Search

US-12621129-B2 - Systems and methods for managing storage devices for data processing systems using out-of-band methods

US12621129B2US 12621129 B2US12621129 B2US 12621129B2US-12621129-B2

Abstract

Methods and systems for managing operation of data processing system are disclosed. To manage operation of the data processing system, a management controller of the data processing system may obtain and manage requests to perform management operation of data stored in a storage device hosted by the data processing system. The management controller may select a functionality of the storage device based at least on the request to invoke the functionality to obtain updated data stored in the storage device. By doing so, the likelihood of providing management operation services to manage data stored in a storage device of the data processing system may be increased without utilizing in-band components.

Inventors

  • Adolfo Sandor Montero
  • Abeye Teshome
  • Richard M. Tonry
  • Bassem El-Azzami
  • Mohit Arora
  • Vinodkumar Vasudev Ottar
  • Luis Antonio Valencia Reyes
  • Rajaravi Chandra Kollarapu

Assignees

  • DELL PRODUCTS L.P.

Dates

Publication Date
20260505
Application Date
20240429

Claims (20)

  1. 1 . A method for managing operation of a data processing system, the method comprising: obtaining, by a management controller of the data processing system and via an out-of-band communication channel, a request to perform a management operation for data stored in a storage device of hardware resources of the data processing system using sideband access to the storage device that bypasses in band controls over the data, wherein the request comprises an identity of a requesting entity and a signature of the requesting entity; selecting, by the management controller and based at least in part on the request, at least one functionality of the storage device; invoking, by the management controller and via a sideband channel, the at least one functionality of the storage device to obtain updated data stored in the storage device; advertising a first network endpoint for the management controller using the out-of-band communication channel; and advertising a second network endpoint for the hardware resources using an in-band communication channel, wherein the out-of-band communication channel utilizes a first network stack that is independent to and distinct from a second network stack utilized by the in-band communication channel, and wherein the management controller is physically separate from the hardware resources.
  2. 2 . The method of claim 1 , wherein obtaining the request comprises: receiving communications from a cloud server in which the request is conveyed to the management controller, wherein the request is initiated by a trusted source distinct from the cloud server.
  3. 3 . The method of claim 1 , wherein the management operation is one operation selected from a list of operations consisting of: deletion of the data; encryption of the data; verification of integrity and/or trust in the data; and decryption of the data.
  4. 4 . The method of claim 2 , wherein encryption of the data uses an encryption key specified by the cloud server.
  5. 5 . The method of claim 3 , wherein encryption of the data is based on a policy that associates encryption states of the data with a current geographic location of an endpoint device advertised by the data processing system.
  6. 6 . The method of claim 1 , wherein the sideband access is facilitated using a shared communication bus between the management controller and the storage device.
  7. 7 . The method of claim 6 , wherein the storage device is a solid state storage device.
  8. 8 . The method of claim 7 , wherein the solid state storage device is compliant with a mechanical form factor associated with a Non-Volatile Memory Express (NVMe) protocol.
  9. 9 . The method of claim 2 , wherein the invoking the at least one functionality comprises: obtaining, by the management controller, an encryption key from a payload of the request; and using the encryption key to encrypt the data stored in the storage device, wherein the encryption key is generated by the cloud server and permanently deleted from the data processing system after the data is encrypted.
  10. 10 . The method of claim 1 , wherein invoking the at least one functionality comprises: initiating generation of a second hash for the data and comparison of the second hash to a signature of a known good copy of the data, wherein the signature comprises a hash of the known good copy of the data.
  11. 11 . The method of claim 1 , wherein the management controller is configured to manage at least one of power distribution or thermal management of the data processing system.
  12. 12 . The method of claim 1 , wherein the management controller is on a separate power domain from the hardware resources so that the management controller is operable while the hardware resources are inoperable.
  13. 13 . The method of claim 1 , wherein the out-of-band communication channel runs through a network module, and an in-band communication channel that services the hardware resources also runs through the network module.
  14. 14 . The method of claim 13 , wherein the network module hosts a transmission control protocol/internet protocol (TCP/IP) stack to facilitate network communications via the out-of-band communication channel.
  15. 15 . A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing operation of a data processing system, the operations comprising: obtaining, by a management controller of the data processing system and via an out-of-band communication channel, a request to perform a management operation for data stored in a storage device of hardware resources of the data processing system using sideband access to the storage device that bypasses in band controls over the data, wherein the request comprises an identity of a requesting entity and a signature of the requesting entity; selecting, by the management controller and based at least in part on the request, at least one functionality of the storage device; invoking, by the management controller and via a sideband channel, the at least one functionality of the storage device to obtain updated data stored in the storage device; advertising a first network endpoint for the management controller using the out-of-band communication channel; and advertising a second network endpoint for the hardware resources using an in-band communication channel, wherein the out-of-band communication channel utilizes a first network stack that is independent to and distinct from a second network stack utilized by the in-band communication channel, and wherein the management controller is physically separate from the hardware resources.
  16. 16 . The non-transitory machine-readable medium of claim 15 , wherein obtaining the request comprises: receiving communications from a cloud server in which the request is conveyed to the management controller, wherein the request is initiated by a trusted source distinct from the cloud server.
  17. 17 . The non-transitory machine-readable medium of claim 15 , wherein the management operation is one operation selected from a list of operations consisting of: deletion of the data; encryption of the data; verification of integrity and/or trust in the data; and decryption of the data.
  18. 18 . A data processing system, comprising: a processor; and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing operation of a data processing system, the operations comprising: obtaining, by a management controller of the data processing system and via an out-of-band communication channel, a request to perform a management operation for data stored in a storage device of hardware resources of the data processing system using sideband access to the storage device that bypasses in band controls over the data, wherein the request comprises an identity of a requesting entity and a signature of the requesting entity; selecting, by the management controller and based at least in part on the request, at least one functionality of the storage device; invoking, by the management controller and via a sideband channel, the at least one functionality of the storage device to obtain updated data stored in the storage device, advertising a first network endpoint for the management controller using the out-of-band communication channel; and advertising a second network endpoint for the hardware resources using an in-band communication channel, wherein the out-of-band communication channel utilizes a first network stack that is independent to and distinct from a second network stack utilized by the in-band communication channel, and wherein the management controller is physically separate from the hardware resources.
  19. 19 . The data processing system of claim 18 , wherein obtaining the request comprises: receiving communications from a cloud server in which the request is conveyed to the management controller, wherein the request is initiated by a trusted source distinct from the cloud server.
  20. 20 . The data processing system of claim 18 , wherein the management operation is one operation selected from a list of operations consisting of: deletion of the data; encryption of the data; verification of integrity and/or trust in the data; and decryption of the data.

