TECHNIQUES TO CONTROL SYSTEM UPDATES AND CONFIGURATION CHANGES VIA THE CLOUD

- Intel

Embodiments are generally directed apparatuses, methods, techniques and so forth determine an access level of operation based on an indication received via one or more network links from a pod management controller, and enable or disable a firmware update capability for a firmware device based on the access level of operation, the firmware update capability to change firmware for the firmware device. Embodiments may also include determining one or more configuration settings of a plurality of configuration settings to enable for configuration based on the access level of operation, and enable configuration of the one or more configuration settings.

Skip to: Description  ·  Claims  · Patent History  ·  Patent History
Description
RELATED CASES

This application claims priority to U.S. Provisional Patent Application No. 62/365,969, filed Jul. 22, 2016, United States Provisional Patent Application No. 62/376,859, filed Aug. 18, 2016, and United Provisional Patent Application No. 62/427,268, filed Nov. 29, 2016, each of which are hereby incorporated by reference in their entirety.

TECHNICAL FIELD

Embodiments described herein generally include performing circuit switching for workloads.

BACKGROUND

A computing data center may include one or more computing systems including a plurality of compute nodes that may include various compute structures (e.g., servers or sleds) and may be physically located on multiple racks. The sleds may include a number of physical resources interconnected via one or more compute structures and buses.

Typically, a computing data center and components therein may require updating and configuration changes to fix potential problems and to provide physical resources in a desirable configuration for the users. However, current solutions may permit users to make updates and configuration changes in such a way that may be harmful to the data center, either intentionally or unintentionally. Thus, embodiments may address these and other issues as discussed herein.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements.

FIG. 1 illustrates an example of a data center.

FIG. 2 illustrates an example of a rack.

FIG. 3 illustrates an example of a data center.

FIG. 4 illustrates an example of a data center.

FIG. 5 illustrates an example of a switching infrastructure.

FIG. 6 illustrates an example of a data center.

FIG. 7 illustrates an example of a sled.

FIG. 8 illustrates an example of a data center.

FIG. 9 illustrates an example of a data center.

FIG. 10 illustrates an example of a sled.

FIG. 11 illustrates an example of a data center.

FIG. 12 illustrates an example of a data center.

FIG. 13 illustrates an example of a sled.

FIG. 14 illustrates an example of a functional block diagram.

FIG. 15 illustrates an example of a first logic flow diagram.

FIG. 16 illustrates an example of a second logic flow diagram.

FIG. 17 illustrates an example of a third logic flow diagram.

FIG. 18 illustrates an example of a fourth logic flow diagram.

 DETAILED DESCRIPTION

Various embodiments may generally be directed to controlling update and configuration capabilities that may be utilized in a cloud-based system. For example, embodiments may include determining an access level of operation for a user or administrator attempting to change or update a sled, including sleds that are capable of providing physical compute resources, physical memory resources, physical accelerator resources, physical storage resources, and so forth. The access level of operation may be utilized to determine whether the administrator or user has permission to make the changes or updates they are requesting. In some embodiments, the access level of operation may be a priority level and circuitry may determine whether a user or administrator is permitted to update a firmware device or change configuration settings based on the priority level, for example. Based on the access level of operation a firmware update capability may be enabled or disabled, one or more configuration settings may be enabled or disabled for changing, and so forth. These and other details will become apparent in the following description.

Reference is now made to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding thereof. It may be evident, however, that the novel embodiments can be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate a description thereof. The intention is to cover all modifications, equivalents, and alternatives consistent with the claimed subject matter.

FIG. 1 illustrates a conceptual overview of a data center 100 that may generally be representative of a data center or other type of computing network in/for which one or more techniques described herein may be implemented according to various embodiments. As shown in FIG. 1, data center 100 may generally contain a plurality of racks, each of which may house computing equipment comprising a respective set of physical resources. In the particular non-limiting example depicted in FIG. 1, data center 100 contains four racks 102A to 102D, which house computing equipment comprising respective sets of physical resources (PCRs) 105A to 105D. According to this example, a collective set of physical resources 106 of data center 100 includes the various sets of physical resources 105A to 105D that are distributed among racks 102A to 102D. Physical resources 106 may include resources of multiple types, such as—for example—processors, co-processors, accelerators, field-programmable gate arrays (FPGAs), memory, and storage. The embodiments are not limited to these examples.

The illustrative data center 100 differs from typical data centers in many ways. For example, in the illustrative embodiment, the circuit boards (“sleds”) on which components such as CPUs, memory, and other components are placed are designed for increased thermal performance. In particular, in the illustrative embodiment, the sleds are shallower than typical boards. In other words, the sleds are shorter from the front to the back, where cooling fans are located. This decreases the length of the path that air must to travel across the components on the board. Further, the components on the sled are spaced further apart than in typical circuit boards, and the components are arranged to reduce or eliminate shadowing (i.e., one component in the air flow path of another component). In the illustrative embodiment, processing components such as the processors are located on a top side of a sled while near memory, such as DIMMs, are located on a bottom side of the sled. As a result of the enhanced airflow provided by this design, the components may operate at higher frequencies and power levels than in typical systems, thereby increasing performance. Furthermore, the sleds are configured to blindly mate with power and data communication cables in each rack 102A, 102B, 102C, 102D, enhancing their ability to be quickly removed, upgraded, reinstalled, and/or replaced. Similarly, individual components located on the sleds, such as processors, accelerators, memory, and data storage drives, are configured to be easily upgraded due to their increased spacing from each other. In the illustrative embodiment, the components additionally include hardware attestation features to prove their authenticity.

Furthermore, in the illustrative embodiment, the data center 100 utilizes a single network architecture (“fabric”) that supports multiple other network architectures including Ethernet and Omni-Path. The sleds, in the illustrative embodiment, are coupled to switches via optical fibers, which provide higher bandwidth and lower latency than typical twister pair cabling (e.g., Category 5, Category 5e, Category 6, etc.). Due to the high bandwidth, low latency interconnections and network architecture, the data center 100 may, in use, pool resources, such as memory, accelerators (e.g., graphics accelerators, FPGAs, ASICs, etc.), and data storage drives that are physically disaggregated, and provide them to compute resources (e.g., processors) on an as needed basis, enabling the compute resources to access the pooled resources as if they were local. The illustrative data center 100 additionally receives usage information for the various resources, predicts resource usage for different types of workloads based on past resource usage, and dynamically reallocates the resources based on this information.

The racks 102A, 102B, 102C, 102D of the data center 100 may include physical design features that facilitate the automation of a variety of types of maintenance tasks. For example, data center 100 may be implemented using racks that are designed to be robotically-accessed, and to accept and house robotically-manipulable resource sleds. Furthermore, in the illustrative embodiment, the racks 102A, 102B, 102C, 102D include integrated power sources that receive higher current than typical for power sources. The increased current enables the power sources to provide additional power to the components on each sled, enabling the components to operate at higher than typical frequencies. FIG. 2 illustrates an exemplary logical configuration of a rack 202 of the data center 100. As shown in FIG. 2, rack 202 may generally house a plurality of sleds, each of which may comprise a respective set of physical resources. In the particular non-limiting example depicted in FIG. 2, rack 202 houses sleds 204-1 to 204-4 comprising respective sets of physical resources 205-1 to 205-4, each of which constitutes a portion of the collective set of physical resources 206 comprised in rack 202. With respect to FIG. 1, if rack 202 is representative of—for example—rack 102A, then physical resources 206 may correspond to the physical resources 105A comprised in rack 102A. In the context of this example, physical resources 105A may thus be made up of the respective sets of physical resources, including physical storage resources 205-1, physical accelerator resources 205-2, physical memory resources 204-3, and physical compute resources 205-5 comprised in the sleds 204-1 to 204-4 of rack 202. The embodiments are not limited to this example. Each sled may contain a pool of each of the various types of physical resources (e.g., compute, memory, accelerator, storage). By having robotically accessible and robotically manipulable sleds comprising disaggregated resources, each type of resource can be upgraded independently of each other and at their own optimized refresh rate.

