking at data protection, you know, and compute, you're looking out there, there's international impacts, there's federal impacts or state level impacts and even regulation to protect the data. And on the Intel side, you guys are a tier one combination partner, better together, HPE has a deep bench on security. Intel, we know what your history is. You guys have a real root of trust with your code down to the Silicon level, continuing to be, and you're on the fourth Gen Z on here. Mike, take us through the Intel's relationship with HPE, super important. You guys been working together for many, many years. Data security, chips, HPE, Gen 11, take us through the relationship. What's the update? Yeah, thanks. And I mean, HPE and Intel have been partners in delivering technology and delivering security for decades. And when a customer invests in an HPE server, like one of the new Gen 11's, they're getting the benefit of the combined investment that these two great companies are putting into product security. On the Intel side, for example, we invest heavily in the way that we develop our products for security from the ground up and also continue to support them once they're in the market. Launching a product isn't the end of our security investment. Our Intel red teams continue to hammer on Intel products looking for any kind of security vulnerability for a platform that's in the field, as well as we invest heavily in the external research community through our bug bounty programs to harness the entire creativity of the security community to find those vulnerabilities. Because that allows us to patch them and make sure our customers are staying safe throughout that platform's deployed lifecycle. In 2021, between Intel's internal red teams and our investments in external research, we found 93% of our own vulnerabilities, only a small percentage were found by unaffiliated external entities. HPE has a great track record in long history, serving customers around security, obviously with the solutions you guys had. With Gen 11, it's more important than ever. Can you share your thoughts on the talent gap out there? People want to move faster, breaches are happening at a higher velocity. They need more protection than ever before. Can you share your thoughts on why these breaches are happening and what you guys are doing and how you guys see this happening from a customer standpoint, what you guys feel in with Gen 11 and the solution? You bet, because when you hear about the relentless pursuit of innovation from our partners, and we in our engineering organizations in India and Taiwan and the Americas, all collaborating together years in advance are about delivering solutions that help protect our customers' environments. But what you're Mike talking about is it's also about keeping them safe because you look to the market, right? What do you see at least from our data from 2021? We have that breaches are still happening and a lot of it has to do with the fact that there is just a lack of adequate security staff with the necessary skills to protect the customer's application and ultimately the workloads. And then that's how these breaches are happening because ultimately you need to see some sort of control and visibility of what's going on out there. And what we were talking about earlier is you see time, time to seeing some incident and happen. The blast radius can be tremendous in today's technical advanced world. And so you have to identify it and then correct it quickly. And that's why this continued innovation and partnership is so important to help work together. Yeah, you guys have had a great track record with Intel-based platforms, with HPE, Gen 11's a really big part of the story. Where do you see that impacting customers? Can you explain the benefits of what's going on with Gen 11? What's the key story? What's the most important thing we should be paying attention to here? I think there's probably three areas as we look into this generation. And again, this is a point in time we will continue to evolve. But at this particular point, it's about a fundamental approach to our security enablement, right? Partnering as a tier one OEM with the best, one of the best in the industry, we can deliver systems that help protect some of the most critical infrastructure on earth, right? I know of some things that are required to have a non-disclosure because it is some of the most important jobs that you would see out there and working together with Intel to protect those specific compute workloads. That's a serious deal that protects not only state and local and federal interests, but really a global one. This is a really- And then there's another one. Sorry. Go ahead, finish your thought. And then there's another one that I would call our uncompromising focus. We work in the industry. We lead and partner with those in the, and I would say in the good side, and we want to focus on enablement through a specific capability set, let's call it our global operations and that ability to protect our supply chain and deliver infrastructure that can be trusted and into an operating environment. You put all those together and you see very significant and meaningful solutions together. The operating benefits are significant. I just want to go back to something you just said before about the joint NDAs and kind of the relationship. You kind of unpacked that. To me, I heard you guys say from sand to server. I love that phrase because silicon into the server, but this is a combination you guys have with HPE and Intel supply chain security. I mean, it's not just like you're getting chips