In response to the US National Defense Authorization Act, HPE is taking the opportunity to bring more of its manufacturing back to the US. With HPE Trusted Supply Chain servers, HPE gets to designate its servers with a “Country of Origin USA” label. We had a chance to discuss with HPE the new offering ahead of its launch.
HPE Trusted Supply Chain Servers Built in the USA
The driver for the HPE Trusted Supply Chain is, as one may expect, nationalistic calls for technology that has secure origins. All major global governments and critical sectors are looking for a way to secure the building blocks of their technology infrastructure. HPE has crafted a solution for these calls.
Concerns around the hardware supply chain are important, and there is heightened industry awareness around hardware security. The HPE Trusted Supply Chain is a very cool offering to address these needs.
HPE has a manufacturing facility in Chippewa Falls Wisconsin. There, it has vetted personnel that can assemble the server. We also asked HPE, and they said they have met the requirements for getting a Country of Origin USA label. Note, that is different than Made in the USA. We were told not all of the components are manufactured in the US, but enough are to meet requirements.
As we discussed the offering with HPE, the company is thinking well beyond just the assembly of the server. That is just the start of hardware security and HPE is thinking beyond the lifecycle.
For example, HPE has a server configuration lock feature that uses cryptographic signing to ensure that the configuration that leaves the factory is the same configuration that is next booted. If a component is altered or swapped, that is immediately flagged so that operators know a change has occurred. This is important for ensuring configurations remain safe after they leave the factory.
Keeping hardware shipments safe after they leave the factory is a major industry concern. Interception of servers in-transit is a big deal since they can often pass through logistics chains that can be compromised. Not only does HPE offer a secure firmware base, and the ability to configuration lock the systems, it can also deliver the servers to data centers and get them installed. This allows HPE to screen the folks in the logistics chain handling servers adding another layer of security.
The cost of the “T” series servers is higher, but it is not expected to be a 50-100% premium. Our sense is that the market will likely pay a 10-25% premium for this designation. Part of that cost will be offset through what HPE says is a lower cyber insurance premium.
Make no mistake, HPE has an awesome offering for the security market, with a very specific caveat: currently, the only offering is the HPE ProLiant DL380T Gen10. The “T” represents the trusted supply chain. HPE told us to expect expanded offerings in 2020 and we expect those to include even an AMD EPYC platform if not more than one. HPE also said it will offer servers made elsewhere, for example for Europe as it now has a blueprint to replicate this type of solution.
We are now seeing servers from other vendors using language such as “Assembled in United States” or similar as they try to cater to new RFPs. There are now multiple Silicon Valley factories pumping out high volumes of servers where the final assembly is happening locally. HPE is going a step beyond that with its new T offerings that encompass more than just hardware and all the way to installation. That also means that its other servers are now not produced via the company’s Trusted Supply Chain.
This is not necessarily an announcement of a “new” server. The DL380 is a well-known server and the DL380T is more of a variant for the Trusted Supply Chain variant. It does not offer new levels of performance. Instead, it is designed to offer different sourcing and security options to those that need that type of assurance.