FIG. 3 illustrates an example of a data center 300 that may generally be representative of one in/for which one or more techniques described herein may be implemented according to various embodiments. In the particular non-limiting example depicted in FIG. 3, data center 300 comprises racks 302-1 to 302-32. In various embodiments, the racks of data center 300 may be arranged in such fashion as to define and/or accommodate various access pathways. For example, as shown in FIG. 3, the racks of data center 300 may be arranged in such fashion as to define and/or accommodate access pathways 311A, 311B, 311C, and 311D. In some embodiments, the presence of such access pathways may generally enable automated maintenance equipment, such as robotic maintenance equipment, to physically access the computing equipment housed in the various racks of data center 300 and perform automated maintenance tasks (e.g., replace a failed sled, upgrade a sled). In various embodiments, the dimensions of access pathways 311A, 311B, 311C, and 311D, the dimensions of racks 302-1 to 302-32, and/or one or more other aspects of the physical layout of data center 300 may be selected to facilitate such automated operations. The embodiments are not limited in this context.

FIG. 4 illustrates an example of a data center 400 that may generally be representative of one in/for which one or more techniques described herein may be implemented according to various embodiments. As shown in FIG. 4, data center 400 may feature an optical fabric 412. Optical fabric 412 may generally comprise a combination of optical signaling media (such as optical cabling) and optical switching infrastructure via which any particular sled in data center 400 can send signals to (and receive signals from) each of the other sleds in data center 400. The signaling connectivity that optical fabric 412 provides to any given sled may include connectivity both to other sleds in a same rack and sleds in other racks. In the particular non-limiting example depicted in FIG. 4, data center 400 includes four racks 402A to 402D. Racks 402A to 402D house respective pairs of sleds 404A-1 and 404A-2, 404B-1 and 404B-2, 404C-1 and 404C-2, and 404D-1 and 404D-2. Thus, in this example, data center 400 comprises a total of eight sleds. Via optical fabric 412, each such sled may possess signaling connectivity with each of the seven other sleds in data center 400. For example, via optical fabric 412, sled 404A-1 in rack 402A may possess signaling connectivity with sled 404A-2 in rack 402A, as well as the six other sleds 404B-1, 404B-2, 404C-1, 404C-2, 404D-1, and 404D-2 that are distributed among the other racks 402B, 402C, and 402D of data center 400. The embodiments are not limited to this example.

FIG. 5 illustrates an overview of a connectivity scheme 500 that may generally be representative of link-layer connectivity that may be established in some embodiments among the various sleds of a data center, such as any of example data centers 100, 300, and 400 of FIGS. 1, 3, and 4. Connectivity scheme 500 may be implemented using an optical fabric that features a dual-mode optical switching infrastructure 514. Dual-mode optical switching infrastructure 514 may generally comprise a switching infrastructure that is capable of receiving communications according to multiple link-layer protocols via a same unified set of optical signaling media, and properly switching such communications. In various embodiments, dual-mode optical switching infrastructure 514 may be implemented using one or more dual-mode optical switches 515. In various embodiments, dual-mode optical switches 515 may generally comprise high-radix switches. In some embodiments, dual-mode optical switches 515 may comprise multi-ply switches, such as four-ply switches. In various embodiments, dual-mode optical switches 515 may feature integrated silicon photonics that enable them to switch communications with significantly reduced latency in comparison to conventional switching devices. In embodiments, the dual-mode switch may be a single physical network wire that may be capable of carrying Ethernet or Omni-Path communication, which may be auto-detected by the dual-mode optical switch 515 or configured by the Pod management controller. This allows for the same network to be used for Cloud traffic (Ethernet) or High Performance Computing (HPC), typically Omni-Path or Infiniband. Moreover, and in some instances, an Omni-Path protocol may carry Omni-Path communication and Ethernet communication. In some embodiments, dual-mode optical switches 515 may constitute leaf switches 530 in a leaf-spine architecture additionally including one or more dual-mode optical spine switches 520. Note that in some embodiments, the architecture may not be a leaf-spine architecture, but may be a two-ply switch architecture to connect directly to the sleds.

In various embodiments, dual-mode optical switches may be capable of receiving both Ethernet protocol communications carrying Internet Protocol (IP packets) and communications according to a second, high-performance computing (HPC) link-layer protocol (e.g., Intel's Omni-Path Architecture's, Infiniband) via optical signaling media of an optical fabric. As reflected in FIG. 5, with respect to any particular pair of sleds 504A and 504B possessing optical signaling connectivity to the optical fabric, connectivity scheme 500 may thus provide support for link-layer connectivity via both Ethernet links and HPC links. Thus, both Ethernet and HPC communications can be supported by a single high-bandwidth, low-latency switch fabric. The embodiments are not limited to this example.

FIG. 6 illustrates a general overview of a rack architecture 600 that may be representative of an architecture of any particular one of the racks depicted in FIGS. 1 to 4 according to some embodiments. As reflected in FIG. 6, rack architecture 600 may generally feature a plurality of sled spaces into which sleds may be inserted, each of which may be robotically-accessible via a rack access region 601. In the particular non-limiting example depicted in FIG. 6, rack architecture 600 features five sled spaces 603-1 to 603-5. Sled spaces 603-1 to 603-5 feature respective multi-purpose connector modules (MPCMs) 616-1 to 616-5. In some instances, when a sled is inserted into any given one of sled spaces 603-1 to 603-5, the corresponding MPCM may couple with a counterpart MPCM of the inserted sled. This coupling may provide the inserted sled with connectivity to both signaling infrastructure and power infrastructure of the rack in which it is housed.

Included among the types of sleds to be accommodated by rack architecture 600 may be one or more types of sleds that feature expansion capabilities. FIG. 7 illustrates an example of a sled 704 that may be representative of a sled of such a type. As shown in FIG. 7, sled 704 may comprise a set of physical resources 705, as well as an MPCM 716 designed to couple with a counterpart MPCM when sled 704 is inserted into a sled space such as any of sled spaces 603-1 to 603-5 of FIG. 6. Sled 704 may also feature an expansion connector 717. Expansion connector 717 may generally comprise a socket, slot, or other type of connection element that is capable of accepting one or more types of expansion modules, such as an expansion sled 718. By coupling with a counterpart connector on expansion sled 718, expansion connector 717 may provide physical resources 705 with access to supplemental computing resources 705B residing on expansion sled 718. The embodiments are not limited in this context.

FIG. 8 illustrates an example of a rack architecture 800 that may be representative of a rack architecture that may be implemented in order to provide support for sleds featuring expansion capabilities, such as sled 704 of FIG. 7. In the particular non-limiting example depicted in FIG. 8, rack architecture 800 includes seven sled spaces 803-1 to 803-7, which feature respective MPCMs 816-1 to 816-7. Sled spaces 803-1 to 803-7 include respective primary regions 803-1A to 803-7A and respective expansion regions 803-1B to 803-7B. With respect to each such sled space, when the corresponding MPCM is coupled with a counterpart MPCM of an inserted sled, the primary region may generally constitute a region of the sled space that physically accommodates the inserted sled. The expansion region may generally constitute a region of the sled space that can physically accommodate an expansion module, such as expansion sled 718 of FIG. 7, in the event that the inserted sled is configured with such a module.

FIG. 9 illustrates an example of a rack 902 that may be representative of a rack implemented according to rack architecture 800 of FIG. 8 according to some embodiments. In the particular non-limiting example depicted in FIG. 9, rack 902 features seven sled spaces 903-1 to 903-7, which include respective primary regions 903-1A to 903-7A and respective expansion regions 903-1B to 903-7B. In various embodiments, temperature control in rack 902 may be implemented using an air cooling system. For example, as reflected in FIG. 9, rack 902 may feature a plurality of fans 919 that are generally arranged to provide air cooling within the various sled spaces 903-1 to 903-7. In some embodiments, the height of the sled space is greater than the conventional “1U” server height. In such embodiments, fans 919 may generally comprise relatively slow, large diameter cooling fans as compared to fans used in conventional rack configurations. Running larger diameter cooling fans at lower speeds may increase fan lifetime relative to smaller diameter cooling fans running at higher speeds while still providing the same amount of cooling. The sleds are physically shallower than conventional rack dimensions. Further, components are arranged on each sled to reduce thermal shadowing (i.e., not arranged serially in the direction of air flow). As a result, the wider, shallower sleds allow for an increase in device performance because the devices can be operated at a higher thermal envelope (e.g., 250 W) due to improved cooling (i.e., no thermal shadowing, more space between devices, more room for larger heat sinks, etc.).

MPCMs 916-1 to 916-7 may be configured to provide inserted sleds with access to power sourced by respective power modules 920-1 to 920-7, each of which may draw power from an external power source 921. In various embodiments, external power source 921 may deliver alternating current (AC) power to rack 902, and power modules 920-1 to 920-7 may be configured to convert such AC power to direct current (DC) power to be sourced to inserted sleds. In some embodiments, for example, power modules 920-1 to 920-7 may be configured to convert 277-volt AC power into 12-volt DC power for provision to inserted sleds via respective MPCMs 916-1 to 916-7. The embodiments are not limited to this example.

