DELL POWEREDGE

SERVER CONCEPTS
SERVER SECURITY

PARTICIPANT GUIDE

PARTICIPANT GUIDE
 Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 2

Table of Contents

Dell PowerEdge Server Concepts: Server Security 4

Introduction to Server Security 4

Server Security Overview 4

Site Security 6
Authentication 6
Physical Site Security 8
Server Security Features 12
Data Wiping and Disposal 19

Server Backup 22
Introduction to Backup 22
Data Storage Backup Plans and Policies 24
Storage Solutions 27
Data Backup Execution and Frequency 35
Restoring Data and Verifying Backups 40
Server Configuration Profiles 42
Lifecycle Controller 43
Easy Restore 45

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 3

 Introduction to Server Security

Dell PowerEdge Server Concepts: Server Security

Introduction to Server Security

Server Security Overview

Physical and digital security are equally important.

Servers store various files and information available to users, such as

pricing, historical data, source codes, and personal information. Servers
feature protection methods, such as securing data, to defend the server
from network threats. IT organizations use multiple server security
strategies and backup plans to provide operational integrity and data
protection.

Two key elements define a security strategy, hardening physical assets

and hardening digital assets. Organizations employ many different
methods to restrict access to facilities, data centers, servers, and then

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 4

 Introduction to Server Security

data on the servers. Access to a facility can be a simple employee badge

or in sensitive areas, an armed escort. Access to digital information can be
a simple authentication1 strategy or multifactor authentication with robust
authorization2 schemes.

The most basic server protection requires the authorization of users to

access information. Security that validates users is known as
Authentication. Authentication is a process to validate the identity of a user
accessing the server.

Server authentication, physical security measures, server security

strategies, and server backup are covered in detail in this topic.

1 Authentication is proving "I am who I say I am."

2 Authorization is "I can access only the data that I am permitted to

access."

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 5

Site Security

Authentication

This flowchart shows how authentication works in a typical setting.

Authentication3 is a process which ensures and validates the identity of

the user.

Authentication Importance:

• Authentication is implemented on a server when the server must know

exactly who4 is accessing its information or site.

3 Authentication is one of the five pillars of information assurance.

Authentication is also a mechanism for associating an incoming request
with a set of identifying credentials.
4 Authentication is one of the five pillars of information assurance.

Authentication is also a mechanism for associating an incoming request

with identifying credentials.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 6

• The user must provide their identity to the server or client.
• Authentication does not determine the task that each user performs or
which files they can access.

Authentication Examples:

• Multifactor
• RSA SecurID
• Duo Security
• Elevated
• FIDO5
• LDAP6
• Active Directory

5 FIDO Alliance uses the FIDO protocols that utilize standard public key
cryptography techniques to provide stronger authentication.
6 The Lightweight Directory Access Protocol (LDAP) is a vendor-neutral

software protocol used to lookup information or devices within a network.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 7

Physical Site Security

Example of a data center site security protection.

Physical security is the foundation for all security measures. Physical

security consists of protection to hardware, software, and data from any
activity that could cause damage. Physical security increases productivity,
investment, and time in an environment by protecting assets.

Select each tab to learn more about the aspects of physical security.

Risk

The following are key performance indicators to measure the effectiveness

of a security program:

• Number of successful crimes.

• Time between detection, assessment, and recovery time.
• Financial loss due to successful crime.
• Business impact of successful disruptions.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 8

Importance

The significance of site security ensures that its components have been
protected at the physical level. The most important security measures are
to:

• Lock the server room.

• Set up surveillance.
• Secure vulnerable devices behind a locked door.
• Use rack enclosures with locking doors.
• Keep intruders from opening the rack.
• Protect the portables.
• Secure backup media or transport backups offsite

PowerEdge Features

Securit Description
y
Aspect

Securit
y Latch

PowerEdge R760 with locking bezel.

A locking bezel is available with most PowerEdge server

models. The lock acts as initial security for server hard drives.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 9

Cover
Latch

A PowerEdge R760 with top cover, showing the cover latch

A tooling latch is integrated in the top cover to secure it to the

rack chassis.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 10

Intrusi
on
Switch

PowerEdge XE8545 intrusion switch.

PowerEdge servers include an integrated intrusion switch.

Generates an alert if the chassis cover is removed without any
knowledge from the administrators.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 11

Power-
off
securit
y

The PowerEdge R760xa BIOS settings under System Security have a Power
Button setting that disables the front power button.

BIOS settings can disable the power button function to prevent

someone from shutting the server down.

Server Security Features

Server security is defined as protecting the vulnerability of a system.

Server security is dedicated to guarding all enterprise transactions,
applications, and identities. It specifies authentication, encryption,
decryption, and digital signing for many different applications.

