 The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling has grown over the years, causing complexity and driving up costs and increasing exposures. So the game of whack-a-mole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S3 bucket, and what the customer is responsible for, e.g., properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds. And with different protocols, now that of course includes on-prem and edge deployments making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. This extends to securing the runtime, the platform, and even now containers, which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions, as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, they are. There just aren't enough of them to go around. And the adversary is also talented and very creative, and there are more and more of them every day. Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SecOps teams. Specifically, we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components on to the technology vendor via R&D and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, a blueprint for trusted infrastructure made possible by Dell Technologies and produced by theCUBE. My name is Dave Vellante and I'm your host. Now, previously, we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. Now, today we continue the discussion and look more deeply into servers, networking, and hyper-converged infrastructure to better understand the critical aspects of how one company, Dell, is securing these elements so that DevSecOps teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak Rangaraj, PowerEdge security product manager at Dell Technologies. We're going to bring on Mahesh Nagarathnam who was a consultant in the networking product management area at Dell and finally, we'll close with Jerome West who is the product management security lead for HCI hyper-converged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. We're kicking off with Deepak Rangaraj who's PowerEdge security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. Thank you for having me. So we're going through the infrastructure stack and part one of this series, we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection and security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is what are the critical aspects of securing server infrastructure that our audience should be aware of? Sure, so if you look at compute in general, right? It has rapidly evolved over the past couple of years, especially with trends towards software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud, edge locations, remote offices and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered a ramp in the regulatory and mandates around the security needs. And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it will also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates and this could be based on the industry which they are operating in or it could be their own security postures. And this is the last given which servers are operating into them. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the models of the platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from this supply chain to the manufacturing and then eventually assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactive with everything on their business and it should not be a burden to them. And we heavily invest to make it possible for our customers. So this is really important because the premise that I set up at the beginning of this was really that as a security pro, I'm not a security pro but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I got to deal with. I want a company like Dell who has the resources to build that security in, to deal with the supply chain, to ensure the provenance, et cetera. So I'm glad you hit on that. But so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? Yeah, when it comes to security at Dell, it's ingrained in our product medium. So that's the best way to put it. And security is non-negotiable. It's never an afterthought where you come up with a design and then later on figure out how to make it secure. With our security development lifecycle, the products are being designed to come to these threats right from the beginning. And in addition to that, we're also testing and evaluating these products continuously to identify vulnerabilities. We also have external third-party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerabilities and expoches found out in the field and provide mitigations and patches for those in a timely manner. So this security principle is also built into our server lifecycle, right? Every phase of it. So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model has done. We are building on it and continuously improving it. So a few years ago, our model was primarily based on the NIST framework of protect, detect and recover. And it still aligns really well to that framework but over the past couple of years, we have seen how computers evolved, how the threats have evolved and we've also seen the regulatory trends. And we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for our customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats with standing attacks and rapidly recovering from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however is done through the zero trust framework. And that's very important because now we're also anticipating how our customers will end up using these capabilities at their end to enable their own zero trust ID environments and ID zero trust deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are and their journey towards zero trust adoption. So thank you for that. You mentioned the NIST framework. You talked about zero trust. When I think about NIST, I think as well about layered approaches. And when I think about zero trust, I think about if you don't have access to it, you're not getting access. You got to earn that access and you've got layers. And then you still assume that bad guys are going to get in. So you've got to detect that and you've got a response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents? But what you said is exactly right. Breaches are bound to happen. And given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an officer where you can set up a perimeter firewall and say, yeah, everything within that is good. We can trust everything with that. