Abstract

Dell commissioned Tolly to validate the security capabilities and performance characteristics of the Broadcom Emulex LPe38102 64G SecureHBA running in Dell 17G PowerEdge servers with iDRAC 10. The main focus of the project was to determine whether the combined solution could deliver advanced zero-trust and post-quantum-ready Fibre Channel security features without materially reducing real-world application performance.  

The report positions the solution in the context of tightening global security requirements, including EU NIS2 and DORA mandates and the shift toward CNSA 2.0 in the US. Tolly verified that Dell iDRAC 10 and the Emulex SecureHBA support a layered security model built around hardware trust and cryptographic attestation. iDRAC 10’s dedicated security processor was shown to block an attempt to load unauthenticated firmware onto the HBA, validating silicon root-of-trust behavior at the PCIe device level. Tolly also confirmed that the adapter is SPDM-capable and supports SPDM version 1.2.0 for device attestation.  

The Emulex SecureHBA itself supports CNSA 1.0 and CNSA 2.0, including post-quantum cryptography, plus secure boot, digitally signed drivers, and standards-based autonomous encrypted data in flight based on the FC-SP-3 specification. Session keys are managed automatically by the HBA, and when paired with compatible endpoints, encryption is established without external key-management software or manual session configuration. Tolly emphasizes that this design brings zero-trust and PQC-oriented protection directly into the Fibre Channel data path.  

Performance testing showed that these security features did not impose a meaningful penalty. In FIO microbenchmark tests with encryption enabled, the LPe38102 exceeded 10 million IOPS at 2K block size and drove more than 92.4% of 64G Fibre Channel link maximum at the 4K and 8K block sizes commonly associated with database workloads. Tolly also ran HammerDB against Oracle 19c using a TPROC-C profile with 256 virtual users. Results for encrypted and unencrypted runs were described as virtually identical across transactions per minute, server CPU efficiency, and stored procedure latency, indicating negligible overhead from hardware-implemented encryption.  

Overall, the report presents Dell 17G PowerEdge servers with Broadcom Emulex SecureHBA as a high-performance Fibre Channel platform that combines device attestation, silicon root-of-trust protection, and post-quantum-capable autonomous in-flight encryption while preserving the throughput and responsiveness required for demanding enterprise database and transaction workloads.