Abstract: A method for time-series forecasting for time-series data with a periodic behavior larger than a respective sampling rate is disclosed. The method includes selecting candidate time lag values from measured time-series data, determining first training data based on time-series data and the candidate time lag values, and training of a first machine-learning system, thereby determining a subset of the set of the first training data. The method further includes building second training data, training of a second machine-learning system for time-series predictions when using measured sampled time-series data as input. A first performance indicator value is indicative of a prediction performance of the first time-series machine-learning model. The method further includes determining that an element of the set of second training data is significant for the training of the first time-series machine-learning model and determining that the set of second training data is complete.

Abstract: A computer-implemented method of using a workload management system designed for workloads of a first computing architecture as well as for workloads of a second computing architecture is disclosed. The method comprises deploying a workload management control plane under a first computing architecture, identifying, by the workload management control plane, a requested remote workload only available for the second computing architecture, creating, by the workload management control plane, a proxy compute resource as interface for the requested remote workload, starting, by the proxy compute resource, the remote workload, controlling, by the proxy compute resource, an operation of the remote workload in a 1:1 relationship, by: upon receiving a termination signal, terminating the remote workload by the proxy compute resource and self-terminating the proxy compute resource, and upon a termination of the remote workload terminate the proxy compute resource.

Abstract: Multiple work requests from different applications are queued to be processed subsequently without interruption by a crypto device. A prediction table is generated for each application to be processed by the crypto device. An initial credit value is determined for each incoming work request. The work request is an entry in an ordered queue in the order of time using respective time stamps. The next work request to be processed is selected from the entries in the queue by using the first entry in the queue for which the credit values for the corresponding application is greater than or equal to the predicted execution time for the corresponding request type in the prediction table. The selected next work request is processed.

Abstract: A computer-implemented method, a computer system and a computer program product operate a secure code segment on a processor core of a processing unit, wherein the processing unit is configured with at least one processor core. The method comprises requesting exclusive secure execution of a secure code segment of the program code on the at least one processor core. The method also comprises setting the at least one processor core to exclusive secure execution for the secure code segment. The method further comprises executing the secure code segment on the at least one processor core uninterruptably. In addition, the method comprises wiping an architected state and a non-architected state of a physical processor core from the at least one processor core. Lastly, the method comprises setting the at least one processor core to the first execution mode for program code on the at least one processor core.

Abstract: A computer-implemented method, a computer system and a computer program product operate a secure code segment on a processor core of a processing unit, wherein the processing unit is configured with at least one processor core. The method comprises requesting exclusive secure execution of a secure code segment of the program code on the at least one processor core. The method also comprises setting the at least one processor core to exclusive secure execution for the secure code segment. The method further comprises executing the secure code segment on the at least one processor core uninterruptably. In addition, the method comprises wiping an architected state and a non-architected state of a physical processor core from the at least one processor core. Lastly, the method comprises setting the at least one processor core to the first execution mode for program code on the at least one processor core.

Abstract: Multiple work requests from different applications are queued to be processed subsequently without interruption by a crypto device. A prediction table is generated for each application to be processed by the crypto device. An initial credit value is determined for each incoming work request. The work request is an entry in an ordered queue in the order of time using respective time stamps. The next work request to be processed is selected from the entries in the queue by using the first entry in the queue for which the credit values for the corresponding application is greater than or equal to the predicted execution time for the corresponding request type in the prediction table. The selected next work request is processed.

Abstract: Provided is a method and system for protecting the integrity of a computing system. The system may initialize a plurality of trusted platform modules (TPMs) within the computing system. The system may read a unique identifier corresponding to each TPM of the plurality of TPMs to determine a system state. The system may write the system state to platform configuration registers (PCRs) of each of the plurality of TPMs. The system may load a sealed private owner key part into each TPM of the plurality of TPMs. The plurality of TPMs may determine if a predetermined number of unique identifiers have been processed by validating a value of the PCRs to meet an owner key policy. The plurality of TPMs may unseal the private owner key part in each TPM where the value of the PCRs meets the owner key policy.

Abstract: An example operation may include one or more of receiving a unique identifier and a security value from an object, retrieving a previously stored security value of the object from a database based on the received unique identifier, determining that the object is verified based on the received security value and the previously stored security value, and modifying the previously stored security value to generate a modified security value and transmitting the modified security value to the database.

Abstract: An aspect includes receiving a software image file set and a capacity requirement at a software image distribution system. A software image is generated based on the software image file set. A license record is generated based on the capacity requirement. The software image and the license record are provided to an external interface of the software image distribution system. An installation action is triggered by the software image distribution system on to a machine based on a request of an ordering system.

Abstract: A computer-implemented method for distributing computing tasks to individual computer systems from a first pool of first computer systems, characterized by controllers executing a specific firmware with a gateway to receive commands via a network and an orchestration unit, whereby in response to a request to perform a computing task, an available and suitable first computer system is selected. An available second computer system is selected from a second pool. A firmware image corresponding to a requested controller firmware level is selected, using a gateway connector to send commands to the gateways. A network connection is established between the gateway in the controller of the first computer system and the gateway connector in the second computer system. Execution of the firmware image is triggered.