Description

FIELD Embodiments disclosed herein relate generally to managing a data processing system. More particularly, embodiments disclosed herein relate to systems and methods for managing operation of data processing systems including sound systems using a management controller of the data processing systems. BACKGROUND Computing devices may provide computer-implemented services. The computer-implemented services may be used by users of the computing devices and/or devices operably connected to the computing devices. The computer-implemented services may be performed with hardware components such as processors, memory modules, storage devices, and communication devices. The operation of these components may impact the performance of the computer-implemented services. BRIEF DESCRIPTION OF THE DRAWINGS Embodiments disclosed herein are illustrated by way of example and not limitation in the figures of the accompanying drawings in which like references indicate similar elements. FIG. 1A shows a block diagram illustrating a system in accordance with an embodiment. FIG. 1B shows a second block diagram illustrating a data processing system in accordance with an embodiment. FIGS. 2A-2C show interaction diagrams in accordance with an embodiment. FIG. 3 shows a flow diagram illustrating a method of managing operation of a data processing system in accordance with an embodiment. FIG. 4 shows a block diagram illustrating a data processing system in accordance with an embodiment. DETAILED DESCRIPTION Various embodiments will be described with reference to details discussed below, and the accompanying drawings will illustrate the various embodiments. The following description and drawings are illustrative and are not to be construed as limiting. Numerous specific details are described to provide a thorough understanding of various embodiments. However, in certain instances, well-known or conventional details are not described in order to provide a concise discussion of embodiments disclosed herein. Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in conjunction with the embodiment can be included in at least one embodiment. The appearances of the phrases “in one embodiment” and “an embodiment” in various places in the specification do not necessarily all refer to the same embodiment. References to an “operable connection” or “operably connected” means that a particular device is able to communicate with one or more other devices. The devices themselves may be directly connected to one another or may be indirectly connected to one another through any number of intermediary devices, such as in a network topology. In general, embodiments disclosed herein relate to methods and systems for managing operations of a data processing system. The data processing system may provide computer-implemented services to any type and number of other devices and/or users of the data processing system. The computer-implemented services may include any quantity and type of such services. For example, the data processing system may provide data management services such as collection, storage, removal, and/or otherwise management of data on behalf of an individual (e.g., user or administrator of the data processing system). The data processing system may include in-band components (e.g., hardware components and/or software resources) that may facilitate and/or perform the desired computer-implemented services. For example, an operating system of the data processing system may manage requests regarding data stored in a storage device (e.g., solid-state drive “SSD”) hosted by the data processing system. Managing requests regarding data stored by the hardware resources of the data processing system may include an interaction between hardware components of the data processing system and a cloud server. For example, an administrator or user of the data processing system may request modification (e.g., deletion, encryption, etc.) to the data stored by the data processing system and the cloud server may provide instructions (e.g., for managing the data) to the data processing system using in-band components connected to a network shared with the cloud server. However, providing the instructions via in-band components of the data processing system may not provide an adaptable solution in the event the hardware resources (e.g., including the in-band components) of the data processing system are not functional and/or operational. For example, the hardware resources of the data processing system may become unpowered for periods of time, may be unable to connect to a communication network, and/or may become compromised by a malicious party (e.g., that may perform unauthorized modifications to the data stored by the data processing system). Consequently, compromise and/or otherwise reduced functionality of the in-band components of the data processing system may lead to a