Abstract: A system and method for managing multiple server computer systems on a computer network. The functions of a central management server are distributed to multiple daemons executing independently of each other on one or more computer systems. Distributing the functions of the central management server to separate multiple daemons substantially improves the reliability of a multi-server management application.

Abstract: A method and apparatus for delegating root access to non-root users of a computer system while maintaining computer system security are disclosed. Such a method may include authorizing a role for a user, wherein the authorized role includes one or more tools and the tools enable root access for certain tasks that the tools perform when run, whereby the one or more tools are delegated to the user and authorizing a machine of the computer system for the authorized role, wherein the computer system comprises a plurality of machines and the user is enabled to utilize the authorized role only on authorized machines, whereby utilizing the authorized role comprises running the one or more tools of the authorized role. Embodiments of the invention may comprise authorization objects that comprise attributes identifying a user and the roles and machine for which the user is authorized.

Abstract: A service control manager (SCM) tool execution mechanism enables SCM users to execute SCM tools across a set of defined distributed nodes (systems). It provides a secure mechanism, referred to a distributed task facility (DTF), to integrate different operations and execute the operations across the set of distributed nodes.

Abstract: A method and apparatus for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, are disclosed. Such a method and apparatus may include delegating tools to a user based on a role, wherein a tool provides root access for performing a specific task in the computer system and the role is an authorized role that enables the user to run the delegated tools, identifying one of the plurality of roles to be disabled, wherein the identified role is the authorized role, accessing the identified role, and, disabling the identified role so that the user cannot run the delegated tool(s). Disabled roles may likewise be enabled according to a disclosed method and apparatus. Embodiments of the invention may comprise authorization objects that comprise attributes identifying the roles and machine for which a user is authorized.

Abstract: A system and method for managing a multiple server computer system on a computer network. The system includes a central management server and one or more remote nodes connected to the central management server. A distributed task facility assigns and monitors system management tasks on the remote nodes. An agent running on each of the remote nodes executes system management tasks and initiates contact with the central management server to report the status of the agent and the remote node on which it is running.

Abstract: A service control manager (SCM) module may, through a light weight centraized authorization process, assign certain tools to a role so that a non-root user with such role may run the authorized commands specified in the tools as a root user. The usage of these commands is tracked and logged, typically by a log manager who observes each of the commands that are run within the role. If the non-root user tries to run a command that is not assigned to the role, the log manager may block that attempt. Therefore the lightweight authorization may be achieved without compromising security. The user may also be given a finer granularity of running specific commands and options. In addition, the non-root user with the role may only need to be authorized on one node (machine) to be able to perform the commands on multiple nodes.

Abstract: An embodiment of an object class test involves constructing objects from classes, developing a unit class test for each object, passing data into each object using the unit class test, and retrieving data from each object using the unit class test to determine if the object is functional. Accordingly, the object class test ensures that each object is functional before the objects are installed in a software development system. In addition, the object class test documents and implements source code necessary to produce standard output messages from the unit class test for each class, thus formalizing the object class test output into an easily parseable and human readable format.

Abstract: By setting up a single multi-system management environment, a ServiceControl Manager provides a simple means to integrate both SSA management applications and MSA management applications into the multi-system environment. MSA applications may be started by a user using either command line interface (CLI) or graphical user interface (GUI). Either from CLI or from GUI, the method for MSA applications includes selecting an MSA tool by a user, establishing a target node list that contains nodes on which the tool may run, and passing the target node list as environment variables. The environment variables are then passed to the MSA applications that use the node list to restrict the user access to these nodes.

Abstract: A service control manager (SCM) tool execution mechanism enables SCM users to execute SCM tools across a set of defined distributed nodes (systems). It provides a secure mechanism, referred to a distributed task facility (DTF), to integrate different operations and execute the operations across the set of distributed nodes.

Abstract: A system and method for managing multiple server computer systems on a computer network. The functions of a central management server are distributed to multiple daemons executing independently of each other on one or more computer systems. Distributing the functions of the central management server to separate multiple daemons substantially improves the reliability of a multi-server management application.

