Chapter 13. Security; User Security Measures; Securing The Bmc Port; System Security Measures - Nvidia DGX A100 User Manual

Chapter 13. Security

13.1

User Security Measures

The NVIDIA DGX A100 system is a specialized server designed to be deployed in a data center.
It must be configured to protect the hardware from unauthorized access and unapproved use.
The DGX A100 system is designed with a dedicated BMC Management Port and multiple
Ethernet network ports.
When installing the DGX A100 system in the data center, follow best practices as established
by your organization to protect against unauthorized access.
13.1.1

Securing the BMC Port

NVIDIA recommends that the BMC port of the DGX A100 system be connected to a dedicated
management network with firewall protection. If remote access to the BMC is required (such
as for a system hosted at a co-location provider), it should be accessed through a secure
method that provides isolation from the internet, such as through a VPN server.
13.2

System Security Measures

The NVIDIA DGX A100 system incorporates the following security measures.
13.2.1

Secure Flash of DGX A100 Firmware

Secure Flash is implemented for the DGX A100 to prevent unsigned and unverified firmware
images from being flashed onto the system.
13.2.1.1

Encryption

The firmware encryption algorithm is AES-CBC.
The firmware encryption key strength is 128 bits or higher.

Each firmware class uses a unique encryption key.

DGX A100 System DU-09821-001_v06 | 75