Your server refresh cycle: Ensuring security

Here's how can you keep your assets secure during a server refresh cycle without breaking the bank.

server refresh cycle

Advances in server technology will make your next server refresh cycle less expensive and more secure than ever before.

Not only is the latest generation of servers more powerful and more energy efficient than ever, they are safer, too. Here’s how can you keep your data assets secure during a server refresh cycle without breaking the bank.

Recent hack attacks have illuminated for many of us the vulnerability of our installations. Firewalls can only go so far, especially in a Bring Your Own Device (BYOD) environment. Vendors of Central Processing Units (CPU) are rising to the occasion, and new servers have built-in features to assist hardware to protect the Operating System (OS), key applications and key data.

Owners of aging server farms need to look hard at this. Any server more than four years old will have slow Hard Disk Drives (HDD), small memories and low-power CPUs. The time to replace has arrived, with either much more performance to complete work quickly, or a smaller server farm to do the same task.

Commercial Off-the-Shelf (COTS) server technology has a long lead over legacy systems. Winning on all fronts — including performance, power, cost and size, and assuredly much less expensive to own and operate — there is a compelling case to make the transition to these devices.

Before we delve into how these advances can help you to maintain security during your next server refresh cycle, let’s have a look at recent advances in COTS server technology using either x64 chips or Advanced Reduced Instruction Set Computer Machines, which are also known as ARM chips.

Server refresh cycle: Latest advances work in your favor

COTS server technology is on a roll. Core counts of CPUs are increasing, as is the performance of each core. Dynamic Random Access Memory (DRAM) capacity is expanding rapidly, allowing for in-memory databases. And a new “top dog” has appeared, with major vendors offering a server with 15-core Intel Xeon processors and as much as 6 Terabytes of DRAM.

Even with this extra horsepower, x64 servers are becoming more energy efficient than ever. CPU and DRAM both give more Bang-for-the-Watt, and Solid-State Disk (SSD) is reducing peripheral power budgets dramatically. Compared with old HDD-based designs, server storage performance is increased between 100x and 1000x. Latencies of around 20 microseconds compare very well with the 5 milliseconds to 10 milliseconds of HDD.

Packaging approaches are also advancing. Server mini-clusters – in which four servers are packaged together to share redundant power supplies – add efficiency. For example, if you install these in containerized datacenters in northerly latitudes, it may be possible to run zero-chill for most, if not all, of the year, especially if SSDs are used. This dramatically decreases your expenses for cooling and electricity in the datacenter.

The x64 architecture isn’t alone in advancing rapidly. Now entering the server market are ARM-based microservers. These offer high numbers of server engines and are designed mainly as platforms for Web services.  With ARM64 designs expected in 2014, these will deliver on performance per watt, too.

Some new features come with all this performance, including ones only seen in proprietary architectures. That 6TB system supports DRAM mirroring and memory error soft fail, so uptime is better, as most DRAM problems are recoverable.  SSDs have lower failure rates than hard drives, too, adding to system durability.

Server refresh cycle: Keeping data secure

So what do all these advances mean for your ensuring security during your next server refresh cycle?

On x64 machines, a feature called the Trusted Platform Module (TPM) is used to store cryptographic data, including encryption keys. Used with software such as Microsoft’s BitLocker, it is possible to encrypt all the data stored on a server’s drives. TPM also provides tools for guarding against illicit file reading or updates, making a hack much more difficult.

Extending this, we are seeing Peripheral Component Interconnect Express (PCIe) adapters and motherboard chips aimed at accelerating encryption. These will support faster operation and encourage the use of encryption-in-transit as well as encryption-at-rest.

The ability to use encrypted dataflow between systems puts a high wall between the hackers and the server environment. It also protects data stored in the cloud to a very high level of confidence. As use of TPM and encryption assist evolves, enterprises should be able to wall off their applications and data.

ARM has approached the issue of security a bit differently. There is a small on-board ARM processor in a typical ARM chip which can be set up to run as a secured environment.  It offers more security than TPM, with the ability to limit bus and peripheral operations, as well as provide a secure environment for code to run.

This allows any risky operations, such as loading applications or OS modules to be constrained to a protected environment, where encryption and other checks can be applied. This is getting a good bit of focus in the mobile device area, though the server side seems to be slower in responding.

These advances in server technology will go a long way toward making your next server refresh cycle secure and cost-effective.

Jim O'Reilly
Jim O'Reilly was vice president of engineering at Germane Systems, where he created ruggedized servers and storage for the U.S. submarine fleet. He has also held senior management positions at SGI/Rackable and Verari. Jim is a consultant focused on storage and cloud computing.
Jim O'Reilly
Tags: Storage,Technology