Abstract: Enhanced Information Handling System (IHS) messaging infrastructure security may include setting up, by a message producer, via a messaging resource rotation service, messaging resources in a message broker. The messaging resource rotation service may assign a routing key variable, and then a message consumer may subscribe, via the messaging resource rotation service, to the messaging resources pointed out by the routing key variable. The message producer may fetch a routing key variable derived value, to post a message, using this routing key derived variable value. Thereafter, the message broker may notify the subscribed message consumer about the posting of the message. Additionally, the messaging resource rotation service may rotate the routing key variable and/or the routing key variable derived value, may notify the message consumer of the new routing key in the message broker, and/or may store the routing key variable in a key vault, or with key management service.

Abstract: Methods and systems for managing services are disclosed. The services may be managed by monitoring the services to identify services that could benefit from being scaled. The services may be identified by monitoring operation of both the services and dependencies of the services. The monitoring may allow services to be classified as either being limited in processing due to computing resource limits or limited due to dependencies. Services that are limited due to computing resource may be candidates for scaling. Such services may be scaled if timeliness or other goals of the services are not met.

Abstract: Vulnerability proofing a node (e.g., an Information handling System (IHS)) while onboarding the node to a container orchestration platform may include detecting onboarding of the node IHS to the container orchestration platform, which includes vulnerability management service instructions and an onboarding handler component. The onboarding including configuring (a) hardware component(s) of the IHS, and the vulnerability proofing may include executing the vulnerability management service instructions, which results in accessing (a) catalog(s) specifying known vulnerabilities of hardware components of the IHS and determining whether any of the configuring of any of the configurations of (a) hardware component(s) of the IHS are identified as vulnerable in the catalog(s).

Abstract: Vulnerability proofing of an edge compute endpoint while onboarding to an edge orchestrator includes detecting onboarding of and Information Handling System (IHS) as the edge compute endpoint to the edge orchestrator that includes vulnerability management service instructions. The onboarding includes configuring for (a) hardware component(s) of the IHS. Execution of the vulnerability management service instructions results in accessing (a) catalog(s) specifying known vulnerabilities of hardware components of the IHS, determining whether any of the configuring of the configuration(s) for the hardware component(s) are identified as vulnerable in the catalog(s), and blocking of the onboarding of the IHS as the edge compute endpoint to the edge orchestrator until the configuring of the hardware component(s) is modified to include no configuring of the hardware component(s) with vulnerabilities identified in the catalog(s).

Abstract: Vulnerability proofing container orchestration platform deployment includes a remote access controller detecting a container orchestration platform installer comprising vulnerability management service instructions and executing the vulnerability management service instructions. This causes the remote controller to identify configurations for one or more of the hardware component(s) of the IHS in the container orchestration platform installer, access a plurality of catalogs specifying known vulnerabilities of hardware components and determine whether the hardware component configuration(s) in the container orchestration platform installer are identified as vulnerable in one or more of the catalogs. The remote controller blocks use of the container orchestration platform installer by the IHS until the hardware component configurations within the container orchestration platform installer are modified to include no configurations with vulnerabilities identified in the plurality of catalogs.

Abstract: Methods and systems for managing data processing systems are disclosed. The data processing systems may be managed by monitoring remediation of incidents. The remediation of the incidents may be monitored by assigning personnel. Notifications of the assigning of personnel and progress of the remediation may be made to at least two other data processing systems. The at least two other data processing systems may update the status of a data processing with the incident as the progress of the remediation continues towards completion of the remediation.

Abstract: One example method includes monitoring a containerized workload environment, receiving, as a result of the monitoring, a trigger indicating that a system in the containerized workload environment should be modified to address a vulnerability of the system, as a result of the trigger, updating a vulnerability compliance resource catalogue, associated with the system, to list an update that is needed to address the vulnerability, implementing the update in the system, performing a reconciliation that comprises identifying the system as needing a vulnerability compliance calculation, and performing the vulnerability compliance calculation for the system and generating, based on the performing, a vulnerability compliance score for the system.

Abstract: Embodiments of the present disclosure provide a system and method to detect a mount context of a firmware update image, and dynamically change an update sequence of the update process so that some, most, or all components may be successfully updated. According to one embodiment, an Information Handling System (IHS) includes multiple updateable components, and executable instructions to cause the IHS to determine that a bundled update image is mounted by a Remote Access Controller (RAC) in which the bundled update image includes multiple component update images associated with the updateable components. In response to the determination, the IHS further re-arranges an original sequence of when each of the component update images are to be applied to their respective updateable components, and applies the component update images according to the re-arranged sequence so that the updateable components are updated successfully.

Abstract: An information handling system includes a memory device and a firmware update module. The memory device includes a firmware component associated with an element of the information handling system. The firmware update module is configured receives a firmware update for the firmware component, determines that the firmware update includes a setting, stores the firmware update to the memory device, writes the setting to a non-volatile memory associated with the element, and reboots the information handling system.

Abstract: Systems and methods are provided for vulnerability proofing the administration of hardware components of an IHS. A proposed configuration for a hardware component of the IHS is detected. Multiple catalogs specifying known vulnerabilities of hardware components are accessed, such as a catalog of known vulnerabilities provided by a manufacturer of the hardware component and such as a catalog of known vulnerabilities provided by a manufacturer of the IHS. The proposed configuration of the hardware component is evaluated as being vulnerable in the first catalog and also in the second catalog. If the proposed configuration is identified as vulnerable in either the first catalog or in the second catalog, the hardware component is disabled until the proposed configurations for the hardware component are changed to include no configurations with vulnerabilities identified in either the first or second catalogs.

