Abstract: A system can execute a containerized application that comprises a microservice in a decentralized service mesh architecture, and a sidecar. The system can intercept, by the containerized application, a call from the microservice that is directed to a remote endpoint, and direct the call to the sidecar. The system can communicate, by the sidecar to an identity manager, service account credentials associated with the microservice, resulting in receiving an identity token associated with the microservice. The system can determine, by the sidecar, connectivity information of the remote endpoint based on a virtual address of the remote endpoint identified in the call. The system can communicate, by the sidecar to a token exchanger, the identity token and the connectivity information, resulting in receiving an access token and a network route to the remote endpoint. The system can relay, by the sidecar, network traffic between the microservice and the remote endpoint.

Abstract: Systems and methods for enabling automatic management of arbitrary power loads and power generation based on user-specified set of rules. The aforesaid rules may be applied based on the grid conditions, parameters of specific grid equipment, as well as any other (external) factors. In various embodiments, the aforesaid user-specified rules may be automatically executed by one or more servers in response to sensed grid conditions and arbitrary external factors. In various embodiments, the aforesaid rules may cause execution of local site functions, such as powering down specific load that may help stabilize the wider power grid. In one or more embodiments, the rules may be executed on a central server or on EVSE nodes in a decentralized manner using, for example, blockchain technology well-known to persons of ordinary skill in the art.

Abstract: A system can maintain, by a connectivity management service, associations between unique identifiers for remote endpoints and connectivity information of the remote endpoints. The system can, based on receiving, by a connectivity abstraction layer and from a microservice, a unique identifier, return, to the microservice, an internet protocol (IP) address that is unique within the system, wherein the IP address fails to identify a publicly-addressable computer, and store an association between the unique identifier and the IP address.

Abstract: Methods and systems for gracefully rerouting connections between client devices and server devices are disclosed. The method may include suspending a logical connection between a client device and a service provided by a server device set and placing the logical connection in a predetermined state. While the logical connection is in the predetermined state, modifying a transmission path supporting the logical connection to remove a first aggregator that was previously in the transmission path and add a second aggregator to a second server device set to the transmission path. Using the modified transmission path, the logical connection may be resumed to enable the client device to resume use of the service provided by the second server device set.

Abstract: A system can receive an untrusted onboard announcement message from a remote computer, wherein the untrusted onboard announcement message comprises first data that identifies the remote computer and second data that indicates a current configuration of the remote computer. The system can identify a stored indication of an authorized configuration of the remote computer based on the data that identifies the remote computer. The system can determine that there is a mismatch between the authorized configuration of the remote computer and the current configuration of the remote computer. The system can determine a trust metrics evaluation score for the remote computer based on a type of hardware component change between the authorized configuration of the remote computer and the current configuration of the remote computer. The system can, in response to determining that the trust metrics evaluation score is greater than a threshold value, onboard the remote computer.

Abstract: Methods and systems for gracefully rerouting connections between client devices and server devices are disclosed. The method may include suspending a logical connection between a client device and a service provided by a server device set and placing the logical connection in a predetermined state. While the logical connection is in the predetermined state, modifying a transmission path supporting the logical connection to remove a first aggregator that was previously in the transmission path and add a second aggregator to a second server device set to the transmission path. Using the modified transmission path, the logical connection may be resumed to enable the client device to resume use of the service provided by the second server device set.

Abstract: Architectures and techniques are described that can provide decentralized, zero-trust authorization according to variable fine-grained policies For example, an authorization server can receive an authorization request from a requesting device. The authorization request can comprise a reference address to a resource, in which case resource data can be fetched, or comprise a signed entity indicative of the resource. In either case, resource data used to evaluate a policy can be obtained and, if an associated policy evaluation is authorized, the authorization request can be validated and an associated token can be provided to the requesting device, which can then be transmitted along with an API call to a service through which a resource is provided.

Abstract: Methods and systems for load balancing requests from clients across server devices are disclosed. The method may include obtaining a request from one of the clients. The method may also include making a determination regarding whether a load signature for the one of the clients is available. When the load signature for the one of the clients is available, one of the server devices may be selected based at least in part on the load signature and the selected one of the server devices may be assigned to service the request from the one of the clients.

Abstract: Systems and methods for a control plane to cryptographically trust and revoke the trust of anonymous software artifacts or devices are described. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, where the memory includes program instructions stored thereon that, upon execution by the processor, cause a control plane of the IHS to: receive an anonymous token of a distributed anonymous token set package from a requestor; verify the anonymous token; and subsequent to verifying the anonymous token, establish a trust relationship with the requestor.

Abstract: Systems and methods for a control plane to cryptographically trust and revoke the trust of anonymous software artifacts or devices are described. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, where the memory includes program instructions stored thereon that, upon execution by the processor, cause a control plane of the IHS to: establish a trust relationship with a requesting entity based, at least in part, on a received anonymous token of a distributed anonymous token set package; receive a second request from the requesting entity; and subsequent to the second request, determine to revoke the trust relationship with the requesting entity.