Abstract: A computer-implemented method for distributing computing tasks to individual computer systems from a first pool of first computer systems, characterized by controllers executing a specific firmware with a gateway to receive commands via a network and an orchestration unit, whereby in response to a request to perform a computing task, an available and suitable first computer system is selected. An available second computer system is selected from a second pool. A firmware image corresponding to a requested controller firmware level is selected, using a gateway connector to send commands to the gateways. A network connection is established between the gateway in the controller of the first computer system and the gateway connector in the second computer system. Execution of the firmware image is triggered.

Abstract: A cloud computing system includes a virtual server outputs non-encrypted data and receives encrypted data in response to receiving a write request signal and a read request signal. A hosting server hypervisor receives the write request signal and the read request signal. In response to receiving the write request signal the hosting server hypervisor writes encrypted data corresponding to the write request signal into a storage device. In response to receiving the read request signal the hosting server hypervisor obtains encrypted data corresponding to a data read request signal from the storage device and outputs the encrypted data. A secure channel sub-system is installed between the at least one virtual server and the hosting server hypervisor.

Abstract: An example operation may include one or more of receiving a signed storage request which comprises a unique identifier of an object, a public key of the object, and a signed security value associated with the object, determining, via code installed on a database node, whether the signed storage request is valid based on a signature of the signed storage request and a signature of the signed security value of the object, and in response to validation of the signed storage request, generating a storage object based on the signed storage request which includes the unique identifier, the public key of the object, and the signed security value, and storing the generated storage object in a database including the database node.

Abstract: An example operation may include one or more of receiving a unique identifier and a security value from an object, retrieving a previously stored security value of the object from a database based on the received unique identifier, determining that the object is verified based on the received security value and the previously stored security value, and modifying the previously stored security value to generate a modified security value and transmitting the modified security value to the database.

Abstract: According to one or more embodiments of the present invention, an example computer-implemented method for measuring concurrent updates in a security coprocessor includes using a first set of platform configuration registers of the security coprocessor to store and extend measurement of a code-load used during a boot sequence of a computing device. The method further includes using a second set of platform configuration registers of the security coprocessor to store and extend measurement of configuration parameters of the code-load used during the boot sequence. The method further includes using a third set of platform configuration registers of the security coprocessor to store and extend measurements of a concurrent update that changes the code-load that was used during the boot sequence.

Abstract: Provided is a method and system for protecting the integrity of a computing system. The system may initialize a plurality of trusted platform modules (TPMs) within the computing system. The system may read a unique identifier corresponding to each TPM of the plurality of TPMs to determine a system state. The system may write the system state to platform configuration registers (PCRs) of each of the plurality of TPMs. The system may load a sealed private owner key part into each TPM of the plurality of TPMs. The plurality of TPMs may determine if a predetermined number of unique identifiers have been processed by validating a value of the PCRs to meet an owner key policy. The plurality of TPMs may unseal the private owner key part in each TPM where the value of the PCRs meets the owner key policy.

Abstract: An aspect includes receiving a software image file set and a capacity requirement at a software image distribution system. A software image is generated based on the software image file set. A license record is generated based on the capacity requirement. The software image and the license record are provided to an external interface of the software image distribution system. An installation action is triggered by the software image distribution system on to a machine based on a request of an ordering system.

Abstract: An aspect includes receiving a request to boot a software image on a machine including a plurality of processing units having different characteristics. A processing unit subtype identifier is extracted from a license record for the machine. The processing unit subtype identifier includes a software image type and an allocation of the processing units of the processing unit subtype. A processing unit capability of the machine is queried. The software image is enabled with the allocation of the processing units based on verifying that a software image identifier of the software image matches the software image type from the processing unit subtype identifier, and the processing unit capability of the machine meets the allocation of the processing units from the processing unit subtype.

Abstract: An aspect includes receiving a request to boot a software image on a machine including a plurality of processing units having different characteristics. A processing unit subtype identifier is extracted from a license record for the machine. The processing unit subtype identifier includes a software image type and an allocation of the processing units of the processing unit subtype. A processing unit capability of the machine is queried. The software image is enabled with the allocation of the processing units based on verifying that a software image identifier of the software image matches the software image type from the processing unit subtype identifier, and the processing unit capability of the machine meets the allocation of the processing units from the processing unit subtype.

Abstract: A cloud computing system includes a virtual server outputs non-encrypted data and receives encrypted data in response to receiving a write request signal and a read request signal. A hosting server hypervisor receives the write request signal and the read request signal. In response to receiving the write request signal the hosting server hypervisor writes encrypted data corresponding to the write request signal into a storage device. In response to receiving the read request signal the hosting server hypervisor obtains encrypted data corresponding to a data read request signal from the storage device and outputs the encrypted data. A secure channel sub-system is installed between the at least one virtual server and the hosting server hypervisor.