DGX A100 System
DU-09821-001_v06
| 75
Chapter 13.
Security
13.1
User Security Measures
The NVIDIA DGX A100 system is a specialized server designed to be deployed in a data center.
It must be configured to protect the hardware from unauthorized access and unapproved use.
The DGX A100 system is designed with a dedicated BMC Management Port and multiple
Ethernet network ports.
When installing the DGX A100 system in the data center, follow best practices as established
by your organization to protect against unauthorized access.
13.1.1
Securing the BMC Port
NVIDIA recommends that the BMC port of the DGX A100 system be connected to a dedicated
management network with firewall protection. If remote access to the BMC is required (such
as for a system hosted at a co-location provider), it should be accessed through a secure
method that provides isolation from the internet, such as through a VPN server.
13.2
System Security Measures
The NVIDIA DGX A100 system incorporates the following security measures.
13.2.1
Secure Flash of DGX A100 Firmware
Secure Flash is implemented for the DGX A100 to prevent unsigned and unverified firmware
images from being flashed onto the system.
13.2.1.1
Encryption
The firmware encryption algorithm is AES-CBC.
The firmware encryption key strength is 128 bits or higher.
Each firmware class uses a unique encryption key.