公开(公告)号：US11385947B2

公开(公告)日：2022-07-12

申请号：US17103061

申请日：2020-11-24

Applicant: Cisco Technology, Inc.

Inventor： Nivin Lawrence ,  Sandesh K. Rao ,  Manikandan Veerachamy ,  Amit Chandra ,  Tushar Sinha ,  Manoj Kumar ,  David W. Duffey

IPC: G06F12/10 ,  G06F9/54

Abstract: The present disclosure is directed to migrating logical volumes from a thick provisioned layout to a thin provisioned layout, and includes one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising creating an abstraction layer on top of a logical volume in a storage device, the abstraction layer for accessing the logical volume, the logical volume one of a plurality of logical volumes in a volume group of the storage device; allocating a thin pool from remaining storage space in the volume group of the storage device; creating a snapshot of the logical volume; adding a thin virtual volume corresponding to the logical volume to the thin pool; and copying data from the snapshot to the thin virtual volume.

公开(公告)号：US12206664B2

公开(公告)日：2025-01-21

申请号：US17745417

申请日：2022-05-16

Applicant: Cisco Technology, Inc.

Inventor： Jabir Hamediya Mohammed ,  Reda Haddad ,  Srihari Raghavan ,  Sandesh K. Rao

IPC: G06F21/00 ,  H04L9/40

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.

公开(公告)号：US20210173726A1

公开(公告)日：2021-06-10

申请号：US17103061

申请日：2020-11-24

Applicant: Cisco Technology, Inc.

Inventor： Nivin Lawrence ,  Sandesh K. Rao ,  Manikandan Veerachamy ,  Amit Chandra ,  Tushar Sinha ,  Manoj Kumar ,  David W. Duffey

IPC: G06F9/54

Abstract: The present disclosure is directed to migrating logical volumes from a thick provisioned layout to a thin provisioned layout, and includes one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations comprising creating an abstraction layer on top of a logical volume in a storage device, the abstraction layer for accessing the logical volume, the logical volume one of a plurality of logical volumes in a volume group of the storage device; allocating a thin pool from remaining storage space in the volume group of the storage device; creating a snapshot of the logical volume; adding a thin virtual volume corresponding to the logical volume to the thin pool; and copying data from the snapshot to the thin virtual volume.

公开(公告)号：US20240086205A1

公开(公告)日：2024-03-14

申请号：US17943440

申请日：2022-09-13

Applicant: Cisco Technology, Inc.

Inventor： Reda Haddad ,  Martin Edward Ramsdale ,  Srihari Raghavan ,  Jabir Hamediya Mohammed ,  Sandesh K. Rao

IPC: G06F9/4401 ,  G06F9/448 ,  H04L9/32

CPC classification number: G06F9/4401 ,  G06F9/4482 ,  H04L9/3268

Abstract: Techniques and architecture are described for validating and verifying iPXE scripts prior to execution during a booting process. During the booting process of a network device, right after the UEFI/BIOS stage of the booting process, a trusted iPXE script may make a request to a network server for the ownership voucher and owner certificate of the network device. The ownership voucher and owner certificate may then be stored in a trusted platform module (TPM) on the network device. In configurations, the retrieved owner certificate may be validated by the ownership voucher. The owner certificate may be used to validate iPXE scripts. Once validated, the iPXE scripts may be executed and the booting process may be continued to the kernel loading step and the application loading step. During a subsequent booting process of the network device, the ownership voucher and owner certificate may be retrieved from the TPM.

公开(公告)号：US20220342730A1

公开(公告)日：2022-10-27

申请号：US17860719

申请日：2022-07-08

Applicant: Cisco Technology, Inc.

Inventor： Nivin Lawrence ,  Sandesh K. Rao ,  Manikandan Veerachamy ,  Amit Chandra ,  Tushar Sinha ,  Manoj Kumar ,  David W. Duffey

IPC: G06F9/54

Abstract: The present disclosure is directed to seamless access to a common physical disk in an AMP system without an external hypervisor, and includes one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations including instantiating, by a first instance, a second instance during a system upgrade, creating, in the first instance, a first disk abstraction for a block device of a physical disk, and attaching the block device under the first disk abstraction. The operations further include providing the second instance network-based access to the physical disk using the first disk abstraction of the first instance during the system upgrade.

