Abstract: A server computer toggles between a protected mode and an unprotected mode. In the protected mode, users are unable to access configuration information due to a Base Address Register (BAR) being cleared. However, a service provider can access a Trusted Platform Module (TPM) through an Application Program Interface (API) request. In an unprotected mode, the BAR is programmed so that users can access the configuration information, but the TPM is blocked. Blocking of the TPM is achieved by changing a configuration file, which changes an overall image of the card. With the modified image not matching an original image, the TPM blocks access to data, such as encryption keys. Separate interfaces can be used for user access (PCIe) and service provider access (Ethernet) to the server computer. The server computer can then be toggled back to the protected mode by switching the configuration file to the original configuration file.

Abstract: A rack computer system can provide data indicating electrical power consumption by separate sets of the mass storage devices, including separate individual mass storage devices, of the rack computer system. A power sensor can be electrically coupled to a power transmission line for each mass storage device. The power sensor can be coupled to the power transmission line externally to the mass storage device. The power sensor can be an internal power sensor of the mass storage device, where a mass storage device microcontroller transmits internally-generated data to an external power monitoring system. A microcontroller can transmit the data to a baseboard management controller via a side-band connection between the mass storage device and the controller. The data can be transmitted via an in-band connection between a baseboard management controller and an instance of firmware which accesses internally-generated data from mass storage device microcontrollers.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure filtering of transactions at a hardware and protocol level using a security device included on a server. In particular, various embodiments provide approaches for filtering transactions on various buses, such as SMBus, PMBus, I2C, and SPI, within a server. This filtering logic can be utilized to modify requests for access to devices on those busses, certain memory or registers within the devices, and/or limit the quantity of transactions on those busses. Embodiments may provide a policy engine through which the filtering logic applied to a given bus or buses may be modified. When a transaction is received, one or more attributes of the transaction can be compared to one or more policies. If there is a match, the transaction can be modified according to the matched policy.

Abstract: A computing system includes a circuit board assembly and multiple expansion cards connected to one another and also connected to the circuit board assembly. The connected expansion cards form a modular expansion card bus that allows the expansion cards to communicate between each other without routing the communications through the circuit board assembly. In some embodiments, the expansion cards are mounted on a tray that includes mounting pins that engage mounting slots of the expansion cards, allowing for simple installation of various combinations of expansion cards connected together to form a modular expansion card bus.

Abstract: Disclosed herein are techniques for maintaining a secure environment on a server. In one embodiment, the server includes a baseboard management controller (BMC), a first Ethernet port coupled with an adapter device network comprising a plurality of adapter devices, and a master adapter device including a second Ethernet port and a network switch, the network switch being controllable to be selectively coupled with at least one of the BMC, the first Ethernet port, or the second Ethernet port. The master adapter device may receive a network packet from at least one of: the first Ethernet port, the second Ethernet port, or the BMC, and determine, based on a forwarding policy, whether to forward the network packet. Based on a determination to forward the network packet, the master adapter device may determine a destination, and control the network switch to transmit the network packet to the destination.

Abstract: A server includes a motherboard and a programmable logic device coupled to the motherboard. The server also includes a hardware device coupled to the motherboard and the programmable logic device. The server further includes a non-volatile memory storing firmware for the hardware device. The non-volatile memory is coupled to the motherboard and the programmable logic device. The server further includes a peripheral device coupled to the motherboard and the programmable logic device. The peripheral device receives firmware data from a management server. The peripheral device verifies that the firmware data corresponds to the hardware device. The peripheral device further holds the hardware device in reset mode. The peripheral device stores the firmware data on the non-volatile memory to update the firmware and releases the hardware device from reset mode after updating the firmware.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a bus manager circuit. The bus manager circuit comprises a first bus interface configured to be coupled with a first hardware device of the server, and a second bus interface configured to be coupled with a second hardware device of the sever. The bus manager further includes a control module. Under a first mode of operation, the control module is configured to receive an access request from the first hardware device to access the second hardware device, and responsive to determining not to grant the access request based on a pre-determined access policy, and block at least some of data bits corresponding to the access request from the second bus interface. The control module may also process the access request in a different manner under other modes of operations.