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach which uses the principles nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device and every single access in your system at every single level of your ID environment. And this is the principle that we use on PowerEdge, right? But with an increased focus on providing granular controls and checks based on the principles of least privileged access. So the idea is that servers, first and foremost, need to make sure that the threats never enter and they're rejected at the point of entry. But we recognize preaches are going to occur and if they do, they need to be minimized such that the sphere of damage caused by the attacker is minimized. So they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius, for instance, has to be reduced. And this is done through features like automated detection capabilities and automated remediation capabilities. So some examples are, as part of our end-to-end boot resilience process, we have what we call a system lockdown, right? We can lock down the configuration of the system and lock down the firmware versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration. And we can figure out if the drift was caused due to authorized changes or unauthorized changes. And if it's an unauthorized change, you can log in, generate security alerts, and we even have capabilities to automatically roll the firmware and OS versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of Zero Trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving the Zero Trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several boxes opened up, it locks alerts and you can figure out even later, if there's an AC power cycle, you can go look at the logs to see that the boxes opened up and figure out if there was a known authorized access or some malicious actor opening and changing something in your system. Great, thank you for that. A lot of detail and appreciate that. I want to go somewhere else now because Dell has a renowned supply chain reputation. So what about securing the supply chain and the server bill of materials? What does Dell specifically do to track the provenance of components it uses in its systems so that when the system's arrived, a customer can be 100% certain that that system hasn't been compromised. Right, and we talked about how complex the modern supply chain is, right? And that's no different for servers. We have hundreds of components on the servers and a lot of these require firmware in order to be configured and run and these firmware components could be done into third party suppliers. So now the complexity that we're dealing with requires the end-to-end approach and that's where Dell pays a lot of attention into assuring the security of our supply chain. And it starts all the way from sourcing components, right? And then through the design and then even the manufacturing process where we are vetting the personnel at the factories and vetting the factories itself and the factories also have physical controls physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security but a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tamper. And we have a feature called the Secure Component Verification which is capable of doing this. What the feature does is when the system gets built in the factory it generates an inventory of all the components in the system and it creates a cryptographic certificate based on the signatures presented to us by the components. And this certificate is stored separately and sent to the customers separating from the system itself. So once the customers receive the system at their end they can run out to it generates an inventory of the components on the system at their end and then compares it to the golden certificate to make sure nothing was changed. And if any changes are detected we can figure out if it is an authorized change or an authorized change. Again, authorized change this could be like upgrades to the drives or memory and an authorized change this could be any sort of tamper. So that's the supply chain aspect of it. And build of materials is also an important aspect to guaranteeing security, right? And we provide a software build of materials which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulnerabilities which are being discovered out in the wild affect their platforms. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. Excellent, that's really good. My last question is, I wonder if you give us the sort of summary from your perspective what are the key strengths of Dell's server portfolio from a security standpoint? I'm really interested in the uniqueness and the strong suit that Dell brings to the table. Right, yeah, we have talked enough about the complexity of the environments and how XeroPress is necessary for the modern idea environment, right? And this is integral to Dell PowerEd servers. And as part of that, you know, security starts with the supply chain. We have already talked about the secure component verification which is a unique feature that Dell platforms have. And on top of it, we also have a silicon-based platform root of Prust. So this is a key which is programmed into the silicon on the black servers during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of Prust that is used to verify everything in the platform from the hardware and software integrity to the boot on pieces of it, right? In addition to that, we also have a host of data protection features where it is protecting data access in news or in flight. We have self-encrypting drives which provides scalable and flexible encryption options. And this coupled with external key management provides really good protection for your data address. External key management is important because, you know, somebody could physically steal the server and walk away, but then the keys are not stored on the server. It's stored separately. So that provides you an additional layer of security. And we also have dual-layer encryption where you can complement the hardware encryption on the secure encrypted drives with software encryption. In addition to this, we have identity and access management features like multi-factor authentication, single sign-on, roles, scope, and time-based access controls, all of which are critical to enable that granular control and checks for a zero-dust approach. So I would say, like, you know, if you look at the Dell feature set, it's pretty comprehensive. And we also have a flexibility built in to meet the needs of all customers, no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that, you