Dell EMC PowerEdge C6525 Management
The Dell EMC PowerEdge C6525 offers Dell iDRAC 9. Logging into the web interface, one is greeted with a familiar login screen.
An important aspect of this system that many potential buyers will be interested in is the integration with existing Dell management tools. Since this is iDRAC 9, and Dell has been refining the solution for a few years even with AMD platforms, this works as one would expect from an Intel Xeon server. If you have an existing Xeon infrastructure, Dell makes adding AMD nodes relatively transparent.
Another feature worth noting is the ability to set BIOS settings via the web interface. That is a feature we see in solutions from top-tier vendors like Dell EMC, HPE, and Lenovo, but many vendors in the market do not have.
The iKVM feature is a must-have feature for any server today as it has one of the best ROI’s when it comes to troubleshooting. iDRAC 9 features several iKVM console modes including Java, ActiveX, and HTML5.
Modern server management solutions such as iDRAC are essentially embedded IoT systems dedicated to managing bigger systems. As such, iDRAC has a number of configuration settings for the service module so you can set up proper networking as an example. This even includes features such as detailed asset tracking to monitor what hardware is in clusters. Over time, servicing clusters often means that configurations can drift, and Dell has solutions to help the business side of IT such as tracking the assets.
We probably do not cover this enough, but there are other small features that Dell has. Examples here are selecting the boot device at next boot, important if you want to boot to iKVM media for service or something like that. Dell has an extremely well-developed solution that is a step above white box providers in terms of a breadth of features. Many providers offer the basic set, but Dell has something that goes beyond this.
As we mentioned earlier, Dell is still monitoring the C6525 at the node level whereas we are seeing an industry trend towards putting BMCs in 2U4N chassis. Since many of the hyper-scalers are moving towards more BMCs, this is something that we expect will be more common.
There is another aspect of iDRAC 9 that impacts our testing. We are going to cover that in the test configuration before getting to performance.
Dell EMC PowerEdge C6525 Test Configuration
For our testing we used the following configuration:
- System: Dell EMC PowerEdge C6525 4-node configuration
- CPUs (in pairs): 4x Dual AMD EPYC 7452 (32 core/ 64 thread) processors
- Memory: 512GB (16x 32GB) per node
- SSDs: 2x Intel DC S3710 400GB SSDs per node
- OCP LAN: Broadcom 25GbE OCP NIC 3.0
This is a fairly lightweight configuration but these would be typical configurations for this server. We had to augment the configuration Dell sent in order to make it similar to other test configurations we had.
Normally with 2U 4-node systems, we augment the system by adding different processors. We then test higher and lower TDP parts. With the Dell EMC PowerEdge servers, we cannot do this. The PowerEdge C6525. Without a BMC, iDRAC 9 blows field-programmable fuses in the AMD EPYC CPUs in order to bind CPUs to Dell platforms as a security measure. This was actually a feature we first found on the Dell EMC PowerEdge R7415 the hard way, but it took us until after that review to confirm.
Without a PCH, this is used to secure the platform, but it is a big difference. For us, we cannot put our EPYC CPUs in this chassis and risk that they become unusable in platforms from other vendors that we test. We have confirmed that this is expected functionality with both AMD and Dell.
For buyers of these systems, this is a net good feature. Increasing platform security is a primary objective for Dell, AMD, and customers. Where this can be problematic, outside of a lab context, is in the circular economy of IT parts. After a HPC center or enterprise customer removes these systems, the CPUs cannot be used outside of the Dell ecosystem if they have these fuses blown. Take a liquid-cooled C6525 installation. Many purchasing equipment on the used market will not have liquid cooling. The CPUs will likely be removed from these nodes. After they are removed, the node will likely need to be recycled and the CPUs will only be usable in Dell sockets leading to an oversupply of CPUs compared to sockets. To Dell and its customers, this is not necessarily their concern as these are downstream users of this gear, just as we were of the C6100. The concern is simply that this behavior is aligned with security over eco-friendliness as it will produce a lot of waste of assets that could otherwise be utilized by downstream customers.
Next, we are going to look at the PowerEdge C6525 performance before giving our final thoughts.
 server with one kilo-thread of AMD EPYC 7002 CPUs){kind=link}
“We did not get to test higher-end CPUs since Dell’s iDRAC can pop field-programmable fuses in AMD EPYC CPUs that locks them to Dell systems. Normally we would test with different CPUs, but we cannot do that with our lab CPUs given Dell’s firmware behavior.”