MPCMs 916-1 to 916-7 may also be arranged to provide inserted sleds with optical signaling connectivity to a dual-mode optical switching infrastructure 914, which may be the same as—or similar to—dual-mode optical switching infrastructure 514 of FIG. 5. In various embodiments, optical connectors contained in MPCMs 916-1 to 916-7 may be designed to couple with counterpart optical connectors contained in MPCMs of inserted sleds to provide such sleds with optical signaling connectivity to dual-mode optical switching infrastructure 914 via respective lengths of optical cabling 922-1 to 922-7. In some embodiments, each such length of optical cabling may extend from its corresponding MPCM to an optical interconnect loom 923 that is external to the sled spaces of rack 902. In various embodiments, optical interconnect loom 923 may be arranged to pass through a support post or other type of load-bearing element of rack 902. The embodiments are not limited in this context. Because inserted sleds connect to an optical switching infrastructure via MPCMs, the resources typically spent in manually configuring the rack cabling to accommodate a newly inserted sled can be saved. FIG. 10 illustrates an example of a sled 1004 that may be representative of a sled designed for use in conjunction with rack 902 of FIG. 9 according to some embodiments. Sled 1004 may feature an MPCM 1016 that comprises an optical connector 1016A and a power connector 1016B, and that is designed to couple with a counterpart MPCM of a sled space in conjunction with insertion of MPCM 1016 into that sled space. Coupling MPCM 1016 with such a counterpart MPCM may cause power connector 1016 to couple with a power connector comprised in the counterpart MPCM. This may generally enable physical resources 1005 of sled 1004 to source power from an external source, via power connector 1016 and power transmission media 1024 that conductively couples power connector 1016 to physical resources 1005.

Sled 1004 may also include dual-mode optical network interface circuitry 1026. Dual-mode optical network interface circuitry 1026 may generally comprise circuitry that is capable of communicating over optical signaling media according to each of multiple link-layer protocols supported by dual-mode optical switching infrastructure 914 of FIG. 9. In some embodiments, dual-mode optical network interface circuitry 1026 may be capable both of Ethernet protocol communications and of communications according to a second, high-performance protocol. In various embodiments, dual-mode optical network interface circuitry 1026 may include one or more optical transceiver modules 1027, each of which may be capable of transmitting and receiving optical signals over each of one or more optical channels. The embodiments are not limited in this context.

Coupling MPCM 1016 with a counterpart MPCM of a sled space in a given rack may cause optical connector 1016A to couple with an optical connector comprised in the counterpart MPCM. This may generally establish optical connectivity between optical cabling of the sled and dual-mode optical network interface circuitry 1026, via each of a set of optical channels 1025. Dual-mode optical network interface circuitry 1026 may communicate with the physical resources 1005 of sled 1004 via electrical signaling media 1028. In addition to the dimensions of the sleds and arrangement of components on the sleds to provide improved cooling and enable operation at a relatively higher thermal envelope (e.g., 250 W), as described above with reference to FIG. 9, in some embodiments, a sled may include one or more additional features to facilitate air cooling, such as a heatpipe and/or heat sinks arranged to dissipate heat generated by physical resources 1005. It is worthy of note that although the example sled 1004 depicted in FIG. 10 does not feature an expansion connector, any given sled that features the design elements of sled 1004 may also feature an expansion connector according to some embodiments. The embodiments are not limited in this context.

FIG. 11 illustrates an example of a data center 1100 that may generally be representative of one in/for which one or more techniques described herein may be implemented according to various embodiments. As reflected in FIG. 11, a physical infrastructure management framework 1150A may be implemented to facilitate management of a physical infrastructure 1100A of data center 1100. In various embodiments, one function of physical infrastructure management framework 1150A may be to manage automated maintenance functions within data center 1100, such as the use of robotic maintenance equipment to service computing equipment within physical infrastructure 1100A. In some embodiments, physical infrastructure 1100A may feature an advanced telemetry system that performs telemetry reporting that is sufficiently robust to support remote automated management of physical infrastructure 1100A. In various embodiments, telemetry information provided by such an advanced telemetry system may support features such as failure prediction/prevention capabilities and capacity planning capabilities. In some embodiments, physical infrastructure management framework 1150A may also be configured to manage authentication of physical infrastructure components using hardware attestation techniques. For example, robots may verify the authenticity of components before installation by analyzing information collected from a radio frequency identification (RFID) tag associated with each component to be installed. The embodiments are not limited in this context.

As shown in FIG. 11, the physical infrastructure 1100A of data center 1100 may comprise an optical fabric 1112, which may include a dual-mode optical switching infrastructure 1114. Optical fabric 1112 and dual-mode optical switching infrastructure 1114 may be the same as—or similar to—optical fabric 412 of FIG. 4 and dual-mode optical switching infrastructure 514 of FIG. 5, respectively, and may provide high-bandwidth, low-latency, multi-protocol connectivity among sleds of data center 1100. As discussed above, with reference to FIG. 1, in various embodiments, the availability of such connectivity may make it feasible to disaggregate and dynamically pool resources such as accelerators, memory, and storage. In some embodiments, for example, one or more pooled accelerator sleds 1130 may be included among the physical infrastructure 1100A of data center 1100, each of which may comprise a pool of accelerator resources—such as co-processors and/or FPGAs, for example—that is available globally accessible to other sleds via optical fabric 1112 and dual-mode optical switching infrastructure 1114.

In another example, in various embodiments, one or more pooled storage sleds 1132 may be included among the physical infrastructure 1100A of data center 1100, each of which may comprise a pool of storage resources that is available globally accessible to other sleds via optical fabric 1112 and dual-mode optical switching infrastructure 1114. In some embodiments, such pooled storage sleds 1132 may comprise pools of solid-state storage devices such as solid-state drives (SSDs). In various embodiments, one or more high-performance processing sleds 1134 may be included among the physical infrastructure 1100A of data center 1100. In some embodiments, high-performance processing sleds 1134 may comprise pools of high-performance processors, as well as cooling features that enhance air cooling to yield a higher thermal envelope of up to 250 W or more. In various embodiments, any given high-performance processing sled 1134 may feature an expansion connector 1117 that can accept a far memory expansion sled, such that the far memory that is locally available to that high-performance processing sled 1134 is disaggregated from the processors and near memory comprised on that sled. In some embodiments, such a high-performance processing sled 1134 may be configured with far memory using an expansion sled that comprises low-latency SSD storage. The optical infrastructure allows for compute resources on one sled to utilize remote accelerator/FPGA, memory, and/or SSD resources that are disaggregated on a sled located on the same rack or any other rack in the data center. The remote resources can be located one switch jump away or two-switch jumps away in the spine-leaf network architecture described above with reference to FIG. 5. The embodiments are not limited in this context.

In various embodiments, one or more layers of abstraction may be applied to the physical resources of physical infrastructure 1100A in order to define a virtual infrastructure, such as a software-defined infrastructure 1100B. In some embodiments, virtual computing resources 1136 of software-defined infrastructure 1100B may be allocated to support the provision of cloud services 1140. In various embodiments, particular sets of virtual computing resources 1136 may be grouped for provision to cloud services 1140 in the form of SDI services 1138. Examples of cloud services 1140 may include—without limitation—software as a service (SaaS) services 1142, platform as a service (PaaS) services 1144, and infrastructure as a service (IaaS) services 1146.

In some embodiments, management of software-defined infrastructure 1100B may be conducted using a virtual infrastructure management framework 1150B. In various embodiments, virtual infrastructure management framework 1150B may be designed to implement workload fingerprinting techniques and/or machine-learning techniques in conjunction with managing allocation of virtual computing resources 1136 and/or SDI services 1138 to cloud services 1140. In some embodiments, virtual infrastructure management framework 1150B may use/consult telemetry data in conjunction with performing such resource allocation. In various embodiments, an application/service management framework 1150C may be implemented in order to provide QoS management capabilities for cloud services 1140. The embodiments are not limited in this context.

