公开(公告)号：US20240244088A1

公开(公告)日：2024-07-18

申请号：US18622080

申请日：2024-03-29

Applicant: Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

Inventor： Malini Bhandaru ,  Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC: H04L9/40 ,  G06F9/50

CPC classification number: H04L63/20 ,  G06F9/5083 ,  H04L63/083

Abstract: Various systems and methods for providing cloud-to-edge workload orchestration described herein. A computing node is configured to receive a distributed workload configuration including security intents; decompose, based on the distributed workload configuration, a workload into a plurality of sub-workloads; identify an infrastructure resource of the plurality of compute nodes to execute a sub-workload of the plurality of sub-workloads; determine that an operating environment of the infrastructure resource satisfies the security intents; bind the sub-workload to the infrastructure resource, wherein the binding produces a token that is presented by the sub-workload to the infrastructure resource, and wherein the token is used to ensure trust among framework layers; and deploy the sub-workload to the infrastructure resource.

公开(公告)号：US20240243924A1

公开(公告)日：2024-07-18

申请号：US18622200

申请日：2024-03-29

Applicant: Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

Inventor： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC: H04L9/32

CPC classification number: H04L9/3247

Abstract: Various systems and methods are described for implementing attestation microservices and an attestation microservice mesh for cloud-to-edge (C2E) and cloud-native deployments are disclosed. An example method performed by a computing node for coordinating attestation with a distributed workload includes: generating, with an attestation service, first attestation information to provide attestation of a resource at the computing node; generating, with the attestation service, second attestation information to provide attestation of a microservice at the computing node, with the microservice to use the resource at the computing node; generating, with the attestation service, third attestation information to provide attestation of a distributed workload, with the distributed workload to execute the microservice at the computing node; and outputting an attestation result for the distributed workload, based on the first attestation information, the second attestation information, and the third attestation information.

公开(公告)号：US20240236017A1

公开(公告)日：2024-07-11

申请号：US18278517

申请日：2021-06-25

Applicant: Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Karol Weber ,  Marek PIOTROWSKI ,  Piotr Wysocki

Inventor： Francesc Guim Bernat ,  Kshitij Arun Doshi ,  Karol Weber ,  Marek PIOTROWSKI ,  Piotr Wysocki

IPC: H04L47/70 ,  H04L41/0816 ,  H04L47/80

CPC classification number: H04L47/822 ,  H04L41/0816 ,  H04L47/805

Abstract: A computing node includes a NIC and processing circuitry configured to select a subset of computing resources from a set of available computing resources to initiate a parameter sweep associated with a parameter sweep request received. A plurality of settings is applied to each computing resource of the subset to generate a plurality of resource mappings during the parameter sweep. Each resource mapping of the plurality of resource mappings indicates at least one computing resource of the subset and a corresponding at least one setting of the plurality of settings. Telemetry information for the subset of computing resources is retrieved, the telemetry information is generated during the parameter sweep. A resource mapping of the plurality of resource mappings is selected based on a comparison of the telemetry information with an SLO. A reconfiguration of the available computing resources is performed based on the selected resource mapping.

公开(公告)号：US20230342496A1

公开(公告)日：2023-10-26

申请号：US18216927

申请日：2023-06-30

Applicant: Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Rajesh Poornachandran

Inventor： Kshitij Arun Doshi ,  Ned M. Smith ,  Sunil Cheruvu ,  Rajesh Poornachandran

IPC: G06F21/62 ,  G06F21/44

CPC classification number: G06F21/6281 ,  G06F21/44

Abstract: A system for trust brokering as a service includes an edge computing node and a trust brokering service edge computing device. The trust brokering service edge computing device receives a computing workload request from an application configured to process secure data and identifies a set of security requirements associated with the request. The device also identifies a security feature present in the set of security requirements but not provided by the edge computing node. To address this, the device generates an application execution environment that includes a secure plugin providing the security feature and a virtual device representing the edge computing node. The computing workload request is then executed at the application execution environment, providing a secure and efficient solution for trust brokering as a service.

公开(公告)号：US20230136615A1

公开(公告)日：2023-05-04

申请号：US18090701

申请日：2022-12-29

Applicant: Francesc Guim Bernat ,  Karthik Kumar ,  Marcos E. Carranza ,  Cesar Martinez-Spessot ,  Kshitij Arun Doshi

Inventor： Francesc Guim Bernat ,  Karthik Kumar ,  Marcos E. Carranza ,  Cesar Martinez-Spessot ,  Kshitij Arun Doshi

IPC: G06F9/50

Abstract: Various approaches for deploying and using virtual pools of compute resources with the use of infrastructure processing units (IPUs) and similar networked processing units are disclosed. A host computing system may be configured to operate a virtual pool of resources, with operations including: identifying, at the host computing system, availability of a resource at the host computing system; transmitting, to a network infrastructure device, a notification that the resource at the host computing system is available for use in a virtual resource pool in the edge computing network; receiving a request for the resource in the virtual resource pool that is provided on behalf of a client computing system, based on the request being coordinated via the network infrastructure device and includes at least one quality of service (QoS) requirement; and servicing the request for the resource, based on the at least one QoS requirement.

