Abstract: A rack for a datacenter or other environment may define an internal width configured to receive rack-mounted units of a predetermined width. An adapter may enable operation with a computing appliance having a maximum width smaller than the predetermined width. The adapter can include a tray with a footprint having the predetermined width and a mount for supporting the computing appliance within the footprint of the tray. The tray may support a power inverter that receives from a direct current power supply and provides alternating current to the computing appliance. The tray may also support a patch panel having a network port accessible from a front of the tray. The patch panel can be communicatively coupled with the computing appliance to provide networking communication with the computing appliance through the second network port.

Abstract: A system for storing data includes a discrete cooling module that can enable discrete cooling of mass storage devices installed in the chassis interior of a data storage module coupled to a rack. The discrete cooling module includes an air moving device and an air cover. The air moving device can induce and airflow through the chassis interior of the data storage module to remove heat from heat producing components of mass storage devices installed in the chassis interior. The air cover directs the airflow through the chassis interior. The discrete cooling module can isolate rotational vibrations generated by the air moving device from the mass storage devices installed in the chassis. Partial isolation can include indirectly coupling the discrete cooling module to the chassis via directly coupling with the rack.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure handling of messages at a hardware-protocol level using a logic device on a server. Various embodiments provide approaches for filtering messages on various buses, such as SSIF, SMBus, PMBus, I2C, and SPI, within a server or a computer. Embodiments may include a policy engine through which message handling logic applied to a given bus or buses may be implemented. A message is compared to one or more policies. The message is allowed to be transmitted to a baseboard management controller based on the one or more policies and a type of message.

Abstract: A system and method are described for configuring a motherboard using expansion cards plugged into motherboard slots. In particular, each of the expansion cards can include a control signal that is supplied to the motherboard and that can configure hardware positioned on the motherboard. In one embodiment, the configuration allows a communication path to be switched on to allow the expansion cards to cross communicate.

Abstract: A server computer toggles between a protected mode and an unprotected mode. In the protected mode, users are unable to access configuration information due to a Base Address Register (BAR) being cleared. However, a service provider can access a Trusted Platform Module (TPM) through an Application Program Interface (API) request. In an unprotected mode, the BAR is programmed so that users can access the configuration information, but the TPM is blocked. Blocking of the TPM is achieved by changing a configuration file, which changes an overall image of the card. With the modified image not matching an original image, the TPM blocks access to data, such as encryption keys. Separate interfaces can be used for user access (PCIe) and service provider access (Ethernet) to the server computer. The server computer can then be toggled back to the protected mode by switching the configuration file to the original configuration file.

Abstract: A rack computer system can provide data indicating electrical power consumption by separate sets of the mass storage devices, including separate individual mass storage devices, of the rack computer system. A power sensor can be electrically coupled to a power transmission line for each mass storage device. The power sensor can be coupled to the power transmission line externally to the mass storage device. The power sensor can be an internal power sensor of the mass storage device, where a mass storage device microcontroller transmits internally-generated data to an external power monitoring system. A microcontroller can transmit the data to a baseboard management controller via a side-band connection between the mass storage device and the controller. The data can be transmitted via an in-band connection between a baseboard management controller and an instance of firmware which accesses internally-generated data from mass storage device microcontrollers.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure filtering of transactions at a hardware and protocol level using a security device included on a server. In particular, various embodiments provide approaches for filtering transactions on various buses, such as SMBus, PMBus, I2C, and SPI, within a server. This filtering logic can be utilized to modify requests for access to devices on those busses, certain memory or registers within the devices, and/or limit the quantity of transactions on those busses. Embodiments may provide a policy engine through which the filtering logic applied to a given bus or buses may be modified. When a transaction is received, one or more attributes of the transaction can be compared to one or more policies. If there is a match, the transaction can be modified according to the matched policy.

Abstract: A computing system includes a circuit board assembly and multiple expansion cards connected to one another and also connected to the circuit board assembly. The connected expansion cards form a modular expansion card bus that allows the expansion cards to communicate between each other without routing the communications through the circuit board assembly. In some embodiments, the expansion cards are mounted on a tray that includes mounting pins that engage mounting slots of the expansion cards, allowing for simple installation of various combinations of expansion cards connected together to form a modular expansion card bus.

Abstract: Disclosed herein are techniques for maintaining a secure environment on a server. In one embodiment, the server includes a baseboard management controller (BMC), a first Ethernet port coupled with an adapter device network comprising a plurality of adapter devices, and a master adapter device including a second Ethernet port and a network switch, the network switch being controllable to be selectively coupled with at least one of the BMC, the first Ethernet port, or the second Ethernet port. The master adapter device may receive a network packet from at least one of: the first Ethernet port, the second Ethernet port, or the BMC, and determine, based on a forwarding policy, whether to forward the network packet. Based on a determination to forward the network packet, the master adapter device may determine a destination, and control the network switch to transmit the network packet to the destination.

