《固件更新和重新配置:一条前进之路.pdf》由会员分享,可在线阅读,更多相关《固件更新和重新配置:一条前进之路.pdf(15页珍藏版)》请在三个皮匠报告上搜索。
1、Gilles Lasnier-OVHcloudJean-Marie Verdun-HPEFirmware update and reconfiguration:a path forwardFirmware update and reconfiguration:a path forwardGilles Lasnier OVHcloudJean-Marie Verdun-HPEOPEN PLATFORM FIRMWAREOVHcloud,largest CSP in EMEA with Worldwide presence450k physical servers in production45x
2、 datacenters,9x countries,60 x LocalZonesBare metal-based solutions represent 70%of the OVHcloud businessThe remaining 30%are public cloud and web servicesMulti-vendor strategy Boosts and secures supply chainEases Governments regulations&policiesOVHcloud more than a case studyOur bare metal servers
3、owns 4x lives“Waterfall”conceptRobust lifecycle and enforced security design(e.g.strong isolation)Bare metal servers power all of our Cloud universesBare metal cloud,Public cloud,Web cloudPrivate Cloud:VMware,Nutanix,SAP TDI&HANAMixed workloads and applicationsTailored DC infrastructure/Optimized co
4、oling/Energy-aware fine tuningIA applications like HPC implies more reconfigurationBare metal usages at OVHcloudHomemade and tailored tools to ensure hardware conformity,performances&securityCheckParis/Bench/RecyclingFlashSD/NestHardware Inventory Management APIBare metal server acquisition/release
5、implies a recycling phaseTo wipe out all customers data and reset default parametersTo flash an updated&secured coherent technical stack e.g.firmwaresBare metal security features are no more optionsTrusted Platform Module(TPM),Hardware Root-of-Trust(HW RoT)Self-Encrypting Drives(SED)Confidential com
6、puting(TEE,TDX,SNP,etc.)Bare metal server management at OVHcloudA secured out-of-band access to server for managementWRITE in-band access forbiddenFlexible and scalable API or mechanisms for server managementRedfish?SSH?Remote and secured access to firmware,parameter,constant inv