know, Dell Powered Server's cyber-resilient infrastructure helps accelerate zero-dust adoption for customers. Got it. So you've really thought this through all the various things that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks, Deepak. Appreciate you coming on theCUBE and participating in the program. Thank you for having me. You're welcome. In a moment, I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on theCUBE, your leader in enterprise and emerging tech coverage. Today's cyber threats can penetrate more deeply and more pervasively than ever. If a breach does occur, the sphere in which they could do damage should be minimized. Dell's cyber-resilient architecture, enhanced over many years, is the foundation for the critical elements of a zero-trust environment. To meet today's complex security challenges, Dell PowerEdge enables the seven pillars of zero trust with the advantages of its cyber-resilient architecture. We're back with a blueprint for trusted infrastructure partnership with Dell Technologies on theCUBE. And we're here with Mahesh Nagarathnam, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome. Good to see you. Hey, good morning, Devils. Nice to meet you. How's it going? Hey, so we've been digging into all the parts of the infrastructure stack. And now we're going to look at the all-important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations, including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? Yeah, so a few years ago, IT security in an enterprise was primarily putting a wrapper around the data center because IT was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a wrapper around it like a perimeter or a firewall was a sufficient response because you could basically control the environment and it was small enough to control. Today, with the distributed data, intelligent software different systems, multi-cloud environment and as a service delivery, the infrastructure for the modern era changes the way to secure the network infrastructure. In today's data-driven world, IT operates everywhere and data is created and accessed everywhere. So far from the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation, enabling maximum flexibility and business agility without any compromise on the security? We believe that in this data era, the security transformation must accompany digital transformation. Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore. So you can't just, as you say, put a wrapper around it. I like the way you phrase that. So when you think about cybersecurity resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable. One that spans the entire enterprise and with a consistent and objective and say policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resides on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again the same principles, right? You know, in order to prevent the threat actors from accessing, changing, destroying or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems. As we continue to evolve, this will also include the ability to adapt and recover from these attacks, which is what cybersecurity resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. Yeah, got it. So I like that. So it's got to be integrated, it's got to be scalable, it's got to be comprehensive, comprehensive and adaptable. You're saying it can't be static. Right, right. So I think, you know, you had a second part of a question, you know, that says, what do we, you know, one of the basic principles, you know, when you think about securing networking infrastructure. When you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now, accessing a network platform like a switch or a router, for example, is typically used for, say, configuration and management of the networking switch. So user access is based on, say, roles for that matter, you know, role-based access control, whether you're a security admin or a network admin or a storage admin. And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. Talking about software integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, you know, this is important because it could actually get hold of the system and, you know, you could get undesired results. In terms of validation of the images, it needs to be run through a digital signature. So it's important that when you're talking about, say, software integrity, A, you're ensuring that the platform is not compromised, you know, it's not compromised, and B, that any upgrades, you know, that happens to the platform is happening through, say, validated signature. Okay, so there's access control, software integrity, and I think you've got a third element which is, I think, response, but please continue. Yeah, so, you know, the third one is about vulnerability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of vulnerability that's being addressed by the Dell product security instant response team. So the networking portfolio is no different. You know, it follows the same process for identification, for triage, and for resolution of these vulnerabilities. And these are addressed either through patches or through new resources via networking software. Got it, okay, so I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but you, I think, gave it, you know, some clarity there. Software integrity, it's about assurance, validation, your digital signature you mentioned, and that there's been no compromise, and then how you respond to incidents in a standard way that can fit in to a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about, Dell trusted infrastructure? Okay, so networking is a key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world, and you know, it's part of any data center configuration. For a trusted infrastructure, the network needs to have access control in place where only the authorized persons are able to make change to the network configuration, and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between, say, the management network and the data traffic network, because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network, you have things like, say, segmentation, isolated segments via VRS or micro-segmentation via partners. This allows various level of security for each of those segments. So it's important that the network infrastructure has the ability to provide all these services. From a Dell networking security perspective, right? There are multiple layers of defense, you know, both at the edge and in the network, in