Select each tab to learn more about the security features.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 12

Root of Trust

Root of Trust is a concept that starts a chain of trust that must ensure
systems boot with legitimate code.

The Root of Trust is an aspect of the cyber resilient architecture that helps
in providing effective protection from malicious attacks.

If the first piece of code that is run is verified as legitimate, the execution
of each subsequent piece of code trusts the credentials.

Dell PowerEdge servers extend silicon-based security to authenticate

BIOS and firmware with a cryptographic Root-of-Trust during the server
boot process.

A general operation process in a root of trust system.

This technology verifies the digital signature of the cryptographic hash of

the boot image matches to the signature stored in silicon by Dell in the
factory. A verification failure results in a shutdown of the server, and user
notification in the Lifecycle Controller Log. Then, the user can initiate the

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 13

BIOS recovery process. If Boot Guard7 validates successfully, the rest of
the BIOS modules are validated by using a chain of trust procedure. Then,
control is handed off to the operating system or hypervisor.

Boot Guard

Intel Boot Guard flowchart process.

Intel Boot Guard is a hardware-based Root-of-Trust (RoT) and does not

have any software requirements. Boot Guard is enabled at the factory and
cannot be disabled.

A BIOS attack is typically hard to detect because the BIOS runs before the
operating system and other security software loads.

7 Boot Guard prevents the computer from running firmware images not
released by the system manufacturer.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 14

Intel Boot Guard provides robust hardware-enforced boot policy controls
to Dell server manufacturers to authorize which BIOS code is allowed to
run on that server. The Boot Guard verification method compares the
BIOS image against the Dell original equipment manufacturer (OEM)
generated hash that is stored on the servers.

TPM 2.0

A TPM in a Secure Boot process.

Trusted Platform Module (TPM) plays a significant role in Secure Boot.

TPM is a hardware security device that provides cryptographic keys and

only the TPM can encrypt or decrypt them. When TPM is enabled on a
device, the resident operating system works with the device to encrypt
most or all the hard drive.

A TPM system works with both firmware and an operating system to

ensure integrity.

On 16G, Intel Trusted Execution Technology (TXT) functionality along with

the Microsoft Platform Assurance feature in Windows Server 2019 and
2022 is supported. TPM can also be used to enable the BitLocker hard
drive encryption feature in Windows Server 2016 and 2019.

TPM module type has three options:

• No TPM

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 15

• TPM 2.0 FIPS + Common Criteria + TCG certified (Nuvoton)8
• TPM 2.0 for China by NationZ9

TPM chipset

A TPM chip is installed inside a PowerEdge server. TPM is optional and not automatically
deployed in all deliveries.

Secure Boot

Secure boot is a security standard that the industry develops to help

ensure that a device boot uses software that the Original Equipment

8 The security module supports the compliant with the Trusted Computing
Group (TCG) specification.
9 A specific TPM chipset that are manufactured by NationZ is made

available only to be available for the China market.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 16

Manufacturer trusts. When the server starts, the firmware checks the
signature of each piece of boot software. The check includes UEFI
firmware drivers (also known as Option ROMs), EFI applications, and the
operating system. If the signatures are valid, the personal computer boots,
and the firmware gives control to the operating system.

See TPM 2.0 on the previous tab for more information.

Lockdown Mode

System Lockdown Mode process.

System Lockdown Mode provides a mechanism to protect a configuration

from any unintentional or accidental changes after the system is
provisioned to a specific level. The system lockdown mode is applicable to
both system configuration and firmware updates.

Lockdown mode is a licensed feature, and it is only available for the

iDRAC Enterprise customers.

The system setting fields remain disabled with some exceptions.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 17

 A yellow banner in the iDRAC UI indicates that System Lockdown Mode is active. The
yellow banner will disappear after few seconds and the yellow padlock on the upper right-
hand corner will stay active.

CPU Security

Server CPU security involves protecting the CPU from various attacks,
including malware10, side-channel attacks11, and privilege escalation
attacks12.

10Software that disrupts, damages, or gain unauthorized access to a

computer system.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 18

When securing the CPU, server administrators must employ a range of
measures, including:

• Secure booting
• Access controls
• Patch management
• Monitoring.

Data Wiping and Disposal

Cloud storage is a highly debated topic regarding security and how it is

being used. Data wiping and data disposal are part of data protection.
Data wiping is an important practice, preventing security breaches or data
theft.

Select each tab for more details about data wiping and data disposal.

