Protect against compromised code/malware & improve VM protection: Gen10 + Windows Server 2016

When you pair Hewlett Packard Enterprise Gen10 Servers, the most secure industry standard servers, and Microsoft Windows Server 2016, the most secure version of Microsoft's server operating system, you give your customers new advanced security features that work together to keep their server infrastructure (and valuable data) safe. Today we will take a closer look at a few Gen10 and Windows Server 2016 security features that help detect and protect against compromised code and malware.

HPE Gen10 Servers Silicon Root of Trust enables the detection of previously undetectable compromised firmware or malware. With the iLO Advanced Premium Security License, the iLO5 chipset now enables Runtime Firmware Validation. This means the iLO5 chipset performs the same checking process that happens during the boot process on a continual basis while the server is running. As frequently as once a day, iLO5 runs a background verification check on the iLO5 firmware and the UEFI BIOS. This gives your customers a distinct advantage in quickly knowing if an attacker has compromised their firmware and helps get the customer back on the road to recovery. And, your customers can rest assured knowing the process can be fully trusted, because it is rooted in the hardware at the silicon fabrication facility.

In the unlikely event that iLO5 finds tampering or corruption at any point in the process, trusted firmware is immediately available for Secure Recovery. If iLO5 finds that its own firmware has been compromised, it will load its own authenticated firmware from an integrated backup. The Secure Recovery of iLO5 firmware is always available and always automatic—regardless of the license. If iLO5 should happen to find that the system BIOS has been compromised, iLO5 will try to recover from a backup copy. If the backup copy is also compromised and the customer has upgraded to the iLO Advanced Premium Security Edition license, iLO5 can automatically recover authentic firmware.

To boost the security features found in iLO5, Windows Server 2016 now includes Windows Defender Antivirus, a malware protection that immediately and actively protects your customers’ operating systems against known malware and can regularly update anti-malware definitions through Windows Update. Windows Defender gives customers immediate protection, minimizing security exposure during first run and scheduled updates, and always-on protection that monitors and scans all downloads and applications.

In addition, your customers can have peace of mind knowing their server environment and data are secure and their OS is not compromised thanks to Secure Boot. Secure Boot is a feature of UEFI that ensures that each component loaded during the boot process is digitally signed and validated, protecting Windows Server against malware or other tampering. In the presence of a rootkit, the UEFI would not allow it to boot.

Last, but not least, the Host Guardian Service is a new server role introduced in Windows Server 2016 and is the centerpiece of the guarded fabric solution. It is responsible for ensuring that Hyper-V hosts in the fabric are known to the hoster or enterprise and running trusted software and for managing the keys used to start up shielded Virtual Machines (VMs). Host Guardian Services help to keep trust and isolation boundary between the cloud infrastructure and guest OS layers, while managing and authorizing the release of the encryption keys used to shield VMS.

With these Gen10 and Windows Server 2016 security features working together, your customers and their data will be continually protected from the very first time they start their server.

Have questions about HPE OEM Microsoft products/solutions, Windows Server 2016, or HPE Servers? Join the Coffee Coaching community to keep up with the latest HPE OEM Microsoft news and interact with HPE and Microsoft experts.

Follow us on Twitter | Join our LinkedIn group | Like us on Facebook| Watch us on YouTube | Email us a question

About the Author


Willa manages the HPE | Microsoft Coffee Coaching program. Follow along to learn more about the latest HPE OEM Microsoft product releases and how the HPE Microsoft partnership can benefit partners and customers.