Abstract: Techniques described herein relate to a method for establishing communication sessions. The method may include sending, by a first data node, a request to establish a session to a second data node, wherein the request is encrypted using a compound certificate associated with a data cluster; obtaining, an encrypted token from the second data node; verifying the encrypted token using the compound certificate; performing steward selection to select a third data node to be a steward; generating a unique key and providing a copy of the unique key to the steward; generating an encrypted authentication token using the unique key; sending the encrypted authentication token to the steward; obtaining an authentication token from the second data node, wherein the authentication token is decrypted; verifying the authentication token using the encrypted authentication token; and performing remaining communications associated with the session using the steward.

Abstract: An apparatus in an illustrative embodiment comprises at least one processing device including a processor coupled to a memory. The at least one processing device is configured to identify a plurality of components of a first network device, to generate at least one fingerprint based at least in part on the identified plurality of components of the first network device, to encrypt the at least one fingerprint, to generate at least one packet containing at least the encrypted at least one fingerprint, to send the at least one packet to at least a second network device, and to interact with the second network device to obtain at least one key derived at least in part from the at least one fingerprint. The at least one key is utilized in an authentication process carried out between the first network device and the second network device.

Abstract: An apparatus in an illustrative embodiment comprises at least one processing device including a processor coupled to a memory. The at least one processing device is configured to detect a failure impacting management functionality associated with a management controller of a first network device. The at least one processing device is further configured, responsive to the detected failure being a failure of a first type, to address the detected failure utilizing at least one microservice replicated from the management controller to another component of the first network device, and responsive to the detected failure being a failure of a second type different than the first type, to address the detected failure by establishing an alternative management communication channel through at least one additional component of at least the first network device.

Abstract: An apparatus in an illustrative embodiment comprises at least one processing device including a processor and a memory. The at least one processing device is configured to implement a management controller for a network device, the management controller being configured to communicate with at least one management server external to the network device. The at least one processing device is further configured to obtain network configuration information for one or more network interfaces of the network device, to deploy a network address server at least in part on the management controller, and to utilize the network address server deployed at least in part on the management controller to assign at least one network address to each of one or more of the network interfaces of the network device.

Abstract: An apparatus in an illustrative embodiment comprises at least one processing device including a processor and a memory. The at least one processing device is configured to implement a management controller for a network device, the management controller being configured to communicate with at least one management server external to the network device. The at least one processing device is further configured to obtain network configuration information for one or more network interfaces of the network device, to deploy a network address server at least in part on the management controller, and to utilize the network address server deployed at least in part on the management controller to assign at least one network address to each of one or more of the network interfaces of the network device.

Abstract: A cooling-power-consumption-based workload allocation system includes a workload allocation system coupled to at least one client device and a plurality of server devices. The workload allocation system receives a first workload request that identifies a first workload from the at least one client device, and determines a first workload priority of the first workload relative to a second workload priority of each second workload being performed by the plurality of server devices. Based on the first workload priority of the first workload relative to the second workload priority of each second workload and a cooling-power-utilization-efficiency ranking of each of the plurality of server devices, the workload allocation system identifies a first server device included in the plurality of server devices for performing the first workload, and causes the first server device to perform the first workload.

Abstract: Method and systems provide automated configuration of replaceable hardware components of a chassis comprising a plurality of IHSs (Information Handling Systems) and a plurality of storage devices that are configured to support demands of a specific computing solution designed for a particular computing task. The IHSs may be computing sleds and the storage devices may be storage sleds, where the sleds are coupled within bays of the chassis. Processes operating on the IHSs monitor for changes to settings related to the first computing solution. A chassis management controller detects updates to the replaceable hardware components that are coupled to the chassis and determines supported settings for detected new hardware components. Parameters for configuring the new hardware components for supporting the first computing solution are selected and used to configure the new hardware components.

Abstract: An apparatus comprises a processing device that is configured to maintain a list of a managed devices, to generate a seed value and to submit a login request to a first managed device. The processing device is configured to generate a value based at least in part on the seed value and to select a second managed device from the list based at least in part on the value. The processing device is further configured to receive a second factor authentication challenge from the first managed device and to obtain a device key encrypted passcode from the second managed device. The processing device is further configured to provide the device key encrypted passcode to the first managed device and to receive a successful authentication of the login request from the first managed device based at least in part on providing the device key encrypted passcode to the first managed device.

Abstract: A power/workload management system includes a power system that is coupled to a first computing device that is configured to perform a first workload, as well as to a second computing device. A management subsystem is coupled to the first computing device and the second computing device, and operates to identify a reduced power event associated with the power system and, in response, determine that the first computing device is associated with a higher power consumption than the second computing device. In response to determining that the first computing device is associated with the higher power consumption than the second computing device, the management subsystem moves the first workload to the second computing device such that the second computing device performs the first workload, and configures the first computing device in a reduced power consumption state.

Abstract: An integrated infrastructure secure communication system includes at least one chassis, and a plurality of computing devices that are located in the at least one chassis and that are coupled to each other. A first computing device included in the plurality of computing device receives a communication from a first component in the first computing device, retrieves a vendor-based key, and encrypts the communication using the vendor-based key to provide a first-level encrypted communication. The first computing device also generates a first random key, encrypts the first-level encrypted communication with the first random key to provide a second-level encrypted communication, and transmits the second-level encrypted communication to a second computing device that is included in the plurality of computing devices.

