Contextual security policy engine for compute node clusters

Abstract

The technology described herein, which can be incorporated into a bare metal as a service environment, is generally directed towards monitoring retrieving and analyzing security configuration stored on recovery partition storage (e.g., OEM partition drives), which can contain critical logs, error state data, and boot critical security data. A backend security policy engine enforces security context configuration policy data, including to prevent malicious attacks on the backend services. Bare metal in-band compute device health is monitored by an out-of-band network using telemetry data services. When an unrecoverable system state is detected, the out-of-band network activates the recovery partition storage for recording the system sensitive logs, debug data and error states, which is stored as encrypted per security policies. Security policy is enforced, including on system logs, to prevent data tampering and/or malicious attacks. A recovery scenario is performed to restore operation of the compute device.

CPC Classifications