Abstract: A modular server chassis enclosure controller (EC) on-premises keyboard video and mouse module has an EC frame buffer memory and an EC virtual network computing (libvnc) client process. The libvnc fetches an EC frame buffer memory address, displays an on-screen display (OSD) screen to a user and accepts user selection of a blade server deployed in the modular server chassis from the OSD. The libvnc receives a virtual network computing (VNC) streaming session over transport layer security, from a VNC computing server process of the selected blade server. The libvnc determines whether the VNC server process has data to send and, if it does, reads graphics data from the virtual network computing server process and writes the graphics data from the VNC server to the EC frame buffer memory address. The graphics data is displayed on an on-premises monitor coupled to the modular server chassis from the EC frame buffer.

Abstract: Methods and systems for managing operation of data processing systems are disclosed. To manage operation of the data processing systems, the data processing systems may present unified interfaces to management systems. The unified interfaces may be used to manage the operation of any number of end point presenting devices hosted by the data processing systems. The unified interface may allow for the end point presenting devices without requiring that the management systems directly interact with the end point presenting devices.

Abstract: A method for managing a chassis includes obtaining, by an enclosure controller of the chassis, a power supply application to the chassis using a power supply interface, wherein the power supply interface is operatively connected to a plurality of power supplies, initiating a boot-up of a kernel of the chassis in response to the power supply application, initiating a parallel boot task using the power supply management temporary namespace to identify a power supply of the plurality of power supplies, initiating a mounting of a boot-up file system, and initiating a user space boot-up using the boot-up file system, wherein the user space boot-up and the parallel boot task are initiated in parallel.

Abstract: A disclosed method for providing a non-credentialed user (NCU) with secure access to a remote endpoint of an edge computing platform, generates a support voucher for the NCU wherein the support voucher comprises a temporary ownership voucher including one or more digital signatures establishing a chain of trust from a root of trust to the NCU. The method provides a private key associated with the support voucher to the NCU. Responsive to detecting the NCU, using the private key to log into an edge platform resource and determining that the support voucher is recognized by the edge platform resource, the NCU is authenticated and the support voucher is validated to establish the NCU as a designated owner of the remote endpoint. Responsive to establishing the NCU as a designated owner, the NCU may access the edge platform resource and from there access the platform endpoint.

Abstract: A disclosed edge computing platform includes an edge orchestrator (EO) and one or more distributed endpoints. The EO includes an edge proxy, an edge control plane resource, and a service mesh. The service mesh includes a plurality of services, each of which is paired with a corresponding Envoy proxy. The edge proxy communicatively couples the service mesh to a mesh communication tunnel. The edge control plane resource is configured to enable secure routing based on edge estate data maintained in an external store and ownership authorization data in accordance with a suitable authentication technology (e.g. FDO). Each distributed endpoint includes a downstream connectivity module (DCM) including a DCM proxy coupling the distributed endpoint to the mesh communication tunnel. The distributed endpoints may include edge compute endpoints and external compute fabrics. Disclosed teachings enable secure service-to-service communication across the entire edge estate irrespective of types and location of services.

Abstract: Embodiments of the present disclosure provide a system and method for providing an input/output (I/O) attack prevention system and method for an Information Handling System (IHS) that is managed by a systems management console. One embodiment of the I/O device attack prevention system includes a systems manager in communication with multiple server IHSs configured in a data center. The IHS includes executable instructions to detect that an I/O device has been connected to an external I/O port of the IHS, and send information associated with the I/O device detection to the systems manager such that it determines whether the I/O device is authorized for use with the IHS. The IHS receives the results of the determination from the systems manager, and allows or disallows use of the I/O device with the IHS based on the results of the determination.

Abstract: A modular server chassis enclosure controller (EC) on-premises keyboard video and mouse module has an EC frame buffer memory and an EC virtual network computing (libvnc) client process. The libvnc fetches an EC frame buffer memory address, displays an on-screen display (OSD) screen to a user and accepts user selection of a blade server deployed in the modular server chassis from the OSD. The libvnc receives a virtual network computing (VNC) streaming session over transport layer security, from a VNC computing server process of the selected blade server. The libvnc determines whether the VNC server process has data to send and, if it does, reads graphics data from the virtual network computing server process and writes the graphics data from the VNC server to the EC frame buffer memory address. The graphics data is displayed on an on-premises monitor coupled to the modular server chassis from the EC frame buffer.

Abstract: A first information handling system may receive a telemetry metric report from a client information handling system. The first information handling system may determine that one or more characteristics of the telemetry metric report do not match one or more predetermined telemetry metric report characteristics. The first information handling system may perform one or more corrective actions based, at least in part, on the determination that the one or more characteristics of the telemetry metric report do not match one or more predetermined telemetry metric report characteristics.

Abstract: Embodiments provide unique identification of telemetry reports generated by components of an IHS (Information Handling System) that supports a plurality of metric data sources. A source of metric data is detected, where the source may be a fixed or replaceable IHS component. The metric source is identified within a device descriptor table maintained by a remote access controller of the IHS. Based on a unique user-friendly label that is associated with the metric data source in the device descriptor table, the metric source is configured to generate metric reports. The generated metric reports are received and the label provided by the metric source is used to store data from the metric reports in a database row using the label as a unique database key. The user-friendly label can be used to perform efficient database queries without using a separate database column for storing a user-friendly description of the metric source.