Abstract: A system can execute a containerized application that comprises a microservice in a decentralized service mesh architecture, and a sidecar. The system can intercept, by the containerized application, a call from the microservice that is directed to a remote endpoint, and direct the call to the sidecar. The system can communicate, by the sidecar to an identity manager, service account credentials associated with the microservice, resulting in receiving an identity token associated with the microservice. The system can determine, by the sidecar, connectivity information of the remote endpoint based on a virtual address of the remote endpoint identified in the call. The system can communicate, by the sidecar to a token exchanger, the identity token and the connectivity information, resulting in receiving an access token and a network route to the remote endpoint. The system can relay, by the sidecar, network traffic between the microservice and the remote endpoint.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: submitting a request for a workload instance to a cloud service provider; establishing a secure communication channel between the cloud service provider and a data center monitoring and management console; exchanging information between the cloud service provider and the data center monitoring and management console via the secure communication channel, the information including a verifiable workload instance identity; and, using the verifiable workload instance identity to authenticate a workload instance provided by the cloud service provider.

Abstract: A system can receive an untrusted onboard announcement message from a remote computer, wherein the untrusted onboard announcement message comprises first data that identifies the remote computer and second data that indicates a current configuration of the remote computer. The system can identify a stored indication of an authorized configuration of the remote computer based on the data that identifies the remote computer. The system can determine that there is a mismatch between the authorized configuration of the remote computer and the current configuration of the remote computer. The system can determine a trust metrics evaluation score for the remote computer based on a type of hardware component change between the authorized configuration of the remote computer and the current configuration of the remote computer. The system can, in response to determining that the trust metrics evaluation score is greater than a threshold value, onboard the remote computer.

Abstract: A system, method, and computer-readable medium for performing a data center monitoring and management operation. The data center monitoring and management operation includes: submitting a request for a workload instance to a cloud service provider; establishing a secure communication channel between the cloud service provider and a data center monitoring and management console; exchanging information between the cloud service provider and the data center monitoring and management console via the secure communication channel, the information including a verifiable workload instance identity; and, using the verifiable workload instance identity to authenticate a workload instance provided by the cloud service provider.

Abstract: Architectures and techniques are described that can provide decentralized, zero-trust authorization according to variable fine-grained policies For example, an authorization server can receive an authorization request from a requesting device. The authorization request can comprise a reference address to a resource, in which case resource data can be fetched, or comprise a signed entity indicative of the resource. In either case, resource data used to evaluate a policy can be obtained and, if an associated policy evaluation is authorized, the authorization request can be validated and an associated token can be provided to the requesting device, which can then be transmitted along with an API call to a service through which a resource is provided.

Abstract: In accordance with one aspect of the embodiments described herein, there are provided systems and methods for integration of electric vehicle charging stations with photovoltaic, wind, hydro, thermal and other alternative energy generation equipment. In various embodiments, the aforesaid integration is used to perform balancing of the electrical power generated by the aforesaid photovoltaic, wind, hydro, thermal and other alternative energy generation equipment and the electrical power consumed by the aforesaid EVSE equipment. In one exemplary embodiment, the aforesaid balancing may be performed on a house (building) level. In another exemplary embodiment, the balancing may be performed on a neighborhood level.

Abstract: Systems and methods for enabling automatic management of arbitrary power loads and power generation based on user-specified set of rules. The aforesaid rules may be applied based on the grid conditions, parameters of specific grid equipment, as well as any other (external) factors. In various embodiments, the aforesaid user-specified rules may be automatically executed by one or more servers in response to sensed grid conditions and arbitrary external factors. In various embodiments, the aforesaid rules may cause execution of local site functions, such as powering down specific load that may help stabilize the wider power grid. In one or more embodiments, the rules may be executed on a central server or on EVSE nodes in a decentralized manner using, for example, blockchain technology well-known to persons of ordinary skill in the art.

Abstract: Systems and methods for enabling automatic management of arbitrary power loads and power generation based on user-specified set of rules. The aforesaid rules may be applied based on the grid conditions, parameters of specific grid equipment, as well as any other (external) factors. In various embodiments, the aforesaid user-specified rules may be automatically executed by one or more servers in response to sensed grid conditions and arbitrary external factors. In various embodiments, the aforesaid rules may cause execution of local site functions, such as powering down specific load that may help stabilize the wider power grid. In one or more embodiments, the rules may be executed on a central server or on EVSE nodes in a decentralized manner using, for example, blockchain technology well-known to persons of ordinary skill in the art.

Abstract: In accordance with one aspect of the embodiments described herein, there are provided systems and methods for integration of electric vehicle charging stations with photovoltaic, wind, hydro, thermal and other alternative energy generation equipment. In various embodiments, the aforesaid integration is used to perform balancing of the electrical power generated by the aforesaid photovoltaic, wind, hydro, thermal and other alternative energy generation equipment and the electrical power consumed by the aforesaid EVSE equipment. In one exemplary embodiment, the aforesaid balancing may be performed on a house (building) level. In another exemplary embodiment, the balancing may be performed on a neighborhood level.

Abstract: A system for charging an electric or hybrid-electric vehicle, the system incorporating: at least one vehicle charging station intermittently connectable to the vehicle; a control server comprising at least one processing unit and a memory; and a computerized information system comprising a display unit displaying a user interface and a user input unit, the computerized information system being communicatively connected to the control server via a data network, wherein the user interface comprises a charging priority selection portion for receiving, via the user input unit, a plurality of charging priorities from an operator of the vehicle, wherein the computerized information system transmits the received plurality of charging priorities to the control server and wherein the control server controls the at least one vehicle charging station based on the transmitted plurality of charging priorities.