FIG. 12 illustrates an example of a data center 1200 that may generally be representative of a data center or other type of computing network in/for which one or more techniques described herein may be implemented according to various embodiments. As shown in FIG. 12, the data center 1200 may be similar to and include features and components previously discussed. For example, the data center 1200 may generally contain a plurality of racks 1202A to 1202D, each of which may house computing equipment including a respective set of physical resources 1205A-x to 1205D-x, where x may be any positive integer from 1 to 4. The physical resources 1205 may be contained within a number of sleds 1204A through 1204D. As mentioned, the physical resources 1205 may include resources of multiple types, such as—for example—processors, co-processors, field-programmable gate arrays (FPGAs), memory, accelerators, and storage. Moreover, the physical resources 1205 may be physical memory resources, physical compute resources, physical storage resources, physical accelerator resources, etc.

In embodiments, the physical resources 1205 may be pooled within racks and between racks. For example, physical resources 1205A-1 of sled 1204A-1 may be pooled with physical resources 1205A-3 of sled 1204A-3 to provide combined processing capabilities for workloads across sleds within the same rack, e.g. rack 1202A. Similarly, physical resources of one or more racks may be combined with physical resources of one or more other racks to create a pool of physical resources to process a workload. In one example, the physical resources 1205A-3 may be combined and pooled with physical resources of 1205B-1, which are located within rack 1202A and rack 102B, respectively. Any combination of physical resources 1205 may be pooled to process a workload and embodiments are not limited in this manner. Moreover, some embodiments may include more or less physical resources 1205, sleds 1204, and racks 1202 and the illustrated example should not be construed in a limiting manner.

In the illustrated example of FIG. 12, the data center 1200 may provide control and management functionality for the sleds 1204 via cloud-based components, such as the pod management controller 1231. The control and management functionality may include controlling updates and configurations settings by the pod management controller 1231 based on access levels of operation. For example, the pod management controller 1231 may receive update requests from one or more users accessing the data center 1200, via a client 1279. Theses update requests may be requested to update the firmware, change a configuration setting or a basic input/output system (BIOS) setting, and so forth. The pod management controller 1231 may determine an access level of operation for a user invoking an update request based an identification of the user, utilizing an identification scheme, e.g. a provided username and password. The pod management controller 1231 can use the identification to perform a lookup in a database, such as data store 1277, to determine an access level of operation for the user, for example.

In embodiments, the pod management controller 1231 may communicate, an access level of operation to a sled or component attempted to be accessed by a user, and circuitry may determine whether to permit the user to perform an operation, such as a firmware update or change a configuration setting based on the access level operation. In some instances, the circuitry may determine which configuration settings a user may be permitted to change based on the access level of operation and enable changing of those settings. The updates and setting changes may be applied to hardware and software elements of a sled 1204, as will be discussed in more detail below.

The pod management controller 1231 may provide the access level of operation in various forms. For example, the access level of operation may be specific and specify which hardware components a user is permitted to update and which configuration settings the user is permitted to change. In other instances, the access level of operation may be a priority level, such as a high priority level, a middle priority level, and a low priority. The circuitry may determine permissions to make changes based on these priority levels. For example, a user having a higher priority access level of operation may be permitted to change more hardware and software configuration settings and apply firmware updates, than a user having a lower priority access level of operation. In some instances, a user having a low priority access level of operation may not be permitted to make any changes. Embodiments are not limited in this manner.

In some embodiments, the priority level for the access level of operation may be an indication on a scale from x to y, such as 1 to 10, where the settings available to a user to change and the updates a user may make are dependent on the indication of the access level of operation. For example, a user associated with a one (1) access level of operation may not be able to change any settings nor update any firmware. By contrast, a user associated with a ten (10) access level of operation may be able to change every setting and update any firmware. The changes and updates a user is permitted to make may be dependent on the access level of operation indication. Generally, as the indication of the access level of operation gets higher, the more changes and updates a user can make, and vice versa. Note that embodiments are not limited to the above example, and in some instances, a lower number, such as one (1), may indicate that the user is permitted to change all of the settings and make all of the updates. While a higher number, such as ten (10) may indicate that a user is not permitted to make any changes and updates.

In some embodiments, the access level of operation may provide an indication of a user type. For example, the access level of operation may indicate that an administrator is attempting to make changes to the data center and sled 1204. In another example, the access level of operation may indicate that a user may be attempting to make changes to the data center and sled 1204. Moreover and in some instances, an administrator or user may have various levels of access as previously discussed. For example, the access level of operation may indicate a user is attempting to make changes and provide an indication of a priority level associated with the user. Embodiments are not limited by granularity for which a user or administrator may be associated with an access level of operation. Each user and administrator may have their own access level of operation, which may or may not be the same as another user or administrator.

The pod management controller 1231 may provide other functionality and control including determining physical resources 1205 to process workloads. These determinations may be based on service level agreement requirements, the physical resources 1205, and other factors, such as location, network configurations, and so forth. To determine which physical resources 1205 are to process one or more tasks of the workload and a configuration of for the physical resources 1205. The pod management controller 1231 may distribute or cause the distribution of the workloads communicated to the appropriate sleds 1204 via one or more networks, such as an optical fiber network. In some instances, the workload may go through the pod management controller 1231. However, embodiments are not limited in this manner and some instances; the workload may be sent directly from a client 1279 to the appropriate sled 1204.

As mentioned, the pod management controller 1231 may provide one or more indications of access levels of operation to a sled 1204. The sled 1204 may receive the one or more indications and enable or disable configurations settings and firmware updates based on an access level of operation. For example, the sled 1204 may enable or disable a firmware update capability to update or change firmware for a firmware device. In another example, the sled 1204 may enable or disable particular BIOS settings for change based on an access level of operation. These and other details will become more apparent in the following description.

FIG. 13 illustrates an example of a sled 1304 that may be representative of a sled designed for use in conjunction with the racks discussed herein, for example. In embodiments, sled 1304 may be similar to and have similar components and functionality as sled 1004 discussed in FIG. 13. Sled 1304 may feature an MPCM 1316 that which may include an optical connector 1316A, a power connector 1316B, and an ETH connector 1316C, and that is designed to couple with a counterpart MPCM of a sled space in conjunction with insertion of MPCM 1316 into that sled space. Coupling MPCM 1316 with such a counterpart MPCM may cause power connector 1316B to couple with a power connector comprised in the counterpart MPCM. This may enable physical resources 1305 of sled 1304 to source power from an external source, via power connector 1316B and power transmission media 1324 that conductively couples power connector 1316 to physical resources 1305.

Sled 1304 may also include dual-mode optical network interface circuitry 1326. Dual-mode optical network interface circuitry 1326 may include circuitry that is capable of communicating over optical signaling media according to each of multiple link-layer protocols supported by dual-mode optical switching infrastructure, as previously discussed in FIGS. 9 and 10. In some embodiments, dual-mode optical network interface circuitry 1326 may be capable both of Ethernet protocol communications and of communications according to a second, high-performance protocol. In various embodiments, dual-mode optical network interface circuitry 1326 may include one or more optical transceiver modules 1327, each of which may be capable of transmitting and receiving optical signals over each of one or more optical channels. The embodiments are not limited in this context.

Coupling MPCM 1316 with a counterpart MPCM of a sled space in a given rack may cause optical connector 1316A to couple with an optical connector comprised in the counterpart MPCM. This may generally establish optical connectivity between optical cabling of the sled and dual-mode optical network interface circuitry 1326, via each of a set of optical channels 1325. Dual-mode optical network interface circuitry 1326 may communicate with the physical resources 1305 of sled 1304 via electrical signaling media 1328.

The sled 1304 may also include a management controller 1362, which may be capable of performing management functions for the sled 1304 and the physical resources 1305. For example, the management controller 1362 provides management functionality including sending metric data to a pod management controller or rack management controller. In some instances, the management controller 1362 may utilize an Intelligent Platform Management Interface (IPMI) architecture or Redfish architecture and may be a baseboard management controller (BMC), Redfish interface, Innovation Engine (IE), Manageability engine (ME) or specialized service processor that monitors the physical state and operational state of the physical resources 1305. In some instances, the management controller 1362 may be a sled management controller. Embodiments are not limited in this manner.

The sled 1304 may also include physical resources 1305, including but not limited to, physical memory resources 1305-1, physical compute resources 1305-2, physical storage resources 1305-3, and physical accelerator resources 1305-4. Examples of a physical memory resource 1305-1 may be any type of memory, such as any machine-readable or computer-readable media capable of storing data, including both volatile and non-volatile memory. In some embodiments, the machine-readable or computer-readable medium may include a non-transitory medium. Moreover, physical memory resource 1305-1 may include in the form of one or more higher speed memory units, such as read-only memory (ROM), random-access memory (RAM), dynamic RAM (DRAM), Double-Data-Rate DRAM (DDRAM), synchronous DRAM (SDRAM), static RAM (SRAM), programmable ROM (PROM), erasable programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), flash memory, polymer memory such as ferroelectric polymer memory, ovonic memory, phase change or ferroelectric memory, silicon-oxide-nitride-oxide-silicon (SONOS) memory, magnetic or optical cards, an array of devices such as Redundant Array of Independent Disks (RAID) drives, solid state memory devices (e.g., USB memory, solid state drives (SSD) and any other type of storage media suitable for storing information. Embodiments are not limited to these examples.