the hardware and in the software. And it's essentially, you know, a set of the rules and the configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls, as I said, you know, including some network segmentation. We do have capabilities of say centralized management, automation and scalability for that matter. Now, you add all of these things, you know, with the open networking standards or a software defense principles. And you essentially, you know, reach to the point where, you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at, say that, you know, the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for a security boot. For example, we do have a, say, Trusted platform, you know, Trusted platform models, TPMs on certain offer products. And, you know, the physical security, you know, plain, simple old one-in-law port-enabled disciple. From a user trust perspective, you know, it's all done via access control base, via role-based access control and capability in order to provide, say, remote authentication or things like, say, sticky Mac or Mac learning limit and so on. If you look at, say, a transport and a session trust layer, these are essentially, you know, how do you access, you know, the switch, you know, is it by plain old telnet or is it like secure SSH, right? And, you know, when a host communicates, you know, to the switch, we do have things like self-signed or a certificate authority-based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say, for example, BGP, for example, we do have the capability to support MD5 authentication between the BGP peers so that there is no, you know, malicious attack, you know, to the network where the routing table is compromised. And the other aspect is about, say, control plane ACR, you know, it's typical that if you don't have a control plane ACR, you know, it could be flooded and, you know, the switch could be compromised by city and service attacks. From an application trust perspective, as I mentioned, you know, we do have, you know, the application-specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say, the digital signature and the cryptographic checks and that we do for authentication and rather for the authenticity and the validation of, you know, of the image and the binaries and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation. You know, the network separation could happen over VRF, plain old VLANs, you know, which can bring about, say, multi-tenancy aspects. We do talk about micro-segmentation as it applies to NSX, for example. The other aspect is, you know, we do have with our own smart fabric services that's enabled in a fabric, we have a concept of, say, cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. Yeah, so thank you for that. There's a lot to unpack there. You know, one of the premise, the premise really of this segment that we're setting up in this series is really that everything you just mentioned or a lot of things you just mentioned used to be the responsibility of the security team and the premise that we're putting forth is that because security teams are so stretched in, you got to shift the vendor community, Dell specifically is shifting a lot of those tasks to their own R&D and taking care of a lot of that. So, because SecOp team's got a lot of other stuff to worry about. So my question relates to things like automation, which can help in scalability. What about those topics as it relates to networking infrastructure? Okay, it enables state-of-the-art automation software, you know, that enables simplifying of the design. So for example, we do have, you know, the fabric design center, you know, a tool that automates the design of the entire fabric. And, you know, from a deployment and, you know, the management of the network infrastructure that are simplicity is, you know, using, you know, like Ansible playbooks for Sonic, for example, or, you know, for a better Citadel and Dell story, you know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads, for example. Now, we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or smart fabric services. If you look at Sonic, for example, right, it delivers automated, intent-based, secure, containerized network. And it has the ability to provide some network visibility and awareness. And all of these things are actually valid, you know, for a modern networking infrastructure. So now, if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic NOS is not restricted, you know, just to the data center infrastructure is, it's a unified NOS, you know, that's well applicable beyond the data center, you know, right up to the edge. Now, if you look at NOS from a smart fabric OS 10 perspective, you know, as I mentioned, we do have smart fabric services which essentially, you know, simplifies the deployment, day zero, I mean, rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyperconversion infrastructure solutions. And finally, in order to enable, say, zero-touch deployment, we do have, you know, our VP solution with our SD-WAN capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular NOS that can expand from a data center, now right to the edge. Great, thank you for that. Last question, real quick, pitch me, can you summarize from your point of view, what's the strength of the Dell networking portfolio? Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we've talked about the physical security, for example, it's a disabling of the unused interface, sticky Mac and trust of platform modules, other things that to go after. And when you're talking about, say, secure boot, for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And secure boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And secure boot also enables the boot loader prediction, for example, that is yet another aspect of software image integrity validation, you know, wherein the image is validated for the digital signature, you know, prior to any upgrade process. And if you're looking at secure access control, we do have things like role-based access control, SSH to the switches, control plane access control, that prevents the DOS attacks and access control through multi-factor authentication. We do have radius and tech acts for entry control to the network and things like CAC and PIV support, you know, from a federal perspective. We do have login wherein, you know, any event, any auditing capabilities can be possible by, say, looking at the Syslog servers, you know, which are pretty much, you know, transmitted from the