I am astonished by just how much of a gargantuan dick move this is from Dell.
Could you elaborate here or in a future article how blowing some OTP fuses in the EPYC CPU so it will only work on Dell motherboards improves security. As far as I can tell, anyone stealing the CPUs out of a server simply has to steal some Dell motherboards to plug them into as well. Maybe there will also be third party motherboards not for sale in the US that take these CPUs.
I’m just curious to know how this improves security.
This is an UNREAL review. Compared to the principle tech junk Dell pushes all over. I’m loving the amount of depth on competitive and even just the use. That’s insane.
Cool system too!
“Dell’s iDRAC can pop field-programmable fuses in AMD EPYC CPUs that locks them to Dell systems”?? i’m not quickly finding any information on that? please do point to that or even better do an article on that, sounds horrible.
Ya’ll are crazy on the depth of these reviews.
Patrick,
It won’t be long before the lab could be augmented with those Dell bound AMD EPYC Rome CPUs that come at a bargain eh? 😉
I’m digging this system. I’ll also agree with the earlier commenters that STH is on another level of depth and insights. Praise Jesus that Dell still does this kind of marketing. Every time my Dell rep sends me a principled tech paper I delete and look if STH has done a system yet. It’s good you guys are great at this because you’re the only ones doing this.
You’ve got great insights in this review.
To who it may concern, Dell’s explanation:
Layer 1: AMD EPYC-based System Security for Processor, Memory and VMs on PowerEdge
The first generation of the AMD EPYC processors have the AMD Secure Processor – an independent processor core integrated in the CPU package alongside the main CPU cores. On system power-on or reset, the AMD Secure Processor executes its firmware while the main CPU cores are held in reset. One of the AMD Secure Processor’s tasks is to provide a secure hardware root-of-trust by authenticating the initial PowerEdge BIOS firmware. If the initial PowerEdge BIOS is corrupted or compromised, the AMD Secure Processor will halt the system and prevent OS boot. If no corruption, the AMD Secure Processor starts the main CPU cores, and initial BIOS execution begins.
The very first time a CPU is powered on (typically in the Dell EMC factory) the AMD Secure Processor permanently stores a unique Dell EMC ID inside the CPU. This is also the case when a new off-the-shelf CPU is installed in a Dell EMC server. The unique Dell EMC ID inside the CPU binds the CPU to the Dell EMC server. Consequently, the AMD Secure Processor may not allow a PowerEdge server to boot if a CPU is transferred from a non-Del EMC server (and CPU transferred from a Dell EMC server to a non-Dell EMC server may not boot).
Source: “Defense in-depth: Comprehensive Security on PowerEdge AMD EPYC Generation 2 (Rome) Servers” – security_poweredge_amd_epyc_gen2.pdf
PS: I don’t work for Dell, and also don’t purchase their hardware – they have some great features, and some unwanted gotchas from time to time.
What would be nice is some pricing on this
Wish the 1gb Management nic would just go away. There is no need to have this per blade. It would be simple for dell to route the connections to a dumb unmanaged switch chip on that center compartment and then run a single port for the chassis. Wiring up lots of cables to each blade is a messy. Better yet, place 2 ports allowing daisy chaining every chassis in a rack and elimate the management switch entirety.
Holy mother of deer… Dell has once again pushed vendor lock and DRM way too far! Unbelievable!
It’s part of AMD’s Secure Processor, and it allows the CPU to verify that the BIOS isn’t modified or corrupted, and if it is, it refuses to post.. It’s not exactly an efuse and more of a cryptographic signing thing going on where the Secure Processor validates that the computer is running a trusted BIOS image. The iDRAC 9 can even validate the BIOS image while the system is running. The iDRAC can also reflash the BIOS back to a non-corrupt, trusted image. On the first boot of an Epyc processor in a Dell EMC system, it gets a key to verify with; this is what can stop the processor from working in other systems as well.
Honestly, there is no reason Dell can’t have it both ways with iDrac. iDrac is mostly software, and could be virtualized with each VM having access to one set of the hardware interfaces. This ould cut their costs by three, roughly, while giving them their current management solution. After all, ho often do you access all four at once?
haw is the price for this server PowerEdge C6525