11 An attack is caused by leakage of information from a physical

cryptosystem. Characteristics that could be exploited include timing,
power consumption, and electromagnetic and acoustic emissions.
12 Attacker gains access to an employee's account, bypasses the proper

authorization channel, and successfully grants themselves access to a

wide range of systems.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 19

Data Wiping

Data wiping is a process of logically removing data from a read/write

medium so that the data can no longer be read. Users can do a secure
erase from the Lifecycle Controller.

Data wiping is a data destructive process which enables the storage

medium to be reused without loss of storage capacity.

The following table list the best practices in data wiping.

Avoid using file deletion, disk formatting and “one way”

encryption to dispose of sensitive data. These methods leave
data intact and vulnerable to being retrieved.

Destroy CDs, DVDs, and any magneto-optical disks by

pulverizing, cross-cut shredding and disposing.

Create formal, documented processes for data destruction within

your organization. Require partner organizations to do the same.

Address storage media sanitization quickly, particularly media

that may have failed and requires replacement under a warranty
or service contract.

Do not be afraid to hire experts to figure out the best way to

approach the matter.

Data Disposal

Data disposal is a process for destroying electronic media (hard drives,

CDs/DVDs, tapes, and so on) that contain restricted data. Data includes
Personal Identity Information (PII) and Protected Health Information (PHI).

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 20

Data disposal is necessary to prevent unauthorized access to restricted
data. Computers, electronic devices, and media must be either securely
erased or destroyed before disposal.

The following table list the best practices in data disposal.

Use extreme heat and a strong magnetic field, shredding or

pulverizing to physically destroy the device.

Sanitize or wipe electronic devices making data unreadable or

unrecoverable.

Do not use the 'delete' command as it does not delete the data
completely from your system. Proper full data erasure usually
require overwriting data on the same location.

Do not reformat the operating system, as many previous files can

still be recovered.

Consult experts to discuss the best way to approach data

disposal.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 21

Server Backup

Introduction to Backup

A backup server when the computing system is connected to several devices through
network.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 22

Backup is a copy of the information that is required for the operation of the
business13. Backups are essential for a successful disaster recovery plan
and a business continuity plan.

A specialized server that enables the backup of data, files, applications,

and databases in-house or a cloud server is known as a backup server. A
combination of hardware and software technologies provides backup
storage and retrieval services to the connected devices.

13An organization may require backups for activities such as data

protection, government compliance, and application testing.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 23

Data Storage Backup Plans and Policies

Example of a storage data backup plan and policies.

A backup policy is rules and procedures that determine the strategy of and
organization when backing up data for protection against data loss.

Select each tab to learn more about policies.

Predictive and Preventive Measure

Protection against data loss is the focus of an IT administrator job to

maintain the integrity of daily operations. The measures used by an IT

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 24

administrator to maintain operational integrity is to have both a predictive
and preventive strategy for data protection.

• Predictive measures14: It is not if an administrator might lose data, but

when an administrator loses data.
• Preventative measures15: When data is lost, then what can be done to
prevent operational integrity loss? The protection of data integrity is to
restore data from a backup system.

To provide data storage protection, administrators employ a data backup

strategy to the list of measures they enact. The predictive measure is seen
as the data backup plan while the preventative measure is a data
backup policy. The data backup plan provides the IT administrator with
scenarios 'when a server may lose data and what to do to react to the
loss'. The data backup policy provides the IT administrator with the
implementation of sound IT practices to protect data from loss always.

RPO and RTO

In addition, administrators can look into both Recovery Point Objective

(RPO) and Recovery Time Objective (RTO) policies.

14 Administrators can predict that during a server update or server outage:

"data loss can happen." Planning for possible loss can dictate the best
practices to use to avoid any loss of data.
15 The data backup protection policy of backing up data hourly, daily,

weekly, or monthly gives a good solution to prevent total data loss.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 25

RPO is the time interval between the point of failure of a storage system
and the expected point in the past to which the storage system can
recover data.

RTO is the time duration within which a storage solution is expected to

recover from failure and begin servicing application requests.

Dell CloudIQ

Using machine learning and analytics, CloudIQ identifies performance

anomalies that are supported across all storage platforms, networking
devices, and PowerEdge servers. CloudIQ compares current performance
metrics with historical values to determine when the current values deviate
outside of normal ranges. This feature provides timely information about
the risk level of the storage systems with insights into conditions and
anomalies affecting performance.

CloudIQ performance chart on the PowerEdge MX series.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 26

Storage Solutions

There are three major backup storage solutions: Primary, Backup, and
Archival.

• Primary storage is for daily use that ranges from operating system,
software, and files.
• Backup storage is used on specific critical data such as databases,
codes, and software. Its secondary function is for recovery when there
is an accidental data loss.
• Archival storage is a repository for long-term storage that is designed
to optimize storage for documentation and audit logs.

