Abstract: Methods, systems, apparatuses, and computer program products are provided herein for rendering secured content. For instance, a computing device may be utilized to view content that is to be displayed via a display device coupled thereto. However, rather than rendering the content, the computing device generates and/or provides a graphical representation of the content to a rendering device coupled between the computing device and the display device. The rendering device analyzes the graphical representation to determine characteristics of the graphical representation, characteristics of a display region of an application window in which the content is to be rendered, and a network address at which the actual content is located. The rendering device retrieves the content using the network address and renders the retrieved content over the display region of the application window in accordance with the characteristics determined for the graphical representation and the display region of the application window.

Abstract: The disclosed technology includes fault-tolerant data replication system implemented by a cluster of compute devices. The system includes a witness comprising persistent data storage and multiple nodes configured to selectively execute leader node operations when serving as a leader of the cluster. The leader node operations include detecting an availability status change for a follower node of the cluster and, in response, updating a subterm and a replication set. The subterm identifies a total number of availability status changes detected within the cluster over a given time interval, and the replication set identifies set of entities designated to provide acknowledgments counted when determining whether to commit a message following message replication. The leader node operations further include writing the replication set, the subterm, and other metadata to the witness in response to receiving a first client message from a client application following the availability status change.

Abstract: A memory where video content is stored for access by processing components in a display pipeline is divided into different categories or groupings, each different category or grouping corresponding to a different security level. Access, by the processing components in the display pipeline, to the video content stored in the different categories or groupings is restricted in different ways so that access to video content stored in the highest security categories or groupings is more restricted and more secure than access to the video content stored in a less secure categories or groupings. Video content is received and a security level corresponding to video content is identified. The video content is written into a memory category or grouping, of the plurality of different categories or groupings corresponding to a plurality of different security levels, based upon the security level corresponding to the video content.

Abstract: A computing system uses AES-XTS encryption to encrypt data of a first part of first data stream using a tweak key, a data key, an initial tweak value, in a first encryption session, store the encrypted first part, then encrypts a second part of the first data stream in a second encryption session commenced after the termination of the first encryption session; and store the encrypted second part in the encrypted data store. The second part of the first data stream is encrypted using a modified tweak value computed based on the initial tweak value, the tweak key, and a block index of a last cipher block of the first part of the first data stream.

Abstract: Zone hints for use with a zoned namespace (ZNS) storage device. Zone hints include one or more of a first hint indicating that a zone is part of a group of a plurality of zones, a second hint indicating that the zone is to be fast-filled, or a third hint indicating that the zone is associated with a background operation. The first hint is structured to instruct the ZNS storage device to allocate to the zone a first storage resources that are physically adjacent to second storage resources reserved for others of the plurality of zones. The second hint is structured to instruct the ZNS storage device to bypass a staging area when writing to the zone. The third hint is structured to instruct the ZNS storage device to deprioritizing at least one operation writing to the zone, or to bypass the staging area when writing to the zone.

Abstract: Methods and systems are described which facilitate protecting a virtual desktop infrastructure (VDI) session. A first communication channel is established between a DRM component and a VDI service. The DRM component decrypts a video stream from the VDI service and overlays the decrypted video stream on a user's display. A second communication channel is established between an inputs protection component and the VDI service. The inputs protection component encrypts input received at a user's input device and sends the encrypted input to the cloud VDI service.

Abstract: Methods and systems are described which facilitate protecting a virtual desktop infrastructure (VDI) session. A first communication channel is established between a first cryptographic element and a VDI service. The first cryptographic element decrypts a video stream from the VDI service and overlays the decrypted video stream on a user's display. A second communication channel is established between a second cryptographic element and the VDI service. The second cryptographic element encrypts input received at a user's input device and sends the encrypted input to the cloud VDI service.

Abstract: Embodiments of the present disclosure include systems and methods for providing a scalable controller for managing data storages. A system includes a non-volatile memory controller comprising a set of data queues and a set of administrative queues. The system also includes a set of physical storages communicatively coupled to the non-volatile memory controller. A set of logical storages are created from the set of physical storages. A primary non-volatile memory controller is created from the non-volatile memory controller. The primary non-volatile memory controller comprising an administrative queue in the set of administrative queues, a first subset of the set of data queues, and a first subset of the set of logical storages. An extended non-volatile memory controller is created from the non-volatile memory controller. The extended non-volatile memory controller comprising a second subset of the set of data queues and a second subset of the set of logical storages.