Examples of a physical compute resource 1305-2 may be any type of circuitry capable of processing information. Moreover, a physical compute resources 1305-2 may be implemented using any processor or logic device. The physical compute resource 1305-2 may be one or more of any type of computational element, such as but not limited to, a microprocessor, a processor, central processing unit, digital signal processing unit, dual-core processor, mobile device processor, desktop processor, single core processor, a system-on-chip (SoC) device, complex instruction set computing (CISC) microprocessor, a reduced instruction set (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, or any other type of processor or processing circuit on a single chip or integrated circuit. The physical compute resource 1305-2 may be connected to and communicate with the other physical resources 1305 of the computing system via an interconnect, such as one or more buses, control lines, and data lines.

In embodiments, a physical storage resource 1305-3 may be any type of storage, and may be implemented as a non-volatile storage device such as, but not limited to, a magnetic disk drive, optical disk drive, tape drive, an internal storage device, an attached storage device, flash memory, battery backed-up SDRAM (synchronous DRAM), and/or a network accessible storage device. In embodiments, a physical storage resource 1305-3 may include technology to increase the storage performance enhanced protection for valuable digital media when multiple hard drives are included, for example. Further examples of physical storage resource 1305-3 may include a hard disk, floppy disk, Compact Disk Read Only Memory (CD-ROM), Compact Disk Recordable (CD-R), Compact Disk Rewriteable (CD-RW), optical disk, magnetic media, magneto-optical media, removable memory cards or disks, various types of DVD devices, a tape device, a cassette device, or the like. The embodiments are not limited in this context.

A physical accelerator resource 1305-4 may be any type of accelerator device designed to increase processing power of a processor, such as the physical compute resource 1305-2. The physical accelerator resource 1305-4 accelerates transmission or processing beyond processor capabilities. In one example, a physical accelerator resource 1305-4 may compute faster floating-point units (FPUs) by assisting in math calculations or by increasing speed. In another example, the physical accelerator resource 1305-4 may be a graphics processing units (GPUs) for 3-D images or faster graphic displays. Embodiments, the physical accelerator resource 1305-4 may be implemented as field programmable gate arrays (FPGAs); however, embodiments are not limited in this manner.

In embodiments, the sled 1304 may also include processing circuitry 1313 capable of executing one or more instructions, such as logic 1311, stored in memory. The instructions may determine access levels of operation for one or more users and to enable and disable firmware updates and configuration settings based on the access levels of operations. The logic 1311 may be code stored in non-volatile memory. The instructions may be communicated via one or more interconnects 1378 between the logic 1311 and the processing circuitry 1313 for execution, for example. Note that FIG. 13 illustrates processing circuitry 1313 and logic 1311 being separate and standalone components; however, embodiments are not limited in this manner. For example, one or more of the processing circuitry 1313 and logic 1311 may be implemented in another component, such as the management controller 1362 or a physical compute resource 1305-2. The processing circuitry 1313 and logic 1311 may also be implemented as part of the same component. In some instances, the processing circuitry 1313 may be implemented in a computer processing unit. However, embodiments are not limited in this manner.

In some instances, the processing circuitry 1313 may receive an indication of an access level of operation for a user from a pod management controller or another device in a cloud computing environment. Moreover, a pod management controller may send an access level of operation associated with a user via one or more network links coupled with Ethernet (ETH) connector 1316C and ETH circuitry 1352. In some instances, the access levels of operation may be provided to the processing circuitry 1313 via an out-of-band network coupled with the ETH connector 1316C and ETH circuitry 1352 and interconnect 1338 and 1368. However, embodiments are not limited in this manner, and the access levels of operation may be provided to the processing circuitry 1313 via an optical network coupled with optical connect 1316A and dual-mode optical network interface circuitry 1326, for example.

As mentioned, the processing circuitry 1313 may enable or disable a firmware update capability for a firmware device of the sled 1304 based on an access level of operation. For example, the access level of operation may be an administrative access level of operation, and a user may be enabled to change the firmware of a firmware device. In another example, the access level of operation may be a user level of operation and the firmware update capability may be disabled such that the firmware of a firmware device cannot be updated or changed. In some embodiments, certain user levels of operation may be enabled to update firmware, e.g. a user level of operation having a higher priority level.

In embodiments, a firmware update capability updates or changes firmware for the firmware device, which may include copying one or more firmware instructions into the firmware device or a memory of a firmware device. The firmware device may be included or part of any of the components of the sled 1304, such as the management controller 1362, the BIOS 1317, a manageability engine (ME) 1315, a physical memory resource 1305-1, a physical compute resource 1305-2, a physical storage resource 1305-3, a physical accelerator resource 1305-4, ETH circuitry 1352, dual mode optical network interface circuitry 1326, and other components such as an innovation engine, and so forth.

In embodiments, the processing circuitry 1313 may disable the firmware update capability by routing or intercepting the system management interrupt (SMI) code. More specifically, the processing circuitry 1313 may block the interrupt to prevent the sled 1304 to prevent the update of a firmware device. Alternatively, the processing circuitry 1313 may permit the interrupt to enable the firmware update capability. Thus, when the interrupt fires or is invoked, the sled 1304 enters the system management mode, and the firmware device may be updated. This method may be utilized for devices typically receiving an in-band firmware update, such as the BIOS 1317, the ME 1315, management controller 1362, and ETH circuitry 1352.

The processing circuitry 1313 may disable and enable firmware update capabilities for other devices, such as in add-in components, by causing the BIOS 1317 to communicate information via a system management bus (SMBUS) or an in-band communication link, such as interconnects 1358, to the firmware device. For example, the processing circuitry 1313 may cause the BIOS 1317 to communicate disable firmware update capability information to the firmware device to disable the firmware update capability. In another example, the processing circuitry 1313 may cause the BIOS 1317 to communicate enable firmware update capability information via the SMBUS or the in-band communication link to the firmware device to enable the firmware update capability. The firmware update capability information may be consumed by the SMBUS mechanism or in-band mechanism of the firmware device. Once the update firmware information is set, the add-in component may not allow reconfiguration or firmware updates until a reset or privileged software (SMI or BMC 00B access) is entered. An add-in component may include a physical memory resource 1305-1, such as a memory module including Intel's® 3D XPoint® dual in-line memory module (DIMM). Another example of an add-in component may include a physical storage resource 1305-3, such as a solid state drive (SSD). Embodiments are not limited to these examples.

In embodiments, the processing circuitry 1313 may also control BIOS settings for the sled 1304. More specifically, the processing circuitry 1313 may determine which BIOS settings a user can change or configure based on the access level of operation for the user. In one example, the processing circuitry 1313 may enable all of the BIOS settings for configuration for the BIOS 1317 when the access level of operation is an administrative access level of operation. In another example, the processing circuitry 1313 may enable more BIOS settings for configuration for higher priority access levels of operation than lower priority access levels of operation. In some embodiments, the processing circuitry 1313 may enable an administrator to pick which BIOS settings are available for configuration for each access level of operation. Thus, the system is highly configurable and different users may be presented with their set of BIOS settings for configuration based on the picks made by the administrator.

In embodiments, the processing circuitry 1313 may enable more than one user or administrator to set one or more BIOS settings on the same system or sled 1304 operating at the same time. For example, a user or administrator may be presented or enabled to change BIOS settings in a virtual environment, such as one provided by a virtual machine operating on a virtual machine monitor (VMM), e.g. Hypervisor. Thus, a user accessing a sled 1304 via a client may configure one or more BIOS settings based on an access level of operation in a virtual machine environment. On the same sled 1304, a different user accessing the sled 1304 via a client may configure one or more BIOS settings in a different virtual machine environment. Since the BIOS settings are set in the virtual machine environments, they will not interfere with each other. The BIOS settings may be set differently in different virtual machine environments on the same sled 1304. In one example, a first user may set a specific operating frequency for a virtual machine presented to the first user and a second user may set a different operating frequency for a virtual machine presented to the second user. In another example, the access level of operation may be used to determine which user may change settings over other users on the same sled in different virtual environment. For example, a user having a higher access level of operation (more privileged) may set hyper threading on or off for the sled and other users in the different environment will be affect, but cannot change the setting. Embodiments are not limited to controlling BIOS settings based on an access level of operation. Other settings may be configurable or not configurable based on the access level of operation of a user.