Abstract: Methods, systems, and devices for providing for trust during startup of an information handling system (IHS) are disclosed. When an IHS starts up, data may be read into memory and used by a processor of the IHS to begin execution of a startup management entity that places the IHS into a desired operating system. To reduce the likelihood of the data used for IHS startup causing the IHS to enter an undesired state (e.g., due to data corruption or intentional action), the data may be verified prior to be being read into memory. If the data is unverifiable, then corrective action may be taken.

Abstract: Methods, systems, and devices for providing for trust during startup of an information handling system (IHS) are disclosed. When an IHS starts up, data may be read into memory and used by a processor of the IHS to begin execution of a startup management entity that places the IHS into a desired operating system. To reduce the likelihood of the data used for IHS startup causing the IHS to enter an undesired state (e.g., due to data corruption or intentional action), the data may be verified prior to be being read into memory. If the data is unverifiable, then corrective action may be taken.

Abstract: A method for managing a chassis includes obtaining, by an enclosure controller of the chassis, a power supply application to the chassis using a power supply interface, wherein the power supply interface is operatively connected to a plurality of power supplies, initiating a boot-up of a kernel of the chassis in response to the power supply application, initiating a parallel boot task using the power supply management temporary namespace to identify a power supply of the plurality of power supplies, initiating a mounting of a boot-up file system, and initiating a user space boot-up using the boot-up file system, wherein the user space boot-up and the parallel boot task are initiated in parallel.

Abstract: A first information handling system may receive a telemetry metric report from a client information handling system. The first information handling system may determine that one or more characteristics of the telemetry metric report do not match one or more predetermined telemetry metric report characteristics. The first information handling system may perform one or more corrective actions based, at least in part, on the determination that the one or more characteristics of the telemetry metric report do not match one or more predetermined telemetry metric report characteristics.

Abstract: An information handling system for providing comprehensive remote authorized access to multiple equipment in a datacenter. A mobile device security credential is first authenticated before access information is configured in the mobile device using a short-range wireless interface. The configured access information is mapped to the equipment and the corresponding access token and encryption keys from the equipment are received by the mobile device. The mobile device uses the access token and the encryption keys to simultaneously access the equipment through a long-range wireless interface. The simultaneous access includes parallel accessing of the equipment at a next accessing instance without requiring re-authentication. With the accessed equipment, the mobile device manages the accessed equipment based on the configured access information.

Abstract: Embodiments provide unique identification of telemetry reports generated by components of an IHS (Information Handling System) that supports a plurality of metric data sources. A source of metric data is detected, where the source may be a fixed or replaceable IHS component. The metric source is identified within a device descriptor table maintained by a remote access controller of the IHS. Based on a unique user-friendly label that is associated with the metric data source in the device descriptor table, the metric source is configured to generate metric reports. The generated metric reports are received and the label provided by the metric source is used to store data from the metric reports in a database row using the label as a unique database key. The user-friendly label can be used to perform efficient database queries without using a separate database column for storing a user-friendly description of the metric source.

Abstract: A system for providing a representational state transfer interface over a low-bandwidth medium, comprising a first processor configured to operate using one or more algorithms to provide a hardware management function, the first processor further comprising a data compression algorithm configured to compress message data for transmission over a low-bandwidth wireless medium. A second processor configured to operate using one or more algorithms to respond to queries from the hardware management function of the first processor, the second processor further comprising a data decompression system, wherein the second processor is further configured to operate using one or more algorithms to authenticate a user, and the first processor is further configured to operate using one or more algorithms to provide access to the user.

Abstract: A system for transmitting data is disclosed that includes a file distribution system operating on a processor that is configured to identify one or more files for distribution to a device, forward error correction data for the one or more files, and a cryptographic key associated with the device. A Merkle tree system operating on the processor is configured to receive the forward error correction data and to generate an encrypted root hash. A data transmission system operating on the processor is configured to transmit the one or more files and the encrypted root hash to a predetermined device.

Abstract: An inter-process communication (IPC) system, includes a first client engine, a first server engine, and a broker engine that is coupled to the first client engine. The broker engine initiates a first timer that is configured to reset when traffic is received from the first server engine while the first server engine is registered with the broker engine and coupled to the broker engine via a communication channel. The traffic that causes the first timer to reset includes at least one of: traffic generated by the first client engine to complete a request, and a first server-to-broker heartbeat message generated by the first server engine. The broker engine determines that the first timer has reached a predefined time amount, and in response, removes the registration of the first server engine and removes the communication channel between the broker engine and the first server engine.

Abstract: A system for providing a representational state transfer interface over a low-bandwidth medium, comprising a first processor configured to operate using one or more algorithms to provide a hardware management function, the first processor further comprising a data compression algorithm configured to compress message data for transmission over a low-bandwidth wireless medium. A second processor configured to operate using one or more algorithms to respond to queries from the hardware management function of the first processor, the second processor further comprising a data decompression system, wherein the second processor is further configured to operate using one or more algorithms to authenticate a user, and the first processor is further configured to operate using one or more algorithms to provide access to the user.

Abstract: A system for transmitting data is disclosed that includes a file distribution system operating on a processor that is configured to identify one or more files for distribution to a device, forward error correction data for the one or more files, and a cryptographic key associated with the device. A Merkle tree system operating on the processor is configured to receive the forward error correction data and to generate an encrypted root hash. A data transmission system operating on the processor is configured to transmit the one or more files and the encrypted root hash to a predetermined device.