🤶🏽 💇🏿 🚕 Lenovo Thinkserver SE350: a hero from the periphery 🚰 🍿 🚔

Today we are considering a new class of devices, and I am incredibly glad that over the decades of development of the server industry, for the first time I am holding something new in my hands. This is not the “old in the new packaging", this device, created from scratch, has almost nothing to do with its predecessors, and this is the Edge server from Lenovo.

We just could not help but share with Habr an excellent overview of our server, which was published on the site HWP.RU.

If you are still lost in terminology, and don’t know what “Edge” is, then briefly evolution evolved this way:

At first, large companies decided that Big Data would help them improve work efficiency, from ore mining to sales of chewing gum at the supermarket checkout.
, , , Big Data , . IoT-, , , , --.
IoT « », , , , , , , . - , 3G/4G .
, IoT , , , . : , , . , , 1 . « », Edge, . « », « », , .

And it turned out that ordinary servers are not suitable for work “on the periphery”: they are very expensive, too delicate, easily overheat, make a lot of noise and take up a lot of problems with operation, which makes it easier to use powerful laptops for calculations.

Test configuration	Lenovo ThinkServer SE350
CPU	Intel Xeon D-2123 (4C, 8T, 2.2 - 3.0GHz)
Memory	1x DDR4 ECC RDIMM 16 Gb, 2666 MHz
Drives	2x SSD SATA600 M.2 480Gb
Network ports	2x SFP + 10G 2x SFP + 1G 2x 1GBase-T 1x 1GBase-T for management
USB ports	2x USB 3.1 front 2x USB 2.0 rear Mini USB for smartphone
Wifi	802.11ac
LTE	LTE 4G
Operating Systems	Windows Server 2019 VMware ESXi 6.7U3

Naturally, the industry responded to the challenge of today by introducing a new class of devices: a server for all roads, compact, robust, anti-vandal, safe ... you feel ... none of the above properties apply to old servers! Meet the Lenovo ThinkServer SE350 .

Form factor

Edge servers do not have a single case format: in the carpentry workshop you hang it on the wall, and in the inflatable tent - only on the table, so Lenovo made its ThinkServer SE350 as compact as possible. It has a height of 1U (40mm), body width - 0.5U (215mm), length - 376 mm.

We can say that in size this server has a 1 / 2U format, and it can easily be carried with you like a laptop, but this is not so. We forgot about the power supplies, of which there are two, and both are external, large enough, with a capacity of 240 W each. With such luggage, the entire compactness of the machine can be safely divided into two, because it needs two places on the wall, you put the server on the table - power supplies under the table, well, that sort of thing. Of course, it is allowed to install two machines in 1 unit or in 2 units of the server cabinet, but this option is considered as an exception, and the rails for such an installation are purchased separately.

By default, the manufacturer suggests using the server and power supply mounts to the wall, for which the machine is equipped with powerful steel brackets. Considering that “on the periphery” the object may not even have a simple network switch, and the Thinkserver SE350 itself performs the role of a Wi-Fi access point, hanging it higher is a good idea. Well, just do not forget that two power supplies will hang on the bracket next to it. By the way, their manufacturer is FSP, and with all due respect to this company, this supplier is not the best choice for an Enterprise device, I would prefer to see Delta or Seasonic power supplies.

According to the test results, FSP power supplies show good performance for an external adapter. I recommend connecting one of the power supplies to a non-redundant UPS outlet, or to the one that turns off by timer to extend the server’s battery life. A typical 2 KVA UPS will provide about 3 hours of battery life for the server. So even if the generator runs out of diesel, you will have time to go to the gas station.

Theft Protection

To ensure that a casual passer-by or own worker does not remove or drag the server home, the bracket has a Kensington lock with a powerful anti-burglar that locks the machine in the bracket. Removing the ThinkServer SE350 from the wall without a key is only possible with a crowbar, tearing out the bracket with the dowels.

But if you are afraid that having stolen your server, the attacker will sell it on Avito, then do not worry: the Lenovo ThinkServer SE350 also has electronic anti-theft protection, like modern smartphones and laptops. When you purchase, you activate the server on the Lenovo portal using the QR code on its case, model and serial number. By linking the machine to your account, you simply turn on the protection in the BIOS and activate the built-in sensors. There are two of them: the first is the lid opening sensor that we know, which, by the way, cannot be opened without removing the bracket, and the second is the position sensor, which detects, for example, that the machine was hanging in a vertical position and is now in horizontal position.

As soon as the server realizes that they tried to steal it, it will not just block, but also “put out” its network interfaces, including Wi-Fi, LTE and wired ones, and you can return it to work only through the re-activation procedure in the Lenovo cloud service using connecting a smartphone either remotely. To ensure that the system does not give false positives in seismically active areas, the sensitivity and position in space are configured from the BIOS. Thus, theft for resale does not make any sense, and the attack MITM, placing the server in their own network environment, the attackers do not. When using SED-drives, the removal of encryption keys is also configured, but since in many countries these devices are prohibited from import, we bypass this function, and we remind readers that these technologies protect only the platform itself,and refuse to use Bitlocker, Truecrypt or other encryption tools is not worth it.