and sticking them into a machine. It's just like there's an in-depth relationship on the supply chain that has a very intricate piece to it. Can you guys just double down on that and share how that works and why it's important? Sure. So why don't I go ahead and start on that one? So as you mentioned, the supply chain that ultimately results in an end user pulling a new Gen11 HPE server out of the box started way, way back in it. And we've been, Intel from our part are you invest heavily in making sure that all of our entire supply chain to deliver all of the Intel components that are inside that HPE platform have been protected and monitored ever since their inception at one of any of our 14,000 Intel vendors that we monitor as part of our supply chain assurance program. I mean, Intel is invest heavily in compliance with guidelines from places like NIST and ISO, as well as doing best practices under things like the transported asset protection alliance TAPA. We have been intensely invested in making sure that when a customer gets an Intel processor or any other Intel silicon product that it has not been tampered with or altered during its trip through the supply chain. HPE then is able to pick up those components that we deliver and add on to that their own supply chain assurance when it comes down to delivering the final product to the customer. Oh, that's exactly right. Yeah, I feel like that integration point is a really good segue into why we're talking today because that then comes into a global operations network that is pulling together these servers and able to deploy them all over the world. And as part of the Gen 11 launch, we have security services that allow them to be hardened from our factories to that next stage into that trusted partner ecosystem for system integration or directly to customers, right? So that ability to have that chain of trust and it's not only about attestation and knowing what came from whom because obviously you want to trust and make sure you're getting the parts from Intel to build your technical solutions. But it's also about some of the provisioning we're doing in our global operations. We're putting cryptographic identities and manifests of the server and its components and moving it through that supply chain. So you talk about this common challenge we have of assuring no tampering of that device through the supply chain and that's why this partnering is so important. We deliver secure solutions, we move them, you're able to see and control that information to verify they've not been tampered with and you move on to your next stage of this very complicated and necessary chain of trust to build what some people are calling zero trust type ecosystems. Yeah, it's interesting. You know, a lot goes on under the covers. That's good though, right? You want to have greater security and platform integrity if you can abstract away the complexity, that's key. Now, one of the things I like about this conversation is that you mentioned this idea of a hardware root of trust set of technologies. Can you guys just quickly touch on that? Because that's one of the major benefits we see from this combination of the partnership is that it's not just one each party doing something, it's the combination. But this notion of hardware root of trust technologies, what is that? Yeah, well, why don't I go ahead and start on that and then Cole can take it from there because we provide some of the foundational technologies that underlie a root of trust. Now, the idea behind a root of trust, of course, is that you want your platform to, you know, from the moment that first electron hits it from the power supply that it has a chain of trust that all of the software, firmware, bios is loading to bring that platform up into an operational state is trusted. If you have a breach in one of those lower level code bases like in the bios or in the system firmware, that can be a huge problem. It can undermine every other software-based security protection that you may have implemented up the stack. So, you know, Intel and HPE work together to coordinate our trusted boot and root of trust technologies to make sure that when a customer, you know, boots that platform up, it boots up into a known good state so that it is ready for the customer's workload. So, on the Intel side, we've got technologies like our trusted execution technology or Intel boot guard that then feed into the HPE ILO system to help, you know, create that chain of trust that's rooted in silicon to be able to deliver that known good state to the customer so it's ready for workloads. All right, Cole, I got to ask you, with Gen 11 HPE platforms that has the fourth gen Intel Xeon, what are the customers really getting? So, you know, what a great setup. I'm smiling because it's like a good answer because one, this, you know, to be clear, this isn't the first time we've worked on this root of trust problem. You know, we have a construct that we call the HPE Silicon root of trust. You know, it's an industry standard construct. It's not a proprietary solution to HPE, but it does follow some differentiated steps that we like to say make a little difference in how it's best implemented. And where you see that is that tight, you know, Intel trusted execution exchange, the Intel trusted execution exchange is a very important step to assuring that root of trust in that HPE Silicon root of trust construct, right? So they're not different things, right? We just have an umbrella that we pull under our ProLiant because there's ILO, our BIOS team, CPLDs, firmware. But I'll tell you this, Gen 11, you