Abstract: A system and method employed by an infrastructure-as-code (IaC) tool that is configured for defining IaC configurations comprising containers of interconnected components of a cloud computing platform. A system includes a graph generator configured to generate a graph of dependencies between the interconnected components of the cloud computing platform based at least in part on user-defined input-output relationships between the interconnected components. The IaC tool is configured to use the graph of dependencies to automatically determine a sequence of the provisioning or deployment of the interconnected components of the cloud computing platform. The system further includes a remote procedure call interface configured to enable communications between the IaC tool and the cloud computing platform, the remote procedure call interface further configured to enable the provisioning or deployment of the interconnected components of the cloud computing platform, in the determined sequence.

Abstract: A method for generating a configuration file for configuring an information technology infrastructure is provided. The method may include receiving, from a first user at a first client, a first indication to publish an infrastructure module comprising a set of configurations to apply to an information technology infrastructure. The infrastructure module may be stored in a module registry in response to the first indication. A second indication selecting the infrastructure module may be received from a second user at a second client. In response to the second indication, the infrastructure module may be sent from the module registry to the second client for insertion into a configuration file being created at the second client. The insertion of the infrastructure module may incorporate, into configuration file, the set of configurations to apply to the information technology infrastructure. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: One example method of operation may include determining one or more of a file type and a code segment accessed during a code access event, identifying code origin information appended to the code segment during previous code access events, appending an updated code access location to the code segment identifying the current code access event and a current code location, and applying one or more code access restrictions to the code segment based on the current code location.

Abstract: A computing infrastructure configuration system and method include an infrastructure-as-code configuration tool providing a configuration language that defines the configuration and operation of the computing infrastructure using a declarative syntax. The declarative syntax is configured to express a plurality of built-in functions that can be executed by the computing infrastructure based on the configuration of the computing infrastructure. The system and method further include a syntax extension from the declarative syntax that expresses one or more provider-defined functions defined by one or more providers, and connected to the configuration tool by a provider protocol, the provider protocol providing the syntax extension to invoke the one or more provider-defined functions via the configuration language to enable the computing infrastructure to call at least one of the one or more of the provider-defined functions for execution by the computing infrastructure.

Abstract: A discovery and routing service may generate a URL related to an application to be deployed to a cloud computing platforms, the URL providing access to an edge list containing one or more edge nodes. The discovery and routing service may connect at least one agent to the URL. The discovery and routing service may send authentication information to the agent, including an identifier related to the agent, and a set of agent labels. The discovery and routing service may insert, after authentication by the edge node, the authentication information into a routing mesh. The discovery and routing service may locate the agent, in response to a request, based on a comparison between the set of request labels and a set of agent labels. The discovery and routing service may connect the located agent with traffic to and from the routing mesh.

Abstract: A workflow tool to build, deploy and release application code of an application to any of one or more cloud computing platforms. The workflow tool is executed by one or more processors to generate a single configuration file for the application, the single configuration file comprising, using a common command-line interface (CLI) language: a build configuration defining a build tool used for building the application; a deploy configuration defining a cloud computing platform to which the application will be deployed; and a release configuration defining logic for releasing the application to one or more users of the cloud computing platform. The workflow tool further includes a release uniform resource locator (URL) generated by the first processor, the release URL providing access, by the cloud computing platform to the one or more users, to the application upon the releasing.

Abstract: Systems and methods of managing information technology infrastructure are described. A method includes identifying a run trigger between a first node and a second node, each node maintaining a configuration for a portion of a cloud computing infrastructure associated with executing a portion of a cloud-based application. The run trigger initiates in response to an action at the first node and comprises a source identifier identifying the first node and a destination identifier identifying the second node. Then a run is queued on the second node based on the run trigger, the run including a process executed on the second portion of the cloud computing infrastructure with data received by the second node and associated with a run source identifier. The run on the second node is then planned and executed, causing the cloud computing infrastructure to modify infrastructure resources associated with the second portion of the cloud computing infrastructure.

Abstract: A workflow tool to build, deploy and release application code of an application to any of one or more cloud computing platforms. The workflow tool is executed by one or more processors to generate a single configuration file for the application, the single configuration file comprising, using a common command-line interface (CLI) language: a build configuration defining a build tool used for building the application; a deploy configuration defining a cloud computing platform to which the application will be deployed; and a release configuration defining logic for releasing the application to one or more users of the cloud computing platform. The workflow tool further includes a release uniform resource locator (URL) generated by the first processor, the release URL providing access, by the cloud computing platform to the one or more users, to the application upon the releasing.

Abstract: Special performance standby nodes for data storage in a cloud computing security system are disclosed. Performance standby nodes are standby nodes that are configured to service requests that do not modify the underlying data store. These pseudo read-replica nodes are further configured to forward any request that results in a storage write onto an active node, while being able to service read-only requests locally.

Abstract: Security configuration optimizer system and methods create optimized access control policies. The systems and methods analyze constraints on the secured system and produce a plurality of proposals for an updated security configuration. The proposals are analyzed and filtered. A resulting set of proposals are graded or ranked according to a variety of desirable outcomes. A proposal is selected according to criteria based on the balance of security and complexity. The security configuration is updated according to the selected proposal.

