Abstract: A credential store provides for secure storage of credentials. A credential stored in the credential store is encrypted with the public key of a user owning the credential. A first user may provide a credential owned by the first user to a second user. The first user may add credentials owned by the first user to the credential store. An administrator may manage users of the credential store without having the ability to provide credentials to those users.

Abstract: A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.

Abstract: A method and system for executing and undoing distributed server change operations for a collection of server objects across multiple target servers in a transaction-safe manner is provided. In one embodiment, server change operations for a collection of server objects, such as files and configuration file entries, are specified in a transaction package. The target servers to which the specified change operation are directed are also identified in the transaction package. Parameter values for each of the identified target servers are specified through a parameter file in the transaction package. The transaction package is sent to the identified target servers, which execute the change operations on the target servers in a transaction-safe manner using these parameter values.

Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.

Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.

Abstract: A credential store provides for secure storage of credentials. A credential stored in the credential store is encrypted with the public key of a user owning the credential. A first user may provide a credential owned by the first user to a second user. The first user may add credentials owned by the first user to the credential store. An administrator may manage users of the credential store without having the ability to provide credentials to those users.

Abstract: Systems and methods for monitoring changes to a digital file are described. Examples include a computer system for monitoring digital file changes that includes a processing unit that accepts a request to write an input data stream to a first file accessible within the computer system, and a storage device coupled to the processing unit and including a second file (the first file being a virtualized representation of the second file). The processing unit parses an input attribute from the input data stream, wherein the attribute includes an input identifier and an associated input value. The processing unit signals an event if the input attribute matches an identifier designated as a monitored attribute identifier of the second file.

Abstract: This document discusses, among other things, an information technology (IT) enterprise manager system. In one example, the system includes data groups organized into IT Services, IT Resources, and IT Consumers data groups. The IT Resources data group may include one or more of an IT Applications data group, an IT Assets data group, an IT Staff Data group, and an IT Vendors data group. The IT Consumers data group may include one or both of a Business Processes data group and an IT Clients data group. Information in one data group may use a link to other information in another data group. In one example, the system provides tools and methods for managing a portfolio IT projects through various phases of their lifecycles, such as during project definition, establishing a business case for the project, project design and implementation, and/or project wrap-up.

Abstract: A method and system for configuring heterogeneous servers across a network through modules that can browse, snapshot, track changes, track compliance, correct server objects on each of the servers, and provision new servers is provided. In one embodiment, server objects on multiple servers can be browsed in real time. While browsing, a collection of server object identifiers can be selected and collected in a template. The values of the server objects identified in the template can be recorded for a “gold server” through a “snapshot” process, which collects the values and saves them in a reference model. By comparing other live servers to the reference model, discrepancies in configuration of the other live servers can be identified and corrected. The reference models can also be used to provision a new server. Alternative to the reference model, an arbitrary snapshot or scheduled snapshots of a server can be used to track change and compliance in that server.

Abstract: Systems, methods and computer readable media for media for continuous content sharing between systems through intelligent resolution of federated hierarchical graphs are described. A Multi-Topology Middleman (MTM) is used between the source and target systems to handle the content sharing. The MTM builds on traditional import/export infrastructure; it tracks the import/export of individual objects between systems. When a conflict is found between systems, the MTM learns the conflict resolution and stores the conflict resolution as a rule for the conflicting object, and applies the rule for subsequent import/export process on that object. The MTM also tracks the mapping of objects between the source and target systems and updates the target object in accordance with a change in the source object. The MTM is also capable of undoing the import process.

Abstract: A method and system for managing a large number of servers and their server components distributed throughout a heterogeneous computing environment is provided. In one embodiment, an authenticated user, such as a IT system administrator, can securely and simultaneously control and configure multiple servers, supporting different operating systems, through a “virtual server.” A virtual server is an abstract model representing a collection of actual target servers. To represent multiple physical servers as one virtual server, abstract system calls that extend execution of operating-system-specific system calls to multiple servers, regardless of their supported operating systems, are used. A virtual server is implemented by a virtual server client and a collection of virtual server agents associated with a collection of actual servers.

