Hewlett Packard Enterprise 200 Series User manual
Intel Optane persistent memory 200 series for HPE User GuideIntel Optane persistent memory 200 series for HPE User Guide
Part Number: 30-B41F6FB9-002
Published: November 2021
Edition: 2
Intel Optane persistent memory 200 series for HPE User GuideIntel Optane persistent memory 200 series for HPE User Guide
AbstractAbstract
This document includes installation, maintenance, and configuration information for the Intel Optane persistent memory 200 series for HPE
and is for the person who installs, administers, and troubleshoots HPE ProLiant Gen10 Plus and HPE Synergy systems. Hewlett Packard
Enterprise assumes you are qualified in the servicing of computer equipment and trained in recognizing hazards in products with hazardous
energy levels.
Part Number: 30-B41F6FB9-002
Published: November 2021
Edition: 2
© Copyright 2021 Hewlett Packard Enterprise Development LP
NoticesNotices
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and
services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as
constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained
herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR
12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are
licensed to the U.S. Government under vendor's standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is
not responsible for information outside the Hewlett Packard Enterprise website.
AcknowledgmentsAcknowledgments
Intel , Optane , and Xeon , are trademarks of Intel Corporation in the U.S. and other countries.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Red Hat Enterprise Linux is a registered trademark of Red Hat, Inc. in the United States and other countries.
SUSE is a registered trademark of SUSE LLC in the United States and other countries.
Windows Server is either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
VMWare vSphere is a registered trademark of VMware, Inc. in the United States and/or other jurisdictions.
® ™ ®
®
® ®
®
®
®
Table of contentsTable of contents
1 Introduction
1.1 Intel Optane persistent memory 200 series for HPE
1.1.1 Persistent memory modes
1.1.2 Memory cache ratios
2 Security features
2.1 Passwords
2.2 Encryption
2.3 Sanitization
2.4 Signed firmware
2.5 Firmware rollback protection
3 Component identification
3.1 Intel Optane persistent memory 200 series for HPE label identification
4 Installation
4.1 System requirements
4.2 Memory population information
4.3 Persistent memory module handling guidelines
4.4 Installing a DIMM or persistent memory module
5 Configuring the system
5.1 Configuration overview
5.1.1 Configuration tools
5.2 Setting the goal configuration
5.2.1 Setting the goal configuration using UEFI System Utilities
5.2.2 Setting the goal configuration with ipmctl
5.2.3 Setting a goal configuration using HPE iLO RESTful API
5.3 Creating namespaces
5.3.1 Creating namespaces using UEFI System Utilities
5.3.2 Creating namespaces using ipmctl
5.3.3 Creating namespaces using ndctl in Linux
5.4 Enabling key management
5.4.1 Encrypting persistent memory modules with local key management
5.4.2 Encrypting persistent memory modules with remote key management
5.4.2.1 Using a key management server
5.4.2.1.1 Supported key managers
5.4.2.1.2 Configuring key manager servers
5.4.2.1.2.1 Key manager server options
5.4.2.1.3 Adding key manager configuration details
5.4.2.1.3.1 Key manager configuration details
5.4.2.1.4 Testing the key manager configuration
5.4.2.1.5 Viewing key manager events
5.4.2.1.6 Clearing the key manager log
5.5 Other BIOS/Platform Configuration (RBSU) options
6 Management tools
6.1 Managing Intel Optane persistent memory for HPE
6.2 UEFI System Utilities
6.2.1 Changing the goal configuration using UEFI System Utilities
6.2.2 Deleting the goal configuration using UEFI System Utilities
6.2.3 Changing persistent memory module passwords
