Author
Updated
3 Sep 2024Form Number
LP1434PDF size
8 pages, 318 KBAbstract
Lenovo ISG has paired its industry leading supply chain with Intel’s innovative Transparent Supply Chain program to add a layer of protection to your data center and bring peace of mind that the server hardware you bring into it is safe authentic and with documented, testable, and provable origin.
Change History
Changes in the September 3, 2024 update:
- New feature code C4M7 for ThinkSystem V4 systems - Adding Intel TSC to an order and Server support sections
Introduction
Infrastructure security has long been on top of the lists of concerns for businesses. Increasingly frequent reports of supply chain attacks add to those concerns, whether it’s purported “spy chip” hardware implants, tainted firmware, interdicted shipments, or counterfeit components.
Recent publications have expressed growing concern that counterfeit electronic parts can cause safety hazards, failure of critical business applications, or that there's a risk that vulnerabilities can be introduced into the supply chain to be exploited later.
Modern manufacturing logistics and the globalization of current supply chains make it difficult to trace the origin and safety of the components inside a device. Your data center supplier must be able to provide assurance that it has tamper proof supply chains from the manufacturing facility all the way into your hands. Current supply chain practices start with trusting the source, but processes are limited to screening out counterfeit components, particularly for products containing many subsystems.
Lenovo has one of the world’s best supply chains as ranked by Gartner Group, backed by extensive and mature supply chain security programs that exceed industry norms and US Government standards. Now we are the first Tier 1 manufacturer to offer Intel® Transparent Supply Chain in partnership with Intel, offering you an unprecedented degree of supply chain transparency and assurance.
What is Intel Transparent Supply Chain
Lenovo offers an unparalleled level of supply chain transparency and security with the Intel Transparent Supply Chain program
Intel Transparent Supply Chain (Intel TSC) is a set of tools, policies, procedures and data capture. It extends from motherboard production through the manufacturing factory floor to your data center, implemented on the factory floor enabling you to verify the authenticity of components, installed firmware, and the configuration of your systems.
It all starts with motherboard production, where a comprehensive bill of materials detailing each electronic component – down to the smallest part – is automatically generated by the automated shop floor control systems used for printed circuit board assembly. This inventory forms the motherboard “as built” data file, with each file uniquely tied to a specific motherboard.
Next, in server manufacturing, we physically inventory all the components we assemble in a server using barcoded component identifiers scanned into our manufacturing systems. This inventory is the source of the platform “as built” data file, with each file uniquely tied to a specific server chassis.
Once server manufacturing is complete, an Intel-provided software tool is run that inventories all software readable components, installed firmware, and configuration information within the server. This information is then tied to the TPM, the Trusted Platform Module, that's on the server motherboard.
All of this data is then sent via secure connection to Intel where they digitally sign the data and post it to the Intel-hosted Lenovo ISG Transparent Supply Chain portal at https://tsc.intel.com/lenovo-dcg/. You can then retrieve the data and a companion verification tool. This way you know what's in your system, and you will have the full bill of materials and traceability report of your system along with the accountability and attestation provided by Intel's digital signature which safeguards against data tampering.
With this enhanced supply chain security capability, you will have the confidence that all components are known and genuine, and have a way to verify that the hardware you are receiving hasn’t been tampered with between when it left our facility to when it arrived at yours.
This feature provides traceability back to the motherboard component level giving you the confidence of knowing exactly what's in your product. Below you will find a graphic depiction of the process.
Figure 1. Intel Transparent Supply Chain workflow (click to view a larger version)
Data captured
Lenovo is the first tier 1 manufacturer to offer this capability
The motherboard “as built” data file - shown in the image below - goes to the detailed level of the motherboard: every micro circuit, chip, resistor, everything that’s placed on a motherboard is inventoried along with information like where it came from, what's its part number, and if there's a serial number. Then we extend that to all the other components that are installed in the server like memory DIMMs, CPUs and hard drives. This creates a set of data which captures each of those individual pieces that make up the product.
Figure 2. "As Built" data file screen capture (click to view a larger version)
The direct platform data file consists of component information that is programmatically readable from the system. A software utility runs and identifies what's installed in the server, where it will identify a hard disk if its installed, then read the model number, serial number, firmware version and other details. The utility will also read the platform configuration registers from the Trusted Platform Module (TPM) which represent system configuration values.
