Abstract: Techniques and mechanisms for determining an operation to be performed with a direct memory access (DMA) request. An inspection unit (105) is coupled between an input-output memory management unit (IOMMU) (120) and an endpoint device (118). The inspection unit (105) stores a registry (330) comprising entries (332) which each correspond to a respective address, and a respective one or more resources of the endpoint device (118). A given entry (332) of the registry (330) is created based on a message from the IOM MU (120) which indicates the successful completion of an address translation to facilitate a DMA request. The endpoint device (118) performs a search, based on a DMA request, to determine if any registry (330) entry (332) indicates a combination of an address and an endpoint resource, where said combination matches a corresponding combination indicated by the DMA request. Communication of the DMA request to the IOMMU (120) is contingent on a result of the search.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage telemetry data in an edge environment. An example apparatus includes a publisher included in a first edge platform to publish a wish list obtained from a consumer, the wish list including tasks to execute, a commitment determiner to determine whether a commitment is viable to execute at least one of the tasks in the wish list, the commitment to be processed to identify the telemetry data, and a communication interface to establish a communication channel to facilitate transmission of the telemetry data from the first edge platform to a second edge platform.

Abstract: Methods, apparatus, systems, and articles of manufacture to protect proprietary functionality and/or other content in hardware and software are disclosed. An example computer apparatus includes; a first circuit including a first interface, the first circuit associated with a first domain; a second circuit including a second interface, the second circuit associated with a second domain; and a chip manager to generate a first authenticated interface for the first interface using a first token and to generate a second authenticated interface for the second interface using a second token to enable communication between the first authenticated interface and the second authenticated interface.

Abstract: Technologies for fulfilling service requests in an edge architecture include an edge gateway device to receive a request from an edge device or an intermediate tier device of an edge network to perform a function of a service by an entity hosting the service. The edge gateway device is to identify one or more input data to fulfill the request by the service and request the one or more input data from an edge resource identified to provide the input data. The edge gateway device is to provide the input data to the entity associated with the request.

Abstract: Technologies for providing selective offload of execution of an application to the edge include a device that includes circuitry to determine whether a section of an application to be executed by the device is available to be offloaded. Additionally, the circuitry is to determine one or more characteristics of an edge resource available to execute the section. Further, the circuitry is to determine, as a function of the one or more characteristics and a target performance objective associated with the section, whether to offload the section to the edge resource and offload, in response to a determination to offload the section, the section to the edge resource.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to aggregate telemetry data in an edge environment. An example apparatus includes at least one processor, and memory including instructions that, when executed, cause the at least one processor to at least generate a composition for an edge service in the edge environment, the composition representative of a first interface to obtain the telemetry data, the telemetry data associated with resources of the edge service and including a performance metric, generate a resource object based on the performance metric, generate a telemetry object based on the performance metric, and generate a telemetry executable based on the composition, the composition including at least one of the resource object or the telemetry object, the telemetry executable to generate the telemetry data in response to the edge service executing a computing task distributed to the edge service based on the telemetry data.

Abstract: Methods, apparatus, systems and articles of manufacture for re-use of a container in an edge computing environment are disclosed. An example method includes detecting that a container executed at an edge node of a cloud computing environment is to be cleaned, deleting user data from the container, the deletion of the user data performed without deleting the container from the memory of the edge node, restoring settings of the container to a default state; and storing information identifying the container, the information including a flavor of the container, the storing of the information to enable the container to be re-used by a subsequent requestor.

Abstract: An example apparatus includes: memory; instructions in the apparatus; and at least one processor to execute the instructions to: check for proof of trust information in one or more pre-determined positions in a trusted digital image, the proof of trust information including a secure output marker, the secure output marker indicative of information corresponding to a trusted output area of the trusted digital image; decrypt the secure output marker using one or more security keys from a trusted execution environment (TEE), the TEE isolated from a computing application; and enable activation of a trusted output indicator in response to a match between first data corresponding to the secure output marker and second data corresponding to the trusted output area of the trusted digital image.

Abstract: Methods, systems and apparatus disclosed herein create an overlay of nodes to permit the nodes to engage in a peer-to-peer resource bidding process. An example apparatus at an edge of a network includes a first configurer to configure a network interface of a first node of the network in a first configuration, the first configuration to permit the first node to participate in a peer-to-peer resource bidding process with a plurality of other nodes of the network. The apparatus further includes a second configurer to configure the network interface of the first node of the network in a second configuration, the second configuration to prevent the first node from participation in the peer-to-peer resource bidding process.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to control processing of telemetry data at an edge platform. An example apparatus includes an orchestrator interface to, responsive to an amount of resources allocated to an orchestrator to orchestrate a workload at the edge platform meeting a first threshold, transmit telemetry data associated with the orchestrator to a computer to obtain a first orchestration result at a first granularity; a resource management controller to determine a second orchestration result at a second granularity to orchestrate the workload at the edge platform, the second granularity finer than the first granularity; and a scheduler to schedule a workload assigned to the edge platform based on the second orchestration result.

