[ad_1]
Microsoft Azure {hardware}’s safety posture is foundational to the safety guarantees we make to our clients. The provide chain of Microsoft Azure servers depends on a multifaceted and sophisticated ecosystem of companions throughout silicon manufacturing, meeting, techniques integration, transit, and operationalization in information facilities. Multiple interplay factors throughout this provide chain pose vital threats to the safety and integrity of an Azure server touchdown in manufacturing. These dangers embody firmware tampering, {hardware} tampering, set up of malicious code or spyware and adware, weakened safety controls, and plenty of extra. We at Microsoft consider it’s essential to construct mechanisms to proactively detect and remediate such points through the early phases of product improvement or earlier than servers dock in a knowledge heart.
Hardware Root-of-Trust (RoT) gadgets reminiscent of Cerberus and Trusted Platform Module are the cornerstone for establishing foundational belief on {hardware} parts in our cloud. This ensures the authenticity and integrity of those parts and their firmware with traceability all the best way again to silicon manufacturing. The finest technique to accomplish our goal is to confirm “provenance” of our servers all through their lifecycle from manufacturing unit to manufacturing utilizing {hardware} RoT machine identities. During the silicon manufacturing course of, the machine id is securely extracted and annotated to uniquely establish trusted gadgets. This mitigates the danger of “rogue” gadgets discovering their manner into the Azure fleet undetected (Figure 1). Lenovo is one in all our main provider companions which are pushing the boundaries of safe provide chain with us.
To additional shield these {hardware} RoT identities on which we anchor the chain of belief, we leverage the energy of enclaves and the Confidential Consortium Framework with Microsoft Azure confidential ledger to integrity-protect our provider provenance database. Learn extra about our firmware integrity protections.
Azure confidential ledger integrity protects current databases and functions by appearing as a point-in-time supply of fact which offers cryptographic proofs in verification situations. Specifically, saved information just isn’t solely immutable and tamper-proof within the append-only ledger however can also be independently verifiable. It can also be useful as a repository of audit trails or information that should be saved intact and selectively shared with sure personas. Data logged within the ledger stays immutable, privacy-enhanced, and shielded from insider threats inside a company and even the cloud supplier.
In this situation, Azure confidential ledger offers industry-leading tamper-evidence capabilities to find out if any unauthorized manipulations have occurred with these delicate machine identities. At completely different cut-off dates, verification checks are executed towards the Azure confidential ledger to make sure that the information is constant and pristine. Using this know-how additionally mitigates tampering dangers from extremely privileged Azure operators.
Azure confidential ledger is used to mild up a essential infrastructure safety situation—Project Odyssey. Project Odyssey goals to cryptographically confirm the provenance of {hardware} RoT gadgets (connected to servers) as they undertake their journey from OEM flooring to Microsoft Azure information facilities and all through their manufacturing lifecycle. As a part of the manufacturing workflow, suppliers add a signed manifest of {hardware} RoT identities right into a trusted ‘provenance database’ that makes use of tamper-evident Azure confidential ledger integration. As the gadgets are assembled into parts, blades, and racks, their identities could be verified at every step of the availability chain course of. After lengthy journeys by air, land, and sea, the assembled racks arrive at Microsoft Data Centers the place they bear further checks to make sure that they weren’t tampered with throughout transit. Finally, when a server is prepared for manufacturing, it undergoes attestation the place its {hardware} RoT id could be re-verified earlier than permitting it to affix the manufacturing setting and host buyer workloads. Servers are anticipated to bear this course of periodically making certain that the {hardware} parts keep compliant all through their lifecycle, thereby making certain that malicious and unauthorized swapping of blades and motherboards is detected, and non-compliant servers could be tagged for eviction, investigation, and remediation.
This is just one piece of our total {hardware} safety story. Microsoft Azure has developed complete safety necessities to allow safety capabilities reminiscent of safe boot, safe replace, attestation, restoration, encryption, and telemetry to make sure Azure {hardware} is resilient to such assaults by means of sturdy capabilities round prevention, detection, and response.
Read extra about how we safe Microsoft Azure’s {hardware} and firmware.
At Microsoft, a core a part of our tradition is leveraging the work of one another to ship industry-leading safety to our clients with a protection in-depth strategy. Azure {hardware} machine provenance and provide chain safety is a elementary constructing block of our foundational safety stack. Through cryptographic provenance verification of Azure {hardware} through Project Odyssey and extra defense-in-depth protections of {hardware} machine identities utilizing Azure confidential ledger, we’re setting the gold customary in cloud {hardware} provide chain safety to learn our clients.
“Lenovo’s key precedence is to confirm and make sure the end-to-end safety and traceability for Microsoft cloud {hardware}. By implementing this course of in each our part and system integration factories, not solely can we belief that the {hardware} we obtain from downstream ODM/OEM suppliers is secured and trusted, however we are able to add the Lenovo fingerprint information to the chain of belief, which helps guarantee Microsoft that the {hardware} acquired by information facilities is absolutely secured and reliable.
Integrating this resolution into the Lenovo world provide chain workflow was exceptionally clean due to the thorough documentation and examples that the Microsoft crew maintains on an ongoing foundation. Assuring the integrity and traceability of information in Azure confidential ledger permits Lenovo to deal with course of and product high quality, with no need to spend additional improvement cycles engaged on an in-house safety resolution.”—James McFadden, Executive Director, Supply Chain Quality & Engineering, Lenovo.