6.2.4 Viewing the status of persistent memory modules
6.2.5 Changing the key management mode
6.2.6 Disabling key management
6.2.7 Disabling encryption for a persistent memory module
6.2.8 Changing Performance Options using UEFI System Utilities
6.3 HPE iLO RESTful API
6.3.1 HPE iLO RESTful API overview
6.3.1.1 Data model overview
6.3.1.1.1 Examples: Retrieving memory resources
6.3.2 Managing Intel Optane persistent memory for HPE with the HPE iLO RESTful API
6.3.3 Persistent memory module provisioning with the HPE iLO RESTful API
6.3.4 Examples: Provisioning persistent memory modules
6.3.4.1 Using RESTful Interface Tool rawpost to configure 100% App Direct interleaved
6.3.4.2 Using python to configure 100% App Direct interleaved
6.3.4.3 Using Postman to configure 100% App Direct interleaved
6.3.5 Example: Managing Intel Optane persistent memory for HPE using curl
6.4 RESTful Interface Tool
6.4.1 Launching the RESTful Interface Tool
6.4.2 Discovery commands
6.4.2.1 Device discovery
6.4.2.2 Device configuration discovery
6.4.2.3 Persistent interleave regions discovery
6.4.2.4 Persistent memory summary
6.4.3 Configuration commands
6.4.3.1 Show pending configuration
6.4.3.2 Apply predefined configuration
6.4.3.3 Apply a user-defined configuration
6.4.3.4 Clear pending configuration
6.4.3.5 Show recommended configuration
6.5 ipmctl tool
6.5.1 Installing ipmctl for Linux
6.5.2 Showing persistent memory module configurations with ipmctl
6.5.3 Deleting a goal configuration with ipmctl
6.5.4 Deleting namespace with ipmctl
6.5.5 Determining the memory mode with ipmctl
7 Maintenance
7.1 Persistent memory module relocation guidelines
7.2 Manually backing up persistent memory module data
7.3 Removing a DIMM or persistent memory module
7.4 Replacing a system board
7.5 Migrating a persistent memory module
7.5.1 Migrating a persistent memory module encrypted with local key management
7.5.2 Migrating a persistent memory module encrypted with remote key management
7.6 Sanitizing a persistent memory module
7.6.1 Sanitization policies
7.6.2 Sanitization guidelines
7.6.3 Sanitization with UEFI System Utilities
7.6.4 Sanitization with the HPE iLO RESTful API
7.6.5 Sanitization with ipmctl
7.7 Recommissioning a persistent memory module with a lost password
7.8 Updating persistent memory module firmware
8 Linux support of Intel Optane persistent memory 200 series for HPE
8.1 nmem devices
8.1.1 nmem device properties
8.1.2 Listing nmem devices
8.2 Regions
8.2.1 Region properties
8.2.2 Listing regions
8.3 Namespaces
8.3.1 Namespace properties
8.3.2 Creating a namespace
8.3.3 List all namespaces
8.3.4 Changing namespace mode
8.3.5 Deleting namespaces
8.4 Initialization of pmem devices
8.5 Showing the amount of memory in the system
8.6 Filesystems
8.7 I/O statistics
9 VMware support of Intel Optane persistent memory 200 series for HPE
10 Windows Server support of Intel Optane persistent memory 200 series for HPE
11 Troubleshooting
11.1 Known issues
11.1.1 System boot fails due to persistent memory file systems
11.2 Troubleshooting resources
12 Websites
13 Support and other resources
13.1 Accessing Hewlett Packard Enterprise Support
13.2 Accessing updates
13.3 Remote support
13.4 Warranty information
13.5 Regulatory information
13.6 Documentation feedback
IntroductionIntroduction
Introduction 7
Intel Optane persistent memory 200 series for HPEIntel Optane persistent memory 200 series for HPE
Intel Optane persistent memory 200 series for HPE offers the flexibility to deploy memory as dense memory (Memory mode) or fast
storage (App Direct mode) and enables per-socket memory capacity of up to 4.0 TB. Persistent memory modules, together with
traditional volatile DRAM DIMMs, provide fast, high-capacity, cost-effective memory and storage to transform big data workloads and
analytics by enabling data to be stored, moved, and processed quickly.
