Abstract: A method and associated computer program product for developing an Information Technology (IT) system. An abstract IT structure for the IT system is provided. A virtual IT structure for the IT system is generated from the abstract IT structure by a translator. A real IT structure for the IT system is generated from the virtual IT structure.

Abstract: A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack.

Abstract: A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack.

Abstract: Computer security processes include displaying information elements on a computer display screen. Some of the information elements are mapped to corresponding parameters. The computer security processes also include receiving a selected information element from the information elements displayed on the computer display screen, and determining a value of a parameter associated with the selected information element based on a condition. The value of the parameter is changeable according to changes in the condition. The computer security processes further include comparing the selected information element with the value of the parameter, and upon determining the value of the parameter matches the selected information element, providing a user with access to a system resource.

Abstract: Computer security processes include displaying information elements on a computer display screen. Some of the information elements are mapped to corresponding parameters. The computer security processes also include receiving a selected information element from the information elements displayed on the computer display screen, and determining a value of a parameter associated with the selected information element based on a condition. The value of the parameter is changeable according to changes in the condition. The computer security processes further include comparing the selected information element with the value of the parameter, and upon determining the value of the parameter matches the selected information element, providing a user with access to a system resource.

Abstract: A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack.

Abstract: The present invention is directed to a method, system, and computer program product for providing local load balancing for high-availability servers. In particular, the present invention is based on the use of an HACMP cluster of servers (for high availability) each running an instance of a TCP splitter (for load balancing). A cluster of servers is provided, wherein a Transport Control Protocol (TCP) splitter runs on each of the servers. Each TCP splitter is configured to split an incoming data stream to a respective server among a plurality of the servers for processing. Each server in the cluster has a different routable Internet Protocol (IP) address. Upon a failure of a server, the IP address of the failed server is reassigned to another server in the cluster.

Abstract: A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack.

Abstract: A method and system for optimally scheduling a web conference managed by a web application. Date and time ranges are initialized with predefined values. A tentative start date included in the date range and a tentative start time included in the time range are automatically calculated, and are included in a tentative schedule for the web conference. A time period is determined by the tentative schedule and a duration of the web conference. The automatic calculation prevents the time period from overlapping a time interval during which processors utilized by the web application are to experience a peak load. The tentative schedule is presented to the user via the interface, and is recalculated and redisplayed in response to the user updating a load-related parameter. The user selects a final schedule, which is the tentative schedule or a user-specified schedule different from the tentative schedule.

Abstract: A computer system and computer program product for optimizing an aspect of an Information Technology (IT) structure of an IT system. The aspect of the IT structure is optimized with respect to at least one control parameter. The IT structure includes a plurality of elements. Each element independently is a hardware element, a software element, or a combination of a hardware element and a software element. Each control parameter has a value that is specific to each element of the IT structure.

Abstract: A firewall rule generation method, a load balancing rule generation method, and a wrapper generation method, for an Information Technology (IT) system, associated computer program products, and an associated processes for integrating computing infrastructure. The firewall rule generation method generates firewall rules allowing data transmission between a computer and a client, and subsequently assigns the firewall rules to firewalls of the IT system. The load balancing rule generation method assigns a load balancing mechanism to a load balanced group to which execution of an application is assigned, wherein the load balanced group has servers therein. For a client and computer having a communication protocol therebetween that is not allowed by a security policy, the wrapper generation method generates a communication protocol wrapper that opens a Transmission Control Protocol (TCP) connection between the client and the computer such that the TCP connection is allowed by the security policy.

Abstract: A method and system for preventing a detection of web crawling. A randomizing HTTP proxy server receives a first request from a web crawler to scan a website and forwards the first request to a randomly selected first proxy computer. The first proxy computer utilizes a first network address translation (NAT)-enabled router to forward the first request to the website. A NAT algorithm associates a first source Internet Protocol (IP) address with the first request. The randomizing HTTP proxy server receives a second web crawler-initiated request to scan the website and forwards the second request to a randomly selected second proxy computer. The second proxy computer utilizes a second NAT-enabled router to forward the second request to the website. The NAT algorithm associates a second source IP address with the second request. The web server identifies the first and second source IP addresses as being different.