Abstract: A service control manager (SCM) module may, through a light weight centraized authorization process, assign certain tools to a role so that a non-root user with such role may run the authorized commands specified in the tools as a root user. The usage of these commands is tracked and logged, typically by a log manager who observes each of the commands that are run within the role. If the non-root user tries to run a command that is not assigned to the role, the log manager may block that attempt. Therefore the lightweight authorization may be achieved without compromising security. The user may also be given a finer granularity of running specific commands and options. In addition, the non-root user with the role may only need to be authorized on one node (machine) to be able to perform the commands on multiple nodes.

Abstract: A method and apparatus for managing tool execution via roles on a computer system while maintaining computer system security, wherein the computer system comprises a plurality of roles, are disclosed. Such a method and apparatus may include delegating tools to a user based on a role, wherein a tool provides root access for performing a specific task in the computer system and the role is an authorized role that enables the user to run the delegated tools, identifying one of the plurality of roles to be disabled, wherein the identified role is the authorized role, accessing the identified role, and, disabling the identified role so that the user cannot run the delegated tool(s). Disabled roles may likewise be enabled according to a disclosed method and apparatus. Embodiments of the invention may comprise authorization objects that comprise attributes identifying the roles and machine for which a user is authorized.

Abstract: A method and apparatus for delegating root access to non-root users of a computer system while maintaining computer system security are disclosed. Such a method may include authorizing a role for a user, wherein the authorized role includes one or more tools and the tools enable root access for certain tasks that the tools perform when run, whereby the one or more tools are delegated to the user and authorizing a machine of the computer system for the authorized role, wherein the computer system comprises a plurality of machines and the user is enabled to utilize the authorized role only on authorized machines, whereby utilizing the authorized role comprises running the one or more tools of the authorized role. Embodiments of the invention may comprise authorization objects that comprise attributes identifying a user and the roles and machine for which the user is authorized.

Abstract: A task manager for operating and performing management tasks called for by a system administration manager. The task manager includes a command task manager for performing command tasks, a function task manager for performing function tasks, and a remote task execution manager for performing remote or distributed task. In addition, the task manager includes a single application program interface for interfacing the command task manager, function task manager, and remote task execution manager with the system administration manager. The task manager further performs error handling and automatic logging operations. The task manager uses a task registration manager which stores the individual task descriptions and makes them available to the task manager.

Abstract: A system and method for managing a multiple server computer system on a computer network. The system includes a central management server and one or more remote nodes connected to the central management server. A distributed task facility assigns and monitors system management tasks on the remote nodes. An agent running on each of the remote nodes executes system management tasks and initiates contact with the central management server to report the status of the agent and the remote node on which it is running.

Abstract: A registration manager implemented as a task registration manager for dynamically registering management task descriptions on demand. The task registration manager includes a static registration mechanism, a static registry, and a runtime registration mechanism. At installation of a management application, the static registration mechanism stores a relatively small amount of information regarding each task provided with that application in the static registry for use at runtime. At runtime, the runtime registration mechanism registers a task the first time a specific task is requested by consulting the information contained in the runtime registration mechanism and then parsing the task description and placing it in a description object. A pointer to the description object is returned. Subsequent executions are performed using the pointer to the description object already in memory.

Abstract: A task manager for operating and performing management tasks called for by a system administration manager. The task manager includes a command task manager for performing command tasks, a function task manager for performing function tasks, and a remote task execution manager for performing remote or distributed task. In addition, the task manager includes a single application program interface for interfacing the command task manager, function task manager, and remote task execution manager with the system administration manager. The task manager further performs error handling and automatic logging operations. The task manager uses a task registration manager which stores the individual task descriptions and makes them available to the task manager.

Abstract: A registration manager implemented as a task registration manager for dynamically registering management task descriptions on demand. The task registration manager includes a static registration mechanism, a static registry, and a runtime registration mechanism. At installation of a management application, the static registration mechanism stores a relatively small amount of information regarding each task provided with that application in the static registry for use at runtime. At runtime, the runtime registration mechanism registers a task the first time a specific task is requested by consulting the information contained in the runtime registration mechanism and then parsing the task description and placing it in a description object. A pointer to the description object is returned. Subsequent executions are performed using the pointer to the description object already in memory.