Persistent memory modules use the standard DIMM form factor and are installed alongside DIMMs in a server memory slot. Intel Optane
persistent memory 200 series for HPE is designed for use only with third-generation Intel Xeon Scalable processors, and is available in
the following capacities:
128 GB
256 GB
512 GB
Intel Optane persistent memory 200 series for HPE 8
Persistent memory modesPersistent memory modes
Intel Optane persistent memory 200 series for HPE can be configured to operate in two modes.
App Direct modeApp Direct mode
When configured for App Direct mode, persistent memory modules function as persistent memory.
Memory modeMemory mode
When configured for Memory mode, persistent memory modules function as volatile system memory while DRAM capacity operates as a
cache. For more information, see Memory cache ratios.
Persistent memory modes 9
Memory cache ratiosMemory cache ratios
Persistent memory modules can be carved into volatile and persistent regions.
For the volatile region, the ratio of volatile memory capacity to DRAM capacity affects performance. The recommended volatile memory
capacity to DRAM capacity is between 4:1 and 16:1:
4:1—largest cache; most likely to get cache hits.
8:1
16:1—smallest cache; least likely to get cache hits.
Users are strongly recommended not to configure for Memory Mode when the ratio is at 1:1 or lower due to more severe performance
impact.
A message will be logged to the Integrated Management Log (IML) if a cache ratio that is not recommended is used.
The following table contains example configurations, with 100% of the persistent memory module capacity allocated to volatile memory.
Cache ratios improve as some of that memory is carved into persistent memory.
Persistent memoryPersistent memory
modulemodule capacity capacity
Persistent memoryPersistent memory
modulemodule configuration configuration
DIMM capacityDIMM capacity DIMM configurationDIMM configuration RatioRatio
1024 GB 8 x 128 GB 128 GiB 8 x 16 GiB 8:1
256 GiB 8 x 32 GiB 4:1
512 GiB 8 x 64 GiB 2:1
1024 GiB 8 x 128 GiB 1:1
2.0 TB 8 x 256 GB 128 GiB 8 x 16 GiB 16:1
256 GiB 8 x 32 GiB 8:1
512 GiB 8 x 64 GiB 4:1
1024 GiB 8 x 128 GiB 2:1
2048 GiB 8 x 256 GiB 1:1
4.0 TB 8 x 512 GB 128 GiB 8 x 16 GiB 32:1
256 GiB 8 x 32 GiB 16:1
512 GiB 8 x 64 GiB 8:1
1024 GiB 8 x 128 GiB 4:1
2048 GiB 8 x 256 GiB 2:1
Capacity per processor.
Not recommended. No benefit from caching.
Not recommended.
11
11
2
2
2
2
3
2
1
2
3
Memory cache ratios 10
Security featuresSecurity features
Intel Optane persistent memory for HPE provides a number of features to secure and protect your data:
Passwords
Encryption
Sanitization
Signed firmware
Firmware rollback protection
Security features 11
PasswordsPasswords
Persistent memory modules support password-based locking with a 32 byte binary password. If locked, data on the persistent memory
module is not accessible until it is unlocked. If a persistent memory module is locked and the password is lost, the persistent memory
module can be sanitized to regain access to the hardware, but it does not provide access to the data.
HPE ProLiant and HPE Synergy Gen10 Plus server products provide two methods for managing persistent memory module passwords:
Local key management
Remote key management
Only one key management method can be selected at one time to manage passwords.
Local key managementLocal key management
Local key management is available in servers with HPE Trusted Platform Module (TPM) 2.0 installed. When enabled, the server
generates a 32 byte random value to use as a password for each persistent memory module.
Persistent memory module passwords are stored in a flash memory shared by HPE iLO and the system firmware. Each password in the
password database is encrypted using the HPE TPM 2.0, a tamper resistant part.
During POST, the server extracts the passwords from the database and unlocks all persistent memory modules. Passwords can be
exported to a USB key for migration into another server. This migration file is encrypted with a key generated from a transient
password (an ASCII string) that the user must provide. To import the file on another server, the user must enter the same transient
password.
