skip to main content

Introduction to Intel Transparent Supply Chain on Lenovo ThinkSystem Servers

Positioning Information

Home
Top
Author
Updated
3 Sep 2024
Form Number
LP1434
PDF size
8 pages, 318 KB

Abstract

Lenovo ISG has paired its industry leading supply chain with Intel’s innovative Transparent Supply Chain program to add a layer of protection to your data center and bring peace of mind that the server hardware you bring into it is safe authentic and with documented, testable, and provable origin.

Change History

Changes in the September 3, 2024 update:

Introduction

Infrastructure security has long been on top of the lists of concerns for businesses. Increasingly frequent reports of supply chain attacks add to those concerns, whether it’s purported “spy chip” hardware implants, tainted firmware, interdicted shipments, or counterfeit components.

Recent publications have expressed growing concern that counterfeit electronic parts can cause safety hazards, failure of critical business applications, or that there's a risk that vulnerabilities can be introduced into the supply chain to be exploited later.

Modern manufacturing logistics and the globalization of current supply chains make it difficult to trace the origin and safety of the components inside a device. Your data center supplier must be able to provide assurance that it has tamper proof supply chains from the manufacturing facility all the way into your hands. Current supply chain practices start with trusting the source, but processes are limited to screening out counterfeit components, particularly for products containing many subsystems.

Lenovo has one of the world’s best supply chains as ranked by Gartner Group, backed by extensive and mature supply chain security programs that exceed industry norms and US Government standards. Now we are the first Tier 1 manufacturer to offer Intel® Transparent Supply Chain in partnership with Intel, offering you an unprecedented degree of supply chain transparency and assurance.

What is Intel Transparent Supply Chain

Lenovo offers an unparalleled level of supply chain transparency and security with the Intel Transparent Supply Chain program

Intel Transparent Supply Chain (Intel TSC) is a set of tools, policies, procedures and data capture. It extends from motherboard production through the manufacturing factory floor to your data center, implemented on the factory floor enabling you to verify the authenticity of components, installed firmware, and the configuration of your systems.

It all starts with motherboard production, where a comprehensive bill of materials detailing each electronic component – down to the smallest part – is automatically generated by the automated shop floor control systems used for printed circuit board assembly. This inventory forms the motherboard “as built” data file, with each file uniquely tied to a specific motherboard.

Next, in server manufacturing, we physically inventory all the components we assemble in a server using barcoded component identifiers scanned into our manufacturing systems. This inventory is the source of the platform “as built” data file, with each file uniquely tied to a specific server chassis.

Once server manufacturing is complete, an Intel-provided software tool is run that inventories all software readable components, installed firmware, and configuration information within the server. This information is then tied to the TPM, the Trusted Platform Module, that's on the server motherboard.

All of this data is then sent via secure connection to Intel where they digitally sign the data and post it to the Intel-hosted Lenovo ISG Transparent Supply Chain portal at https://tsc.intel.com/lenovo-dcg/. You can then retrieve the data and a companion verification tool. This way you know what's in your system, and you will have the full bill of materials and traceability report of your system along with the accountability and attestation provided by Intel's digital signature which safeguards against data tampering.

With this enhanced supply chain security capability, you will have the confidence that all components are known and genuine, and have a way to verify that the hardware you are receiving hasn’t been tampered with between when it left our facility to when it arrived at yours.

This feature provides traceability back to the motherboard component level giving you the confidence of knowing exactly what's in your product. Below you will find a graphic depiction of the process.

Intel Transparent Supply Chain process

Figure 1. Intel Transparent Supply Chain workflow (click to view a larger version)

Data captured

Lenovo is the first tier 1 manufacturer to offer this capability

The motherboard “as built” data file - shown in the image below - goes to the detailed level of the motherboard: every micro circuit, chip, resistor, everything that’s placed on a motherboard is inventoried along with information like where it came from, what's its part number, and if there's a serial number. Then we extend that to all the other components that are installed in the server like memory DIMMs, CPUs and hard drives. This creates a set of data which captures each of those individual pieces that make up the product.

"As Built" data file

Figure 2. "As Built" data file screen capture (click to view a larger version)

The direct platform data file consists of component information that is programmatically readable from the system. A software utility runs and identifies what's installed in the server, where it will identify a hard disk if its installed, then read the model number, serial number, firmware version and other details. The utility will also read the platform configuration registers from the Trusted Platform Module (TPM) which represent system configuration values.

The software also talks to the TPM that's on the server motherboard to read the platform configuration registers representing system configuration values, and to read unique characteristics built into each TPM from the TPM manufacturer such as serial number, and cryptographic endorsement key, certificate. Since the TPM is soldered down to the motherboard it provides a unique representation that ties the collected data to a specific motherboard with specific components in a specific system.

Adding Intel TSC to an order

To add Intel Transparent Supply Chain to your order simply add the following feature code in the DCSC configurator, under the Security tab.

Table 1. Feature code for Intel Transparent Supply Chain
Feature code Description
BB0P Intel Transparent Supply Chain (for ThinkSystem V3 and prior servers)
C4M7 Intel Transparent Supply Chain (for ThinkSystem V4 onwards)

Benefits

The benefits of adding Intel Transparent Supply Chain can be summarized in four features, as follows:


Security

Traceability


Trustworthy

Accountability


Supply Chain

Assurance


Security

Security

Full component traceability linked to TPM Detailed bill of materials and platform certificate digitally signed by Intel + access to the companion verification tool that provides digital proof of product origin. Receive a higher level of information and proof compared to the current industry standard Increased integrity and authenticity of the supply chain

Additionally, servers manufactured under the Intel Transparent Supply Chain program conform to the US Department of Defense Federal Acquisition Regulation (DFAR) 246.870-2/252.246-7007: Contractor Counterfeit Electronic Part Detection requirements.

