Virtualization Technology News and Information
OCP Global Summit 2022 Q&A: AMI Will Showcase Its Cutting-edge Firmware Solutions - Expertise in Security, Orchestration, and Manageability


Are you getting ready for the upcoming Open Compute Project (OCP) Summit? Its the largest gathering of technologists looking to apply the benefits of open source and open collaboration to hardware and software, and rapidly increase the pace of innovation in, near and around the data center and beyond.  The event is quickly approaching, taking place October 18-20, 2022, in San Jose, California.  The theme for this year's event is "Empowering Open."

Ahead of the show, VMblog received an exclusive interview with AMI.  AMI is Firmware Reimagined for modern computing.  As a global leader in Dynamic Firmware for security, orchestration and manageability solutions, AMI enables the world’s compute platforms from on-premises to the cloud to the edge.

ami logo 

VMblog: To kick things off, give VMblog readers a quick overview of the company. 

AMI is a global leader in dynamic firmware for security, orchestration, and manageability solutions. AMI's industry-leading technologies and customer support have generated lasting partnerships and spurred innovation for some of the most prominent tech brands. AMI is an important provider to the Open Compute ecosystem and a member of several industry associations and standards groups, such as the Unified EFI Forum (UEFI), PICMG, National Institute of Standards and Technology (NIST), National Cybersecurity Excellence Partnership (NCEP), and the Trusted Computing Group (TCG).

AMI's technology is redefining how firmware is used in computing platforms, from on-premises servers to cloud-based systems to edge devices. We are committed to delivering firmware that enhances the security, agility, and efficiency of our customers' compute platforms. With AMI's innovative solutions, cloud service providers and enterprises can confidently move their businesses forward in the digital age.

VMblog:  What will you be showing off at the show this year?  And how can attendees find you at the show? 

We're excited to be an Emerald Sponsor at the upcoming OCP Global Summit 2022! We'll be showcasing our firmware solutions that provide expertise in security, orchestration, and manageability. If you're looking for ways to take your open-source project to the next level, be sure to swing by Booth A14 and chat with us. We're confident we can make a difference in firmware with our cutting-edge solutions that are easy to use - so you can stay ahead of the curve.

Top reasons why you should come, visit AMI at OCP:

  • Listen to AMI Chief Executive Officer Sanjoy Maity's keynote on "Empowering a Robust Open-Source Ecosystem with Strategic Partners & Relationship Building" - on Tuesday, October 18 at 4:30 pm PT
  • Learn how to "Empower Your Platform with Open System Firmware - Freedom to Change, Freedom to Share" - an Expo talk by AMI Chief Product Officer Kelly Bryant on Tuesday, October 18 at 3:40 pm PT
  • Achieve Platform Security and Protect Your Open-Source Firmware with Hardware Root of Trust - technical presentations by AMI and partner experts
  • See how to create your own custom firmware stack based on AMI's OpenEdition solutions
  • Extend your platform security to Broadcom's MegaRAIDTM 9600 Storage Adapter and 200G NIC family using Tektagon XFR
  • Learn about AMI's collaboration to create a common industry OpenBMC solution
  • See various DC-SCM solutions that are leading the way in modularizing platform firmware for the datacenter.
  • Learn more about cutting-edge security initiatives such confidential computing and DC-SCM Hardware Root of Trust solutions
VMblog: What is your message to OCP Global Summit attendees?  What message should they walk away with after visiting your booth? 

Open-source software is quickly becoming the go-to choice for businesses looking to build agile, efficient software solutions. However, open source requires close monitoring and accountability for repairing and disclosing security vulnerabilities. One of the key elements of firmware security is the ability to secure open-source code and it is crucial that you have a robust open-source security strategy in place, which includes monitoring for vulnerabilities, patching regularly, and disclosure of any discovered security issues. By adopting a zero trust policy for your platform firmware you will be taking proactive measures to protect your business from potential attacks.

VMblog:  What market needs or problems is your company addressing?  And how?

The world of computing is changing rapidly, with new technologies and applications emerging all the time. This has broad implications for companies, who are challenged with how to keep up and move faster with their compute infrastructure. In order to handle the massive amounts of data and processing needs in this world of universal compute, companies need to be able to adapt quickly.

Open-source firmware can help to drive the velocity and creativity needed to stay ahead of the curve. AMI's solutions enable customers to take advantage of open-source firmware opportunities, creating new features and functionality quickly and easily. This allows you to take advantage of new market opportunities as they arise, and keep your platform running at the forefront of technology. With AMI, you can be confident that your platform will be able to power up, stay on, and run securely throughout its lifecycle.

