公开(公告)号：US20190042319A1

公开(公告)日：2019-02-07

申请号：US16147118

申请日：2018-09-28

申请人： Kapil Sood ,  Patrick L. Connor ,  Scott P. Dubal ,  James Robert Hearn ,  Andrew J. Herdrich

发明人： Kapil Sood ,  Patrick L. Connor ,  Scott P. Dubal ,  James Robert Hearn ,  Andrew J. Herdrich

IPC分类号： G06F9/50 ,  G06F9/455 ,  G06F21/53 ,  G06F12/14 ,  H04L29/06 ,  H04L9/08 ,  H04W12/08

摘要： System and techniques for multifactor intelligent agent control are described herein. A workload request may be received from a user device via a network. The workload may be instantiated in an isolated environment on an edge computing platform. Here, the isolated environment may be a container or a virtual machine. The instantiation of the workload may include using a hardware security component (SEC) of the mobile edge computing platform to prevent access to data or code of the workload from other environments hosted by the mobile edge computing platform. The workload may then be executed in the isolated environment and a result of the workload returned to the user device.

公开(公告)号：US20170094377A1

公开(公告)日：2017-03-30

申请号：US14866567

申请日：2015-09-25

申请人： Andrew J. Herdrich ,  Patrick L. Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey A. Shaw ,  Edwin Verplanke ,  Scott P. Dubal ,  James R. Hearn

发明人： Andrew J. Herdrich ,  Patrick L. Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey A. Shaw ,  Edwin Verplanke ,  Scott P. Dubal ,  James R. Hearn

IPC分类号： H04Q9/02 ,  H04L12/26 ,  H04L12/24

CPC分类号： H04Q9/02 ,  H04L41/5009 ,  H04L41/5019 ,  H04L43/08 ,  H04L43/10

摘要： Devices and techniques for out-of-band platform tuning and configuration are described herein. A device can include a telemetry interface to a telemetry collection system and a network interface to network adapter hardware. The device can receive platform telemetry metrics from the telemetry collection system, and network adapter silicon hardware statistics over the network interface, to gather collected statistics. The device can apply a heuristic algorithm using the collected statistics to determine processing core workloads generated by operation of a plurality of software systems communicatively coupled to the device. The device can provide a reconfiguration message to instruct at least one software system to switch operations to a different processing core, responsive to detecting an overload state on at least one processing core, based on the processing core workloads. Other embodiments are also described.

公开(公告)号：US20170289068A1

公开(公告)日：2017-10-05

申请号：US15088910

申请日：2016-04-01

申请人： Stephen T. Palermo ,  Iosif Gasparakis ,  Scott P. Dubal ,  Kapil Sood ,  Trevor Cooper ,  Jr-Shian Tsai ,  Jesse C. Brandeburg ,  Andrew J. Herdrich ,  Edwin Verplanke

发明人： Stephen T. Palermo ,  Iosif Gasparakis ,  Scott P. Dubal ,  Kapil Sood ,  Trevor Cooper ,  Jr-Shian Tsai ,  Jesse C. Brandeburg ,  Andrew J. Herdrich ,  Edwin Verplanke

IPC分类号： H04L12/861 ,  H04L12/931 ,  G06F15/173 ,  H04L12/715

CPC分类号： H04L49/9047 ,  G06F9/45558 ,  G06F15/17331 ,  G06F2009/45595 ,  H04L45/64 ,  H04L49/70

摘要： Methods and apparatus for accelerating VM-to-VM Network Traffic using CPU cache. A virtual queue manager (VQM) manages data that is to be kept in VM-VM shared data buffers in CPU cache. The VQM stores a list of VM-VM allow entries identifying data transfers between VMs that may use VM-VM cache “fast-path” forwarding. Packets are sent from VMs to the VQM for forwarding to destination VMs. Indicia in the packets (e.g., in a tag or header) is inspected to determine whether a packet is to be forwarded via a VM-VM cache fast path or be forwarded via a virtual switch. The VQM determines the VM data already in the CPU cache domain while concurrently coordinating with the data to and from the external shared memory, and also ensures data coherency between data kept in cache and that which is kept in shared memory.

公开(公告)号：US20170177396A1

公开(公告)日：2017-06-22

申请号：US14978569

申请日：2015-12-22

申请人： Stephen T. Palermo ,  Thomas E. Willis ,  Kapil Sood ,  Ilango S. Ganga ,  Scott P. Dubal ,  Pradeepsunder Ganesh ,  Jesse C. Brandenburg

发明人： Stephen T. Palermo ,  Thomas E. Willis ,  Kapil Sood ,  Ilango S. Ganga ,  Scott P. Dubal ,  Pradeepsunder Ganesh ,  Jesse C. Brandenburg

IPC分类号： G06F9/455 ,  H04L29/08 ,  H04L12/931

CPC分类号： G06F9/45558 ,  G06F2009/45595 ,  H04L49/70

摘要： Methods and Apparatus for Multi-Stage VM Virtual Network Function and Virtual Service Function Chain Acceleration for NFV and needs-based hardware acceleration. Compute platform hosting virtualized environments including virtual machines (VMs) running service applications performing network function virtualization (NFV) employ Field Programmable Gate Array (FPGA) to provide a hardware-based fast path for performing VM-to-VM and NFV-to-NFV transfers. The FPGAs, along with associated configuration data are also configured to support dynamic assignment and performance of hardware-acceleration to offload processing tasks from processors in virtualized environments, such as cloud data centers and the like.

