Abstract: A storage system such as a storage array in a data center calculates per-application power utilization based on monitored IOs. IOs generated by applications that are tolerant of rescheduling may be rescheduled to a time when power is less costly or more available. Storage array power consumption is reduced if all services host applications can tolerate greater IO latency without service level violations. Server power consumption is reduced if all services host applications can tolerate greater IO latency without service level violations. Power consumption by the servers, storage array, or both is reduced if power consumption reaches a predetermined level relative to available power.

Abstract: A distributed secure communication system includes a first System Control Processor (SCP) subsystem coupled to second and third SCP subsystems via a network. The first SCP subsystem identifies the second SCP subsystem, signs a first SCP authentication communication with a first private key to provide a first signed SCP authentication communication that it transmits to the second SCP subsystem. The first SCP subsystem receives a second signed SCP authentication communication from the second SCP subsystem, authenticates the second signed SCP authentication communication using a second public key associated with the second SCP subsystem and, in response, establishes a first secure communication channel with the second SCP subsystem.

Abstract: A storage system such as a storage array in a data center calculates per-application power utilization based on monitored IOs. IOs generated by applications that are tolerant of rescheduling may be rescheduled to a time when power is less costly or more available. Storage array power consumption is reduced if all services host applications can tolerate greater IO latency without service level violations. Server power consumption is reduced if all services host applications can tolerate greater IO latency without service level violations. Power consumption by the servers, storage array, or both is reduced if power consumption reaches a predetermined level relative to available power.

Abstract: A device access control system includes a first computing system that is coupled to a second computing system via a network, and that includes a device access controller subsystem coupled to devices, a central processing subsystem, and a device access control manager subsystem. The device access control manager subsystem identifies first application(s) configured for provisioning by the central processing subsystem and second application(s) configured for provisioning by the second computing system, configures the device access controller subsystem to provide the central processing subsystem access to a first subset of the devices to allow the central processing subsystem to provide the first application(s), and configures the device access controller subsystem to provide the second computing system access via the device access control manager subsystem to a second subset of the devices to allow the second computing device to provide the second application(s) using the second subset of the devices.

Abstract: A distributed key management system includes a first SCP subsystem coupled to second SCP subsystems via a network. The first SCP subsystem establishes secure communication channels with the second SCP subsystems, and a first key management subsystem in the first SCP subsystem retrieves enabling key(s) for communicating via the secure communication channels from a second key management subsystem in one of the second SCP subsystems, and stores the enabling key(s). The first key management subsystem then receives a first enabling key request from the first SCP subsystem and determines whether the first SCP subsystem is trusted. If the first SCP subsystem is trusted, the first key management subsystem provides the first SCP subsystem access to the at least one enabling key. If the first SCP subsystem is not trusted, the first key management subsystem prevents the first SCP subsystem from accessing the at least one enabling key stored.

Abstract: A graph-based data flow control system includes a control plane system coupled to SCP subsystems. The control plane system identifies a workload, and identifies service(s) on the SCP subsystems for manipulating/exchanging data to perform the workload. The control plane system generates a respective SCP-local data flow control graph for each SCP subsystem that defines how their service(s) will manipulate/exchange data within that SCP subsystem, and generates inter-SCP data flow control graph(s) that define how service(s) provided by at least one SCP subsystem will manipulate/exchange data with service(s) provided by at least one other SCP subsystem. The control plane system then transmits each respective SCP-local data flow control graph to each of the SCP subsystems, and the inter-SCP data flow control graph(s) to at least one SCP subsystem, for use by the SCP subsystems in causing their service(s) to manipulate/exchange data to perform the workload.

Abstract: A workload compliance governor system includes a management system coupled to a computing system. A workload compliance governor subsystem in the computing system receives a workload performance request associated with a workload, exchanges hardware compose communications with the management system to compose hardware components for the workload, and receives back an identification of hardware components. The workload compliance governor subsystem then determines that the identified hardware components satisfy hardware compliance requirements for the workload, and configures the identified hardware components in the computing system based on the software compliance requirements for the workload in order to cause those identified hardware components to provide an operating system and at least one application that operate to perform the workload.

Abstract: A communication system personality provisioning system includes a communication system included in a computing system and coupled to a management system. The communication system stores authentication information in a UEFI database of a UEFI system in the communication system. The communication system receives a first operating software image and application/service from the management system, authenticates the first operating software image and application/service via first secure initialization operations performed by the UEFI system using the authentication information and, in response, installs the first operating software image and application/service on the communication system.

Abstract: A graph-based data multi-operation system includes a data multi-operation management subsystem coupled to an application and accelerator subsystems. The data multi-operation management subsystem receives a data multi-operation graph from the application that identifies first data and defines operations for performance on the first data to transform the first data into second data. The data multi-operation management subsystem assigns each of the operations to at least one of the accelerator systems, and configures the accelerator subsystems to perform the operations in a sequence that transforms the first data into the second data, When the data multi-operation management subsystem determine a completion status for the performance of the operations by the accelerator subsystems, it transmits a completion status communication to the application that indicates the completion status of the performance of the plurality of operations by the plurality of accelerator subsystems.