know, while all that keeping that moving forward would be good enough, we are not holding to that. We are moving forward, our uncompromising focus, we wanna drive more visibility into that Gen 11 server, specifically into the PCIe lanes. And now you're gonna be able to see and measure and make policies to have control and visibility of the PCI devices like storage controllers, NICs, direct connect, NVMe drives, et cetera. You know, if you follow the trends of the, where the industry would like to go, all the components in a server would be able to be seen and attested for full infrastructure integrity, right? So, but this is a meaningful step forward between not only the greatness we do together, but I would say a little uncompromising focus on this problem and doing a little bit more to make a Gen 11 Intel server just a little better for the challenges of the future. Yeah, the tier one, tier one partnership is really kind of highlighted there. Great, great point. I gotta ask you, Mike, on the fourth Gen Xeon scalable capabilities, what does it do for the customer with Gen 11 now that they have these breaches? Does it eliminate stuff? What's in it for the customer? What are some of the new things coming out with the Xeon? You're a Gen four, Gen 11 for HP, but you guys have new stuff. What does it do for the customer? Does it help eliminate breaches? Are there things that are inherent in the product that HP is jointly working with you on or that you were contributing in to the relationship that we should know about? What's new? Well, there's so much great new stuff in our new fourth Gen Xeon scalable processor. This is the one that was codenamed Sapphire Rapids. I mean, more cores, more performance, AI acceleration, crypto acceleration, it's all in there. But one of my favorite security features in it is one that's called Intel Control Flow Enforcement Technology or Intel CET. And why I like CET is because I find the attack that it is designed to mitigate is just evil genius. This type of attack, which is called a return, a jump or a call-oriented programming attack is designed to not bring a whole bunch of new identifiable malware into the system, which could be picked up by security software. What it is designed to do is to look for little bits of existing code already on the server. So if you're running, say, a web server, it's looking for little bits of that web server code that it can then execute in a particular order to achieve a malicious outcome, something like open a command prompt or escalate its privileges. Now, in order to get those little code bits to execute in an order, it has a control mechanism. And each of the different types of attacks uses a different control mechanism. But what CET does is it gets in there and it disrupts those control mechanisms, uses hardware to prevent those particular techniques from being able to dig in and take them back. So CET can disrupt it and make sure that software behaves safely. And as the programmer intended, rather than picking off these little arbitrary bits in one of these return or jump or call oriented programming attacks. Now, it is a technology that is included in every single one of the new fourth gen Xeon scalable processors. And so it's going to be an inherent characteristic that customers can benefit from when they buy a new Gen 11 HPE server. Cole, more goodness from Intel. They're impacting Gen 11 on the HPE side. What's your reaction to that? I mean, I feel like this is exactly why you do business with the big tier one partners because you can put trust in from where it comes from through the global operations, literally having it hardened from the factory it's finished in, moving into your operating environment and then now protecting against attacks in your web hosting services, right? I mean, this is great. I mean, you'll always have an attack on data as you know, as you're seeing in the data but the more contained, the more information and the more control and trust we can give to our customers it's going to make their job a little easier in protecting whatever job they're trying to do. Yeah, and enterprise customers as you know they're always trying to keep up to date on the skills and battle the threats having that built in under the covers is a real good way to kind of help them get free up their time and also protect them as really killer. This is a big, big part of the Gen 11 story here securing the data, securing compute that's the topic here for this special CUBE Conversation Engineering for Hybrid World Coal. I'll give you the final word. What should people pay attention to? Gen 11 from HPE, bottom line, what's the story? You know, it's not the first time it's not the last time but it's our fundamental security approach to just helping customers through their digital transformation defend in an uncompromising focus to help protect our infrastructure in these technical solutions. Cole Humphries is the global server security product manager at HPE. He's got his finger on the pulse and keeping everyone secure in the platform integrity there. Mike Farron Jones is the Intel product manager for data security technology. Gentlemen, thank you for this great conversation getting into the weeds a little bit with Gen 11, which is great. Love the hardware root of trust technology is better together. Congratulations on Gen 11 and your fourth Gen Xeon scalable. Thanks for coming on. All right, thanks, John. Thank you very much, guys. Appreciate it. Okay, you're watching the CUBE's special presentation securing compute engineered for the hybrid world. I'm John Furrier, your host. Thanks for watching.