devices over TLS, for example. And last, we talked about, say, network separation and, you know, this, you know, separation, you know, ensures that there is, you know, a contained segment, you know, for a specific purpose or for the specific zone and, you know, this can be implemented by a micro segmentation, you know, just a plain old vanilla VLANs or using virtual route of framework. We are responsible. A lot there. I mean, I think, frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for coming on theCUBE and explaining that in quite some depth. Really appreciate it. Thank you, Dave. Oh, you're very welcome. Okay, in a moment, I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how, when you enter the world of software-defined, where you're controlling servers and storage and networks via a software-led system, you can be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with theCUBE, your leader in enterprise and emerging tech coverage. Today's shifting landscape of data generation and traffic patterns and new models of infrastructure management have accelerated the complexity of IT overnight. Surging demands require reevaluating your entire network. Data traffic demands are exploding. If you're confined to traditional proprietary networks, you're lacking scalability, proven cloud-based solutions and automation. Modern open-source solutions are expensive to implement and maintain and too inflexible for meeting the requirements of today's enterprise customers. Operations are extremely complex and growing more complicated from edge to core to cloud. The design, implementation, and management of networks can feel overwhelming, especially when you're busy focusing on the future. Dell Technologies Open Networking opens up your possibilities to fuel innovation and deliver exceptional customer experiences. The Sonic framework provides a complete standard-space strategy for scalability and agility with the help of Dell Smart Fabric Solutions. You have supreme flexibility and control to boost data-driven intelligence across your entire network. Dell Technologies Open Networking delivers agile networking solutions your organization requires in our rapidly changing global economy. We're back with Jerome West, product management security leader for HCI at Dell Technologies Hyperconverged Infrastructure. Jerome, welcome. Thank you, David. Hey, Jerome, in this series, a blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage, servers, and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? So what's unique about hyperconverged infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization of use of software. I mean, HCI is all of those things. So luckily, we have excellent partners like VMware, Microsoft, and internal partners like the Dell PowerEdge team, the Dell Storage team, the Dell Networking team, and on and on. These partnerships and these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code, that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or Dell. So to confront this kind of sophisticated, hard to defeat problem, we need short-term solutions and we need long-term solutions as well. So for the short-term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio, we build our software on VMware. So we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VxRail's engineering team has co-engineered a release process with VMware that significantly shortens our development lifecycle so that VMware will produce a patch and within 14 days, we will integrate our own code with the VMware release, we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VxRail had over 40 releases of software updates last year. For a longer-term solution, we're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co-engineer with effective collaborations with our partners. Great, thank you for that description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, it to me, my takeaway was you got to have a short-term instant patch solution and then you got to do an integration in a very short time, two weeks to then have that integration done. And then longer-term, you have to have a software bill of materials so that you can ensure the provenance of all the components. Help us, is that a right way to think about cybersecurity resilience? Do you have additives to that definition? I do, I really think that cybersecurity and resilience for HCI, because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me give you an example. So HCI, it's basically taking a software abstraction of hardware functionality and implementing it into something called a virtualized layer. It's basically the virtual, virtualizing hardware functionality, like say a storage controller. You could implement it in hardware, but for HCI, for example, in our VxRail portfolio, we, our VxRail product, we integrated into a product called VSAN, which is provided by our partner VMware. So that portfolio strength is still through our partnerships. So what we do, we integrate these security functionality and features into our product. So our partnership grows to our ecosystem through products like VMware products, like NSX, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software partnerships on top of that. So for example, VxRail supports multi-factor authentication through vSphere's integration with something called Active Directory Federation Services, or ADFS. So there's a lot of providers that support ADFS, including Microsoft Azure. So now we can support a wide array of identity providers such as Auth0, or like I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners' partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through PowerEdge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. Great, I mean that's super helpful. You mentioned NSX, Horizon, Carbon Black of all the VMware component, Auth0, which the developers are gonna love. You got Azure identity. So it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway because you've got this software-defined environment and you're managing servers and networking and storage with the software-led approach. How do you ensure that the entire system is secure end-to-end? That's a really great question. So the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, the X-Rail is the market's only co-engineered solution with VMware. Other vendors sell VMware as a hyper-converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development lifecycle which other products might talk about in their discussions with you