Abstract: Disclosed are systems and methods for trusted and secure application deployment via collective signature verification of the application artifacts. The trusted and secure application deployment may include receiving multiple application artifacts, decoding verifications from at least one cryptographic signature associated with each received artifact, comparing the verifications to a first set of requirements specified in an admission control list, comparing the verifications from a first received artifact to a second set of requirements specified in the verifications of a second received artifact, halting the deployment of the artifacts in response to the decoded verifications not satisfying one or more requirements from the first set of requirements or the second set of requirements, and deploying the artifacts to a set of compute nodes in response to the verifications decoded from the received artifacts satisfying the first set of requirements and the second set of requirements.

Abstract: A controller is provided to optimize software allocations to shared resources based on a dynamic mapping of resource relationships. The controller may map relationships between resources of nodes in different compute clusters. The controller may receive a request for a particular application, and may determine different sets of the nodes that each include minimum, desired, purchased, or subscribed to set of resources to run the particular application. The controller may determine optimization constraints associated with running the particular application, and may compare the relationships between the resources of each set of nodes to the optimization constraints. The controller may select a particular set of nodes that have resource relationships satisfying more of the optimization constraints than the resource relationships of other selected sets of nodes, and may execute the particular application using the resources of the particular set of nodes.

Abstract: Disclosed are systems and methods that include user interfaces (“UIs”) and a controller for automating the building, management, and distribution of operation systems (“OSes”) with different customizations for different users. A UI may include selectable elements for different OS distributions, and may present a first set of components from a selected particular OS distribution and a second set of components that are not included with the particular OS distribution. The controller may generate a custom OS build based on a first subset of components that are selected from the first set of components, and a second subset of components that are selected from the second set of component using the UI. The controller may provide a repository that is accessed with an identifier and that links to each selected component of the custom OS build, and may distribute the custom OS build from the repository to a node.

Abstract: A controller is provided to construct and run a container from one or more encrypted container images without persisting any decrypted data from the one or more encrypted container images to non-volatile storage at any time. The controller may retrieve a container image with encrypted first data and encrypted second data, and may store the container image to non-volatile storage of a particular node. The controller may construct a container by mounting the container image as part of an encrypted file system of the container. During runtime execution of the container, the encrypted first data may be extracted and decrypted from the file system in response to a file system request for the encrypted first data, and the decrypted first data may be entered into volatile storage of the particular node while the encrypted first data and the encrypted second data are retained on the non-volatile storage.

Abstract: An orchestration system may provide distributed and seamless stateful high performance computing for performance critical workflows and data across geographically distributed compute nodes. The system may receive a task with different jobs that operate on a particular dataset, may determine a set of policies that define execution priorities for the jobs, and may determine a current state of compute nodes that are distributed across different compute sites. The system may distribute the jobs across a selected set of the compute nodes in response to the current state of the set of compute nodes satisfying more of the execution priorities than the current state of other compute nodes. The system may produce task output based on modifications made to the particular database as each compute node of the set of compute nodes executes a different job of the plurality of jobs.

Abstract: A controller is provided to construct and run a container from one or more encrypted container images without persisting any decrypted data from the one or more encrypted container images to non-volatile storage at any time. The controller may retrieve a container image with encrypted first data and encrypted second data, and may store the container image to non-volatile storage of a particular node. The controller may construct a container by mounting the container image as part of an encrypted file system of the container. During runtime execution of the container, the encrypted first data may be extracted and decrypted from the file system in response to a file system request for the encrypted first data, and the decrypted first data may be entered into volatile storage of the particular node while the encrypted first data and the encrypted second data are retained on the non-volatile storage.

Abstract: An orchestration system may provide distributed and seamless stateful high performance computing for performance critical workflows and data across geographically distributed compute nodes. The system may receive a task with different jobs that operate on a particular dataset, may determine a set of policies that define execution priorities for the jobs, and may determine a current state of compute nodes that are distributed across different compute sites. The system may distribute the jobs across a selected set of the compute nodes in response to the current state of the set of compute nodes satisfying more of the execution priorities than the current state of other compute nodes. The system may produce task output based on modifications made to the particular database as each compute node of the set of compute nodes executes a different job of the plurality of jobs.