Exclusive: HPE’s multicloud strategy and securing the edge
The development technology is constantly testing the limits of existing compute and storage infrastructure.
One of the companies innovating to stay ahead of the curve is HPE, with its in-house research and development department HPE Labs constantly working on refining and creating new solutions.
SecurityBrief spoke to HPE ProLiant and Cloudline servers global business unit VP and GM Justin Hotard to gain an insight on HPE’s server strategy.
What’s the reason for HPE’s renewed focus on a multicloud strategy?
The benefit of multicloud manageability with OneSphere is it allows customers to get an integrated view across the entire environment and what we see with these workloads is based on geography or the specific element of a workload, sometimes it’s more cost effective to have it on-prem, you may have requirements that push you to the cloud, you may need to manage devices at the edge.
But having a single pane of visibility and being able to migrate and manage workloads across it is a huge level of simplification for customers because they no longer have to sit there and try to aggregate that up or worse, run in silos.
They can see across their enterprise.
Last year, we also introduced security features like intrusion detection to our devices and servers.
If you have a distributed network of infrastructure, you need to know if anything is compromised, because the data isn’t in a controlled data centre, where you have clear access control.
Even if it’s secure, it may be remote, that means knowing if someone is in a part of a building, or services something else, you can ensure that they can't compromise the device, especially if you’re making business-critical decisions on this infrastructure, and I think that’s another element.
What has HPE done to ramp up server security since the first features were introduced?
We implemented a secure root of trust in all our devices.
That means when the device boots up and anytime it’s live, all the components and the firmware inside the device will be authenticated so we know they’re the real and correct device.
There have been major breaches in the industry with things like credit card terminals.
There’s a device that physically sits at the edge.
You can put a device on an ATM that can skim card and consumer data.
Servers are becoming much more distributed - in office buildings, in retails shops, in different campuses - knowing that what’s running there is authentic, so if someone tries to insert malware into the firmware via USB stick or goes in physically and swaps a drive, the system will actually know that, and recognise it and create an alert.
What we’ve also done since then is we’ve allowed for recovery, so you can actually recover back to a healthy state.
That’s not only a security aspect, it’s an IT operations value point because you might have a policy where you don’t want to upgrade firmware on a device, on a certain environment, or on certain servers for whatever reason.
This allows you to then roll it back and recover that environment.
So those are the kinds of things that we’re doing because we recognise that we can’t just assume that the compute infrastructure is going to be in this stable core network, it’s really not all going to be in the cloud, so our customers need to have manageability to contemplate all of the different scenarios that could happen.
Security will continue to grow as a major aspect of our products as compute becomes more distributed.
How does HPE mitigate the security risk while data is being transferred from different cloud environments?
So in a multicloud environment, your data flows are largely protected by the way you architect your network.
You’re expecting the cloud hosters to protect your data, but that’s a part of the customer’s infrastructure design.
What the multicloud environment allows you to do is manage and move your data, so once you’re confident or comfortable that it’s secure, you’re managing across it.
If there was a security or availability issue with a multicloud environment, having something like OneSphere where you can move across it allows you to quickly migrate your applications and data and give you stability and consistency of operation.
How does HPE package its offerings for the SMB markets?
Our priority in terms of how we go to market is through partners.
Partners vary in their business models - we have partners like resellers, system integrators, and managed service providers for SMBs.
We used to push a lot of complexity out to those partners and leave it to them to integrate their server or build the solution that they want.
What we’re really pulling back to across the portfolio is a solution approach.
So if you need a solution that runs VMs, we recommend a good, better, and best architecture, and that cuts across the majority of these kinds of workloads.
We’re actually bundling software in some cases to make it easier for them.
The whole idea is rather than pushing out the complexity out to our partner, give them a curated set of solutions for the workloads that they have across the platforms we sell for their customers.
So their focus is really on, “How do I take that hardware and deliver it to my customer and solve their problem, do I package PointNext services into it, how do I potentially leverage HPE OneView, how I pull all that together?”
When did you start transitioning to this more structured model?
The first products were released in the market about five months ago.
From there, we’ve been actively releasing new offers to continue to expand on that capability.
The partner community has been very positive.
They see a lot of value on getting the expertise and the advice and really focusing on their customer’s solution and being able to take a set of recommendations from us, having a few choice points around where they configure, and what options they might choose, what serviced options they might choose as an example, and then focus on delivery and solve their customer’s problem.
It also helps with time to market, speed, and it’s an offer available across our partner community, so they’re able to take advantage of it, whether they’re one of our largest partners or one of our smaller partners.
The partner community that serves SMBs varies widely.
You can have a large pan-Australia/New Zealand partner that supports them, or you might have someone who’s very local who’s hosting a few SMBs in a town or a small city, and the benefit of this is that it’s available and accessible to all of them.