Select each tab to learn more about storage solutions.

Primary

Primary storage is the storage where the operating system, software

applications, files, and data are stored.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 27

Dell PowerStore Dell PowerScale

Dell PowerFlex

Dell PowerVault
Storage

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 28

• The Dell • PowerVault • Dell • PowerFlex
PowerStore storage PowerScale, software-
family is an provides a the most defined
all-flash range of flexible scale- infrastructure
solution that solid-state, out Network- enables
targets data- SAS, and Attached broad
centric, NL-SAS Storage consolidation
intelligent, technologies, (NAS) across the
and and self- solution, is data center,
adaptable encrypting flexible and encompassin
infrastructure disk (SED) reliable at g almost any
s. options. any scale up type of
to hundreds workload and
• The • Dell ME5
of Peta deployment
PowerStore series
Bytes. topology.
500 is provide high
accessible to capacity and • PowerScale • PowerFlex
more expansion. NAS was combines
businesses The ME5 designed and compute and
and provides series is ideal developed for high-
the catalyst for small- storing, performance
for innovative scaled managing, software-
edge virtualization and defined
solutions. and accessing storage
consolidation digital resources in
projects. content and a managed,
other unified fabric
unstructured for both block
data. and file.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 29

Backup

Server backup is important because it safeguards critical data, protects

against data loss, and enables swift recovery if there is hardware failures,
disasters, or cyberattacks.

Dell provides the following backup storage solutions:

Dell
Dell DR Series PowerProtec
Disk Backup and PowerVault t DD and DP
System Recovery Linear Tape Open Series
System (LTO) Tape Appliances
Dell Storage DL
Drives
Series

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 30

• Dell DR Series • The LTO • Dell DL series • The
systems are family of tape is a disk- PowerPro
efficient, high- drives based storage tect DD
performance simplifies data solution and and DP
disk-based backup and ideal for series
backup, and archive storing large appliance
recovery method. With amounts of s are the
appliances up to 18 TB of data and long- integrated
available in native term archival appliance
both physical capacity on a storage. solutions
and virtual single tape from the
• Dell DL series
configurations. cartridge, LTO PowerPro
storage allows
drives provide tect
• Dell DR series the
decades of appliance
systems are organizations
shelf life for s
available in a to deploy
industries and portfolio.
range of comprehensiv
tasks that
usable e data and
need reliable, • In
capacity application
long-term, and addition
points, making backup and
large-capacity to
them ideal for recovery for
data retention. accelerat
small the physical ed
enterprises, • LTO tape and virtual backup
remote office drives lower servers. and
environments, energy recovery,
and larger consumption the next
enterprise and costs generatio
settings. because n of the
power is used Integrate
only when d Data
data is written Protectio
to or read from n
the tape Appliance
media. s (IDPA)
• LTO tape provides
drives are replicatio
ideal for n,
organizations
Dell PowerEdge Server Concepts Server Security-SSP deduplica
of all sizes tion, and
© Copyright 2023 Dell Inc Page 31
with instant
Archival

Server archival is important because it ensures compliance, enables data

retention and recovery, preserves knowledge, facilitates audits and e-
discovery, and optimizes storage resources.

Dell provides the following archival storage solutions:

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 32

 Dell
PowerVault
Dell TL Series TL1000
Storage
Dell ML3 Tape
Storage

Dell DX Object
Storage

Dell
ML
Serie
s
Stora
ge

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 33

• The Dell • The Dell • Th • The Dell • The Dell
DX object storage TL e ML3 tape PowerVault
storage series De library TL1000 is
platform is offers ll helps a tape
designed expandabl St organizatio autoloader
to e and or ns that
intelligently affordable ag automate maximizes
access, tape e their the storage
store, automation M backup capacity
protect, for L processes available in
and organizatio Se to reduce a space-
distribute ns that rie the need saving 1U
fixed digital have s for manual rackmount
content. outgrown is intervention chassis.
autoloader a and the risk The
• Object-
technology ve of human TL1000 is
based and
or capacity. rs error. ideal for
metadata-
atil • ML3 uses consolidati
aware disk • The TL
e, ng multiple
storage series tape optical tape
en or remote
helps to libraries cartridge
ter application
identify are location
pri servers for
and designed technology
se unattended
retrieve to for
- ,
information automate precision
lev automated
quickly. the tape
el, backup.
The DX storage, cartridge
to
series retrieval, handling • The
p-
storage is and and TL1000
rat
ideal for manageme inventory, allows you
ed
massive- nt of tape which to manage
m
scale cartridges. helps up to nine
od
digital improve total tape
ul
records. the overall cartridges.
ar reliability of
ta backups.
pe
lib
Dell PowerEdge Server Concepts
rar Server Security-SSP
© Copyright 2023 Dell Inc
y Page 34
th
Data Backup Execution and Frequency

Daily data backup is an important task. A backup that is not automated

can increase the risk of data loss, extended downtime, and reduced
business resilience when a disaster or system failure occurs. Incremental
backups save time, network bandwidth, and storage space while
improving performance. However, incremental backups come at the cost
of complexity, convoluted scheduling, and longer restore times.

