Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines includes a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines includes one or more private-cloud virtual machines, wherein at least one of the first host machines further includes a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resource

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein at least one of the first host machines further comprises a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resour

Abstract: In one embodiment, a method includes a method for provisioning private-cloud server nodes by receiving a request to provision a specified number of server nodes for a private cloud, wherein the request is associated with a user, identifying a plurality of server nodes including (a) the specified number of hypervisor server nodes from a first pool that includes prepared hypervisor server nodes, each of which includes a previously-installed hypervisor, and (b) a management server node from a second pool that includes prepared management server nodes, each of which includes a previously-installed hypervisor and one or more previously-installed management components, configuring the identified server nodes to use a network associated with the user, creating a private cloud that includes the identified server nodes, and providing, to the user, permission to access the identified server nodes.

Abstract: A method includes receiving a request to perform a job from a second computing device, where the job includes one or more steps to be completed in a period, and where the request includes a job description for the job, storing the job description into a data store, retrieving a step description corresponding to one of the steps of the job to be performed from the data store, where each of the steps is performed by a corresponding worker system, sending the commands to the communication endpoint for the corresponding worker system, receiving a status update comprising results for the commands from the corresponding worker system, and storing the status update to the data store.

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

Abstract: In one embodiment, a method includes receiving a request to perform a job from a second computing device, where the job includes one or more steps to be completed in a period, and where the request includes a job description for the job, storing the job description into a data store, retrieving a step description corresponding to one of the steps of the job to be performed from the data store, where each of the steps is performed by a corresponding worker system, sending the commands to the communication endpoint for the corresponding worker system, receiving a status update comprising results for the commands from the corresponding worker system, and storing the status update to the data store.

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, 1 0 during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

Abstract: In one embodiment, a method includes a method for provisioning private-cloud server nodes by receiving a request to provision a specified number of server nodes for a private cloud, wherein the request is associated with a user, identifying a plurality of server nodes including (a) the specified number of hypervisor server nodes from a first pool that comprises prepared hypervisor server nodes, each of which comprises a previously-installed hypervisor, and (b) a management server node from a second pool that comprises prepared management server nodes, each of which comprises a previously-installed hypervisor and one or more previously-installed management components, configuring the identified server nodes to use a network associated with the user, creating a private cloud that includes the identified server nodes, and providing, to the user, permission to access the identified server nodes.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, scanning by another set of security rules. The server then executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system or blocking transmission.

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein at least one of the first host machines further comprises a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resour

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein at least one of the first host machines further comprises a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resour

Abstract: In one embodiment, a method includes receiving a request to perform a job from a second computing device, where the job includes one or more steps to be completed in a period, and where the request includes a job description for the job, storing the job description into a data store, retrieving a step description corresponding to one of the steps of the job to be performed from the data store, where each of the steps is performed by a corresponding worker system, sending the commands to the communication endpoint for the corresponding worker system, receiving a status update comprising results for the commands from the corresponding worker system, and storing the status update to the data store.

Abstract: In one embodiment, a system includes a computing device providing a computing environment including a number of user accounts, where each of the user accounts is assigned specified privileges to execute particular commands or programs, receiving a request to temporarily escalate privileges for one of the user accounts during a specified duration, where the request includes an identifier of the user account, requested privileges, and the specified duration, granting the requested privileges for the specified duration in conjunction with specific restrictions on one or more prohibited activities that are normally permitted for user accounts with the requested privileges, monitoring, during the specified duration, for any indication that the user account has attempted a prohibited activity, detecting an indication that the user account attempted one of the prohibited activities, and initiating an automated remediation corresponding to the indication.

Abstract: In one embodiment, a system includes first host machines implementing a public-cloud computing environment, wherein at least one of the first host machines comprises a resource manager that provides a public-cloud resource interface through which one or more public-cloud clients interact with one or more virtual machines, and second host machines implementing a private-cloud computing environment, wherein at least one of the second host machines comprises one or more private-cloud virtual machines, wherein at least one of the first host machines further comprises a private-cloud VM resource provider through which the resource manager interacts with the private-cloud virtual machines, wherein the VM resource provider translates requests to perform virtual machine operations from a public-cloud-resource interface to a private-cloud virtual machine interface, and the private-cloud virtual machines perform the requested virtual machine operations in response to receiving the translated requests from the VM resour

Abstract: In one embodiment, a method includes a method for provisioning private-cloud server nodes by receiving a request to provision a specified number of server nodes for a private cloud, wherein the request is associated with a user, identifying a plurality of server nodes including (a) the specified number of hypervisor server nodes from a first pool that comprises prepared hypervisor server nodes, each of which comprises a previously-installed hypervisor, and (b) a management server node from a second pool that comprises prepared management server nodes, each of which comprises a previously-installed hypervisor and one or more previously-installed management components, configuring the identified server nodes to use a network associated with the user, creating a private cloud that includes the identified server nodes, and providing, to the user, permission to access the identified server nodes.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, at least a portion of the message is transmitted to a central server that is within the secure perimeter, for scanning by another set of security rules. The central server then sends a security command back to the remote device, which executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system.

Abstract: The present invention provides methods and systems to protect an organization's secure information from unauthorized disclosure. The present system uses protect agents installed across various egress points (e.g., email server, user's computer, etc.) to monitor information disclosed by a user. The present system also provides the use of fingerprint servers to remotely maintain a database of fingerprints associated with the organization's secure data. In one embodiment, the protect agents transmit fingerprints associated with the user's information to the fingerprint server utilizing a local network or the public internet. The protect agents then receive a comparison analysis from the fingerprint servers and execute appropriate security action based on the analysis. In one embodiment, a combination of the local network and public internet is utilized to achieve remote agent lookups.