Abstract: A configuration of a service of a cloud computing system is rendered in a user interface of an electronic display, according to a discovery chain generated by a networking tool using a service discovery function to establish the configuration. The configuration includes one or more of a router, a splitter, and/or a resolver, each having one or more configuration files that are represented as a graphical element within a graphical representation of the one or more of the router, the splitter, and/or the resolver. The configuration further includes data traffic routes between pairs of the configuration files, each being represented in the UI as a line between each pair of configuration files, where each line is rendered in the UI so as to avoid crossing over any graphical element that represents a configuration file.

Abstract: A method for managing an information technology infrastructure is provided. The method may include generating a workspace configured to maintain configurations for the information technology infrastructure. A configuration file specifying configurations to apply to the information technology infrastructure may be merged into the workspace. An execution plan may be generated based on the workspace. The execution plan may include operations to apply, to the information technology infrastructure, the configurations specified in the configuration file. The configurations may be applied, based on the execution plan, by at least provisioning, modifying, and/or de-provisioning one or more resources at the information technology infrastructure. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: Systems and methods for ticket-based provisioning of cloud infrastructure from one or more cloud providers to build one or more computing workspaces of an enterprise. A provisioning platform provides a module catalog having one or more infrastructure-as-code (IAC) modules, each including code that is executable to provision cloud computing resources for the cloud infrastructure from the cloud providers to build the computing workspaces of the enterprise. A service catalog has one or more electronic entries mapped to and corresponding with the IAC modules of the module catalog. The service catalog receives one or more tickets that each specify at least one of the electronic entries in the service catalog, to bind each specified electronic entry with a corresponding LAC module, causing the provisioning platform to instantiate on the more cloud providers the computing resources for the cloud infrastructure corresponding to the ticket.

Abstract: Special performance standby nodes for data storage in a cloud computing security system are disclosed. Performance standby nodes are standby nodes that are configured to service requests that do not modify the underlying data store. These pseudo read-replica nodes are further configured to forward any request that results in a storage write onto an active node, while being able to service read-only requests locally.

Abstract: A cost estimator system receives a plan, a configuration or proposed changes for a cloud-based infrastructure, and which include data representing one or more computing resources needed for a cloud-based application. A new configuration is generated for the cloud-based infrastructure incorporating the plan, configuration or proposed changes. A price resolver resolves a price of the resources that are part of the new configuration, and requests, from one or more cloud providers associated with the new configuration, price data for the resolved resources. The cost estimator system then generates, based on the price data received by the price resolver, a cost estimate for the new configuration of the cloud-based infrastructure.

Abstract: A method for managing an information technology infrastructure is provided. The method may include generating a workspace configured to maintain configurations for the information technology infrastructure. A configuration file specifying configurations to apply to the information technology infrastructure may be merged into the workspace. An execution plan may be generated based on the workspace. The execution plan may include operations to apply, to the information technology infrastructure, the configurations specified in the configuration file. The configurations may be applied, based on the execution plan, by at least provisioning, modifying, and/or de-provisioning one or more resources at the information technology infrastructure. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: A method may include validating an execution plan specifying one or more configurations to apply to an information technology infrastructure. The execution plan may be validated by at least determining a structural validity of the configurations of the execution plan. In response to the configurations of the execution plan being determined to be structurally valid, the validation of the execution plan may further include determining whether the information technology infrastructure satisfies a policy if the configurations specified in the execution plan are applied to the information technology infrastructure. In response to a successful validation of the execution plan, the one or more configurations specified in the execution plan may be applied to the information technology infrastructure by at least provisioning, modifying, and/or de-provisioning one or more resources at the information technology infrastructure.

Abstract: A system and method for multi-region deployment of application jobs in a federated cloud computing infrastructure. A job is received for execution in two or more regions of the federated cloud computing infrastructure, each of the two or more regions comprising a collection of servers joined in a raft group for separate, regional execution of the job generating a copy of the job for each of the two or more regions. The job is then deployed to the two or more regions, the workload orchestrator deploying the job according to a deployment plan. A state indication is received from each of the two or more regions, the state indication representing a state of completion of the job by each respective region of the multi-cloud computing infrastructure.

Abstract: Systems and methods for ticket-based provisioning of cloud infrastructure from one or more cloud providers to build one or more computing workspaces of an enterprise. A provisioning platform provides a module catalog having one or more infrastructure-as-code (IAC) modules, each including code that is executable to provision cloud computing resources for the cloud infrastructure from the cloud providers to build the computing workspaces of the enterprise. A service catalog has one or more electronic entries mapped to and corresponding with the IAC modules of the module catalog. The service catalog receives one or more tickets that each specify at least one of the electronic entries in the service catalog, to bind each specified electronic entry with a corresponding IAC module, causing the provisioning platform to instantiate on the more cloud providers the computing resources for the cloud infrastructure corresponding to the ticket.

Abstract: A cost estimator system receives a plan, a configuration or proposed changes for a cloud-based infrastructure, and which include data representing one or more computing resources needed for a cloud-based application. A new configuration is generated for the cloud-based infrastructure incorporating the plan, configuration or proposed changes. A price resolver resolves a price of the resources that are part of the new configuration, and requests, from one or more cloud providers associated with the new configuration, price data for the resolved resources. The cost estimator system then generates, based on the price data received by the price resolver, a cost estimate for the new configuration of the cloud-based infrastructure.