This file also serves as a backup to restore the passwords if the server system board fails.
Remote key managementRemote key management
Remote key management is available in servers with the HPE iLO enrolled in and connected to a key management server. Persistent
memory module passwords are automatically generated, managed, and stored on a key management server. The remote key
management feature requires an HPE iLO Advanced License.
Passwords 12
EncryptionEncryption
Persistent memory modules encrypt all data written to the media using 256 bits XTS-AES algorithms.
For volatile memory regions, the persistent memory module generates a new encryption key at power-up and holds the key in a volatile
register, which is lost on power loss. Although the media is naturally persistent, it makes the volatile memory region effectively volatile.
For persistent memory regions, the persistent memory module remembers the encryption key across power cycles, ensuring that the
data is still accessible.
If the persistent memory module password is enabled, the encryption key is itself encrypted by another key derived from the
password. This "key wrapping" prevents an unauthorized user from reading the media content.
The encryption key is available only if the proper password is presented to the persistent memory module, and the persistent
memory module holds it in volatile registers.
If the persistent memory module password is not enabled, the encryption key is stored on the media. Although the user data is
encrypted, an unauthorized user might be able to decrypt it.
Both cases facilitate an "instant secure erase" sanitization feature. By changing the encryption key, all data becomes undecipherable.
With a persistent memory module password, the encryption key is never exposed. Without a password, the encryption key is never
exposed to the system, but an unauthorized user with physical access to the medium might have retrieved the encryption key before
erase and used it later. That tampering would be physically evident.
Encryption 13
SanitizationSanitization
Media sanitization is defined by NIST SP800-88 Guidelines for Media Sanitization (Rev 1, Dec 2014) as "a general term referring to the
actions taken to render data written on media unrecoverable by both ordinary and extraordinary means."
The specification defines the following levels:
Clear: Overwrite user-addressable storage space using standard write commands; might not sanitize data in areas not currently
user-addressable (such as bad blocks and over-provisioned areas).
Purge: Overwrite or erase all storage space that might have been used to store data using dedicated device sanitize commands,
such that data retrieval is "infeasible using state-of-the-art laboratory techniques."
Destroy: Ensure that data retrieval is "infeasible using state-of-the-art laboratory techniques" and render the media unable to store
data (such as disintegrate, pulverize, melt, incinerate, or shred).
Intel Optane persistent memory for HPE supports the purge level using a cryptographic erase technique and an overwrite technique.
HPE ProLiant and HPE Synergy Gen10 Plus server products support sanitizing persistent memory modules during POST. Use the
RESTful Interface Tool or UEFI System Utilities to schedule sanitization on the next boot.
Cryptographic erase techniqueCryptographic erase technique
This technique allows "instant secure erase," scrambling all persistent contents on the persistent memory module in less than a second,
no matter what the capacity. Persistent media reads back random-looking data (data encrypted with a now-lost key).
It also ensures that data in bad or worn-out parts of the media is undecipherable, even if these areas could be accessed. This technique
is stronger than overwrite techniques, which might be unable to overwrite such areas.
Sanitization is allowed under this technique, even if the persistent memory module is locked with a password. This ensures that the
persistent memory module hardware is usable even if you forget the password.
Overwrite techniqueOverwrite technique
Persistent memory modules also support an overwrite technique. It complies with the clear level by default, but it also complies with the
purge level if it is successful at overwriting bad and worn-out parts of the media.
If encryption is enabled (a password has been set on the persistent memory module), this operation overwrites the media with
encrypted zeroes. If encryption is not enabled or if the CryptoEraseOverwrite command is used, the operation overwrites the
media with zeroes.
NIST SP800-88 Guidelines for Media Sanitization (Rev 1, Dec 2014) is available for download from the NIST website
(http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdfhttp://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf).
Sanitization 14
Signed firmwareSigned firmware
Persistent memory module firmware images are cryptographically signed. The image includes a cryptographic hash value (for example,
SHA-256) that is encrypted using RSA public-private key encryption.