Of course, in the place of the manufacturer, I would put a large sticker in the package with the server with the inscription like “the computer is encoded” or “anti-theft is installed”, because the attacker does not know that the ThinkServer SE350 is useless to steal: you will get nothing besides problems.

Dust protection

There is fine dust even in the most expensive data centers, and even in production or in the field of this good in bulk, but Lenovo has protection in the form of foam filters that are installed on the frame under the front bezel. The first filter closes the main air intake through which the processor is blown, and the second - the expansion board.

In addition, each port and each external socket on the server has a thick rubber plug. I had never seen a lid on a Mini-USB, or RJ45, but here even the antenna jack and even the hole for the antenna jack has its own plug. In total, you don’t have to worry that the server is swallowing sand or dust and will start to freeze. Cool, Lenovo, well done!

Wireless communications

There are three versions of the Thinkserver SE350 with different network port configurations shown in the diagram below. At our disposal is a top-end one having:

2 SFP + slots at 10 Gbps,
2 SFP slots at 1 Gbps,
1 RJ45 for BMC
2 RJ45 at 1 Gb / s

The main network controller here is Intel x722, which provides 4 channels of 10 Gb / s, two of which are output to SFP + slots, one is not used, and the remaining one is connected to the Edgeboard, which is essentially a wireless router that works almost independently of the server .

Physically, Edgeboard is a module that combines two Mini-PCIe cards and an NXP LS1046A switch. To install a Nano-SIM card, you have to remove this module from the server, disconnecting all antennas from it. You only have a slot for one SIM card, which in the modern world of dual SIM phones and WLAN routers looks somehow strange. The wireless module supports 802.11ac standard with two spatial streams, which gives a maximum speed of 433 Mbit / s.

The switch is controlled by hardware, through the BMC controller, XClarity Control. Here you can choose the roles of ports numbered 7, 5 and 6, as well as 8 and 9.

That is, simply put, in the operating system you always have 10-gigabit ports 1 and 2 and Wi-Fi, LTE are never available , ports 5, 6 and 7. Instead of them you will have a virtual adapter, with its IP address of the form 192.168.73.xx, through which the server receives and distributes the Internet. For example, the top can be 10G from the provider + LTE, and the bottom via gigabit RJ45 - the entire network infrastructure of the enterprise + Wi-Fi from the server’s access point. Interestingly, with such a configuration, the server does not even notice the disappearance of the network on one of the ports. And yes, of course you can connect your smartphone as a USB modem, if nothing else remains.

Why was Lenovo so smart, and wouldn't it be easier to put simple modems and Wi-Fi with control from the OS? Perhaps the main thing is the independent operation of the Wi-Fi / LTE module from the server: it can be overloaded, it may hang, install updates, and devices connected to the EdgeBoard ports must be constantly connected to the Internet. Plus, you have additional WAN isolation from LAN at the hardware level and a built-in access point with a redundant 4G channel. But, of course, the wireless module has a minimum of settings, and for the user its operation looks opaque, so from my point of view, such a backup implementation is very controversial.

Storage system

We happily say goodbye to hard drives, sending into oblivion even a 2.5-inch form factor. Lenovo ThinkServer SE350 only supports M.2 format drives, no hot swap. Logically, the storage system in the server is divided into boot drives (the M.2 board is behind the riser, we don’t have it in our configuration) and data drives (NVME or SATA600). By default, our configuration has 4 M.2 NVME / SATA slots occupied by two SATA-drives with a capacity of 480 GB.

Tests show that these are very fast server disks that do not sag in speed during intensive recording and have predictable response times without blockages.

Additionally, you can install the same riser on 4 M.2 boards instead of an expansion card. When using SED-disks, you can buy an option to automatically clear encryption keys when tamper sensors and anti-theft systems are triggered. Hardware RAID functions are available for the boot adapter, which installs the same drives in mirror mode, and for standard storage drives you can use the standard Intel software RAID. In total, this kid can contain 10 drives in the M.2 format, which you will agree is very cool for half of a single unit case!

Expansion options

None of my colleagues knew what the wrench is for inside the server, but it's simple: the server provides the ability to transfer Wi-Fi / LTE antennas from the rear to the front panel. This is what the key is for. By default, the server comes with 1 16 GB DDR4 2666MHz ECC Registered module and an empty low-profile slot for a PCI Express card. Supported memory modules up to 64 GB each with a frequency of 2133/2400/2666 MHz with a total capacity of up to 256 GB.

