Abstract: Methods and systems for managing data processing systems are disclosed. To manage a data processing of the data processing systems, the data processing system may be placed in a first operating state. To do so, first log in credentials may be obtained from a first user and may be used to obtain a first user persona from a server. The first user persona may be obtained via an out of band communication channel and may include a first set of configurations for the data processing system. The first set of the configurations may indicate preferences for operation of the data processing system associated with the first user. At least a portion of the first set of the configurations may be implemented by hardware resources of the data processing system and, therefore, computer-implemented services may be more likely to be provided as desired by the first user.

Abstract: Methods and systems for managing a data processing system are disclosed. The data processing system may provide computer-implemented services and may include in-band hardware resources that operate as specified by operation data of the data processing system while providing the services. However, if the operation data becomes unavailable to the data processing system, then the data processing system may be unable to provide the desired services. Therefore, to increase the likelihood of providing the desired services, the operation data may be managed using distributed backup and recovery processes. To decrease security risk associated with operation data backup and recovery, the distributed processes may be performed using out-of-band components of the data processing system, bypassing in-band hardware components that may be more vulnerable to being compromised (e.g., by a malicious party).

Abstract: Methods and systems for managing a data processing system are disclosed. A management controller of the data processing system may provide a sanitization request to a policy management server using an out-of-band communication channel. The management controller may obtain a response to the sanitization request from the policy management server via the out-of-band communication channel. The response may indicate whether performance of a sanitization process is authorized. The authorization may be based on a sanitization policy that governs sanitizations for the data processing system. If performance of the sanitization process is authorized, then the management controller may initiate and/or perform an action set based on the sanitization policy in order to complete the sanitization process, thereby placing the data processing system in a safe state.

Abstract: Methods and systems for managing data processing systems are disclosed. The data processing systems may be managed by verifying the integrity of the data processing systems. The integrity may be verified as a prerequisite to use of the data processing systems. The integrity may be verified, at least in part, by verifying that the hardware component loadout of a data processing system is as expected. If the actual hardware component loadout diverges from an expected hardware component loadout, then remedial activity may be performed to address the differences between the actual and expected hardware component loadout.

Abstract: Methods and systems for registering a management controller of a data processing system with a server and an orchestrator are disclosed. To do so, a key pair may be generated by the management controller and a private key of the key pair may be kept secret by the management controller. Previously established trust between a trusted platform module of the data processing system and a manufacturer of the data processing system may be leveraged to register the management controller with the server. Hardware resources of the data processing system may register a public key of the key pair with the server and may request registration of the management controller with the orchestrator. The management controller may obtain a challenge from an internet of things hub associated with the orchestrator and may respond to the challenge, via an out of band communication channel, to complete the registration of the management controller.

Abstract: Methods and systems for registering a management controller of a data processing system with a server are disclosed. To register a management controller, an identifier for the management controller may be cryptographically signed using a private key of a public private key pair kept secret by a trusted platform module (TPM). The signed identifier may be provided to the server and the sever may utilize a public key of the public private key pair to verify the signed identifier was signed by a trusted entity. If the signed identifier is verified by the server, the server may register the management controller as associated with the data processing system and as a trusted entity to manage operation of hardware resources of the data processing system. The management controller may subsequently utilize an out of band communication channel to interact with the server to manage the operation of the data processing system.

Abstract: Methods and systems for managing a data processing system are disclosed. A management controller of the data processing system may obtain location data for the data processing system via an out-of-band communication channel. The management controller may identify policies based on the location data, and make an identification regarding whether the data processing system is operating out of compliance with respect to the policies. If the data processing system is operating out of compliance, then the management controller may perform an action set to update operation of the data processing system in a manner that improves compliance of the data processing system with respect to the policies. The data processing system may provide computer-implemented services based on the updated operation.

Abstract: A method for monitoring a file system within a distributed network is provided. From a local hosting environment having a native scanning tool, creation of a new data store within the network is detected. Responsive to detecting creation of the new data store, it is determined whether the new data store is physically located within a foreign hosting environment that is communicatively coupled to the local hosting environment through a non-private network. If the new data store is physically located within the foreign hosting environment, an agent of the native scanning tool is created within the foreign hosting environment and the agent is applied to the new data store within the foreign hosting environment to obtain sensitivity information for the new data store. The sensitivity information for the new data store is received and recorded in the local hosting environment.

Abstract: Methods and systems for managing unrecoverable errors for data processing systems are disclosed. Upon identifying that an unrecoverable error has occurred by hardware resources of a data processing system, a management controller for the data processing system may obtain a data package indicating at least an operating state of the hardware resources prior to the occurrence of the unrecoverable error. The management controller may utilize an out of band communication channel to provide the data package to a trusted management system. The management controller may obtain at least one action in response to the data package from the trusted management system, the at least one action being intended to initiate remediation of the unrecoverable error.

Abstract: Methods and systems for securing communications between management controllers and message brokers are provided. The communications may be secured using pre-provisioned secrets to encrypt and decrypt messages. The secrets may be pre-provisioned using keypairs established during registration of the management controller with other systems. The keypair may be used to provide the management controllers with access to the secrets. Once obtained, the secrets may be used to encrypt communications without establishing sessions keys or other data structures.