Abstract: A method performed in an Information Technology (IT) development environment and an associated computer system. Business requirements are translated into functional requirements. An abstract IT structure is generated by translating the functional requirements into the abstract IT structure.

Abstract: A service element is defined and represented by a data structure. It includes one or more components and/or one or more other service elements. A service element providing a complete function is a service offering. Management of service elements and/or service offerings is facilitated by a Service Development Tool. In different aspects, the management includes various tasks associated with creating, modifying and deleting service elements, establishing relationships, error checking and optimization. In a further aspect, service elements are packaged and distributed to enable customers to deliver the service elements. Additionally, the hosting of software packages is facilitated.

Abstract: A method and system for adapting an Information Technology (IT) structure to maintain service levels. An IT structure is deployed in an IT delivery environment. A service level associated with the IT structure is specified. At least one operational characteristic of the IT structure corresponding to the specified service level is identified. For each identified operational characteristic, a corresponding threshold is established in such that if the corresponding threshold is violated then the specified service level is not sustained. After establishing the thresholds, operation of the IT structure is monitored. The monitoring detects a condition wherein a measured value of a first operational characteristic has violated the corresponding threshold associated with the first operational characteristic such that the specified service level is not sustained by the measured value of the first operational characteristic, causing degradation of the specified service level.

Abstract: Method and system for verifying correctness of networking aspects of an Information Technology (IT) system that includes a host network of hosts. The hosts include servers and firewalls. A firewall connectivity indication of whether the host network includes an isolated firewall or a cross-zone connected firewall is determined. Determining for each host whether the host is isolated from a communication network to which the IT system is connected determines whether isolated network segments exit within the host network. For each host determined to be isolated from the communication network, the method identifies all network segments of the host network to which each host is connected, determines the unique network segments of the identified network segments, and designates the unique network segments as a set of isolated network segments. The firewall connectivity indication and the set of isolated network segments are stored in a storage medium of a computer system.

Abstract: A service element is defined and represented by a data structure. It includes one or more components and/or one or more other service elements. A service element providing a complete function is a service offering. Management of service elements and/or service offerings is facilitated by a Service Development Tool. In different aspects, the management includes various tasks associated with creating, modifying and deleting service elements, establishing relationships, error checking and optimization. In a further aspect, service elements are packaged and distributed to enable customers to deliver the service elements. Additionally, the hosting of software packages is facilitated.

Abstract: A method and system for estimating a screen refresh rate of a computing unit participating in an Internet-based collaboration. The computing unit receives a test image that includes pixels located at predefined positions and blinking at predefined frequencies. Measurements of the number of blinks of the pixels in a specified time period are collected. An average of the measurements summed over the predefined frequencies is calculated. A screen refresh rate is estimated by comparing the calculated average to a sum of multiple sums of simulated blinks of pixels in the specified time period. The average is closer to the sum than any of the other sums and the sum is associated with the estimated screen refresh rate.

Abstract: An Information Technology (IT) system display method and computer program product. A description is provided of a configuration of devices, network segments, and vertical connectors relating to an IT structure. The devices are initially distributed to form a distribution of the devices in a matrix representing a display screen. A defined goal value of the configuration is a function of a length and weight of each network segment, a length and weight of each vertical connector, and a penalty for each crossing of a device by a network segment. An overlay pattern of the network segments and the vertical connectors overlayed on the matrix is displayed in accordance with the description and the final distribution of the devices in the matrix. The goal value for the final distribution is lower than for the initial distribution. The final distribution is displayed on the display screen together with the overlay pattern.

Abstract: A method and system is presented for bypassing a local Domain Name Server (DNS) when using edge caching servers. Domain names of frequently used business applications that are known to rely upon edge servers, together with the corresponding authoritative DNSs, are listed in both local hosts file and user defined FSFD local configuration file fsfd.conf. When the client computer's browser attempts to resolve a domain name, a File System Filtering Driver (FSFD) in the client computer intercepts the browser's request. If the domain name which is being resolved is found in a local FSFD configuration file fsfd.conf, then the FSFD initiates a DNS request directly to the appropriate authoritative DNS whose IP address gets extracted from the fsfd.conf record, thus bypassing the local DNS. The authoritative DNS returns the IP address for an edge caching server that is topographically proximate to the client computer's browser.