Contrary to popular myths, innovation doesn’t tend to burst forth out of a lab in a bubbling cauldron of glory with inventors all shouting “Eureka!” It’s more of a grinding process where ideas get shared, debated, tested, reformulated, advanced and eventually channeled into a technology that creates a solution that generates real value.
But along the way, there are critical points when innovation pops – when it takes an important turn. That’s what happened with Project Aurora at HPE Tech Con in 2020.
Tech Con is HPE’s annual innovation conference. It brings together dozens of innovators from across the company to celebrate their best work, share ideas and spark new connections. As a working conference, Tech Con provides three intense days of activity, connecting technologists from multiple disciplines, business units and geographies under one roof.
Tech Con is celebrating its 20th anniversary in 2022. It’ll be a time for those of us who are attending to attack new challenges involving new technologies and new techniques. It will also provide an opportunity to celebrate past projects that accelerated at Tech Con – projects like Gen-Z, Photonics, Rack Scale liquid cooling and power infrastructure, secure attestation of compute infrastructure, and, of course, Project Aurora.
When HPE CEO Antonio Neri previewed Project Aurora publicly at Discover 2021, he hailed it as “a new way of thinking about security – edge to cloud.” He discussed Project Aurora’s ability to deliver true cloud-native, zero trust security that can be deployed anywhere.
Now, nearly a year later, Project Aurora technology underpins HPE’s GreenLake cloud services platform. Aurora continuously identifies zero-day threats, enabling enterprise security teams to cut the time it takes to snuff out breaches from 28 days down to mere seconds.
That’s innovation.
But two years ago, Project Aurora was more of an idea and an assemblage of technologies than a sure thing. It took a gathering of experts at Tech Con to push it forward onto the track that led to the success the technology is enjoying today.
I was part of the team that worked on Project Aurora for several years. Here’s where the project stood heading into Tech Con 2020.
Previously, at Tech Con 2017, Gary Campbell’s team (HPE Security CTO) presented ContainerOS and Verification Framework as posters and formal presentations. In the Lightning Round we presented an idea for a “memory-side accelerator” for integrity monitoring. We got feedback from other attendees that the accelerator approach was not practical. This led us to brainstorm alternatives combining ideas from both ContainerOS and the memory-side accelerator. A week after Tech Con, this gave us the idea for DIME, a kernel integrity monitor that is now a critical part of Project Aurora.
Three years later there was a major inflexion point for our work. At the time HPE leaders were looking to advance projects that would support the company’s vision to embrace an as-a-service model in its technology offerings. Neri himself had taken an active interest in exploring innovative ways to provide secure services across platforms. Our CEO challenged Mark Potter, HPE’s global CTO at the time, to come up with some ideas about how to drive the process faster.
This led to a series of technical discussions involving a number of stakeholders in early 2020 on things that we could do support HPE’s pivot to as a service. So, during one of the breaks at Tech Con Mark assembled about 8-10 of us in a windowless room around a U-shaped conference table to discuss ways to implement secure services in an edge-to-cloud world in support of HPE’s pivot to “as-a-service.”
What many of us envisioned as a standard discussion turned into an intense brainstorming session that stretched out over three hours. During the meeting we debated ways to use the technologies in tandem to improve a system’s ability to snuff out intrusions on a continuous basis. And that was the catalyst that started Project Aurora: combining DIME and Verification Framework to provide a secure services platform, together with SPIRE and SPIFFE for service identity management.
Conversations about zero trust security tactics continued throughout Tech Con whenever two or more of the participants met up: at meals, coffee breaks and many of the social gatherings. It set the stage for many meetings to come.
Events like Tech Con give subject matter experts the opportunity to weigh in on projects they normally wouldn’t be exposed to. One memorable example of this took place in 2020. While attending the team’s Verification Framework poster, Neil MacDonald, head of HPE’s compute business, told presenters he was looking for a solution that doesn’t require an agent on the customer’s OS. That led to a three-way collaboration between our team, HPE’s iLO (Integrated Lights Out) and UEFI (Unified Extensible Firmware Interface) teams. The teams produced a significant new feature for Project Aurora called Agentless Attestation.
At the time, I had been to all but two of the 18 Tech Cons. I had always appreciated the opportunity to get feedback and learn from smart people on projects we had been working on together and others that were moving through the pipeline elsewhere in the organization. I had learned a lot at Tech Con over the years. The opportunities that arise from working across organizational boundaries with others in a physical setting is something you just can’t overstate.
That said, I had never experienced a Tech Con quite like the one that took place just a few months into the pandemic in 2020. Many of us walked away from that conference with a spring in our step. We felt energized, exhilarated and determined to make the project a success.
From there, the group kept the momentum going. In September 2020 HPE formed a new organization to help execute the project Aurora vision: HPE Security Engineering (HSE), under Gary Campbell, the HPE Security CTO. HSE merged Gary’s team with the team that came in from HPE’s acquisition of Scytale. SPIFFE and SPIRE, two key technologies from Scytale, had always been part of the Aurora vison, even though the acquisition didn’t close until after Tech Con.
The newly formed team gave us the technical capabilities in SPIFFE and SPIRE. It also gave us the considerable energy, leadership and business skills of Sunil James (formerly CEO of Scytale) and Andrew Jessup (formerly product director of Scytale). This enabled us to get to the next stage and execute Aurora for the next 12 months to get us to where we are today.
Like other innovations, Project Aurora didn’t spring fully formed out of a lab. It coalesced over a period of years, bringing together contributions of hundreds of participants from across the world. Several of its components benefited from or even were invented because of feedback received from colleagues at earlier Tech Cons. The final product that’s been produced is a true organization-wide accomplishment.
Tech Con played a critical role in the development of Aurora’s technology and the delivery system. It may not have provided a “Eureka” moment, but it did serve as a catalyst for a resource that will be important for HPE’s future.
Nigel Edwards
Nigel leads the architecture team in HPE Security engineering. He works on platform security focused on measuring and verifying hardware, firmware, software and service integrity. He has worked for the company for 34 years and has 33 granted patents. Nigel is a HPE Fellow, a Chartered Engineer and has a PhD in Electrical and Electronic Engineering from the University of Bristol, UK.
HPE-Editor
Editor-in-chief for the HPE Advancing Life & Work blog.