VMblog:  In what way does your company operate within the world of the Open Compute Project?

AMI is a key contributor to the open-source community, working with projects like the Open System Firmware and HW Management Project Groups. We believe in the benefits of transparency, reliability and security at every level of the datacenter ecosystem, and our commitment to contributing to open source is one way we strive to achieve those goals. As a Platinum Member of OCP, we work closely with the OCP community to upstream community-derived code and push updates out to the community on a regular basis. Our goal is to encourage broader adoption of industry-standard datacenter solutions and harness a respected platform to provide innovative features back to the community. We believe this is the best way to drive the datacenter industry forward and promote best practices across the board.

VMblog: What are some of the key takeaways of your solution that OCP Global Summit conference goers should be aware of?  And what sets you apart from the competition? 

If you're looking for a way to power up your system, manage it, and ensure its security, AMI is the only company that can provide you with a complete open-source firmware platform. At OCP, we will show you how you can leverage AMI's open-source firmware to build secure infrastructure at scale. We will also showcase our latest Open-Source Firmware solution for hardware root of trust as another example of how we're driving change in the industry. Come see our latest demonstration of this technology at OCP and learn how AMI is committed to empowering open-source communities and accelerating innovation.

VMblog:  What are some of the open-source best practices attendees should be aware of and be implementing in their organizations? 

AMI recommends the following six fundamental principles for open-source cybersecurity:

1.     It is of utmost importance to have a secure firmware upgrade capability to enhance security from system inception to vulnerabilities. This will ensure that your devices are always up-to-date with the latest security features and patches, making it more difficult for attackers to exploit any weaknesses in your system

2.     Secure open-source coding is also critical for success. Insecure coding can lead to all sorts of vulnerabilities, from data breaches to "Denial of Service" attacks. Follow best practices when coding your firmware, and test your code thoroughly before deploying it.

3.     If you're not testing for vulnerabilities, you're opening yourself up to all sorts of trouble. That's why it's essential to have an infrastructure that can automatically and continuously test for vulnerabilities. This way, you can identify emerging threats quickly and take steps to mitigate them. Doing so will help keep your systems secure and running smoothly.

4.     Security vulnerabilities are an inevitable part of software development. But there's an extra level of accountability when it comes to open-source software. You must closely monitor open-source and be accountable for repairing and disclosing security vulnerabilities.

5.     There's no question that cybersecurity is important. But what's often overlooked is the importance of communicating cybersecurity risks and vulnerabilities. A disciplined approach to communication can help prevent future issues and build a strong open-source foundation for cybersecurity measures.

6.     As firmware vulnerabilities become more prevalent, organizations need a resiliency plan to protect their devices and data. One key element of a resiliency plan is the integrity of the firmware. This helps to ensure that the firmware has not been compromised and prevents attackers from taking advantage of any vulnerabilities. Additionally, the plan should identify how to detect a fault or compromise and recover if a compromise is detected. Organizations can minimize the risks associated with firmware vulnerabilities by having a solid resiliency plan.

VMblog:  I'm sure the keynotes will discuss big pictures, but what trends are you seeing that we should be aware of in 2022? 

It's no secret that supply chain security and the security of critical infrastructure are big challenges facing businesses today. To address these challenges, the industry is working on both Software Bill of Materials (SBOM) and hardware root of trust (HROT) solutions. These solutions aim to provide a better understanding of the components that make up software and hardware, as well as to establish trust in the firmware used in a platform.

The complexity of today's software supply chains makes security challenging. To manage software security effectively, you need to track not only the dependencies and origins for each software component, but also keep tabs on who authored and maintains them, as well as when they were last updated. In addition, you would need to know about any known vulnerabilities and licenses in use and be able to authenticate each component. Fortunately, there is a tool that can help with this: SBOM (Software Bill of Materials). SBOM is a machine-readable file that contains information about the dependencies, origins, authorship, maintenance, and update history. By making this information readily available, SBOM has the potential to make a major impact on supply chain security.

In addition, mandating that your infrastructure provider implements a NIST SP 800-193 compliant platform root of trust solution will ensure that your server components and configurations have not been tampered with or corrupted. Taking advantage of these capabilities can help keep your critical infrastructure secure.


Published Friday, October 07, 2022 7:30 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2022>