Abstract: Methods and systems for managing onboarding of a data processing system are disclosed. To manage onboarding of the data processing system, an entitlement certificate may be obtained from an ownership voucher transferred to the data processing system as part of an onboarding of the data processing system. The entitlement certificate may include a list of entitlements for the data processing system signed using a private key of a public private key pair maintained by a manufacturer of the data processing system. A management controller of the data processing system may utilize the entitlement certificate to request entitlements for the data processing system and to perform action sets to manage the entitlements. The requested entitlements may be verified as trusted by any entity with a public key of the public private key pair maintained by the manufacturer.

Abstract: Methods and systems for managing data stored by a data processing system are disclosed. A management controller of the data processing system may identify an occurrence of a backup event for the data, the occurrence indicating that a portion of the data is to be backed up to a remote storage system. In response to the occurrence, the management controller may initiate a backup process to obtain a backup data package for the data processing system. The management controller may provide the backup data package to the remote storage system via an out-of-band communication channel in order to facilitate completion of the backup process. By doing so, the data may be placed in a restorable state, enabling the data processing system to continue providing computer-implemented services.

Abstract: Methods and systems for authenticating a user device to an application device are disclosed. The user device may request access to a (computer-implemented) service provided by the application device. Access to the service may include access to sensitive data; therefore, to prevent unauthorized access to the sensitive data, the user device may be authenticated to the application device before the service is provided. To do so, the application device may perform a first factor authentication using in-band hardware resources of the user device; however, the in-band hardware resources may be vulnerable to attacks by malicious parties. Thus, in addition, a second factor authentication of the user device may be performed out-of-band (e.g., using a management controller of the user device) in order to bypass potentially compromised in-band hardware resources. The additional out-of-band authentication may reduce the likelihood of the malicious parties gaining access to the sensitive data via spoofing attacks.

Abstract: Methods and systems for managing policies for data processing systems are disclosed. A management controller for the data processing system may utilize an out of band communication channel to obtain a policy for the data processing system from a trusted management system if the data processing system is reported as lost or stolen by an owner of the data processing system. The management controller may identify a state of the data processing system as powered or unpowered. The management controller may then identify one or more actions specified by the policy and based on the state of the data processing system to be performed. By doing so, the management controller may discourage unintended use of the data processing system by a user other than the owner of the data processing system.

Abstract: Methods and systems for registering a management controller of a data processing system with a new message broker are disclosed. The management controller may be previously registered with an existing message broker. A server may provide a certificate for the data processing system to the new message broker and the server may notify the management controller that the registration process has been initiated. In response, hardware resources of the management controller may provide a registration request to the new message broker. The new message broker may provide a challenge to the management controller via an out of band communication channel and the management controller may provide a challenge response also via the out of band communication channel. Doing so may complete the registration of the management controller with the new message broker. The server may then un-enroll the management controller from the existing message broker.

Abstract: Methods and systems for managing an endpoint detection and response (EDR) framework for data processing systems are disclosed. To monitor for malicious entities, a management controller of a data processing system may obtain a data package including data managed by hardware resources of the data processing system. The data package may be provided to a trusted management system via an out of band communication channel and the management controller may monitor for responses from the trusted management system. If the management controller identifies a response indicating that the data processing system is in a compromised state, one or more actions may be performed to remediate the compromised state of the data processing system.

Abstract: Methods and systems for managing a data processing system based on location data are disclosed. A management controller of the data processing system may provide the location data via an out-of-band communication channel to a geolocation management server tasked with mapping a location of the data processing system over time. The data processing system may identify an occurrence of an event based on the location data (e.g., a change in location of the data processing system), prompting the data processing system to perform an action set to update operation of the data processing system (e.g., to conform to location-based policies). Based on its updated operation, the data processing system may provide computer-implemented services that are more likely to be in compliance with local policies.

Abstract: Methods and systems for managing a data processing system are disclosed. To manage the data processing system, a management controller may be included in the data processing system. The management controller may perform managerial functions for the data processing system regardless of whether in band components are compromised, depowered, and/or otherwise non-functional. In addition, to communicate with remote entities, the management controller may utilize a network module of the data processing system. The network module may direct network traffic between in band and out of band communication channels and may operate independently from hardware resources of the data processing system.

Abstract: Methods and systems for managing update events for data processing systems are disclosed. An update event may indicate that an update configuration is available for a data processing system. A management controller for the data processing system may utilize an out of band communication channel to obtain the update configuration for the data processing system without hardware components of the data processing system being powered. The update configuration may indicate a combination of hardware and/or software components for an application hosted by the data processing system. The update configuration may be assigned by an administrator and may be implemented by an update agent for the data processing system upon powering the hardware resources of the data processing system.

Abstract: Methods and systems for managing policies for data processing systems are disclosed. A management controller for the data processing system may utilize an out of band communication channel to obtain a set of policies for the data processing system from a remote management system. The management controller may monitor a state of the data processing system and may identify when a condition is met for any policy of the set of the policies. If the condition is met, the management controller may select one or more actions based on the state and the policy for which the condition was met. The management controller may perform the one or more actions to update operation of the data processing system to obtain an updated data processing system.