公开(公告)号：US09769050B2

公开(公告)日：2017-09-19

申请号：US14581595

申请日：2014-12-23

申请人： Andrew J. Herdrich ,  Patrick Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Ravishankar Iyer ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey B. Shaw

发明人： Andrew J. Herdrich ,  Patrick Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Ravishankar Iyer ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey B. Shaw

IPC分类号： G06F15/173 ,  H04L12/26 ,  H04L12/24 ,  G06F12/084 ,  G06F12/0811

CPC分类号： H04L43/50 ,  G06F12/0811 ,  G06F12/084 ,  G06F2212/152 ,  G06F2212/601 ,  H04L41/0896 ,  H04L41/5009 ,  H04L41/5025 ,  H04L41/5035 ,  H04L41/5096 ,  H04L43/16

摘要： In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with end-to-end datacenter performance control. In various embodiments, an apparatus for computing may receive a datacenter performance target, determine an end-to-end datacenter performance level based at least in part on quality of service data collected from a plurality of nodes, and send a mitigation command based at least in part on a result of a comparison of the end-to-end datacenter performance level determined to the datacenter performance target. In various embodiments, the apparatus for computing may include one or more processors, a memory, a datacenter performance monitor to receive a datacenter performance target corresponding to a service level agreement, and a mitigation module to send a mitigation command based at least in part on a result of a comparison of an end-to-end datacenter performance level to a datacenter performance target.

公开(公告)号：US20160182345A1

公开(公告)日：2016-06-23

申请号：US14581595

申请日：2014-12-23

申请人： Andrew J. Herdrich ,  Patrick Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Ravishankar Iyer ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey B. Shaw

发明人： Andrew J. Herdrich ,  Patrick Connor ,  Dinesh Kumar ,  Alexander W. Min ,  Ravishankar Iyer ,  Daniel J. Dahle ,  Kapil Sood ,  Jeffrey B. Shaw

IPC分类号： H04L12/26

CPC分类号： H04L43/50 ,  G06F12/0811 ,  G06F12/084 ,  G06F2212/152 ,  G06F2212/601 ,  H04L41/0896 ,  H04L41/5009 ,  H04L41/5025 ,  H04L41/5035 ,  H04L41/5096 ,  H04L43/16

摘要： In embodiments, apparatuses, methods and storage media (transitory and non-transitory) are described that are associated with end-to-end datacenter performance control. In various embodiments, an apparatus for computing may receive a datacenter performance target, determine an end-to-end datacenter performance level based at least in part on quality of service data collected from a plurality of nodes, and send a mitigation command based at least in part on a result of a comparison of the end-to-end datacenter performance level determined to the datacenter performance target. In various embodiments, the apparatus for computing may include one or more processors, a memory, a datacenter performance monitor to receive a datacenter performance target corresponding to a service level agreement, and a mitigation module to send a mitigation command based at least in part on a result of a comparison of an end-to-end datacenter performance level to a datacenter performance target.

摘要翻译： 在实施例中，描述了与端对端数据中心性能控制相关联的装置，方法和存储介质（暂时性和非暂时性）。 在各种实施例中，用于计算的装置可以接收数据中心性能目标，至少部分地基于从多个节点收集的服务质量数据来确定端对端数据中心性能级别，并且至少基于从多个节点收集的服务数据发送缓解命令 部分原因是比较确定数据中心性能目标的端对端数据中心性能级别。 在各种实施例中，用于计算的装置可以包括一个或多个处理器，存储器，用于接收与服务水平协议相对应的数据中心性能目标的数据中心性能监视器，以及缓解模块，用于至少部分地基于 这是将端到端数据中心性能级别与数据中心性能目标进行比较的结果。

公开(公告)号：US20210021619A1

公开(公告)日：2021-01-21

申请号：US17033757

申请日：2020-09-26

申请人： Ned M. Smith ,  Francesc Guim Bernat ,  Rajesh Poornachandran ,  Kshitij Arun Doshi ,  Tarun Viswanathan ,  Kapil Sood

发明人： Ned M. Smith ,  Francesc Guim Bernat ,  Rajesh Poornachandran ,  Kshitij Arun Doshi ,  Tarun Viswanathan ,  Kapil Sood

IPC分类号： H04L29/06

摘要： Various aspects of methods, systems, and use cases for trust-based orchestration of an edge node. An edge node may be configured for trust-based orchestration in an edge computing environment, where the edge node includes a transceiver to receive an instruction to perform a workload, the instruction from an edge orchestrator, the edge node being in a group of edge nodes managed with a ledger; and a processor to execute the workload at the edge node to produce a result, wherein the execution of the workload is evaluated by other edge nodes in the group of edge nodes to produce a reputation score of the edge node, where the transceiver is to provide the result to the edge orchestrator.

