Capacity on Demand Computer Resources

US 20080183712A1
Filed: 01/29/2007
Published: 07/31/2008
Est. Priority Date: 01/29/2007
Status: Abandoned Application

First Claim

Patent Images

1. A computing system supporting capacity-on-demand resources comprising:

a plurality of server modules supporting computing tasks, each server module having a computing resource that is selectively operational;

a controller having a first processor, the controller operable to perform system management functions for one or more server modules of the plurality of sever modules;

a secure management unit coupled to the controller for locally managing authorized use of the computing resource of a respective server module of the plurality of server modules, the service management unit comprising;

a cryptographic unit that decodes an activation signal including a designation for an identified server module of the plurality of server module and a time period for authorizing use of the identified server module;

a clock;

a second processor coupled to the cryptographic unit and the clock; and

an enforcement mechanism coupled to the second processor for authorizing the use of the computing resource of the identified server module for the time period, responsive to the activation signal and after qualification of the activation signal by the cryptographic unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security module manages authorization of additional computing resources, either additional processing power in a server, or additional servers in a server enclosure responsive to an authorized message. The authorized message may be generated at a management node and may include a provisioning license for use by the security module to set a duration for use of the additional computing resources. A baseboard management controller may be house the security module or each controllable resource may house an associated security module. The baseboard management controller may store the authorized message when the security module is not active and forward the message after the security module has been activated.

63 Citations

View as Search Results

20 Claims

1. A computing system supporting capacity-on-demand resources comprising:
- a plurality of server modules supporting computing tasks, each server module having a computing resource that is selectively operational;
  
  a controller having a first processor, the controller operable to perform system management functions for one or more server modules of the plurality of sever modules;
  
  a secure management unit coupled to the controller for locally managing authorized use of the computing resource of a respective server module of the plurality of server modules, the service management unit comprising;
  
  a cryptographic unit that decodes an activation signal including a designation for an identified server module of the plurality of server module and a time period for authorizing use of the identified server module;
  
  a clock;
  
  a second processor coupled to the cryptographic unit and the clock; and
  
  an enforcement mechanism coupled to the second processor for authorizing the use of the computing resource of the identified server module for the time period, responsive to the activation signal and after qualification of the activation signal by the cryptographic unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing system of claim 1, further comprising a host application for generating and sending the activation signal to the service management unit.
  - 3. The computing system of claim 1, wherein the controller is one of a plurality of controllers, each controller managing a corresponding one of the plurality of server modules.
  - 4. The computing system of claim 3, wherein the activation signal comprises a provisioning license.
  - 5. The computing system of claim 1, wherein the enforcement mechanism selectively de-activates the computing resource of the identified server module responsive an expiration of the time period.
  - 6. The computing system of claim 1, wherein the service management unit communicates through the controller for receiving the activation signal and for selectively activating the computing resource of the identified server module.
  - 7. The computing system of claim 1, further comprising a secure switch coupled to the computing resource of the identified server module, the secure switch operable to enable operation of the computing resource responsive to a signal from the enforcement mechanism.

8. A method of controlling selective activation of resources in a computing environment for a predetermined duration of time:
- disposing a controllable resource in the computing environment;
  
  disposing a controller in the computing environment, the controller operable to activate and deactivate the controllable resource;
  
  disposing an security module in the computing environment, the security module being tamper-resistant;
  
  receiving a request for activating the controllable resource, the request specifying the controllable resource and a duration for activating the controllable resource;
  
  forwarding the request to the security module;
  
  sending an activation signal from the security module;
  
  activating the controllable resource via the security module; and
  
  sending a deactivation signal from the security module to the controller at the expiration of the duration for activating the resource.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8, further comprising disposing a security agent in the controllable resource operable to enable and disable operation of the controllable resource, wherein sending the activation signal from the security module comprises sending a cryptographically authenticated activation signal to the security agent from the security module.
  - 10. The method of claim 9, wherein sending the activation signal from the security module comprises sending a cryptographically authenticated activation signal from the security module.
  - 11. The method of claim 8, wherein sending the activation signal from the security module comprises sending the activation signal to the controller instructing the controller to activate the controllable resource.
  - 12. The method of claim 8, further comprising performing a cryptographic authentication of the request at the security module.
  - 13. The method of claim 12, further comprising:
    - parsing the request at the security module into a resource identifier of the controllable resource and the duration when the cryptographic authentication succeeds; and
      
      activating a timing circuit at the security module with an expiration time set corresponding to the duration.
  - 14. The method of claim 8, wherein the controllable resource is a server.
  - 15. The method of claim 8, wherein the controller is a baseboard management controller (BMC).
  - 16. The method of claim 8, wherein disposing the security module in the computing environment comprises disposing the security module in the controller.
  - 17. The method of claim 8, further comprising:
    - storing the request at the controller when the security module is inactive, and wherein forwarding the request to the security module comprises forwarding the request to the security module when the controller determines the security module is accepting messages.
  - 18. The method of claim 17, further comprising activating the security module when the controller determines a request for the security module is stored at the manager.

19. A method of locally managing server resources in a system with a plurality of servers controlled, a baseboard management controller for managing each of the plurality of servers, and a security module adapted to securely decode provisioning messages and coupled to the baseboard management controller, the method comprising:
- receiving a provisioning message comprising an identifier corresponding a selected server of the plurality of servers and a duration corresponding to an operation period for the selected server;
  
  cryptographically authenticating the provisioning message at the security module;
  
  sending an activate message from the security module to the baseboard management controller to activate the selected server;
  
  maintaining a time measurement at the security module corresponding to the operation period specified in the provisioning message;
  
  sending a deactivate message from the security module to the baseboard management controller to deactivate the selected server at the end of the operation period.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising:
    - disposing at least one secure switch in each of the plurality of servers, each secure switch bound to the security module and operable to enable operation of its respective server of the plurality of servers;
      
      sending the activate message from the security module to a selected secure switch in the selected server via the baseboard management controller to enable the selected server; and
      
      sending the deactivate message from the security module to the selected secure switch via the baseboard management controller to disable the selected server when the operation period measured at the security module expires.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Herold, Jeffrey Alan, Westerinen, William J., Phillips, Thomas G., Hall, Martin H.

Application Number

US11/668,444
Publication Number

US 20080183712A1
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2151   Time stamp

Capacity on Demand Computer Resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Capacity on Demand Computer Resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links