Select each numbered tab to learn about the different backup practices.

Enabling industry-specific requirements

Dell Cloud Clinical Archive (DCCA) is a managed service using secure hybrid cloud.

Backup execution must adhere to industry-specific requirements. For

example, through partnerships, Dell provides solutions that enable the
medical industry to back up and preserve the value of medical images
such as MRIs.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 35

Data archiving16 sees transferring the out-of-date data to a different
storage device for long-term retention.

Data retention and integrity

Data retention and integrity is vital for backups to enable compliance with
regulations and internal business policies. It can also ensure the integrity
and authenticity of data. An audit trail must reveal the integrity of data.

An example of a server backup policy that ensures data integrity.

16Data archives are indexed so that the files or parts of files can be
located and retrieved.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 36

Storage life cycle management

Best practices for storage life cycle management.

Best Practice for Description

storage life cycle
management

Data archival policy Establish a policy on how and when data is to

be archived. For example, archives are made
at the end of every year in December. After
users have left the organization, user account
data is archived one month after their
departure.

Age of backup tapes Record service dates on tapes reflecting the

day it was put to use. Tapes that have been
used for a prolonged period shall be discarded
and replaced with new tapes.

Storage equipment Storage equipment health monitoring using

maintenance management software such as Dell Storage
Manager.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 37

 Landing page of Dell PowerStore web user interface.

Searchability

Data backups enable the rapid recovery of operational data. Consistent

backups reduce the amount of manual effort that it may take to recover
data, and to fully use the potential of stored information. This type of
backup is known as Backup Searchability.

The screenshot below shows an example of operational SQL data, SQL

backup and SQL logs. Administrators can get the snapshot information
from the dashboard in Dell Storage Manager.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 38

Array example shows types of data in volume label. For example: SQL data, log, system,
and remaining storage capacity.

Timing and Frequency

The timing and frequency of backups determines the importance or role of

a server, such as: file, mail, or web.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 39

Restoring Data and Verifying Backups

A test of data restoration ensures backups run correctly, and archiving

tools are in place. Data restoration of key workflows from archival backup
tapes17 can be costly.

Select each stage for more information:

17Data that are restored from archival tapes often takes a long time to
retrieve and examine.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 40

1: You have selected Set Policies.

Establish a data restoration policy. As an example, for users needing a file

restore must submit a request to the help desk.

2: You have selected Establish Media.

Consider the type of storage and the location. As an example, for offline
tapes that are used for backups shall be stored in an adjacent fireproof
safe in a separate building.

3: You have selected Assign Roles.

Delegate roles and responsibilities. For example, the IT department

manager delegates responsibility of performing nightly backups to a
member of the IT staff.

4: You have selected Restore Verification.

Verify backups and restores are working. The ability to restore data from
backups should be tested at least once per month.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 41

Server Configuration Profiles

The iDRAC page showing the export options to backup the server profile.

Server Configuration Profiles (SCP) are XML or JSON templates that

contain configuration settings for an individual server. Each configurable
setting is a simplified name-value pair. In addition to configuration settings,
the SCP template is equipped with attributes that can trigger specific
workflows like firmware updates and operating system deployment. SCP
templates provide the settings and options in a single, readable, and
editable template that can be reapplied to any number of setups.

The information that is stored is the system configuration settings:

• RAID
• BIOS
• iDRAC
• NIC

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 42

Lifecycle Controller

LCC home page on a PowerEdge R660 server.

The Lifecycle Controller is an embedded system management technology

that enables remote server management using the iDRAC.
Implementation tasks such as operating system deployment and
configuration wizards are key use cases. Other advantages of are:

• Provides early notification of potential downtime, which helps to

prevent server failure and reduce recovery time.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 43

• Provides secure access to remote administrators18
• Enables the users to update the firmware using a local or Dell-based
firmware repository

The iDRAC with Lifecycle Controller provides PowerEdge servers with

advanced embedded systems management. Embedded management
enables key server management tasks including deploy, configure,
update, maintain, diagnose, repurpose, and retire in different modes:

• Preboot with a UEFI graphical interface

• At remote consoles using standards-based APIs and using scripting

To simplify the operations, the Lifecycle Controller allows IT administrators

to dispose of media altogether, which enables:

• Operating system deployment with locally embedded driver

repositories
• Supported environments are Windows and Linux.
• Firmware updates from local and network sources
• Hardware configuration
• Platform-specific diagnostic routines

18
Remote administrators can perform critical management functions while
maintaining server and network security.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 44

Easy Restore

Easy Restore automates the entire system board replacement process.