Abstract: Systems and methods are provided for vulnerability proofing the launching of application instances by an IHS (Information Handling System). The launching of an application instance on the IHS is detected, where the application instance is launched using an application template that includes configurations for one or more hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. Hardware component configurations included in the application template are identified as vulnerable in one or more of the catalogs. If the application template includes configurations that are identified as vulnerable in the catalogs, launching of the application is prevented until the hardware component configurations within the application template are modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: Systems and methods are provided for vulnerability proofing updates to an IHS (Information Handling System). An update system receives a notification of an update including updated configurations for hardware components of the IHS. The update system queries the IHS for vulnerability proofing requirements for updates that modify configurations of hardware components of the IHS. In response to the query, vulnerability proofing requirements are retrieved from a persistent data storage of the IHS and transmitted to the update system, where the vulnerability proofing requirements specify catalogs of known vulnerabilities of hardware components. The update system determines whether the updated configurations are identified as vulnerable in the one or more of catalogs. If the updated configurations are not identified in the catalogs, the update is transmitted to the IHS. If configurations from the update are identified in the catalogs, the update is terminated and the IHS is notified.

Abstract: Systems and methods are provided for vulnerability proofing the installation of new hardware components in an IHS (Information Handling System). The coupling of a new hardware component to the IHS is detected. A profile is identified that is to be used in provisioning the new hardware component that has been coupled to the IHS. The profile may include various configurations for the coupled hardware component. One or more catalogs are accessed that specify known vulnerabilities of hardware components. Configurations from the profile for the coupled hardware component are used to identify any configuration that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the configuration for the new hardware component, further use of the new hardware component by the IHS is disabled until the profile is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: Systems and methods provide vulnerability proofing procedures for booting of an IHS (Information Handling System). A request to boot the IHS is detected. One or more boot configurations are determined that include configurations for operation of one or more of the hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. The boot configurations are used to identify any hardware component configurations that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the boot configuration, further booting of the IHS may be disabled until the boot configuration is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: An information handling system includes a storage and a processor. The storage stores a firmware update for a component of the information handling system. The processor receives a firmware update notification. The firmware update notification is associated with the firmware update for the component. The processor determines whether the component is weather dependent. In response to the firmware update being weather dependent, the processor determines whether the firmware update currently may be performed based on a weather report for a location of the information handling system. In response to a determination that the firmware update may be performed, the processor performs the firmware update on the component.

Abstract: Systems and methods are provided for vulnerability proofing updates to an IHS. An update package is detected that includes configurations for one or more of the hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. The updated configurations of the hardware component that are included in the update package are used to identify any hardware component configurations that have known vulnerabilities that are listed in the catalogs. If known vulnerabilities are identified in the updated configurations, further booting of the IHS may be disabled until the update package is modified to include no configurations with vulnerabilities identified in the catalogs.

Abstract: Systems and methods are provided for vulnerability proofing an IHS (Information Handling System) while being administered using a bootable image. Launching of a bootable image by the one or more CPUs is detected and one or more IHS configurations to be made using the bootable image are identified. One or more catalogs specifying known vulnerabilities of hardware components are accessed and used to determine whether any of the IHS configurations to be made using the bootable image are identified as vulnerable in one or more of the catalogs. Configuration of the IHS using the bootable image is blocked until the configurations to be made using the bootable image are modified to include no configurations with vulnerabilities identified in the plurality of catalogs.

Abstract: Systems and methods provided vulnerability proofing of an IHS (Information Handling System) while it is being provisioned for deployment, such as upon receipt at a datacenter. An initial provisioning of the IHS is detected, where no provisioning of the IHS has been conducted other than the factory provisioning of the IHS. A profile is identified that is to be used in provisioning the IHS, where the profile includes configurations for one or more hardware components of the IHS. One or more catalogs are accessed that specify known vulnerabilities of hardware components. For each of the hardware configurations in the profile, configurations that are vulnerable are identified based on the catalogs of known vulnerabilities. If vulnerabilities are identified, further provisioning of the IHS is blocked until the profile is modified to include no hardware configurations with vulnerabilities identified in the catalogs.

Abstract: Systems and methods are provided for vulnerability proofing the use of risk scores in the administration of hardware components of an IHS (Information Handling System). Proposed configurations for a first of the hardware components of the IHS are detected, where the proposed configurations are associated with a risk score. Catalogs specifying known vulnerabilities of hardware components are accessed and used to determine whether any of the proposed configurations of the first hardware component are identified as vulnerable in one or more of the catalogs. When a vulnerability for the proposed configuration is identified in the catalogs, the risk score of the configuration is increased based on the vulnerabilities identified in the plurality of catalogs. When the risk score is increased to an elevated level, the hardware component is disabled until the proposed configurations are changed to include no configurations with vulnerabilities identified in the catalogs.

Abstract: Systems and methods are provided for vulnerability proofing the use of machine learning recommendations by an IHS. A machine learning recommendation is detected that provides configurations for one or more of the hardware components of the IHS. Catalogs specifying known vulnerabilities of hardware components are accessed to determine whether any of the hardware configurations from the machine learning recommendations are identified as vulnerable in one or more of the catalogs. If a machine learning recommendation is identified as vulnerable, use of the machine learning recommendation by the IHS is blocked until the recommendation is modified to include no recommended hardware configurations with vulnerabilities identified in the catalogs.