Abstract: An apparatus comprises a processing device that is configured to maintain a list of a managed devices, to generate a seed value and to submit a login request to a first managed device. The processing device is configured to generate a value based at least in part on the seed value and to select a second managed device from the list based at least in part on the value. The processing device is further configured to receive a second factor authentication challenge from the first managed device and to obtain a device key encrypted passcode from the second managed device. The processing device is further configured to provide the device key encrypted passcode to the first managed device and to receive a successful authentication of the login request from the first managed device based at least in part on providing the device key encrypted passcode to the first managed device.

Abstract: A data encryption key management system includes an application layer with a hypervisor and a virtual machine, a host operating system coupled to the application layer and including a key management agent, and a Baseboard Management Controller (BMC) device coupled to the host operating system and including a BMC storage device providing a key vault. The BMC device receives a first stored data encryption key that was generated by the hypervisor for the virtual machine from the key management agent, and stores the first stored data encryption key in the key vault provided by the BMC storage device. The BMC device subsequently receives a stored data encryption key request from the key management agent and, in response, retrieves the first stored data encryption key from the key vault provided by the BMC storage device, and transmits the first stored data encryption key to the key management agent.

Abstract: An integrated infrastructure secure communication system includes at least one chassis, and a plurality of computing devices that are located in the at least one chassis and that are coupled to each other. A first computing device included in the plurality of computing device receives a communication from a first component in the first computing device, retrieves a vendor-based key, and encrypts the communication using the vendor-based key to provide a first-level encrypted communication. The first computing device also generates a first random key, encrypts the first-level encrypted communication with the first random key to provide a second-level encrypted communication, and transmits the second-level encrypted communication to a second computing device that is included in the plurality of computing devices.

Abstract: A secure infrastructure onboarding system includes an infrastructure device with an infrastructure device wireless subsystem that it may use to perform wireless key management system discovery operations in response to initialization. A key management system includes a key management system wireless subsystem it uses to perform the wireless key management system discovery operations with the infrastructure device. The key management subsystem may then wirelessly receive an infrastructure device certificate along with an infrastructure device validation key from the infrastructure device, and validate the first infrastructure device based on the first infrastructure device certificate and the first infrastructure device validation key. In response, the key management system may wirelessly transmit a first credential generation key that is configured for use by the first infrastructure device to generate first authentication credentials.

Abstract: A cooling-power-consumption-based workload allocation system includes a workload allocation system coupled to at least one client device and a plurality of server devices. The workload allocation system receives a first workload request that identifies a first workload from the at least one client device, and determines a first workload priority of the first workload relative to a second workload priority of each second workload being performed by the plurality of server devices. Based on the first workload priority of the first workload relative to the second workload priority of each second workload and a cooling-power-utilization-efficiency ranking of each of the plurality of server devices, the workload allocation system identifies a first server device included in the plurality of server devices for performing the first workload, and causes the first server device to perform the first workload.

Abstract: A power/workload management system includes a power system that is coupled to a first computing device that is configured to perform a first workload, as well as to a second computing device. A management subsystem is coupled to the first computing device and the second computing device, and operates to identify a reduced power event associated with the power system and, in response, determine that the first computing device is associated with a higher power consumption than the second computing device. In response to determining that the first computing device is associated with the higher power consumption than the second computing device, the management subsystem moves the first workload to the second computing device such that the second computing device performs the first workload, and configures the first computing device in a reduced power consumption state.

Abstract: An HCI distributed ledger management system includes a first HCI node in an HCI system that uses its first HCI node data to generate a first hash value that it stores in a distributed ledger and broadcasts to other HCI nodes in the HCI system. In response to a first modification performed on the first HCI node, the first HCI node uses its second HCI node data to generate a second hash value that it stores along with the first hash value in the distributed ledger, and broadcasts to the other HCI nodes in the HCI system. A management system may then determine that an issue exists in the HCI system and, in response, identify a cause of the issue based on the first hash value and the second hash value stored in the distributed ledger.

Abstract: A secure infrastructure onboarding system includes an infrastructure device with an infrastructure device wireless subsystem that it may use to perform wireless key management system discovery operations in response to initialization. A key management system includes a key management system wireless subsystem it uses to perform the wireless key management system discovery operations with the infrastructure device. The key management subsystem may then wirelessly receive an infrastructure device certificate along with an infrastructure device validation key from the infrastructure device, and validate the first infrastructure device based on the first infrastructure device certificate and the first infrastructure device validation key. In response, the key management system may wirelessly transmit a first credential generation key that is configured for use by the first infrastructure device to generate first authentication credentials.

Abstract: A data encryption key management system includes an application layer with a hypervisor and a virtual machine, a host operating system coupled to the application layer and including a key management agent, and a Baseboard Management Controller (BMC) device coupled to the host operating system and including a BMC storage device providing a key vault. The BMC device receives a first stored data encryption key that was generated by the hypervisor for the virtual machine from the key management agent, and stores the first stored data encryption key in the key vault provided by the BMC storage device. The BMC device subsequently receives a stored data encryption key request from the key management agent and, in response, retrieves the first stored data encryption key from the key vault provided by the BMC storage device, and transmits the first stored data encryption key to the key management agent.

Abstract: Method and systems support configuring components of a chassis comprising a plurality of IHSs (Information Handling Systems). A management controller of the chassis initiates a process for identifying a plurality of hardware and software capabilities of the chassis. Based on the identified capabilities, computing solutions, such as specialized computation and storage functions, supported by the chassis are determined. The computing solutions supported by the capabilities of the chassis are encoded, such as within a set of compatibility bits. Upon detecting updates to the hardware and software capabilities of the chassis, the encoded compatibility bits are used to determine compatibility of the updated capabilities with computing solutions supported by the chassis.