After replacing the system board, a boot screen gives the user the option
to restore saved configurations, Service Tag, license settings, and
diagnostic programs.

Easy Restore is autoenabled on all PowerEdge Servers 14th generation

and later, and does not require user intervention.

Easy Restore Storage is part of the server front panel that can store up to
4 MB of data. All data is backed up in a backup flash device automatically.
If BIOS detects a new system board and the service tag in the backup
flash device, BIOS prompts the user to restore the backup information.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 45

The backup image file19 does not contain the operating system or hard-
disk drive data.

Easy Restore backs up:

• System Service Tag

• Licenses
• UEFI configuration
• System configuration settings including BIOS, iDRAC, and Network
• OEM ID (Personality Module)

19 Easy Restore does not back up the firmware drivers, due to size
limitations.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 46

 Easy Restore in action after a fresh system board replacement.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 47

10 Gigabit Media Independent Interface (XGMII)
XGMII connects full duplex 10 GbE ports to each other and to other
devices on a printed circuit board. XGMII is typically used for on-chip
connections.

15G
Generation 15 modifier to distinguish different features available for
generation 15 servers.

2S
Two socket form factor. Used to identify the family of servers. PowerEdge
servers can have 1S, 2S, or 4S. See the PowerEdge rack server portfolio
page for details.

AI
Artificial Intelligence (AI) is the designing and building of intelligent agents
that receive precepts from the environment and act to affect that
environment.

AI Inferencing
Machine learning inferencing is the ability of a system to make predictions
from novel data. ML Inferencing teaches an AI to sort different fruits by
color. The user shows the AI a tomato, apple, and cherry to learn the fruits
are red. Later, when showing the AI a strawberry, it can infer the
strawberry is also red.

Boot Optimized Server Storage (BOSS)

Dell Technologies boots optimized storage solution. RAID solution card
that is designed for booting a server's operating system.

DIMM
Direct-Access Inline Memory Module. DIMMs are available in varying
capacities. All DIMMs in a cache must have the same capacity.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 48

DL
Deep Learning (DL) is a form of Machine Learning which uses Artificial
Neural Networks.

DRAM
x4, x8, and x16 DIMMs refers to the width of the DRAM components on a
memory module. x4 DIMMs use DRAM components that have a 4-bit data
width. x8 DIMMs use components with an 8-bit data width. x16 DIMMs
use components with a 16-bit data width.

E3 Drives
The Enterprise and Data Center Small Form Factor (EDSFF) is an SSD
design for NAND and Storage Class Memory (SCM). EDSFF optimizes
storage in enterprise, private, and public data centers.

EE
Enhanced Edge (EE) Intel CPU's are used to acceleration network traffic
in Edge deployments. Edge computing is a distributed information
technology (IT) architecture in which client data is processed at the
periphery of the network, as close to the originating source as possible.

GFC
Gigabit Fibre Channel

HCI
Hyper Converged infrastructure (HCI) combines compute, virtualization,
storage, and networking in a single cluster.

HII
The Human Interface Infrastructure (HII) configuration utility is a storage
management application integrated into the System BIOS <F2> It is used
to configure and manage RAID disk groups, virtual disks, and physical
disks. This utility is independent of the operating system.

HPC

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 49

High performance computing (HPC) is the ability to process data and
perform complex calculations at high speeds.

HW RAID
Form of RAID. The motherboard or a separate RAID card handles the
processing.

IDPA
The Integrated Data Protection Appliance (IDPA) is a converged solution
that offers complete backup, replication, recovery, deduplication, instant
access and restore.

iDRAC
The Integrated Dell Remote Access Controller (iDRAC) is designed for
secure local and remote server management and helps IT administrators
deploy, update, and monitor PowerEdge servers.

IDSDM
Redundant SD-card module for embedded hypervisors. PowerEdge
servers can boot to the hypervisor out-of-the-box. The embedded
hypervisor is mirrored across dual SD cards using an integrated hardware
controller.

IEEE 802.3
The Electrical and Electronics Engineers (IEEE) 802.3 is a collection of
IEEE standards. The working group defining the physical layer and Media
Access Control (MAC) of Data Link Layer in the Ethernet set the
standards.

Intel Ice Lake

Codename for the 3rd generation Xeon Scalable server processors.