Abstract: A system is provided. The system includes a processor, a memory, and an I/O device, an interaction engine unit stored in the memory and including a plurality of reusable software components. The plurality of the reusable software components is configured by a user, through a configuration process, to create at least one control flow and at least one service component representing at least one service. The at least one control flow executes a configured logic upon receipt of at least one event. The at least one control flow controls interactions among the at least one services or the at least one service to the at least one event. And, the interaction engine unit dynamically reconfigures the system configuration at run time based on at least one environmental condition.

Abstract: A method for protecting a mobile terminal device from cyber security threats, including the steps of: detecting that the mobile terminal device is successfully connected only through one or both of a selected physical serial interface connected to a device for facilitating the testing or a wired network interface, which is connected to an electrical utility device. Prior to executing a test routine by the mobile terminal device, switching the mobile terminal device to a test state by: disabling an internal firewall, disabling one or more remaining network interfaces and serial interfaces, such that existing communications or connections are terminated and new communications and connections are prevented. Enabling communication to one or both of the selected physical serial interface and the wired network interface, performing the testing on the at least one electrical utility device according to the executed test routines under control of the mobile terminal device until completion.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a non-volatile memory storing firmware, a programmable security logic coupled to the non-volatile memory, an adapter device coupled to the programmable security logic, and a processor communicatively coupled to the non-volatile memory via the programmable security logic. The adapter device and/or the programmable security logic can verify the firmware in the non-volatile memory while holding the processor and/or a baseboard management controller (BMC) in power reset, release the processor and the BMC from reset to boot the processor and the BMC after the firmware is verified, and then disable communications between the processor and the BMC and deny at least some requests to write to the non-volatile memory by the processor or the BMC.

Abstract: A rack computer system can provide data indicating electrical power consumption by separate sets of the mass storage devices, including separate individual mass storage devices, of the rack computer system. A power sensor can be electrically coupled to a power transmission line for each mass storage device. The power sensor can be coupled to the power transmission line externally to the mass storage device. The power sensor can be an internal power sensor of the mass storage device, where a mass storage device microcontroller transmits internally-generated data to an external power monitoring system. A microcontroller can transmit the data to a baseboard management controller via a side-band connection between the mass storage device and the controller. The data can be transmitted via an in-band connection between a baseboard management controller and an instance of firmware which accesses internally-generated data from mass storage device microcontrollers.

Abstract: A method for protecting a mobile terminal device from cyber security threats, including the steps of: detecting that the mobile terminal device is successfully connected only through one or both of a selected physical serial interface connected to a device for facilitating the testing or a wired network interface, which is connected to an electrical utility device. Prior to executing a test routine by the mobile terminal device, switching the mobile terminal device to a test state by: disabling an internal firewall, disabling one or more remaining network interfaces and serial interfaces, such that existing communications or connections are terminated and new communications and connections are prevented. Enabling communication to one or both of the selected physical serial interface and the wired network interface, performing the testing on the at least one electrical utility device according to the executed test routines under control of the mobile terminal device until completion.

Abstract: An operator of a payment network obtains transaction data from a plurality of entities which make payments with the payment network. The operator of the payment network also obtains a plurality of consents from the plurality of entities which make payments with the payment network. The plurality of consents authorize the operator of the payment network to share at least a portion of the transaction data from the plurality of entities which make payments with the payment network with an operator of a social media site. At least portion of the transaction data is made available to the operator of the social media site.