When ordering, you can choose a processor modification from the Xeon-D 2100 series. This is a very good CPU, which we already tested earlier, it was created specifically for embedded systems, such as security gateways, NAS-s and peripheral computing nodes. In our test system, we installed Xeon-D 2123, a 4-core with a base frequency of 2.2 GHz, TurboBoost - 3.0 GHz, support for HyperThreading, AVX-2 and AVX-512.

In the server BIOS, it is possible to set the power consumption type OS Control mode to comply with VMware recommendations for using Turbo Boost inside a VM, as well as limiting the maximum frequency of Turbo Boost. In our tests, the maximum turbo frequency of the processor did not exceed 2.68 GHz, and no matter how hard I tried, I could not bring out its frequency even a little higher even in 1-stream mode. From my own experience I can say that for Xeon-D the number of memory channels involved is not as important as the frequency of installed modules. Plus, it’s a very hot processor for its 60 W, so don’t panic if it heats above 60 degrees with almost no load: the server cooling system has nothing to do with it.

... moreover, here it is represented by three 40-mm fans manufactured by Delta Electronics with anti-vibration mount and the possibility of easy replacement (Cold Swap). Automatic speed control allows them to operate in a very wide range from 3,000 RPM to 24,000 RPM. In idle mode at room temperature, the noise level is about 38 dB. I want to once again note that the Lenovo ThinkServer SE350 has an expanded operating temperature range of ambient air: up to +45 degrees Celsius in any configuration and up to +55 degrees in some.

The server has 1 low-profile expansion slot PCI Express 3.0 x16 without additional power (limit - 75 watts). If you need to use the functions of AI and machine learning, you can install the Nvidia Tesla T4 16 Gb adapter, as well as other FPGA and ASIC boards.

Remote Management and UEFI

The Lenovo ThinkServer SE350 uses its own XC Clarity remote control system on the Pilot4 XE401. By the way, this control controller is used in all modern Lenovo servers. Basic functions such as unlocking or activating the machine can be performed when connecting the smartphone via the microUSB port on the front panel. By the way, to the left of this port are hidden buttons for resetting the wireless controller (see above) and for sending the NMI signal to hardware reset.

Of course, the interface is very beautiful: here you have graphs, charts, and excellent compatibility with mobile browsers. And UEFI looks in the same style with the same mouse controls as BMC. With one window of the remote console, up to 6 users can work simultaneously, it is possible to mount virtual disks via the NFS protocol, set macros for keyboard shortcuts, etc. It is useless to list all the items, see screenshots.

For simplified deployment in the BIOS, there is an option to accelerate the installation of Windows Server 2016 or VMware ESXi 6.5 / 6.7: just enter your administrator password and go drink tea, the system will partition the disks and install the OS.

Readiness for import substitution

Lenovo announces a standard set of compatible enterprise operating systems:

Microsoft Windows Server 2016
Microsoft Windows Server 2019
Red Hat Enterprise Linux 7.6
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 Xen
VMware ESXi 6.5 U2
VMware ESXi 6.7 U2

We additionally test operating system distributions included in the Unified Register of Russian Programs for Electronic Computing Machines and Databases , which have FSTEC certificates. Today it is ALT Linux and Astra Linux.

Tested Operating System	Compatibility	Boot mode
VMWare ESXi 6.7 U3	Yes	UEFI
Windows Server 2019	Yes	UEFI
Alt linux	Yes	Legacy
Astra linux	Yes	Legacy

The server is ready to implement Government Decision No. 1236 of November 12, 2015 , that is, to work in government agencies on secure domestic operating systems.

Guarantee

The Lenovo ThinkServer SE350 server is covered by a 3-year warranty with a renewal option of up to 5 years. Warranty for SSDs is provided if their rewriting cycle resource specified in the user manual has not expired. On-site service is available in 9x5 mode with check-out the next day, as well as service improvement packages.

Ordering recommendations

As you can see, the Lenovo ThinkServer SE350 is too unusual to compare and contrast it with counterparts from other companies: it still has a full-fledged Intel Xeon, with buffered ECC memory, a fast network even by modern standards, very good data storage capabilities and protection from theft. This is not the case when they simply took a powerful nettop on the Core i7 and hung it with antennas and called it the server for Edge.

At the very beginning of the article, I said that the word “Edge” usually implies the concept of “on the periphery,” but this term has a different concept. Nevertheless, in the IT world, the term “Edge” is usually called the most advanced technology, and in the case of the ThinkServer SE350, this translation should be considered correct. Some of the solutions used here for us is a curiosity, with something, such as implementing Wi-Fi and LTE connections, we have to spend hours rethinking, but in the end it is a machine that has nothing of the kind, and ordering it through a tender, you can be sure that you will not get an analogue.

ThinkSystem SE350 server page on Lenovo website .

The original article was published on the website HWP.RU 03/05/2020

Lenovo Thinkserver SE350: a hero from the periphery