Inter-Integrated Circuit (I2C)

I2C is a serial communication bus that is used for attaching lower-speed
peripheral ICs to processors and microcontrollers in short-distance,
intraboard communication.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 50

IoT
The Internet of things (IoT) describes the network of physical objects such
as sensors, software, and other technologies for the purpose of
connecting and exchanging data with other devices and systems over the
Internet. (Wikipedia)

iSM
The Integrated Dell Remote Access Controller(iDRAC) Service Module
(iSM) is a lightweight optional software application that can be installed on
PowerEdge servers. The iDRAC Service Module complements iDRAC
interfaces: Graphical User Interface (GUI), RACADM CLI, Redfish and
Web Service Management (WSMan) with additional monitoring data. The
iDRAC Service Module architecture uses IP socket communication and
provides additional systems management data (OS/device driver) to
iDRAC and presents one-to-many consoles with access to systems
management data through OS standard interfaces.

LAN On Motherboard (LOM)

Short for LAN on motherboard. The term sees a chip or chipset capable of
network connections that has been embedded directly on the motherboard
of a desktop, workstation, or server. Instead of requiring a separate
network interface card to access a local-area network, such as Ethernet,
the circuits are attached to the motherboard. An advantage of a LOM
system is an extra available PCIslot that is not being used by the network
interface controller.

Latency
Latency is the response time or the period of time that a component waits
for an answer from another component. Latency is the time it takes for the
storage to respond to a request.

LRDIMM
Load-Reduced DIMM. Has higher densities than RDIMMs. Uses a
memory buffer chip to reduce the load on the server memory bus.

LTO

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 51

LTO tape drives have lower energy consumption and costs because
power is used only when data is written to or read from the tape media.

Media Access Control (MAC) address

The server is connected to the network through a switch. A Media Access
Control (MAC) address identifies the switch. A MAC address is a unique
identifier for an Ethernet or NIC over a network

micro Secure Digital card (uSD)

Type of removable flash storage commonly used in servers and other
computing devices. It is used to store data and software, and can be
easily removed or replaced as needed.

ML
Machine Learning (ML) is an application of AI where systems use data to
learn how to respond, rather than being explicitly programmed.

MT/s
Mega-Transfers per Second (MT/s). Measurement of bus and channel
speed in millions of cycles per second.

Multicasting
Multicasting involves sending the same message to many endpoints such
as in a video conferencing facility.

NL-SAS
Near Line SAS (NL-SAS): NL-SAS is combining the form of a SATA disk
with a SAS connector.

NVDIMM
Non-Volatile DIMM

NVMe
Non-Volatile Memory Express (NVMe). Communications interface for
PCIe-based SSDs. Used to increase efficiency and performance.

Object storage

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 52

Object storage is the intelligent evolution of disk storage - creating,
storing, and distributing variable-sized data objects, and their associated
metadata, rather than simply placing blocks of data on tracks and sectors.

OCP
Open Compute Project (OCP) is an organization that shares designs of
data center products and best practices among companies. OCP designs
and projects include server designs, data storage, rack designs, and open
networking switches. Read more information about the organization by
going to www.opencompute.org.

OMSA
OpenManage Server Administrator (OMSA) is a software agent that
provides a comprehensive, one-to-one systems management solution in
integrated web browser-based graphical user interface (GUI) or command
line interface(CLI) throught the operating system.

OpenManage Entreprise - Modular Edition (OME-M)

The Dell OpenManage Enterprise Modular Edition enables comprehensive
management for PowerEdge MX from a single web or API interface
console managing compute, storage and networks simply, with no extra
software to install.

OSM
Dell Open Server Manager (OSM) is a Dell implementation of open-source
Baseboard Management Controller (OpenBMC) on PowerEdge servers.
OSM combines OpenBMC software with Dell servers. OpenBMC is a
Linux foundation open-source project to produce an implementation of the
Baseboard Management Controller's (BMC) Firmware Stack. The
OpenBMC stack allows users to remotely monitor, manage, and control
servers across different infrastructure.

PCH
Platform controller hub (PCH) controls certain data paths and support
functions used in conjunction with Intel CPUs.

PCIe

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 53

Peripheral component interconnect express (PCIe) is an interface
standard for connecting high-speed components.

PERC
PowerEdge RAID Controller (PERC). Family of controllers that enhance
performance, increase reliability, add fault tolerance, and simplifies
management.

RAID
Redundant Arrays of Independent Disks (RAID). RAID controllers combine
multiple server physical hard drives together into a virtual drive or multiple
drives to improve data efficiency and protection.

RDIMM
Registered DIMM. Dual in-line memory module (DIMM) with improved
reliability.