Abstract: An information handling system may include at least one processor; a plurality of physical storage resources; and a network interface configured to communicatively couple the information handling system to a plurality of host systems; wherein the information handling system is configured to: determine a likelihood of compromise for each of the plurality of host systems; and in response to the likelihood of compromise for a particular host system exceeding a threshold likelihood, carry out a remedial action with respect to the particular host system, wherein the remedial action includes restricting access from the particular host system to the plurality of physical storage resources.

Abstract: A device access control system includes a first computing system that is coupled to a second computing system via a network, and that includes a device access controller subsystem coupled to devices, a central processing subsystem, and a device access control manager subsystem. The device access control manager subsystem identifies first application(s) configured for provisioning by the central processing subsystem and second application(s) configured for provisioning by the second computing system, configures the device access controller subsystem to provide the central processing subsystem access to a first subset of the devices to allow the central processing subsystem to provide the first application(s), and configures the device access controller subsystem to provide the second computing system access via the device access control manager subsystem to a second subset of the devices to allow the second computing device to provide the second application(s) using the second subset of the devices.

Abstract: A communication system personality provisioning system includes a communication system included in a computing system and coupled to a management system. The communication system stores authentication information in a UEFI database of a UEFI system in the communication system. The communication system receives a first operating software image and application/service from the management system, authenticates the first operating software image and application/service via first secure initialization operations performed by the UEFI system using the authentication information and, in response, installs the first operating software image and application/service on the communication system.

Abstract: A coordinated initialization system includes a computing system with first and second initialization subsystems coupled to a coordinated initialization subsystem. The coordinated initialization subsystem receives first and second initialization progress information associated with respective first and second initialization subsystem operations performed by the respective first and second initialization subsystems.

Abstract: A workload compliance governor system includes a management system coupled to a computing system. A workload compliance governor subsystem in the computing system receives a workload performance request associated with a workload, exchanges hardware compose communications with the management system to compose hardware components for the workload, and receives back an identification of hardware components. The workload compliance governor subsystem then determines that the identified hardware components satisfy hardware compliance requirements for the workload, and configures the identified hardware components in the computing system based on the software compliance requirements for the workload in order to cause those identified hardware components to provide an operating system and at least one application that operate to perform the workload.

Abstract: A graph-based data multi-operation system includes a data multi-operation management subsystem coupled to an application and accelerator subsystems. The data multi-operation management subsystem receives a data multi-operation graph from the application that identifies first data and defines operations for performance on the first data to transform the first data into second data. The data multi-operation management subsystem assigns each of the operations to at least one of the accelerator systems, and configures the accelerator subsystems to perform the operations in a sequence that transforms the first data into the second data, When the data multi-operation management subsystem determine a completion status for the performance of the operations by the accelerator subsystems, it transmits a completion status communication to the application that indicates the completion status of the performance of the plurality of operations by the plurality of accelerator subsystems.

Abstract: A graph-based data flow control system includes a control plane system coupled to SCP subsystems. The control plane system identifies a workload, and identifies service(s) on the SCP subsystems for manipulating/exchanging data to perform the workload. The control plane system generates a respective SCP-local data flow control graph for each SCP subsystem that defines how their service(s) will manipulate/exchange data within that SCP subsystem, and generates inter-SCP data flow control graph(s) that define how service(s) provided by at least one SCP subsystem will manipulate/exchange data with service(s) provided by at least one other SCP subsystem. The control plane system then transmits each respective SCP-local data flow control graph to each of the SCP subsystems, and the inter-SCP data flow control graph(s) to at least one SCP subsystem, for use by the SCP subsystems in causing their service(s) to manipulate/exchange data to perform the workload.

Abstract: A subset of data encryption keys are stored in plain text form in system memory of an information handling system. A master key and another subset of the data encryption keys are stored in a credential vault of the information handling system. The credential vault forms part of an out-of-band management platform and is protected by an AES key. A request is received for a data encryption key to decrypt a unit of data backed up to backup storage of the information handling system, the unit of data having been encrypted by the data encryption key, and the data encryption key having been encrypted by the master key and stored at the backup storage as an encrypted data encryption key. One or more locations are checked for the data encryption key. The one or more locations include the system memory, credential vault, and backup storage.

Abstract: An information handling system includes a data handling device and a baseboard management controller (BMC). The data handling device includes a co-processor configured to instantiate a device operating system for the data handling device. The data handling device includes a Management Component Transport Protocol (MCTP) endpoint. The BMC establishes a serial terminal session with the device operating system via the MCTP endpoint.

Abstract: A remote access controller device update system includes a memory system that is configured to store a BIOS firmware image including BIOS code and first remote access controller information. A BIOS is coupled to the memory system and is configured to utilize BIOS code stored on the memory system. A remote access controller device is coupled to the memory system and is configured to determine that the BIOS firmware image is stored in the memory system, and identify the first remote access controller information included in the BIOS firmware image. The remote access controller device then determines that the first remote access controller information provides an update to second remote access controller information stored on the remote access controller device and, in response, stores the first remote access controller information on the remote access controller device and performs at least one operation using the first remote access controller information.

Abstract: A system, method, and computer-readable medium for a security vulnerability detection operation. The security vulnerability operation includes configuring a firmware security profiling environment with a trusted host and a trusted service processor; receiving a firmware update file via the trusted service processor; using the trusted service processor to identify a security vulnerability within the firmware update file; and, installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.