The software also talks to the TPM that's on the server motherboard to read the platform configuration registers representing system configuration values, and to read unique characteristics built into each TPM from the TPM manufacturer such as serial number, and cryptographic endorsement key, certificate. Since the TPM is soldered down to the motherboard it provides a unique representation that ties the collected data to a specific motherboard with specific components in a specific system.
Adding Intel TSC to an order
To add Intel Transparent Supply Chain to your order simply add the following feature code in the DCSC configurator, under the Security tab.
Benefits
The benefits of adding Intel Transparent Supply Chain can be summarized in four features, as follows:
Traceability |
Accountability |
Assurance |
Security |
---|---|---|---|
Full component traceability linked to TPM | Detailed bill of materials and platform certificate digitally signed by Intel + access to the companion verification tool that provides digital proof of product origin. | Receive a higher level of information and proof compared to the current industry standard | Increased integrity and authenticity of the supply chain |
Additionally, servers manufactured under the Intel Transparent Supply Chain program conform to the US Department of Defense Federal Acquisition Regulation (DFAR) 246.870-2/252.246-7007: Contractor Counterfeit Electronic Part Detection requirements.
Server support
The following tables list the ThinkSystem and ThinkEdge servers that support this enhanced security feature. The equivalent ThinkAgile systems are also supported.
Conclusion
Lenovo ISG has paired its industry leading supply chain with Intel’s innovative Transparent Supply Chain program to add a layer of protection to your data center and bring peace of mind that the server hardware you bring into it is authentic and with documented, testable, and provable origin.
Ask your Lenovo representative how this feature can be added to your purchase.
Trademarks
Lenovo and the Lenovo logo are trademarks or registered trademarks of Lenovo in the United States, other countries, or both. A current list of Lenovo trademarks is available on the Web at https://www.lenovo.com/us/en/legal/copytrade/.
The following terms are trademarks of Lenovo in the United States, other countries, or both:
Lenovo®
ThinkAgile®
ThinkEdge®
ThinkSystem®
The following terms are trademarks of other companies:
AMD is a trademark of Advanced Micro Devices, Inc.
Intel® is a trademark of Intel Corporation or its subsidiaries.
Other company, product, or service names may be trademarks or service marks of others.
Configure and Buy
Full Change History
Changes in the September 3, 2024 update:
- New feature code C4M7 for ThinkSystem V4 systems - Adding Intel TSC to an order and Server support sections
Changes in the April 5, 2023 update:
- Added new supported ThinkSystem V3 systems
Changes in the August 24, 2021 update:
- Added new supported systems
- SD630 V2
- SD650 V2
- SD650-N V2
- ST250
- ST550
- SR150
- SR250
- SR670
- SR670 V2
Changes in the June 3, 2021 update:
- Added new supported systems
- ThinkAgile HX
- ThinkAgile MX
- ThinkAgile VX
Changes in the March 26, 2021 update:
- Added new systems with ship support
- HR630X v2
- HR650X v2
- ST650 V2
- SN550 V2
- SR630 V2
- SR650 V2
- Added new systems with future support 2Q/2021
- SD630 V2
- SD650 V2
- SD650-N V2
- SR670 V2
Course Detail
Employees Only Content
The content in this document with a is only visible to employees who are logged in. Logon using your Lenovo ITcode and password via Lenovo single-signon (SSO).
The owner of the document has determined that this content is classified as Lenovo Internal and should not be normally be made available to people who are not employees or contractors. This includes partners, customers, and competitors. The reasons may vary and you should reach out to the authors of the document for clarification, if needed. Be cautious about sharing this content with others as it may contain sensitive information.
Any visitor to the Lenovo Press web site who is not logged on will not be able to see this employee-only content. This content is excluded from search engine indexes and will not appear in any search results.
For all users, including logged-in employees, this employee-only content does not appear in the PDF version of this document.
This functionality is cookie based. The web site will normally remember your login state between browser sessions, however, if you clear cookies at the end of a session or work in an Incognito/Private browser window, then you will need to log in each time.
If you have any questions about this feature of the Lenovo Press web, please email David Watts at dwatts@lenovo.com.