Abstract: A credential store provides for secure storage of credentials. A credential stored in the credential store is encrypted with the public key of a user owning the credential. A first user may provide a credential owned by the first user to a second user. The first user may add credentials owned by the first user to the credential store. An administrator may manage users of the credential store without having the ability to provide credentials to those users.

Abstract: A method and system for managing a large number of servers and their server components distributed throughout a heterogeneous computing environment is provided. In one embodiment, an authenticated user, such as a IT system administrator, can securely and simultaneously control and configure multiple servers, supporting different operating systems, through a “virtual server.” A virtual server is an abstract model representing a collection of actual target servers. To represent multiple physical servers as one virtual server, abstract system calls that extend execution of operating-system-specific system calls to multiple servers, regardless of their supported operating systems, are used. A virtual server is implemented by a virtual server client and a collection of virtual server agents associated with a collection of actual servers.

Abstract: A method and system for executing and undoing distributed server change operations for a collection of server objects across multiple target servers in a transaction-safe manner is provided. In one embodiment, server change operations for a collection of server objects, such as files and configuration file entries, are specified in a transaction package. The target servers to which the specified change operation are directed are also identified in the transaction package. Parameter values for each of the identified target servers are specified through a parameter file in the transaction package. The transaction package is sent to the identified target servers, which execute the change operations on the target servers in a transaction-safe manner using these parameter values.

Abstract: Various embodiments include methods and systems to support IT business decision making, including a data correlator and business, configuration, risk, and application management databases. The business management database contains information pertaining to services offered by IT and other IT business information. The configuration management database contains operational data including the resources required by IT's offered services. The risk management database contains operational constraints on the organization by external sources, such as industry practices or government regulations. The application management database contains information about projects and applications that are in development but not currently operational including resources required by IT's services now or in the future.

Abstract: A method and system for executing and undoing distributed server change operations for a collection of server objects across multiple target servers in a transaction-safe manner is provided. In one embodiment, server change operations for a collection of server objects, such as files and configuration file entries, are specified in a transaction package. The target servers to which the specified change operation are directed are also identified in the transaction package. Parameter values for each of the identified target servers are specified through a parameter file in the transaction package. The transaction package is sent to the identified target servers, which execute the change operations on the target servers in a transaction-safe manner using these parameter values.

Abstract: Systems, methods and computer readable media for media for continuous content sharing between systems through intelligent resolution of federated hierarchical graphs are described. A Multi-Topology Middleman (MTM) is used between the source and target systems to handle the content sharing. The MTM builds on traditional import/export infrastructure; it tracks the import/export of individual objects between systems. When a conflict is found between systems, the MTM learns the conflict resolution and stores the conflict resolution as a rule for the conflicting object, and applies the rule for subsequent import/export process on that object. The MTM also tracks the mapping of objects between the source and target systems and updates the target object in accordance with a change in the source object. The MTM is also capable of undoing the import process.

Abstract: An information technology (IT) asset management system provides for logically grouping IT assets and performing actions on the logical groups. Cluster analysis techniques are used to analyze the configuration data corresponding to IT assets in the IT asset management system, generating proposed logical groups from the clusters determined by the cluster analysis techniques. A system administrator may be allowed to accept or reject the proposed logical groups.

Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.

Abstract: A key manager provides a way to separate out the management of encryption keys and policies from application domains. The key manager may create cipher objects that may be used by the domains to perform encryption or decryption, without exposing the keys or encryption/decryption algorithms to the domains. A master key managed by the key manager may be used to encrypt and decrypt the domain keys that are stored under the control of the key manager. The key manager supports the rekeying of both the master key and the domain keys based on policy. Multiple versions of domain keys may be supported, allowing domains to access data encrypted with a previous version of a domain key after a rekeying.