Now you can enjoy secure management of your on-premises devices – from anywhere in the world – using only your web browser. HPE GreenLake for Compute Ops Management can change the way you think about and manage your distributed environment. Read on to learn more.
Managing devices from the cloud can sound like a scary proposition – but the good news is that it doesn’t have to be.
HPE recently announced HPE GreenLake for Compute Ops Management and I want to discuss and further explain about how HPE provides this compute management service, in a secure manner, from a cloud portal for your on-premises devices.
So, what is HPE GreenLake for Compute Ops Management – and how can it change the way you think about and manage your distributed environment?
This new software as-a-service offering enables you to securely onboard, connect and manage your servers from a cloud-based management platform – from anywhere. Compute Ops Management provides the ability to inventory, monitor, manage, and update servers, regardless of compute device location. Multiple data centers? No problem. Multiple geographies? Ditto. Plus, with automated updates to the software platform being added to Compute Ops Management at a regular cadence, new services, features, fixes, and capabilities are available instantly for customers like you.
Advanced security features in the cloud
So – we have a cloud-based platform to manage your compute device, but you are probably wondering how we can get it to securely connect to the cloud. The basic answer is IEEE standard 802.1AR.
All HPE compute devices ship with an embedded identifier, called an Initial Device Identifier (IDevID), that is cryptographically signed by HPE at the factory and is not modifiable. With that IDevID certificate, your device can authenticate to a cloud base endpoint by providing its unique ID. Because the device has a certificate signed by HPE, the cloud service can verify the identity of the device (for example, the serial number) and ensure that it is a valid device. If a device doesn’t present a certificate that has been signed by HPE, then the device is not allowed to make that connection.
The device has a trust chain that allows it to verify the cloud endpoint that it is connecting to. This allows both sides to verify and establish trust, knowing who is at the other end. This is called mutual authentication, and since it establishes a Transport Layer Security (TLS) connection, the connection is called a mutual Transport Layer Security (mTLS) connection. This same mTLS connection verification happens when downloading firmware. The mTLS connection means that a device that is downloading firmware from a remote endpoint can be assured that it is a verified HPE server providing the files.
But wait.
You may be wondering how does the cloud reach down inside of my data center and make that connection? The truth is - it doesn’t. The cloud never initiates a connection to a device; the device always initiates the connection to the cloud.
This is a standard HTTPS connection from the device, optionally through an HTTP proxy that, once connected, is upgraded to a secure websocket connection. A websocket connection is a persistent connection that remains in place and allows data traffic to flow in both directions. The connection is always initiated by the device, but once established, the cloud can request information or inventory status, check health, or perform operations with that server. We all know that the internet can be flakey at times, but the device connection was built with this in mind. If something interrupts the communication between the device and the cloud, the device will notice the disconnection and automatically reconnect for you.
Security on the cloud portal side is important as well. Compute Ops Management only allows HTTPS connections, using TLS 1.2+ and strong ciphers. Analysis from Qualys SSL Labs gives our endpoint configuration an A+ rating.
Rest easy with secure management
Hopefully, this article has given you a sense of the safety measures that Compute Ops Management has implemented to help ensure secure device connectivity from an on-premises managed device to the cloud-hosted portal.
Now you can enjoy secure management of your on-premises devices from anywhere in the world – using only your web browser. And here is more good news. You can try it out today for free. Compute Ops Management is now generally available for a 90-day free trial and will be available as a subscription purchase starting in June 2022.
Visit HPE GreenLake for Compute Ops Management to request your free trial, and start taking advantage of this next generation of secure server management today!
Compute Experts
Hewlett Packard Enterprise
twitter.com/hpe_compute
linkedin.com/showcase/hpe-servers-and-systems/
hpe.com/servers
ComputeExperts
Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.