FIG. 14 illustrates an example functional block diagram 1400 of components for controlling system updates and settings. The functional block diagram 1400 may represent and include components of a sled, such as a sled 1304 of FIG. 13. The components of functional block diagram 1400 may be implemented in hardware only, software only, or a combination thereof.

In the illustrated example, the functional block diagram 1400 includes interface circuitry 1452, which may include ETH circuitry and dual-mode optical network interface circuitry. In embodiments, the interface circuitry 1452 may receive information and data via one or more networking links (not shown). For example, the interface circuitry 1452 may receive an indication of an access level of operation for a user. The interface circuitry 1452 may also receive other information include requests to update the firmware, change configuration settings, process workloads, invoke or restart a virtual environment, and so forth.

The functional block diagram 1400 may also include other components, such as a management controller 1462, a manageability engine 1415, and physical resources 1405. These components may operate and perform functions as the same named components discussed in FIG. 13. For example, the management controller 1462 may be a BMC or specialized processor capable of managing various aspects of a sled, such as the manageability engine (ME) or IE. The ME 1415 may be an interface to enable interactions between high-level and low-level hardware systems of a sled. The physical resources 1405 may be utilized by clients to perform workloads. Embodiments are not limited to these examples.

In embodiments, the functional block diagram 1400 includes other systems and components such as one or more of a BIOS, a unified extensible firmware interface (UEFI), and a system management mode component (SMM) 1417. These components may define a software interface between an operating system and platform firmware and provide a system management mode of operation for executing privileged instructions, e.g. a ring −2 mode of operation.

In embodiments, the functional block diagram 1400 and system includes a virtual machine manager (VMM) 1455 which may provide a virtual management functionality for a data center, racks, and sleds. In embodiments, the VMM 1455 may enable a user to configure and manage virtualization hosts, networking, storage resources to deploy one or more virtual machines 1457, for example. A virtual machine 1457 may be dynamically created and destroyed on a system and provide a virtual environment in which a user may utilize to process workloads. As previously discussed, the virtual machines 1457 may enable a user to configure certain settings, such as BIOS settings, without affected settings on the same system or sled set in a different virtual environment.

FIG. 15 illustrates an embodiment of logic flow 1500. The logic flow 1500 may be representative of some or all of the operations executed by one or more embodiments described herein. For example, the logic flow 1500 may illustrate operations performed by a sled, and in particular circuitry, to enable or disable a firmware update capability. However, embodiments are not limited in this, and one or more operations may be performed by other components or systems discussed herein.

At block 1502, the logic flow 1500 may include determining an access level of operation for a user or administrator attempting to access and update a firmware device of a sled. In some instances, the access level of operation may be provided to a sled and circuitry from a pod management controller used to control a data center. An indication of an access level of operation may be communicated to a sled in an OOB communication utilizing one or more Ethernet links or other OOB management links, such as an Omni-path link with virtual local area network (VLAN) support or via WiFi. Moreover, the access level of operation may be communicated utilize a protocol, such as IMPI or Redfish

In embodiments, the access level of operation may indicate or be used to determine which updates and configuration changes a user or administrator is permitted to make to a sled and components thereof. In some instances, the access level of operation may be communicated to a sled when a user or administrator is initially trying to access the sled, e.g. when a sled is being composed. In another example, a user may be attempting to utilize the sled and physical resources to process a workload and attempting to make updates and changes when generating a virtual machine environment for the workload. Embodiments are not limited to these examples.

At decision block 1504, a determination may be made as to whether a user or administrator has permission to complete the update or configuration change based on the access level of operation. Embodiments may include determining whether to enable or disable a firmware update capability based on an access level of operation. For example, an administrator may be enabled to update a firmware device of the sled. Alternatively, a user may not be able to update a firmware device.

In some embodiments, some users may be permitted to update a firmware device based on a priority level associated with the user. For example, a user having a higher level priority may be enabled to update the firmware device, while a user having a lower priority level may be denied updating the firmware device. The priority may be based on a scale, e.g. from 1 to 10, and various levels may be permitted to update a firmware device. For example, users having a priority level from 1-5 may be permitted to update a firmware device, while users having a priority level from 6-10 may not be permitted to update the firmware device. The access level of operations and priority levels having permission to update firmware may be determined at the time of manufacturing or configurable by an administrator. In some embodiments, the priority level may be a privilege level for a user or administrator, such as Administrator, Root, Super User (SU), and so forth

In some embodiments, different access levels of operation may be permitted to update firmware for particular firmware devices, while not permitted to update firmware for other devices. For example, a user may be permitted to update firmware for an add-in component, but not the management controller. Each access level of operation may be assigned firmware devices for which they are permitted to update.

At block 1506, the logic flow 1500 includes disabling a firmware update capability for a firmware device based on the access level of operation. To disable the firmware update capability, the SMM will not perform the firmware update for the firmware device for uses that do not have the appropriate access level of operation or update privilege. In some instances, embodiments may include causing a BIOS to communicate disable firmware update capability information via a SMBUS or an in-band communication link to the firmware device.

At block 1508, the logic flow 1500 include enabling a firmware update capability for a firmware device based on the access level of operation. To enable the firmware update capability, embodiments may include permitting the interrupt (SMI) enable the firmware update capability and to prevent the interrupt (SMI) to disable the firmware update capability to change the firmware. In another example, embodiments may include causing the BIOS to communicate enable firmware update capability information via the SMBUS or the in-band communication link to the firmware device to enable the firmware update capability. Embodiments are not limited to these examples.

FIG. 16 illustrates an embodiment of logic flow 1600. The logic flow 1600 may be representative of some or all of the operations executed by one or more embodiments described herein. For example, the logic flow 1600 may illustrate operations performed by a sled, and in particular circuitry, to enable or disable BIOS settings for configuration. In embodiments, the BIOS settings may be determined and presented to a user during a boot sequence of a sled or invocation of a virtual machine instance. These and other details will become more apparent in the following description.

At block 1602, the logic flow 1600 may include determining an access level of operation for a user or administrator attempting to access and update configuration or BIOS settings of a sled. In some instances, the access level of operation may be provided to a sled and circuitry from a pod management controller used to control a data center. An indication of an access level of operation may be communicated to a sled in an OOB communication utilizing one or more Ethernet links or other management links from the pod management controller.

In embodiments, the access level of operation may indicate or be used to determine which configuration changes a user or administrator is permitted to make to a sled and components thereof and presented in a display. In some instances, the access level of operation may be communicated to a sled when a user or administrator is initially trying to access the sled, e.g. when a sled is being composed. In another example, a user may be attempting to utilize the sled and physical resources to process a workload and attempting to make updates and changes when generating a virtual machine environment for the workload. Embodiments are not limited to these examples.

At block 1604, the logic flow 1600 includes determining which configuration settings a user or administrator is permitted to change. In embodiments, these configuration settings may include BIOS setting, such as those presented in a BIOS menu during a boot sequence of a sled or initialization of a virtual machine environment.

In embodiments, the determination is based on the access level of operation. In some instances, an administrator may be permitted to change all of the configuration settings, while a user may not be permitted to change the configuration settings. In embodiments, a user may be permitted to change particular configuration settings. For example, a user having a higher access level of operation may be capable of changing more configuration settings than a user having a lower access level of operation. In some embodiments, the configuration settings enabled may be set by an administrator. More specifically, an administrator may determine which configuration settings a user can adjust via the access level of operation.

At block 1606, the logic flow 1600 includes enabling configuration settings for configuration. The enabled configuration settings are based on the access level of operation. In some instances, which configuration settings may be communicated to circuitry from a pod management controller. In other instances, circuitry may perform a look up in a database or data store based on the access level of operation. In some instances, a user may not be enabled to change any configuration settings may be presented with information indicating as such.

At block 1608, the logic flow 1600 includes causing presentation of the enabled configuration settings. For example, a display may be generated having the configuration settings a user/administrator is enabled to change or set. The display may be presented to a user on a client device via one or more networking links in cloud-based computing environment. In some instances, the configuration settings may be applied in a virtual machine operating environment. As previously discussed, configuration settings may be different between virtual machine environments on the same system or sled. Embodiments are not limited in this manner.

