Abstract: An authorization method using provisioned certificates is disclosed. The method includes writing security attributes to fields within a certificate and issuing the certificate to a software application on a principal node. The software application requests to perform actions on one or more resources on a resource node, sending one or more action requests along with a copy of its certificate. The resource node has an agent which verifies the permissions from the certificate and routes the request to its designated resource. The resource node returns one or more messages to the principal node, verifying whether or not complete the requests.

Abstract: Methods and network interface modules for processing packet headers are provided. The method comprises: receiving a packet comprising a header and a payload; generating, using the header, an initial packet header vector (PHV); providing the initial PHV to a pipeline comprising a plurality of processing stages; and processing the initial PHV in the pipeline, wherein the processing comprises, for a current processing stage in the plurality of processing stages: receiving, by the current processing stage, an input PHV, wherein the input PHV (i) is the initial PHV or a modified version of the initial PHV and (ii) comprises one or more flits, and applying a feature to the input PHV to generate an output PHV, including increasing an initial length of the input PHV if the initial length is not sufficient to apply the feature.

Abstract: Described are devices, systems, and methods for improving network security by providing network interface devices communicatively coupled to end-point-protection platforms (EPP) based on integration of two different technologies (e.g., smart NICs and EPP software) allowing each to automatically signal the other and implement automated protection mechanisms to isolate or protect a host, a virtual machine, and/or a container.

Abstract: Described herein are baffles for Input/Output (I/O) devices and I/O devices comprising baffles configured to redirect incoming pre-heated air around downstream electrical components and/or their respective heat sinks to prevent overheating. Providing an isolated fresh airflow path from a fluid inlet to such downstream electrical devices reducing such overheating, which prevents malfunctions and increases the I/O efficiency, speed, and lifetime of I/O devices.

Abstract: Methods and systems for upgrading an intelligent server adapter (ISA) with reduced downtime that affects performance are provided. The method includes, from a main agent, initiating a backup agent that includes critical functions of the ISA and runs in a tight loop, isolated from other components. The main agent transfers critical duties to the backup agent and shuts down before performing the upgrade. After upgrading itself and other system components, the main agent retrieves the duties from the backup agent, and may terminate the backup agent.