Abstract: Embodiments provide access to enterprise data via a secured virtual environment hosted on an Information Handling System (IHS), with the integrity of the IHS validated prior to launching the virtual environment. The integrity of the IHS may also be continuously validated during operation of the launched virtual environment. Policies for accessing the enterprise data are stored in a secured memory that is isolated from the operating system of the IHS. A virtual environment is configured, according to the policies, with resources for a particular user to access the enterprise data. If the integrity of the IHS is validated by a trusted resource on the IHS, the virtual environment is launched. During operation of the virtual environment, the trusted resource periodically confirms the integrity of the IHS. If the integrity of the IHS is not verified or policy changes are identified, access to the secured workspace may be revoked.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: Systems and methods for bare-metal or pre-boot user-machine authentication, binding, and entitlement provisioning are described. In some embodiments, a method may include: receiving, at a first portal managed by a manufacturer of an Information Handling System (IHS): (i) user credentials associated with a user of the IHS, and (ii) device identification associated with the IHS before the IHS is shipped to the user; selecting a customer of the manufacturer associated with the device identification; forwarding an indication of the user credentials to a second portal managed by the customer; and, in response to the second portal having successfully authenticated the user, establishing an identity session with the second portal; receiving, from the IHS, a request to initiate an entitlement sequence.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.

Abstract: Systems and methods are provided that support configuration of settings of an Information Handling System (IHS), such as by external configuration tools that are delegated authority to configure any portion of the configurable settings of IHS. During factory provisioning of the IHS, an inventory of configurable settings of the IHS is generated and permissions are assigned for configuration of a portion of the configurable IHS settings by a configuration tool. During the factory provisioning, credentials are stored to the IHS for authenticating communications from the assigned configuration tool. Once the IHS has been delivered and deployed, configuration of the assigned portion of IHS is allowed when configuration requests from the assigned configuration tool are successfully validated against the credentials stored to the IHS during factory provisioning. The configurable settings of the IHS may include BIOS settings, operating system settings and settings supported by hardware components of the IHS.

Abstract: Systems and methods are provided for swapping computing architectures used by workspaces operating on an Information Handling System (IHS). A first workspace definition is generated for deployment of a workspace on the IHS using a first computing architecture. A timer is initiated upon deployment of the workspace on the IHS according to the first workspace definition. Upon expiration of the timer, a second workspace definition is generated for redeployment of the workspace using a second computing architecture. The workspace is then redeployed on the IHS according to the second workspace definition. The duration of the timer may be a randomized interval, or may be selected based on security and/or productivity metrics for the deployment of the workspace on the IHS. Through swapping of the computing architecture used by the workspace, the attack surface presented by the workspace is regularly altered, thus thwarting malicious actors attempting to compromise the workspace.

Abstract: Systems and methods for detecting security attacks using workspace orchestration logs are described. In some embodiments, a workspace orchestration server may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, may cause the server to: maintain a first workspace orchestration log, receive a second workspace orchestration log from a client Information Handling System (IHS), and identify the security attack, at least in part, in response to a discrepancy between the first and second workspace orchestration logs.

Abstract: An information handling system of a Radio Access Network (RAN) system operating a secure network slice orchestration system may comprise a network interface device of the RAN system transceiving data within a 5G New Radio (NR) frequency band with an endpoint computing device, the network interface device receiving an instruction from a client solutions management (CSM) platform to assign a network slice within the 5G NR frequency band, based on a security profile associating the endpoint computing device with a security tier, to a network slice as established by a software defined network (SDN) controller within a sub-portion of the 5G NR frequency band, the secure network slice orchestration system determining the endpoint computing device is associated with the network slice within a communications profile received from the CSM platform, and the SDN controller establishing a virtual access point transceiving data within the network slice with the endpoint computing device.

Abstract: Systems and methods for dynamic workspace targeting with crowdsourced user context are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: detect execution of an application in a workspace instantiated by a client IHS; validate the application based upon productivity context information and security context information received from the client IHS; and in response to the validation, distribute the validated application to another workspace instantiated by another client IHS.

Abstract: Systems and methods for providing trusted local orchestration of workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a system memory coupled to the processor, the system memory having program instructions stored thereon that, upon execution, cause the IHS to: receive an orchestration code from a workspace orchestration service; record, using a trusted controller coupled to the processor, a log comprising: the orchestration code, and an indication of a sequence of operations performed during an instantiation of a workspace by the local management agent; provide a copy of the log to the workspace orchestration service; and establish a connection between the workspace and the workspace orchestration service in response to the workspace orchestration service's successful: (i) authentication of the orchestration code, and (ii) verification of the sequence of operations.

Abstract: Systems and methods for managing the degradation of IHS performance due to software installations are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: identify a workload; in response to the identification, configure a performance measurement; calculate a level of performance degradation of the IHS based, at least in part, upon the performance measurement; and in response to the level of performance degradation meeting a threshold value, provide an indication to a user or Information Technology (IT) administrator.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods for providing trusted local orchestration of workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a system memory coupled to the processor, the system memory having program instructions stored thereon that, upon execution, cause the IHS to: receive an orchestration code from a workspace orchestration service; record, using a trusted controller coupled to the processor, a log comprising: the orchestration code, and an indication of a sequence of operations performed during an instantiation of a workspace by the local management agent; provide a copy of the log to the workspace orchestration service; and establish a connection between the workspace and the workspace orchestration service in response to the workspace orchestration service's successful: (i) authentication of the orchestration code, and (ii) verification of the sequence of operations.

Abstract: Systems and methods adjust workspaces based on available hardware resource of an IHS (Information Handling System) by which a user operates a workspace supported by a remote orchestration service. A security context and a productivity context of the IHS are determined based on reported context information. A workspace definition for providing access to a managed resource is selected based on the security context and the productivity context. A notification specifies a hardware resource of the IHS that is not used by the workspace definition, such as a microphone or camera that has not been enabled for use by workspaces. A productivity improvement that results from the updated productivity context that includes use of the first hardware resource is determined. Based on the productivity improvement, an updated workspace definition is selected that includes use of the first hardware resource in providing access to the managed resource via the IHS.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.

Abstract: Systems and methods for workspace deployment using a secondary trusted device are described. In some embodiments, a first Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the first IHS to: establish a first connection with a second IHS, where the second IHS is configured to establish a second connection with a workspace orchestration service, and where the workspace orchestration service is configured to: receive device identification information of the first IHS from the second IHS; and authenticate the device identification information against a database provided by a manufacturer of the first IHS; and in response to a successful authentication, establish a third connection with the workspace orchestration service.

Abstract: Systems and methods for providing trusted local orchestration of workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a system memory coupled to the processor, the system memory having program instructions stored thereon that, upon execution, cause the IHS to: receive an orchestration code from a workspace orchestration service; record, using a trusted controller coupled to the processor, a log comprising: the orchestration code, and an indication of a sequence of operations performed during an instantiation of a workspace by the local management agent; provide a copy of the log to the workspace orchestration service; and establish a connection between the workspace and the workspace orchestration service in response to the workspace orchestration service's successful: (i) authentication of the orchestration code, and (ii) verification of the sequence of operations.