固件更新和重新配置：一条前进之路.pdf

《固件更新和重新配置：一条前进之路.pdf》由会员分享，可在线阅读，更多相关《固件更新和重新配置：一条前进之路.pdf（15页珍藏版）》请在三个皮匠报告上搜索。

1、Gilles Lasnier-OVHcloudJean-Marie Verdun-HPEFirmware update and reconfiguration:a path forwardFirmware update and reconfiguration:a path forwardGilles Lasnier OVHcloudJean-Marie Verdun-HPEOPEN PLATFORM FIRMWAREOVHcloud,largest CSP in EMEA with Worldwide presence450k physical servers in production45x

2、 datacenters,9x countries,60 x LocalZonesBare metal-based solutions represent 70%of the OVHcloud businessThe remaining 30%are public cloud and web servicesMulti-vendor strategy Boosts and secures supply chainEases Governments regulations&policiesOVHcloud more than a case studyOur bare metal servers

3、owns 4x lives“Waterfall”conceptRobust lifecycle and enforced security design(e.g.strong isolation)Bare metal servers power all of our Cloud universesBare metal cloud,Public cloud,Web cloudPrivate Cloud:VMware,Nutanix,SAP TDI&HANAMixed workloads and applicationsTailored DC infrastructure/Optimized co

4、oling/Energy-aware fine tuningIA applications like HPC implies more reconfigurationBare metal usages at OVHcloudHomemade and tailored tools to ensure hardware conformity,performances&securityCheckParis/Bench/RecyclingFlashSD/NestHardware Inventory Management APIBare metal server acquisition/release

5、implies a recycling phaseTo wipe out all customers data and reset default parametersTo flash an updated&secured coherent technical stack e.g.firmwaresBare metal security features are no more optionsTrusted Platform Module(TPM),Hardware Root-of-Trust(HW RoT)Self-Encrypting Drives(SED)Confidential com

6、puting(TEE,TDX,SNP,etc.)Bare metal server management at OVHcloudA secured out-of-band access to server for managementWRITE in-band access forbiddenFlexible and scalable API or mechanisms for server managementRedfish?SSH?Remote and secured access to firmware,parameter,constant inv