The hash value is encrypted using the private key. The persistent memory module decrypts the hash value using the public key.
The private key is kept in a FIPS 140-2 level 3 or level 4 (tamper-resistant or tamper-proof) code-signing appliance. The appliance
enforces access controls so that it only accepts authentic, signed images. The persistent memory module rejects images that do not
decrypt correctly.
Signed firmware 15
Firmware rollback protectionFirmware rollback protection
Firmware images are identified by version number, similar to 01.02.03.0405.
The second field (for example, 02) represents the security version number. This number is incremented in releases that contain security
improvements. Persistent memory modules cannot accept firmware images with an older security version number than the image that
is running. This protection prevents the firmware from rolling back to an earlier image that might contain exploitable features. Firmware
roll-back can only be done with individual binary files via BIOS embedded FW update applications.
Firmware rollback protection 16
Component identificationComponent identification
Component identification 17
Intel Optane persistent memory 200 series for HPE label identificationIntel Optane persistent memory 200 series for HPE label identification
ItemItem DescriptionDescription ExampleExample
1 Work Order Number XXXXXXX
2 Work Order Number Barcode XXXXXXX
3 Capacity 128 GB
256 GB
512 GB
4 Unique ID number 8089-A2-1802-1234567A
5 Serial Number and Part
Number Barcode
S8089A218040000168APNMAXXXXXXXXXXX
6 Product Name Intel® Optane™ persistent memory
7 Part Number 1234567A
8 Serial Number Barcode 8089-A2-1802-1234567A
9 PBA Number XXXXXX-XXX
For more information about product features, specifications, options, configurations, and compatibility, see the product QuickSpecs on
the Hewlett Packard Enterprise website (https://www.hpe.com/support/persistentmemoryQShttps://www.hpe.com/support/persistentmemoryQS).
Intel Optane persistent memory 200 series for HPE label identification 18
InstallationInstallation
Installation 19
System requirementsSystem requirements
IMPORTANT:IMPORTANT:
Hewlett Packard Enterprise recommends that you implement best-practice configurations such as clustered
configurations for high availability (HA).
The following hardware components are required:
HPE DDR4 Standard Memory RDIMMs or LRDIMMs
Intel Optane persistent memory 200 series for HPE
Third-generation Intel Xeon Scalable processors
Supported firmware versions:
System ROM version 1.40 or later
Server Platform Services (SPS) Firmware version 04.04.04.053
HPE iLO 5 Firmware version 2.44
HPE Innovation Engine Firmware version 1.0.0.20 or later
Download the required firmware and drivers from the Hewlett Packard Enterprise website
(https://www.hpe.com/info/persistentmemoryhttps://www.hpe.com/info/persistentmemory).
Supported operating systems:
Windows Server 2016 with persistent memory drivers from Hewlett Packard Enterprise
Windows Server 2019
Red Hat Enterprise Linux 7.9 and later
Red Hat Enterprise Linux 8.2 and later
SUSE Linux Enterprise Server 12 SP5 and later
SUSE Linux Enterprise Server 15 SP2 and later
VMware vSphere 7.0 U2 and later
VMware vSphere 6.7 U3 with P03
Hardware and licensing requirements for optional encryption of the persistent memory modules:
HPE TPM 2.0 (local key encryption)
HPE iLO Advanced License (remote key encryption)
Key management server (remote key encryption)
System requirements 20
Table of contents
Popular Computer Hardware manuals by other brands
Panasonic
Panasonic AY-PB2001 installation manual
Pico Macom
Pico Macom DSP806 Specifications
Renesas
Renesas R-IN32M4-CL2 TESSERA Application note
Renesas
Renesas Renesas Synergy AE-CLOUD2 user manual
Advantech
Advantech PCA-6186VE user manual
Sunix
Sunix Universal PCI Express Multi-IO RS-232/Parallel Communication... user manual