RSA SecurID
RSA SecurID is multi-factor authentication (MFA) technology used to
protect network resources, such as applications and websites. MFA
mitigates risk and maintains compliance without disrupting employee
productivity. MFA can confirm user identities to ensure they are only
granted access to the resources they need to do their jobs. RSA SecurID
can quickly and securely provide appropriate access to resources both on-
premises and in the cloud.

SAN
A Storage Area Network (SAN) is a networked storage infrastructure (SAN
fabric). SANs connect servers to storage devices by using either a Fibre
Channel (FC) switch fabric technology or Internet Small Computer System
Interface (iSCSI) over an Ethernet LAN architecture.

SAS
SAS (serial-attached SCSI) is a type of SCSI that uses serial signals to
transfer data, instructions, and information. SAS drives are dual ported.

SATA

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 54

SATA (Serial Advanced Technology Attachment) uses serial signals to
transfer data, instructions, and information. SATA drives have only a
single port.

SCSI
A set of standards for physically connecting and transferring data between
computers and peripheral devices. The SCSI standards define
commands, protocols, electrical, optical and logical interfaces.

SDS
Storage data services such as APEX Data Storage Services. APEX is an
as-a-Service portfolio of scalable and elastic storage resources. The
storage as-a-Service model simplifies the storage process.

Secure Enterprise Key Manager (SEKM)

SEKM is a licensed feature that allows users to apply iDRAC9 to
authenticate with Gemalto/SafeNet AT KeySecure Management Server
through the Key Management Interoperability Protocol (KMIP). To protect
the data against server theft, the SEKM enables the KEY to be held on
either the iDRAC iLKM or a remote KMS server as opposed to getting
stored locally on the PERC.

SED
Self-Encrypting Drive (SED) is a type of hard drive that provides full-disk
encryption through onboard drive hardware. Extra hardware external to
the drive is not required to encrypt the data on the drive. As data is written
to the drive, it is automatically encrypted, and data read from the drive is
decrypted. A chipset in the drive controls the encryption and decryption
processes. An onboard chipset allows for a transparent encryption
process. System performance is not affected, providing enhanced security
and eliminating dependencies on system software.

Self-Describing I/O (SDIO)

Self-describing data is data and metadata that describes the format and
meaning of a message. SDIO usually contains data needed to understand
the message, and the information necessary to complete a task.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 55

SMART
Self-Monitoring, Analysis and Reporting Technology (SMART) is a
monitoring system included in hard disk drives (HDDs) and solid state
drives (SSDs). Its primary function is to detect and report various
indicators of drive reliability with the intent of anticipating imminent
hardware failures.

SNAP I/O
Balances I/O performance. CPUs share one adapter, which prevents data
from traversing the inter-processor link when accessing remote memory.

SP
A service provider (SP) is a company that provides its subscribers access
to the internet.

STP cable
Shielded Twisted Pair (STP) Ethernet cable that is commonly used for
high-speed networks. A metallic substance shields STP. An additional
metal foil wraps each set of twisted wire pairs together.

UDIMM
Unregistered or unbuffered DIMM. UDIMMs do not have an onboard
register as seen with an RDIMM. UDIMMs are typically used in desktops
and laptops.

UEFI boot
Unified Extensible Firmware Interface (UEFI). UEFI secure boot prevents
systems from booting from unsigned or unauthorized preboot device
firmware, applications, and operating system boot loaders. Without secure
boot enabled, systems are vulnerable to malware corrupting the startup
process. UEFI is a firmware interface that connects the firmware to the
operating system. UEFI initializes the hardware components and starts the
operating system.

Unique Identifier (UID)

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 56

A UID is a numeric or alphanumeric string for an element within a system.
UIDs address an element for access, interaction, management, and
monitoring.

UTP cable
Unshielded Twisted Pair (UTP) Ethernet cable that is commonly used
between a system and wall. It is also used for desktop communication
applications.

VLTi
Virtual Link Trunking interconnect (VLTi). Switch stacking is not supported
in OS10. VLTi aggregates two identical physical switches to form a single
logical extended switch. This single logical entity ensures high availability
and high resilience for all its connected access, core switches, and clients.

vRAN
Virtualized radio access networks (vRANs) are a way for
telecommunications operators to run their baseband functions as
software. One of the primary benefits of virtualizing radio access networks
(RANs) is that RAN functions no longer require special proprietary
hardware to run, and can instead be run on standard servers. This is
achieved by applying the principles of virtualization to RAN, and is usually
one part of a larger network function virtualization (NFV) effort.

Dell PowerEdge Server Concepts Server Security-SSP

© Copyright 2023 Dell Inc Page 57