公开(公告)号：US12067402B2

公开(公告)日：2024-08-20

申请号：US17943440

申请日：2022-09-13

Applicant: Cisco Technology, Inc.

Inventor： Reda Haddad ,  Martin Edward Ramsdale ,  Srihari Raghavan ,  Jabir Hamediya Mohammed ,  Sandesh K. Rao

IPC: G06F9/4401 ,  G06F9/448 ,  H04L9/32

CPC classification number: G06F9/4401 ,  G06F9/4482 ,  H04L9/3268

Abstract: Techniques and architecture are described for validating and verifying iPXE scripts prior to execution during a booting process. During the booting process of a network device, right after the UEFI/BIOS stage of the booting process, a trusted iPXE script may make a request to a network server for the ownership voucher and owner certificate of the network device. The ownership voucher and owner certificate may then be stored in a trusted platform module (TPM) on the network device. In configurations, the retrieved owner certificate may be validated by the ownership voucher. The owner certificate may be used to validate iPXE scripts. Once validated, the iPXE scripts may be executed and the booting process may be continued to the kernel loading step and the application loading step. During a subsequent booting process of the network device, the ownership voucher and owner certificate may be retrieved from the TPM.

公开(公告)号：US11748180B2

公开(公告)日：2023-09-05

申请号：US17860719

申请日：2022-07-08

Applicant: Cisco Technology, Inc.

Inventor： Nivin Lawrence ,  Sandesh K. Rao ,  Manikandan Veerachamy ,  Amit Chandra ,  Tushar Sinha ,  Manoj Kumar ,  David W. Duffey

IPC: G06F9/54

CPC classification number: G06F9/544

Abstract: The present disclosure is directed to seamless access to a common physical disk in an AMP system without an external hypervisor, and includes one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations including instantiating, by a first instance, a second instance during a system upgrade, creating, in the first instance, a first disk abstraction for a block device of a physical disk, and attaching the block device under the first disk abstraction. The operations further include providing the second instance network-based access to the physical disk using the first disk abstraction of the first instance during the system upgrade.

公开(公告)号：US20250112921A1

公开(公告)日：2025-04-03

申请号：US18979272

申请日：2024-12-12

Applicant: Cisco Technology, Inc.

Inventor： Jabir Hamediya Mohammed ,  Reda Haddad ,  Srihari Raghavan ,  Sandesh K. Rao

IPC: H04L9/40

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.

公开(公告)号：US20230394493A1

公开(公告)日：2023-12-07

申请号：US17830848

申请日：2022-06-02

Applicant: Cisco Technology, Inc.

Inventor： Sandesh K. Rao ,  Reda Haddad ,  Srihari Raghavan ,  Jabir Hamediya Mohammed

IPC: G06Q30/00

CPC classification number: G06Q30/018

Abstract: In one embodiment, methods for mediated transfer of ownership are described. The method may include receiving a request for an ownership voucher from a device, validating an identifier of the device, determining whether to issue the ownership voucher, generating a signed ownership voucher, and sending the signed ownership voucher to the device. In another embodiment, methods for unmediated transfer of ownership are described, including receiving, an ownership voucher associated with a first ownership certificate, determining whether the ownership voucher comprises a signature associated with a manufacturer, based at least in part on determining that the signature of the manufacturer is absent, determining that a second ownership certificate is stored in memory, determining that the second ownership certificate comprises a signature associated with a user, validating the ownership voucher; and based at least in part on the validating, enrolling the first ownership certificate on the network device.

公开(公告)号：US20230370454A1

公开(公告)日：2023-11-16

申请号：US17745417

申请日：2022-05-16

Applicant: Cisco Technology, Inc.

Inventor： Jabir Hamediya Mohammed ,  Reda Haddad ,  Srihari Raghavan ,  Sandesh K. Rao

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.