Server support

The following tables list the ThinkSystem and ThinkEdge servers that support this enhanced security feature. The equivalent ThinkAgile systems are also supported.

Table 2. Server support (Part 1 of 4)
Part Number Description AMD V3 2S Intel V3/V4 4S 8S Intel V3 Multi Node V3/V4 GPU Rich
SR635 V3 (7D9H / 7D9G)
SR655 V3 (7D9F / 7D9E)
SR645 V3 (7D9D / 7D9C)
SR665 V3 (7D9B / 7D9A)
ST650 V3 (7D7B / 7D7A)
SR630 V3 (7D72 / 7D73)
SR650 V3 (7D75 / 7D76)
SR630 V4 (7DG8 / 7DG9)
SR850 V3 (7D97 / 7D96)
SR860 V3 (7D94 / 7D93)
SR950 V3 (7DC5 / 7DC4)
SD535 V3 (7DD8 / 7DD1)
SD530 V3 (7DDA / 7DD3)
SD550 V3 (7DD9 / 7DD2)
SD520 V4 (7DFZ / 7DFY)
SR670 V2 (7Z22 / 7Z23)
SR675 V3 (7D9Q / 7D9R)
SR680a V3 (7DHE)
SR685a V3 (7DHC)
SR780a V3 (7DJ5)
BB0P Intel Transparent Supply Chain N N N N Y Y Y N Y Y Y N Y Y N Y N Y N Y
C4M7 Intel Transparent Supply Chain N N N N N N N Y N N N N N N Y N N N N N
Table 3. Server support (Part 2 of 4)
Part Number Description 1S V3 Edge Super Computing 1S Intel V2 2S Intel V2
ST50 V3 (7DF4 / 7DF3)
ST250 V3 (7DCF / 7DCE)
SR250 V3 (7DCM / 7DCL)
SE350 (7Z46 / 7D1X)
SE350 V2 (7DA9)
SE360 V2 (7DAM)
SE450 (7D8T)
SE455 V3 (7DBY)
SC750 V4 (7DDJ)
SD665 V3 (7D9P)
SD665-N V3 (7DAZ)
SD650 V3 (7D7M)
SD650-I V3 (7D7L)
SD650-N V3 (7D7N)
ST50 V2 (7D8K / 7D8J)
ST250 V2 (7D8G / 7D8F)
SR250 V2 (7D7R / 7D7Q)
ST650 V2 (7Z75 / 7Z74)
SR630 V2 (7Z70 / 7Z71)
SR650 V2 (7Z72 / 7Z73)
BB0P Intel Transparent Supply Chain Y Y Y Y Y Y Y N N N N Y Y Y N Y Y Y Y Y
C4M7 Intel Transparent Supply Chain N N N N N N N N Y N N N N N N N N N N N
Table 4. Server support (Part 3 of 4)
Part Number Description AMD V1 Dense V2 4S V2 8S 4S V1 1S Intel V1
SR635 (7Y98 / 7Y99)
SR655 (7Y00 / 7Z01)
SR655 Client OS
SR645 (7D2Y / 7D2X)
SR665 (7D2W / 7D2V)
SD630 V2 (7D1K)
SD650 V2 (7D1M)
SD650-N V2 (7D1N)
SN550 V2 (7Z69)
SR850 V2 (7D31 / 7D32)
SR860 V2 (7Z59 / 7Z60)
SR950 (7X11 / 7X12)
SR850 (7X18 / 7X19)
SR850P (7D2F / 2D2G)
SR860 (7X69 / 7X70)
ST50 (7Y48 / 7Y50)
ST250 (7Y45 / 7Y46)
SR150 (7Y54)
SR250 (7Y52 / 7Y51)
BB0P Intel Transparent Supply Chain N N N N N Y Y Y Y Y Y Y N Y Y N Y Y Y
C4M7 Intel Transparent Supply Chain N N N N N N N N N N N N N N N N N N N
Table 5. Server support (Part 4 of 4)
Part Number Description 2S Intel V1 Dense V1
ST550 (7X09 / 7X10)
SR530 (7X07 / 7X08)
SR550 (7X03 / 7X04)
SR570 (7Y02 / 7Y03)
SR590 (7X98 / 7X99)
SR630 (7X01 / 7X02)
SR650 (7X05 / 7X06)
SR670 (7Y36 / 7Y37)
SD530 (7X21)
SD650 (7X58)
SN550 (7X16)
SN850 (7X15)
BB0P Intel Transparent Supply Chain Y Y Y Y Y Y Y Y Y N Y Y
C4M7 Intel Transparent Supply Chain N N N N N N N N N N N N

Conclusion

Lenovo ISG has paired its industry leading supply chain with Intel’s innovative Transparent Supply Chain program to add a layer of protection to your data center and bring peace of mind that the server hardware you bring into it is authentic and with documented, testable, and provable origin.

Ask your Lenovo representative how this feature can be added to your purchase.

Trademarks

Lenovo and the Lenovo logo are trademarks or registered trademarks of Lenovo in the United States, other countries, or both. A current list of Lenovo trademarks is available on the Web at https://www.lenovo.com/us/en/legal/copytrade/.

The following terms are trademarks of Lenovo in the United States, other countries, or both:
Lenovo®
ThinkAgile®
ThinkEdge®
ThinkSystem®

The following terms are trademarks of other companies:

AMD is a trademark of Advanced Micro Devices, Inc.

Intel® is a trademark of Intel Corporation or its subsidiaries.

Other company, product, or service names may be trademarks or service marks of others.