Abstract: Technologies for providing a multi-tenant local breakout switching and dynamic load balancing include a network device to receive network traffic that includes a packet associated with a tenant. Upon a determination that the packet is encrypted, a secret key associated with the tenant is retrieved. The network device decrypts a payload from the packet using the secret key. The payload is indicative of one or more characteristics associated with network traffic. The network device evaluates the characteristics and determines whether the network traffic is associated with a workload requesting compute from a service hosted by a network platform. If so, the network device forwards the network traffic to the service.

Abstract: Techniques and mechanisms to allocate functionality of a chiplet for access by one or more processor cores which are coupled to remote processor via a network switch. In an embodiment, a composite chip communicates with the switch via a Compute Express Link (CXL) link. The switch receives capability information which identifies both a chiplet of the composite chip, and a functionality which is available from a resource of that chiplet. Based on the capability information, the switch provides an inventory of chiplet resources. In response to an allocation request, the switch accesses the inventory to identify whether a suitable chiplet resource is available. Based on the access, the switch configures a chip to enable an allocation of a chiplet resource. In another embodiment, the chiplet resource is allocated at a sub-processor level of granularity, and disables access to the chiplet resource by one or more local processor cores.

Abstract: Methods and apparatus for identity and access management on networked machines are disclosed herein. An example non-transitory machine readable storage medium includes instructions to cause programmable circuitry to at least grant first permission to form a connection between a remote compute device and a local compute device based on a first identity of a first account, the connection to enable the first account to operate the local compute device by impersonating a second user, the second user associated with a second identity, access a request to execute a command on the remote compute device from the first account, and determine, based on the first identity of the first account and the second identity of the second user, whether second permission is to be granted to execute the command.

Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.

Abstract: Technologies for providing dynamic selection of edge and local accelerator resources includes a device having circuitry to identify a function of an application to be accelerated, determine one or more properties of an accelerator resource available at the edge of a network where the device is located, and determine one or more properties of an accelerator resource available in the device. Additionally, the circuitry is to determine a set of acceleration selection factors associated with the function, wherein the acceleration factors are indicative of one or more objectives to be satisfied in the acceleration of the function. Further, the circuitry is to select, as a function of the one or more properties of the accelerator resource available at the edge, the one or more properties of the accelerator resource available in the device, and the acceleration selection factors, one or more of the accelerator resources to accelerate the function.

Abstract: Examples described herein relate to a network interface device. In some examples, the network interface device includes a network interface, a direct memory access (DMA) circuitry, a host interface, memory, one or more processors, and circuitry to: based on a configuration of operation specifying a standalone operation, cause the network interface device to operate in standalone to execute one or more applications and based on a configuration of operation specifying a companion operation, cause the network interface device to operate in companion to provide at least one host system with access to one or more hardware resources accessible by the network interface device.

Abstract: Techniques and mechanisms for determining an operation to be performed with a direct memory access (DMA) request. An inspection unit (105) is coupled between an input-output memory management unit (IOMMU) (120) and an endpoint device (118). The inspection unit (105) stores a registry (330) comprising entries (332) which each correspond to a respective address, and a respective one or more resources of the endpoint device (118). A given entry (332) of the registry (330) is created based on a message from the IOM MU (120) which indicates the successful completion of an address translation to facilitate a DMA request. The endpoint device (118) performs a search, based on a DMA request, to determine if any registry (330) entry (332) indicates a combination of an address and an endpoint resource, where said combination matches a corresponding combination indicated by the DMA request. Communication of the DMA request to the IOMMU (120) is contingent on a result of the search.

Abstract: An embodiment of an integrated circuit may comprise memory to store respective resource control descriptors in correspondence with respective identifiers, and an input/output (JO) memory management unit (IOMMU) communicatively coupled to the memory, the IOMMU including circuitry to determine resource control information for an IO transaction based on a resource control descriptor stored in the memory that corresponds to an identifier associated with the IO transaction, and control utilization of one or more resources of the IOMMU based on the determined resource control information. Other embodiments are disclosed and claimed.

Abstract: Technologies for function as a service (FaaS) arbitration include an edge gateway, multiple endpoint devices, and multiple service providers. The edge gateway receives a registration request from a service provider that is indicative of an FaaS function identifier and a transform function. The edge gateway verifies an attestation received from the service provider and registers the service provider. The edge gateway receives a function execution request from an endpoint device that is indicative of the FaaS function identifier. The edge gateway selects the service provider based on the FaaS function identifier, programs an accelerator with the transform function, executes the transform function with the accelerator to transform the function execution request to a provider request, and submits the provider request to the service provider. The service provider may be selected based on an expected service level included in the function execution request. Other embodiments are described and claimed.

Abstract: Examples described herein relate to a network interface device that includes a network interface, one or more processors, and circuitry to: register the network interface device and based on selection as an attestation device by the management controller from among multiple candidate network interface devices, receive attestation information and perform attestation of one or more devices.