公开(公告)号：US20220100566A1

公开(公告)日：2022-03-31

申请号：US17547961

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Mikko Ylinen ,  Ismo Puustinen

IPC: G06F9/50 ,  G06F21/60

Abstract: An apparatus to facilitate metrics-based scheduling for hardware accelerator resources in a service mesh environment is disclosed. The apparatus includes processors to collect metrics corresponding to communication links between microservices of a service managed by a service mesh; determine, based on analysis of the metrics, that a workload of the service can be accelerated by offload to a hardware accelerator device; generate a rebalancing request to cause the workload to be assigned to the hardware accelerator device for execution of the service; cause the workload to be annotated to indicate execution by the hardware accelerator device; and deploy, based on the annotation, the workload to the hardware accelerator device for execution in accordance with a restart policy corresponding to the service.

公开(公告)号：US20210390186A1

公开(公告)日：2021-12-16

申请号：US17321764

申请日：2021-05-17

Applicant: Intel Corporation

Inventor： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC: G06F21/57 ,  G06F21/60 ,  G06F9/455 ,  G06F21/74

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US11017092B2

公开(公告)日：2021-05-25

申请号：US16144325

申请日：2018-09-27

Applicant: Intel Corporation

Inventor： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/60 ,  G06F9/455 ,  G06F21/74

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US20220012095A1

公开(公告)日：2022-01-13

申请号：US17482155

申请日：2021-09-22

Applicant: Intel Corporation

Inventor： Mikko Ylinen ,  Ismo Puustinen ,  Reshma Lal ,  Soham Jayesh Desai

IPC: G06F9/50 ,  G06F9/48 ,  H04L29/06 ,  H04L9/08 ,  G06F21/53

Abstract: An apparatus to facilitate metrics and security-based accelerator service rescheduling and auto-scaling using a programmable network device is disclosed. The apparatus includes processors to collect metrics corresponding to communication links between microservices of a service managed by a service mesh; determine, based on analysis of the metrics, that a workload of the service can be accelerated by offload to a hardware accelerator device; generate a scaling request to cause the hardware accelerator device to be allocated to a cluster of hardware devices configured for the service; cause the scaling request to be transmitted to a programmable network device managing the hardware accelerator device, the programmable network device to allocate the hardware accelerator device to the cluster and to register the hardware accelerator device with the service mesh; and schedule the workload of the service to the hardware accelerator device.

公开(公告)号：US12299113B2

公开(公告)日：2025-05-13

申请号：US17561061

申请日：2021-12-23

Applicant: Intel Corporation

Inventor： Thijs Metsch ,  Susanne M. Balle ,  Patrick Koeberl ,  Bin Li ,  Mark Yarvis ,  Adrian Hoban ,  Kshitij Arun Doshi ,  Francesc Guim Bernat ,  Cesar Martinez-Spessot ,  Mats Gustav Agerstam ,  Dario Nicolas Oliver ,  Marcos E. Carranza ,  John J. Browne ,  Mikko Ylinen ,  David Cremins

IPC: G06F21/51 ,  G06F1/3228 ,  G06F1/3296 ,  G06F9/38 ,  G06F9/445 ,  G06F9/50 ,  G06F21/57 ,  G06N20/00 ,  G06Q10/087 ,  H04L9/40 ,  H04L41/5003 ,  H04L41/5009 ,  H04L41/5019 ,  H04L41/5025 ,  H04L41/5054 ,  H04L43/08 ,  H04L43/0823 ,  H04L47/70 ,  H04L47/72 ,  H04L67/1097 ,  H04L67/146 ,  H04L67/52

Abstract: Various systems and methods for implementing intent-based orchestration in heterogenous compute platforms are described herein. An orchestration system is configured to: receive, at the orchestration system, a workload request for a workload, the workload request including an intent-based service level objective (SLO); generate rules for resource allocation based on the workload request; generate a deployment plan using the rules for resource allocation and the intent-based SLO; deploy the workload using the deployment plan; monitor performance of the workload using real-time telemetry; and modify the rules for resource allocation and the deployment plan based on the real-time telemetry.

公开(公告)号：US20190042759A1

公开(公告)日：2019-02-07

申请号：US16144325

申请日：2018-09-27

Applicant: Intel Corporation

Inventor： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC: G06F21/57 ,  G06F21/60 ,  G06F9/455

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US12236272B2

公开(公告)日：2025-02-25

申请号：US17524055

申请日：2021-11-11

Applicant: Intel Corporation

Inventor： Mikko Ylinen

IPC: G06F9/46 ,  G06F9/50

Abstract: Resource access control modules that are part of an operating system kernel and data structures visible in both user space and kernel space provide for user space-based configuration of computing system resource limits, accounting of resource usage, and enforcement of resource usage limits. Computing system resource limits can be set on an application, customer, or other basis, and usage limits can be placed on various system resources, such as files, ports, I/O devices, memory, and processing unit bandwidth. Resource usage accounting and resource limit enforcement can be implemented without the use of in-kernel control groups. The resource access control modules can be extended Berkeley Program Format (eBPF) Linux Security Module (LSM) programs linked to LSM hooks in the Linux operation system kernel.

公开(公告)号：US11741234B2

公开(公告)日：2023-08-29

申请号：US17321764

申请日：2021-05-17

Applicant: Intel Corporation

Inventor： Ned Smith ,  Samuel Ortiz ,  Manohar Castelino ,  Mikko Ylinen

IPC: G06F21/57 ,  H04L29/06 ,  G06F21/60 ,  G06F9/455 ,  G06F21/74

CPC classification number: G06F21/575 ,  G06F9/45558 ,  G06F21/602 ,  G06F21/74 ,  G06F2009/45562 ,  G06F2009/45587

Abstract: Technologies for fast launch of trusted containers include a computing device having a trusted platform module (TPM). The computing device measures a container runtime with the TPM and executes the container runtime in response to the measurement. The computing device establishes a trust relationship between the TPM and a virtual platform credential, provisions the virtual platform credential to a virtual TPM, and executes a guest environment in response to provisioning the virtual platform credential. The computing device measures a containerized application with the virtual TPM and executes the containerized application in response to the measurement. The computing device may perform a trusted computing operation in the guest environment with the virtual TPM. The virtual TPM and the containerized application may be protected with multi-key total memory encryption (MKTME) support of the computing device. State of the virtual TPM may be encrypted and persisted. Other embodiments are described and claimed.

公开(公告)号：US20220083383A1

公开(公告)日：2022-03-17

申请号：US17524055

申请日：2021-11-11

Applicant: Intel Corporation

Inventor： Mikko Ylinen

IPC: G06F9/50

Abstract: Resource access control modules that are part of an operating system kernel and data structures visible in both user space and kernel space provide for user space-based configuration of computing system resource limits, accounting of resource usage, and enforcement of resource usage limits. Computing system resource limits can be set on an application, customer, or other basis, and usage limits can be placed on various system resources, such as files, ports, I/O devices, memory, and processing unit bandwidth. Resource usage accounting and resource limit enforcement can be implemented without the use of in-kernel control groups. The resource access control modules can be extended Berkeley Program Format (eBPF) Linux Security Module (LSM) programs linked to LSM hooks in the Linux operation system kernel.