Abstract: A rack computer system can provide data indicating electrical power consumption by separate sets of the mass storage devices, including separate individual mass storage devices, of the rack computer system. A power sensor can be electrically coupled to a power transmission line for each mass storage device. The power sensor can be coupled to the power transmission line externally to the mass storage device. The power sensor can be an internal power sensor of the mass storage device, where a mass storage device microcontroller transmits internally-generated data to an external power monitoring system. A microcontroller can transmit the data to a baseboard management controller via a side-band connection between the mass storage device and the controller. The data can be transmitted via an in-band connection between a baseboard management controller and an instance of firmware which accesses internally-generated data from mass storage device microcontrollers.

Abstract: Embodiments facilitate commercial transactions between a user and one or more vendors without requiring a user to provide information unique to a user account for the vendor. Embodiments prompt a user to select one or more vendors from a list of vendors. An authorization is obtained from the user to allow the computer program to retrieve the product from the list of vendors and on behalf of the user. The computer program then requests and receives, from each vendor, information for accessing an electronic resource of the vendor. In embodiments, the received information is unique to the user account for the vendor. The computer program then obtains the product from the vendor based on the received information. The computer program thus presents a centralized management service for obtaining product from a plurality of vendors and without requiring the user to provide user information unique to the user for each vendor.

Abstract: A system for storing data includes a discrete cooling module that can enable discrete cooling of mass storage devices installed in the chassis interior of a data storage module coupled to a rack. The discrete cooling module includes an air moving device and an air cover. The air moving device can induce and airflow through the chassis interior of the data storage module to remove heat from heat producing components of mass storage devices installed in the chassis interior. The air cover directs the airflow through the chassis interior. The discrete cooling module can isolate rotational vibrations generated by the air moving device from the mass storage devices installed in the chassis. Partial isolation can include indirectly coupling the discrete cooling module to the chassis via directly coupling with the rack.

Abstract: A computing system includes a circuit board assembly and multiple expansion cards connected to one another and also connected to the circuit board assembly. The connected expansion cards form a modular expansion card bus that allows the expansion cards to communicate between each other without routing the communications through the circuit board assembly. In some embodiments, the expansion cards are mounted on a tray that includes mounting pins that engage mounting slots of the expansion cards, allowing for simple installation of various combinations of expansion cards connected together to form a modular expansion card bus.

Abstract: Systems and methods in accordance with various embodiments of the present disclosure provide secure handling of messages at a hardware-protocol level using a logic device on a server. Various embodiments provide approaches for filtering messages on various buses, such as SSIF, SMBus, PMBus, I2C, and SPI, within a server or a computer. Embodiments may include a policy engine through which message handling logic applied to a given bus or buses may be implemented. A message is compared to one or more policies. The message is allowed to be transmitted to a baseboard management controller based on the one or more policies and a type of message.

Abstract: A centrifugal pump includes a motor with a shaft and an adapter mounted to the motor. A volute housing mounted to the adapter defines a volute chamber. The adapter and volute housing define a pumping chamber therebetween. The volute housing includes an impeller inlet wall having an orifice. An impeller is disposed within the pumping chamber and a hub of the impeller is mounted on the shaft while a shroud portion coincides with the impeller orifice. An inducer is coupled to the shaft and extends into the inlet dogleg. A first portion of the inducer resides within the shroud portion of the impeller and a second portion of the inducer resides within the inlet orifice. The inducer includes helical blades whereby, upon rotation of the shaft, a fluid within the inlet dogleg is acted upon by the helical blades of the inducer before the fluid enters the impeller shroud portion.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a bus manager circuit. The bus manager circuit comprises a first bus interface configured to be coupled with a first hardware device of the server, and a second bus interface configured to be coupled with a second hardware device of the sever. The bus manager further includes a control module. Under a first mode of operation, the control module is configured to receive an access request from the first hardware device to access the second hardware device, and responsive to determining not to grant the access request based on a pre-determined access policy, and block at least some of data bits corresponding to the access request from the second bus interface. The control module may also process the access request in a different manner under other modes of operations.