Technologies for allocating resources of managed nodes to workloads to balance multiple resource allocation objectives include an orchestrator server to receive resource allocation objective data indicative of multiple resource allocation objectives to be satisfied. The orchestrator server is additionally to determine an initial assignment of a set of workloads among the managed nodes and receive telemetry data from the managed nodes. The orchestrator server is further to determine, as a function of the telemetry data and the resource allocation objective data, an adjustment to the assignment of the workloads to increase an achievement of at least one of the resource allocation objectives without decreasing an achievement of another of the resource allocation objectives, and apply the adjustments to the assignments of the workloads among the managed nodes as the workloads are performed. Other embodiments are also described and claimed.

A request to add tags (e.g., labels, key-value pairs, or metadata) to resources can be digitally signed by the entity making the request, such that the source can be verified and an authorization determination made for each tag. For a request involving multiple services (or entities) that can each add tags, any tag added by a service can be included in the request and digitally signed by that service. Each service processing the request can also digitally sign the request before forwarding, so that each service signs a version of the request, which includes elements signed by other services earlier in the request chain. When the request is received to a tagging service, the service ensures that every tag was digitally signed by the appropriate authorized entity or service, and validates the signatures to ensure that no data was modified or omitted, before adding the tags to the designated resource(s).

Systems and methods for storage pruning can enable users to delete, edit, or copy backed up data that matches a pattern. Storage pruning can enable fine-grain deletion or copying of these files from backups stored in secondary storage devices. Systems and methods can also enable editing of metadata associated with backups so that when the backups are restored or browsed, the logical edits to the metadata can then be performed physically on the data to create a custom restore or a custom view. A user may perform operations such as renaming, deleting, modifying flags, and modifying retention policies on backed up items. Although the underlying data in the backup may not change, the view of the backup data when the user browses the backup data can appear to include the user's changes. A restore of the data can cause those changes to be performed on the backup data.

Technologies for switching network traffic include a network switch. The network switch includes one or more processors and communication circuitry coupled to the one or more processors. The communication circuitry is capable of switching network traffic of multiple link layer protocols. Additionally, the network switch includes one or more memory devices storing instructions that, when executed, cause the network switch to receive, with the communication circuitry through an optical connection, network traffic to be forwarded, and determine a link layer protocol of the received network traffic. The instructions additionally cause the network switch to forward the network traffic as a function of the determined link layer protocol. Other embodiments are also described and claimed.

A processing system selectively compresses cache lines at a cache or at a memory or encrypts cache lines at the memory based on evictions of entries mapping virtual-to-physical address translations from a translation lookaside buffer (TLB). Upon eviction of a TLB entry, the processing system identifies cache lines corresponding to the physical addresses of the evicted TLB entry and selectively compresses the cache lines to increase the effective storage capacity of the processing system or encrypts the cache lines to protect against vulnerabilities.

Provided herein are compositions, devices, systems and methods for the generation and use of biomolecule-based information for storage. Additionally, devices described herein for de novo synthesis of nucleic acids encoding information related to the original source information may be rigid or flexible material. Further described herein are highly efficient methods for long term data storage with 100% accuracy in the retention of information. Also provided herein are methods and systems for efficient transfer of preselected polynucleotides from a storage structure for reading stored information.

A cache memory can maintain multiple cache lines and each cache line can include a data field, an encryption status attribute, and an encryption key attribute. The encryption status attribute can indicate whether the data field in the corresponding cache line includes encrypted or unencrypted data and the encryption key attribute can include an encryption key identifier for the corresponding cache line. In an example, a cryptographic controller can access keys from a key table to selectively encrypt or unencrypt cache data. Infrequently accessed cache data can be maintained as encrypted data, and more frequently accessed cache data can be maintained as unencrypted data. In some examples, different cache lines in the same cache memory can be maintained as encrypted or unencrypted data, and different cache lines can use respective different encryption keys.

Various examples are directed to systems and methods for securing a data storage device. A storage controller may receive a read request directed to the data storage device. The read request may comprise address data indicating a first address of a first storage location at the data storage device. The storage controller may request from the data storage device a first encrypted data unit stored at the first memory element and a first encrypted set of parity bits, such as Error Correction Code (ECC) bits, associated with the first storage location. An encryption system may decrypt the first encrypted set of parity bits to generate a first set of parity bits based at least in part on an a first location parity key for the first address.

A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

A method for providing and maintaining secure storage of target data includes, during a first time period in which a server provides a first mapping between user-specific cloaking sequence elements and hidden sequence elements, cloaking the target data using a first set of user-specific cloaking sequences and the first mapping, and storing the cloaked data in a persistent memory. The method further includes, during a later, second time period in which the server provides a different, second mapping between the user-specific cloaking sequence elements and the hidden sequence elements, re-cloaking the cloaked data using the first set of user-specific cloaking sequences and the second mapping, and storing the re-cloaked data in the persistent memory.