Abstract: A computing system uses Advanced Encryption Standard XEX Based Tweaked Codebook Mode with Ciphertext Stealing (AES-XTS) encryption to encrypt a block of data using a tweak key, a data key, a modified tweak value, and the block of data to thereby generate an encrypted block of data. The modified tweak value is computed according to the expression DEC(0, CONST KEY), where DEC is an AES decryption algorithm, and CONST KEY is the tweak key. The encrypted block of data is thereby formatted according to the Advanced Encryption Standard with no extended mode and not according to the XEX Based Tweaked Codebook Mode with Ciphertext Stealing.

Abstract: A server system is provided that includes one or more compute nodes that include at least one processor and a host memory device. The server system further includes a plurality of solid-state drive (SSD) devices, a local non-volatile memory express virtualization (LNV) device, and a non-transparent (NT) switch for a peripheral component interconnect express (PCIe) bus that interconnects the plurality of SSD devices and the LNV device to the at least one processor of each compute node. The LNV device is configured to virtualize hardware resources of the plurality of SSD devices. The plurality of SSD devices are configured to directly access data buffers of the host memory device. The NT switch is configured to hide the plurality of SSD devices such that the plurality of SSD devices are not visible to the at least one processor of each compute node.

Abstract: A computing system uses AES-XTS encryption to encrypt data of a first part of first data stream using a tweak key, a data key, an initial tweak value, in a first encryption session, store the encrypted first part, then encrypts a second part of the first data stream in a second encryption session commenced after the termination of the first encryption session; and store the encrypted second part in the encrypted data store. The second part of the first data stream is encrypted using a modified tweak value computed based on the initial tweak value, the tweak key, and a block index of a last cipher block of the first part of the first data stream.

Abstract: Zone hints for use with a zoned namespace (ZNS) storage device. Zone hints include one or more of a first hint indicating that a zone is part of a group of a plurality of zones, a second hint indicating that the zone is to be fast-filled, or a third hint indicating that the zone is associated with a background operation. The first hint is structured to instruct the ZNS storage device to allocate to the zone a first storage resources that are physically adjacent to second storage resources reserved for others of the plurality of zones. The second hint is structured to instruct the ZNS storage device to bypass a staging area when writing to the zone. The third hint is structured to instruct the ZNS storage device to deprioritizing at least one operation writing to the zone, or to bypass the staging area when writing to the zone.

Abstract: A server system is provided that includes one or more compute nodes that include at least one processor and a host memory device. The server system further includes a plurality of solid-state drive (SSD) devices, a local non-volatile memory express virtualization (LNV) device, and a non-transparent (NT) switch for a peripheral component interconnect express (PCIe) bus that interconnects the plurality of SSD devices and the LNV device to the at least one processor of each compute node. The LNV device is configured to virtualize hardware resources of the plurality of SSD devices. The plurality of SSD devices are configured to directly access data buffers of the host memory device. The NT switch is configured to hide the plurality of SSD devices such that the plurality of SSD devices are not visible to the at least one processor of each compute node.

Abstract: Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.

Abstract: Methods, systems, apparatuses, and computer program products are provided herein for rendering secured content. For instance, a computing device may be utilized to view content that is to be displayed via a display device coupled thereto. However, rather than rendering the content, the computing device generates and/or provides a graphical representation of the content to a rendering device coupled between the computing device and the display device. The rendering device analyzes the graphical representation to determine characteristics of the graphical representation, characteristics of a display region of an application window in which the content is to be rendered, and a network address at which the actual content is located. The rendering device retrieves the content using the network address and renders the retrieved content over the display region of the application window in accordance with the characteristics determined for the graphical representation and the display region of the application window.

Abstract: Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.

Abstract: Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.

Abstract: A server system is provided that includes one or more compute nodes that include at least one processor and a host memory device. The server system further includes a plurality of solid-state drive (SSD) devices, a local non-volatile memory express virtualization (LNV) device, and a non-transparent (NT) switch for a peripheral component interconnect express (PCIe) bus that interconnects the plurality of SSD devices and the LNV device to the at least one processor of each compute node. The LNV device is configured to virtualize hardware resources of the plurality of SSD devices. The plurality of SSD devices are configured to directly access data buffers of the host memory device. The NT switch is configured to hide the plurality of SSD devices such that the plurality of SSD devices are not visible to the at least one processor of each compute node.

Abstract: A server system is provided that includes one or more compute nodes that include at least one processor and a host memory device. The server system further includes a plurality of solid-state drive (SSD) devices, a local non-volatile memory express virtualization (LNV) device, and a non-transparent (NT) switch for a peripheral component interconnect express (PCIe) bus that interconnects the plurality of SSD devices and the LNV device to the at least one processor of each compute node. The LNV device is configured to virtualize hardware resources of the plurality of SSD devices. The plurality of SSD devices are configured to directly access data buffers of the host memory device. The NT switch is configured to hide the plurality of SSD devices such that the plurality of SSD devices are not visible to the at least one processor of each compute node.

Abstract: Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.