Abstract: A server includes a motherboard and a programmable logic device coupled to the motherboard. The server also includes a hardware device coupled to the motherboard and the programmable logic device. The server further includes a non-volatile memory storing firmware for the hardware device. The non-volatile memory is coupled to the motherboard and the programmable logic device. The server further includes a peripheral device coupled to the motherboard and the programmable logic device. The peripheral device receives firmware data from a management server. The peripheral device verifies that the firmware data corresponds to the hardware device. The peripheral device further holds the hardware device in reset mode. The peripheral device stores the firmware data on the non-volatile memory to update the firmware and releases the hardware device from reset mode after updating the firmware.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a bus manager circuit. The bus manager circuit comprises a first bus interface configured to be coupled with a first hardware device of the server, and a second bus interface configured to be coupled with a second hardware device of the sever. The bus manager further includes a control module. Under a first mode of operation, the control module is configured to receive an access request from the first hardware device to access the second hardware device, and responsive to determining not to grant the access request based on a pre-determined access policy, and block at least some of data bits corresponding to the access request from the second bus interface. The control module may also process the access request in a different manner under other modes of operations.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a non-volatile memory storing firmware, a programmable security logic coupled to the non-volatile memory, an adapter device coupled to the programmable security logic, and a processor communicatively coupled to the non-volatile memory via the programmable security logic. The adapter device and/or the programmable security logic can verify the firmware in the non-volatile memory while holding the processor and/or a baseboard management controller (BMC) in power reset, release the processor and the BMC from reset to boot the processor and the BMC after the firmware is verified, and then disable communications between the processor and the BMC and deny at least some requests to write to the non-volatile memory by the processor or the BMC.

Abstract: A rack computer system can provide data indicating electrical power consumption by separate sets of the mass storage devices, including separate individual mass storage devices, of the rack computer system. A power sensor can be electrically coupled to a power transmission line for each mass storage device. The power sensor can be coupled to the power transmission line externally to the mass storage device. The power sensor can be an internal power sensor of the mass storage device, where a mass storage device microcontroller transmits internally-generated data to an external power monitoring system. A microcontroller can transmit the data to a baseboard management controller via a side-band connection between the mass storage device and the controller. The data can be transmitted via an in-band connection between a baseboard management controller and an instance of firmware which accesses internally-generated data from mass storage device microcontrollers.

Abstract: A rack computer system can provide data indicating electrical power consumption by separate sets of the mass storage devices, including separate individual mass storage devices, of the rack computer system. A power sensor can be electrically coupled to a power transmission line for each mass storage device. The power sensor can be coupled to the power transmission line externally to the mass storage device. The power sensor can be an internal power sensor of the mass storage device, where a mass storage device microcontroller transmits internally-generated data to an external power monitoring system. A microcontroller can transmit the data to a baseboard management controller via a side-band connection between the mass storage device and the controller. The data can be transmitted via an in-band connection between a baseboard management controller and an instance of firmware which accesses internally-generated data from mass storage device microcontrollers.

Abstract: A system for storing data includes a discrete cooling module that can enable discrete cooling of mass storage devices installed in the chassis interior of a data storage module coupled to a rack. The discrete cooling module includes an air moving device and an air cover. The air moving device can induce and airflow through the chassis interior of the data storage module to remove heat from heat producing components of mass storage devices installed in the chassis interior. The air cover directs the airflow through the chassis interior. The discrete cooling module can isolate rotational vibrations generated by the air moving device from the mass storage devices installed in the chassis. Partial isolation can include indirectly coupling the discrete cooling module to the chassis via directly coupling with the rack.

Abstract: A computing system includes a circuit board assembly and multiple expansion cards connected to one another and also connected to the circuit board assembly. The connected expansion cards form a modular expansion card bus that allows the expansion cards to communicate between each other without routing the communications through the circuit board assembly. In some embodiments, the expansion cards are mounted on a tray that includes mounting pins that engage mounting slots of the expansion cards, allowing for simple installation of various combinations of expansion cards connected together to form a modular expansion card bus.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure handling of messages at a hardware-protocol level using a logic device on a server. Various embodiments provide approaches for filtering messages on various buses, such as SSIF, SMBus, PMBus, I2C, and SPI, within a server or a computer. Embodiments may include a policy engine through which message handling logic applied to a given bus or buses may be implemented. A message is compared to one or more policies. The message is allowed to be transmitted to a baseboard management controller based on the one or more policies and a type of message.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a bus manager circuit. The bus manager circuit comprises a first bus interface configured to be coupled with a first hardware device of the server, and a second bus interface configured to be coupled with a second hardware device of the sever. The bus manager further includes a control module. Under a first mode of operation, the control module is configured to receive an access request from the first hardware device to access the second hardware device, and responsive to determining not to grant the access request based on a pre-determined access policy, and block at least some of data bits corresponding to the access request from the second bus interface. The control module may also process the access request in a different manner under other modes of operations.

Abstract: A system for storing data includes a rack and one or more data storage modules mounted on the rack. The data storage modules may include a chassis, two or more vertically-oriented backplanes coupled to the chassis, two or more mass storage devices coupled to the backplanes, and one or more air passages extending beneath one or more of the backplanes. Each backplane is configured to preclude airflow through the backplane between opposite vertical faces and can couple mass storage devices on one or more of the opposite vertical faces. One or more of the air passages can supply an upwards-directed airflow along one of the opposite vertical faces of a backplane to remove heat from a heat producing component of a mass storage device coupled to the vertical face of the vertically-oriented backplane.

Abstract: A system and method are described for configuring a motherboard using expansion cards plugged into motherboard slots. In particular, each of the expansion cards can include a control signal that is supplied to the motherboard and that can configure hardware positioned on the motherboard. In one embodiment, the configuration allows a communication path to be switched on to allow the expansion cards to cross communicate.