公开(公告)号：US20180114012A1

公开(公告)日：2018-04-26

申请号：US15298416

申请日：2016-10-20

申请人： Kapil Sood ,  Somnath Chakrabarti ,  Wei Shen ,  Carlos V. Rozas ,  Mona Vij ,  Vincent R. Scarlata

发明人： Kapil Sood ,  Somnath Chakrabarti ,  Wei Shen ,  Carlos V. Rozas ,  Mona Vij ,  Vincent R. Scarlata

IPC分类号： G06F21/53 ,  G06F9/44 ,  G06F21/57 ,  G06F21/60 ,  G06F9/455 ,  G06F9/445

CPC分类号： G06F21/53 ,  G06F8/61 ,  G06F9/4406 ,  G06F9/45558 ,  G06F12/1036 ,  G06F12/109 ,  G06F12/1425 ,  G06F21/575 ,  G06F21/79 ,  G06F2009/45587 ,  G06F2212/1052 ,  H04L41/5041

摘要： Methods and apparatus for implemented trusted packet processing for multi-domain separatization and security. Secure enclaves are created in system memory of a compute platform configured to support a virtualized execution environment including a plurality of virtual machines (VMs) or containers, each secure enclave occupying a respective protected portion of the system memory, wherein software code external from a secure enclave cannot access code or data within a secure enclave, and software code in a secure enclave can access code and data both within the secure enclave and external to the secure enclave. Software code for implementing packet processing operations is installed in the secure enclaves. The software in the secure enclaves is then executed to perform the packet processing operations. Various configurations of secure enclaves and software code may be implemented, including configurations supporting service chains both within a VM or contain or across multiple VMs or containers, as well a parallel packet processing operations.

公开(公告)号：US09705849B2

公开(公告)日：2017-07-11

申请号：US14513140

申请日：2014-10-13

申请人： Kapil Sood ,  Mesut A. Ergin ,  John R. Fastabend ,  Shinae Woo ,  Jeffrey B. Shaw ,  Brian J. Skerry

发明人： Kapil Sood ,  Mesut A. Ergin ,  John R. Fastabend ,  Shinae Woo ,  Jeffrey B. Shaw ,  Brian J. Skerry

IPC分类号： H04L29/06 ,  G06F21/55

CPC分类号： H04L63/0272 ,  G06F21/554 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20

摘要： Technologies for distributed detection of security anomalies include a computing device to establish a trusted relationship with a security server. The computing device reads one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishing the trusted relationship and performs a security threat assessment of the one or more packets. The computing device transmits the security threat assessment to the security server.

公开(公告)号：US20160344729A1

公开(公告)日：2016-11-24

申请号：US14670856

申请日：2015-03-27

申请人： Thomas M. Slaight ,  Brian J. Skerry ,  Kapil Sood ,  Ren Wang

发明人： Thomas M. Slaight ,  Brian J. Skerry ,  Kapil Sood ,  Ren Wang

IPC分类号： H04L29/06 ,  H04L12/26 ,  H04L9/32 ,  H04L12/721

CPC分类号： H04L63/0876 ,  H04L9/3247 ,  H04L9/3297 ,  H04L43/106 ,  H04L45/123 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061

摘要： Technologies for geolocation attestation of computing devices in a network path include a verification device to generate a secure trace packet such that the secure trace packet includes a timestamp that corresponds with a departure time of the secure trace packet from the verification device. The computing device transmits the secure trace packet to a computing device in the network path. The network path identifies one or more intermediate devices through which to communicate the secure trace packet from the verification device to a target computing device. The computing device verifies a signature of a cryptographically-signed secure trace packet received by the verification computing device from the computing device and determines whether a sub-path of the network path is authorized based on the cryptographically-signed secure trace packet and reference network path data, which indicates a maximum allowed geographical distance between two computing devices in the network path.

摘要翻译： 用于网络路径中的计算设备的地理位置证明的技术包括生成安全跟踪分组的验证设备，使得安全跟踪分组包括与来自验证设备的安全跟踪分组的出发时间相对应的时间戳。 计算设备将安全跟踪分组发送到网络路径中的计算设备。 网络路径识别一个或多个中间设备，通过该中间设备将安全跟踪分组从验证设备传送到目标计算设备。 计算设备验证由验证计算设备从计算设备接收的加密签名的安全跟踪分组的签名，并且基于加密签名的安全跟踪分组和参考网络路径来确定网络路径的子路径是否被授权 数据，其指示网络路径中两个计算设备之间的最大允许的地理距离。