FIG. 17 illustrates an embodiment of logic flow 1700. The logic flow 1700 may be representative of some or all of the operations executed by one or more embodiments described herein. For example, the logic flow 1700 may illustrate operations performed by a sled, and in particular circuitry, to enable or disable a firmware update capability. However, embodiments are not limited in this, and one or more operations may be performed by other components or systems discussed herein.

The logic flow 1700, at block 1705, includes determining an access level of operation based on an indication received via one or more network links from a pod management controller. The access level of operation may be associated with a user or administrator and indicate whether the user or administrator is permitted to update a firmware device or not. In some embodiments, the access level of operation may be a priority level and circuitry may determine whether a user or administrator is permitted to update a firmware device based on the priority level. At block 1710, the logic flow includes enabling or disabling a firmware update capability for a firmware device based on the access level of operation, the firmware update capability to change firmware for the firmware device.

FIG. 18 illustrates an embodiment of logic flow 1800. The logic flow 1800 may be representative of some or all of the operations executed by one or more embodiments described herein. For example, the logic flow 1800 may illustrate operations performed by a sled, and in particular circuitry, to enable or disable configuration settings for configuration. In embodiments, the BIOS settings may be determined and presented to a user during a boot sequence of a sled or invocation of a virtual machine instance. These and other details will become more apparent in the following description.

At block 1805, the logic flow 1800 includes determining an access level of operation based on an indication received via one or more network links from a pod management controller. Further and at block 1810, the logic flow 1800 includes determining one or more configuration settings of a plurality of configuration settings to enable for configuration based on the access level of operation. The logic flow 1800 includes enabling configuration of the one or more configuration settings. Embodiments are not limited in this manner.

The detailed disclosure now turns to providing examples that pertain to further embodiments. Examples one through thirty-six (1-36) provided below are intended to be exemplary and non-limiting.

In a first example, a system, a device, an apparatus, and so forth may include processing circuitry, and logic to determine an access level of operation for based on an indication received via one or more network links from a pod management controller, and enable or disable a firmware update capability for a firmware device of based on the access level of operation, the firmware update capability to change firmware for the firmware device.

In a second example and in furtherance of the first example, a system, a device, an apparatus, and so forth including the logic to disable the firmware update capability via a management mode and to enable the firmware update capability via the management mode, the management mode to prevent processing of an interrupt to disable the firmware update capability and to allow processing of the interrupt to enable the firmware update capability.

In a third example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the logic to cause a basic input/output system (BIOS) to communicate disable firmware update capability information via a system management bus (SMBUS) or an in-band communication link to the firmware device to disable the firmware update capability and cause the BIOS to communicate enable firmware update capability information via the SMBUS or the in-band communication link to the firmware device to enable the firmware update capability.

In a fourth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the logic to enable the firmware update capability if the access level of operation is an administrative access level and to disable the firmware update capability if the access of operation is a user access level.

In a fifth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth wherein one of a basic input/output system (BIOS), a management entity (ME), a baseboard management controller, a memory module, a storage device, an accelerator device, and a field-programmable gate array device comprises the firmware device.

In a sixth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the logic to receive the indication indicating the access level of operation comprising one of an administrative access level and a user access level from the pod management controller.

In a seventh example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including a network interface coupled with the processing circuitry and the one or more network links, and the network interface to receive the indication via the one or more network links from the pod management controller during a boot sequence.

In an eighth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including processing circuitry, and logic to determine an access level of operation based on an indication received via one or more network links from a pod management controller, determine one or more configuration settings of a plurality of configuration settings to enable for configuration based on the access level of operation, and enable configuration of the one or more configuration settings.

In a ninth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the access level of operation comprising one of a plurality of user access levels, and the logic to determine which of the one or more configuration settings to enable based on the one of the plurality of user access levels.

In a tenth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the access level of operation comprising an administrative user access level, and the logic to determine to enable the plurality of configuration settings for configuration.

In an eleventh example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including logic to determine another access level of operation based on another indication received via one or more network links from the pod management controller, determine another one or more configuration settings of the plurality of configuration settings to enable for configuration for the another access level of operation, and enable configuration of the another one or more configuration settings.

In a twelfth example and in furtherance of any of the previous examples, a system, a device, an apparatus, and so forth including the logic to enable configuration of the one or more configuration settings in a first virtual environment and enable configuration of the another one or more configuration settings in a second virtual environment.

In a thirteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to determine an access level of operation based on an indication received via one or more network links from a pod management controller, and enable or disable a firmware update capability for a firmware device based on the access level of operation, the firmware update capability to change firmware for the firmware device.

In a fourteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to disable the firmware update capability via a management mode by preventing processing of an interrupt, and enable the firmware update capability via the management mode by allowing processing of the interrupt.

In a fifteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to cause a basic input/output system (BIOS) to communicate disable firmware update capability information via a system management bus (SMBUS) or an in-band communication link to the firmware device to disable the firmware update capability, and cause the BIOS to communicate enable firmware update capability information via the SMBUS or the in-band communication link to the firmware device to enable the firmware update capability.

In a sixteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to enable the firmware update capability if the access level of operation is an administrative access level and to disable the firmware update capability if the access of operation is a user access level.

In a seventeenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, wherein one of a basic input/output system (BIOS), a management entity (ME), a baseboard management controller, a memory module, a storage device, an accelerator device, and a field-programmable gate array device comprises the firmware device.

In an eighteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to receive the indication indicating the access level of operation comprising one of an administrative access level and a user access level from the pod management controller.

In a nineteenth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to receive, via network interface and one or more network links, the indication from the pod management controller during a boot sequence.

In a twentieth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to determine an access level of operation system based on an indication received via one or more network links from a pod management controller, determine one or more configuration settings of a plurality of configuration settings to enable for configuration based on the access level of operation, and enable configuration of the one or more configuration settings.

In a twenty-first example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising the access level of operation comprising one of a plurality of user access levels, and the processing circuitry to determine which of the one or more configuration settings to enable based on the one of the plurality of user access levels.

In a twenty-second example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising the access level of operation comprising an administrative user access level, and the processing circuitry to determine to enable the plurality of configuration settings for configuration.

In a twenty-third example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to determine another access level of operation based on another indication received via one or more network links from the pod management controller, determine another one or more configuration settings of the plurality of configuration settings to enable for configuration for the another access level of operation, and enable configuration of the another one or more configuration settings.

In a twenty-fourth example and in furtherance of any of the previous examples, a non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to enable configuration of the one or more configuration settings in a first virtual environment and enable configuration of the another one or more configuration settings in a second virtual environment.

In a twenty-fifth example and in furtherance of any of the previous examples, a computer-implemented method may include determining an access level of operation based on an indication received via one or more network links from a pod management controller, and enabling or disabling a firmware update capability for a firmware device based on the access level of operation, the firmware update capability to change firmware for the firmware device.

In a twenty-sixth example and in furtherance of any of the previous examples, a computer-implemented method may include disabling the firmware update capability via a management mode by preventing processing of an interrupt, and enabling the firmware update capability via the management mode by allowing processing of the interrupt.

In a twenty-seventh example and in furtherance of any of the previous examples, a computer-implemented method may include causing a basic input/output system (BIOS) to communicate disable firmware update capability information via a system management bus (SMBUS) or an in-band communication link to the firmware device to disable the firmware update capability, and causing the BIOS to communicate enable firmware update capability information via the SMBUS or the in-band communication link to the firmware device to enable the firmware update capability.

In a twenty-eighth example and in furtherance of any of the previous examples, a computer-implemented method may include enabling the firmware update capability if the access level of operation is an administrative access level and to disable the firmware update capability if the access of operation is a user access level.

In a twenty-ninth example and in furtherance of any of the previous examples, a computer-implemented method wherein one of a basic input/output system (BIOS), a management entity (ME), a baseboard management controller, a memory module, a storage device, an accelerator device, and a field-programmable gate array device comprises the firmware device.

In a thirtieth example and in furtherance of any of the previous examples, a computer-implemented method may include receiving the indication indicating the access level of operation comprising one of an administrative access level and a user access level from the pod management controller.

In a thirty-first example and in furtherance of any of the previous examples, a computer-implemented method may include receiving, via network interface and one or more network links, the indication from the pod management controller during a boot sequence.

In a thirty-second example and in furtherance of any of the previous examples, a computer-implemented method may include determining an access level of operation based on an indication received via one or more network links from a pod management controller, determining one or more configuration settings of a plurality of configuration settings to enable for configuration based on the access level of operation, and enabling configuration of the one or more configuration settings.