公开(公告)号：US20230027152A1

公开(公告)日：2023-01-26

申请号：US17956517

申请日：2022-09-29

Applicant: Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Ned M. Smith

Inventor： Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Ned M. Smith

IPC: H04L41/082 ,  H04L41/0654 ,  H04L9/40

Abstract: Systems and techniques to upgrade network objects using security islands are described herein. Security islands of node groupings are created based on trust relationships between nodes in an edge network. An upgrade request may be received to upgrade a target edge node in the edge network. Building blocks may be identified for a package installed on the target edge node to be upgraded. A state backup may be stored for the building blocks. An upgrade command and an upgrade payload may be transmitted to the target edge node. The target edge node may be queried to obtain a status of the target edge node. An upgrade action may be determined based on the status and the upgrade action may be executed.

公开(公告)号：US20220329522A1

公开(公告)日：2022-10-13

申请号：US17853331

申请日：2022-06-29

Applicant: Christian Maciocco ,  Ren Wang ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Ned M. Smith ,  Satish Chandra Jha ,  Vesh Raj Sharma Banjade ,  S M Iftekharul Alam ,  Shu-ping Yeh

Inventor： Christian Maciocco ,  Ren Wang ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Ned M. Smith ,  Satish Chandra Jha ,  Vesh Raj Sharma Banjade ,  S M Iftekharul Alam ,  Shu-ping Yeh

IPC: H04L45/00 ,  H04L43/08 ,  H04L41/16

Abstract: Disclosed are systems and methods for adaptive resilient network communication. A system may monitor network traffic on multiple pathways between user equipment and an application or a service at a network destination, gather network telemetry data from the monitored network traffic, input the network telemetry data into a trained artificial intelligence model, and classify the network telemetry data using the model. The system may further determine, using the model, an anomaly condition in at least a portion of the multiple pathways, and in response to the determination of an anomaly, select a mitigation technique for the at least a portion of the multiple pathways.

公开(公告)号：US20220231964A1

公开(公告)日：2022-07-21

申请号：US17711921

申请日：2022-04-01

Applicant: S M Iftekharul Alam ,  Satish Chandra Jha ,  Ned M. Smith ,  Vesh Raj Sharma Banjade ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Arvind Merwaday ,  Kuilin Clark Chen ,  Christian Maciocco

Inventor： S M Iftekharul Alam ,  Satish Chandra Jha ,  Ned M. Smith ,  Vesh Raj Sharma Banjade ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Arvind Merwaday ,  Kuilin Clark Chen ,  Christian Maciocco

IPC: H04L47/72 ,  H04L47/74

Abstract: A resource management framework may be used to improve performance of dominant and non-dominant resources for edge multi-tenant applications. The resource management framework may include an admission control mechanism, which may be used to balance disproportionate resource allocations by controlling allocation of unconstrained resources proportional to the requested dominant resources based on resource availability. The admission control mechanism may provide ongoing monitoring of dominant and non-dominant resource utilization, such as using a hybrid centralized-distributed telemetry collection approach. The resource management framework may also include a lightweight resource monitoring and policy enforcement mechanism on distributed networking elements to reduce or eliminate the exploitations of non-dominant resources.

公开(公告)号：US20210021619A1

公开(公告)日：2021-01-21

申请号：US17033757

申请日：2020-09-26

Applicant: Ned M. Smith ,  Francesc Guim Bernat ,  Rajesh Poornachandran ,  Kshitij Arun Doshi ,  Tarun Viswanathan ,  Kapil Sood

Inventor： Ned M. Smith ,  Francesc Guim Bernat ,  Rajesh Poornachandran ,  Kshitij Arun Doshi ,  Tarun Viswanathan ,  Kapil Sood

IPC: H04L29/06

Abstract: Various aspects of methods, systems, and use cases for trust-based orchestration of an edge node. An edge node may be configured for trust-based orchestration in an edge computing environment, where the edge node includes a transceiver to receive an instruction to perform a workload, the instruction from an edge orchestrator, the edge node being in a group of edge nodes managed with a ledger; and a processor to execute the workload at the edge node to produce a result, wherein the execution of the workload is evaluated by other edge nodes in the group of edge nodes to produce a reputation score of the edge node, where the transceiver is to provide the result to the edge orchestrator.

公开(公告)号：US20210014132A1

公开(公告)日：2021-01-14

申请号：US17028728

申请日：2020-09-22

Applicant: Ned M. Smith ,  Kshitij Arun Doshi ,  Francesc Guim Bernat

Inventor： Ned M. Smith ,  Kshitij Arun Doshi ,  Francesc Guim Bernat

IPC: H04L12/24 ,  G06F9/455 ,  H04L9/06

Abstract: Methods, systems, and use cases for orchestrator execution planning using a distributed ledger are discussed, including an orchestration system with memory and at least one processing circuitry coupled to the memory. The processing circuitry is configured to perform operations to generate an execution plan for a workload based on an SLA. The execution plan includes state transitions associated with corresponding edge service instances. A distributed ledger record is retrieved from the ledger based on a reinforcement learning reward value specified by the record. The reward value is associated with a state transition of the plurality of state transitions. An edge node is selected based on the retrieved distributed ledger record. Execution of an edge service instance of the plurality of edge service instances by the edge node is scheduled. The execution of the edge service instance corresponds to the state transition associated with the reinforcement learning reward value.