that we integrate into our engineering lifecycle. So because we follow the same framework, all of the code should interoperate from a security standpoint. And so when we do our final validation testing, when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. That's great. All right, let's close. Pitch me. What would you say is the strong suit, summarize the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio, specifically from a security perspective, Jerome? So I talked about how hyper-converged infrastructure simplifies security management because basically you're going to take all of these features that are abstracted in hardware. They're now abstracted in the virtualization layer. Now you can manage them from a single point of view whether it would be say, for VxRail it would be vCenter, for example. So by abstracting all of this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the key to making it to HCI. Now what makes Dell the market leader in HCI is not only do we have that functionality but we also make it exceptionally useful to you because it's co-engineered. It's not bolted on. So I gave the example of Sbom. I gave the example of how we modify our software release process with VMware to make it very responsive. A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell. That's not done through a partnership. So we digitally sign our software updates. So the user can be sure that the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's unvalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage. It all comes in a package. So it can be all managed through vCenter, for example. And then the specific hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few panes of glass that the administrator or user ever has to worry about. It's all self-contained and manageable. That makes a lot of sense. So you got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, they got to deal with cloud security, they got to deal with multiple clouds. Now they have their shared responsibility model going across multiple clouds. They got all this other stuff that they have to worry about. They got to secure the containers and the runtime and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the security is going to get worse. So what my takeaway is, you're removing that infrastructure piece and saying, okay, guys, you now can focus on those other things that is not necessarily Dell's domain, but you can work with other partners and your own teams to really nail that. Is that a fair summary? I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user-friendly and practical. And this is a challenge sometimes because our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user-friendly or management-friendly. So I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with? And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and other highly regulated environments and we're very successful. Excellent, okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always advance in the tech industry and so we'd appreciate that. I would look forward to it. Thank you very much, Dave. You're really welcome. In a moment, I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. Dell EMC VxRail drives continuous innovation for your business with infrastructure that gives you the flexibility to deploy HCI to match your workloads and environments. Use VxRail dynamic nodes to scale asymmetrically and utilize storage more efficiently and new single node VxRail satellite nodes with the latest Intel technology to optimize at the edge. Satellite nodes extend the power of HCI and the same VxRail infrastructure and management you use in the data center to the far edge, while still maintaining VxRail's operational experience with automation and simplified life cycle management. Take a hospital ecosystem, for example. With VxRail clusters and dynamic node clusters in the data center and satellite nodes at the edge, all of the VxRail systems work seamlessly together and share the same operating model. It's the same VxRail hyper-converged infrastructure and VxRail HCI system software so management is simplified and streamlined. VxRail HCI increases flexibility by enabling you to deploy standardized technology to match your workloads where it's needed. VxRail is right at home in the data center with its simple management and scalability. And when you add dynamic nodes into the mix, you can now pool and utilize unused VSAN storage across your existing VxRail clusters with VMware HCI mesh, scaling when and where you need based on workload requirements. Continually expand VxRail, depending on your needs and locations. Sharing storage across clusters gives you increased flexibility to deploy the right VxRail infrastructure where you need it. And with VxRail satellite nodes, you can get the same incredible operations and performance you know and love with VxRail at the edge. Dynamic nodes and satellite nodes simplify your end-to-end operations, accelerate enterprise modernization and optimize efficiency and costs by removing the need for multiple types of disparate infrastructure with configurations designed for your unique workloads, giving you truly flexible deployments and consistent VxRail hyper-converged infrastructure from core to edge. Begin your VxRail deployment with Dell Technologies and the hyper-flexibility of dynamic nodes and satellite nodes today. I want to thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for DevSecOps teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality, provenance and data protection designed in to core infrastructure like servers, storage, networking and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on-prem or at the edge, you are responsible for your own security. But vendor R&D and vendor process must play an important role in easing the burden faced by security, devs and operation teams. And on behalf of theCUBE production, content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember, part one of this series, as well as all the videos associated with this program and of course today's program are available on demand at thecube.net with additional coverage at siliconangle.com and you can go to dell.com slash security solutions, dell.com slash security solutions to learn more about Dell's approach to securing infrastructure. There's tons of additional resources that can help you on your journey. This is Dave Vellante for theCUBE, your leader in enterprise and emerging tech coverage. We'll see you next time.