In a thirty-third example and in furtherance of any of the previous examples, a computer-implemented method may include the access level of operation comprising one of a plurality of user access levels, and the processing circuitry to determine which of the one or more configuration settings to enable based on the one of the plurality of user access levels.

In a thirty-fourth example and in furtherance of any of the previous examples, a computer-implemented method may include the access level of operation comprising an administrative user access level, and the processing circuitry to determine to enable the plurality of configuration settings for configuration.

In a thirty-fifth example and in furtherance of any of the previous examples, a computer-implemented method may include determining another access level of operation based on another indication received via one or more network links from the pod management controller, determining another one or more configuration settings of the plurality of configuration settings to enable for configuration for the another access level of operation, and enabling configuration of the another one or more configuration settings.

In a thirty-sixth example and in furtherance of any of the previous examples, a computer-implemented method may include enabling configuration of the one or more configuration settings in a first virtual environment and enable configuration of the another one or more configuration settings in a second virtual environment.

Some embodiments may be described using the expression “one embodiment” or “an embodiment” along with their derivatives. These terms mean that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment. Further, some embodiments may be described using the expression “coupled” and “connected” along with their derivatives. These terms are not necessarily intended as synonyms for each other. For example, some embodiments may be described using the terms “connected” and “coupled” to indicate that two or more elements are in direct physical or electrical contact with each other. The term “coupled,” however, may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other.

It is emphasized that the Abstract of the Disclosure is provided to allow a reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Also, in the preceding Detailed Description, it can be seen that various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus the following claims are at this moment incorporated into the Detailed Description, with each claim standing on its own as a separate embodiment. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein,” respectively. Moreover, the terms “first,” “second,” “third,” and so forth, are used merely as labels and are not intended to impose numerical requirements on their objects.

What has been described above includes examples of the disclosed architecture? It is, of course, not possible to describe every conceivable combination of components and methodologies, but one of ordinary skill in the art may recognize that many further combinations and permutations are possible. Accordingly, the novel architecture is intended to embrace all such alterations, modifications, and variations that fall within the spirit and scope of the appended claims.

Claims

1. An apparatus, comprising:

processing circuitry;
memory storing instructions operable on the processing circuitry, the instructions, when executed, cause the processing circuitry to:
determine an access level of operation based on an indication received from a pod management controller; and
enable or disable a firmware update capability for a firmware device based on the access level of operation, the firmware update capability to change firmware for the firmware device.

2. The apparatus of claim 1, the processing circuitry to disable the firmware update capability via a management mode and to enable the firmware update capability via the management mode, the management mode to prevent processing of an interrupt to disable the firmware update capability and to allow processing of the interrupt to enable the firmware update capability.

3. The apparatus of claim 1, the processing circuitry to cause a basic input/output system (BIOS) to communicate disable firmware update capability information via a system management bus (SMBUS) or an in-band communication link to the firmware device to disable the firmware update capability and cause the BIOS to communicate enable firmware update capability information via the SMBUS or the in-band communication link to the firmware device to enable the firmware update capability.

4. The apparatus of claim 1, the processing circuitry to enable the firmware update capability if the access level of operation is an administrative access level and to disable the firmware update capability if the access of operation is a user access level.

5. The apparatus of claim 1, wherein one of a basic input/output system (BIOS), a management entity (ME), a baseboard management controller, a memory module, a storage device, an accelerator device, and a field-programmable gate array device comprises the firmware device.

6. The apparatus of claim 1, the processing circuitry to receive the indication indicating the access level of operation comprising one of an administrative access level and a user access level from the pod management controller.

7. The apparatus of claim 1, comprising:

a network interface coupled with the processing circuitry and one or more network links, and the network interface to receive the indication via the one or more network links from the pod management controller during a boot sequence.

8. An apparatus, comprising:

processing circuitry;
memory storing instructions operable on the processing circuitry, the instructions, when executed, cause the processing circuitry to:
determine an access level of operation based on an indication received from a pod management controller;
determine one or more configuration settings of a plurality of configuration settings to enable for configuration based on the access level of operation, the one or more configurations settings for a basic input/output system (BIOS); and
enable configuration of the one or more configuration settings for the BIOS for presentation on a display.

9. The apparatus of claim 8, the access level of operation comprising one of a plurality of user access levels, and the logic to determine which of the one or more configuration settings to enable based on the one of the plurality of user access levels.

10. The apparatus of claim 8, the access level of operation comprising an administrative user access level, and the logic to determine to enable the plurality of configuration settings for configuration.

11. The apparatus of claim 8, the processing circuitry to:

determine another access level of operation based on another indication received via one or more network links from the pod management controller;
determine another one or more configuration settings of the plurality of configuration settings to enable for configuration for the another access level of operation; and
enable configuration of the another one or more configuration settings.

12. The apparatus of claim 11, the processing circuitry to enable configuration of the one or more configuration settings in a first virtual environment and enable configuration of the another one or more configuration settings in a second virtual environment.

13. A non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to:

determine an access level of operation based on an indication received via one or more network links from a pod management controller; and
enable or disable a firmware update capability for a firmware device based on the access level of operation, the firmware update capability to change firmware for the firmware device.

14. The computer-readable storage medium of claim 13, comprising a plurality of instructions, that when executed, enable processing circuitry to:

disable the firmware update capability via a management mode by preventing processing of an interrupt; and
enable the firmware update capability via the management mode by allowing processing of the interrupt.

15. The computer-readable storage medium of claim 13, comprising a plurality of instructions, that when executed, enable processing circuitry to:

cause a basic input/output system (BIOS) to communicate disable firmware update capability information via a system management bus (SMBUS) or an in-band communication link to the firmware device to disable the firmware update capability; and
cause the BIOS to communicate enable firmware update capability information via the SMBUS or the in-band communication link to the firmware device to enable the firmware update capability.

16. The computer-readable storage medium of claim 13, comprising a plurality of instructions, that when executed, enable processing circuitry to enable the firmware update capability if the access level of operation is an administrative access level and to disable the firmware update capability if the access of operation is a user access level.

17. The computer-readable storage medium of claim 13, wherein one of a basic input/output system (BIOS), a management entity (ME), a baseboard management controller, a memory module, a storage device, an accelerator device, and a field-programmable gate array device comprises the firmware device.

18. The computer-readable storage medium of claim 13, comprising a plurality of instructions, that when executed, enable processing circuitry to receive the indication indicating the access level of operation comprising one of an administrative access level and a user access level from the pod management controller.

19. The computer-readable storage medium of claim 13, comprising a plurality of instructions, that when executed, enable processing circuitry to receive, via network interface and one or more network links, the indication from the pod management controller during a boot sequence.

20. A non-transitory computer-readable storage medium, comprising a plurality of instructions, that when executed, enable processing circuitry to:

determine an access level of operation based on an indication received via one or more network links from a pod management controller;
determine one or more configuration settings of a plurality of configuration settings to enable for configuration based on the access level of operation, the one or more configurations settings for a basic input/output system (BIOS); and
enable configuration of the one or more configuration settings for the BIOS for presentation on a display.

21. The computer-readable storage medium of claim 20, the access level of operation comprising one of a plurality of user access levels, and the processing circuitry to determine which of the one or more configuration settings to enable based on the one of the plurality of user access levels.

22. The computer-readable storage medium of claim 20, the access level of operation comprising an administrative user access level, and the processing circuitry to determine to enable the plurality of configuration settings for configuration.

23. The computer-readable storage medium of claim 20, comprising a plurality of instructions, that when executed, enable processing circuitry to:

determine another access level of operation based on another indication received via one or more network links from the pod management controller;
determine another one or more configuration settings of the plurality of configuration settings to enable for configuration for the another access level of operation; and
enable configuration of the another one or more configuration settings.

24. The computer-readable storage medium of claim 20, comprising a plurality of instructions, that when executed, enable processing circuitry to enable configuration of the one or more configuration settings in a first virtual environment and enable configuration of the another one or more configuration settings in a second virtual environment.

Patent History
Publication number: 20180026835
Type: Application
Filed: Dec 30, 2016
Publication Date: Jan 25, 2018
Applicant: INTEL CORPORATION (SANTA CLARA, CA)
Inventors: MURUGASAMY K. NACHIMUTHU (BEAVERTON, OR), MOHAN J. KUMAR (ALOHA, OR), VASUDEVAN SRINIVASAN (HILLSBORO, OR)
Application Number: 15/396,014
Classifications
International Classification: H04L 12/24 (20060101); H04L 29/08 (20060101); G06F 9/445 (20060101);