Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: A late-binding token (LBT) is securely generated and provided to a device application. When the LBT is presented and validated, a resource associated with the presentation is bound to the LBT and authenticated for access to a service and provided valid credentials for accessing that service.

Abstract: Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data.

Abstract: A late-binding token (LBT) is securely generated and provided to a device application. When the LBT is presented and validated, a resource associated with the presentation is bound to the LBT and authenticated for access to a service and provided valid credentials for accessing that service.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources.

Abstract: Techniques for protecting mobile applications are presented. A user's mobile device is provisioned and proxied over a cloud environment with enterprise policy enforced in that cloud environment. Enterprise applications run on the mobile device within the cloud environment. Administrative reporting and control occurs within the cloud environment and the enterprise applications establish connections to, authenticate to, and communicate with remote enterprise services via the provisioned cloud environment.

Abstract: Techniques for desktop migration are presented. A user authenticates to an original device and a token is generated for remoting to that device's desktop. A target device acquires the token while in proximity to the original device and uses the token to authenticate to a third-party service that provides a second token back to the target device. The second token permits the target device to authenticate and to directly connect via remoting software to the original device's desktop.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: Techniques for mapping and managing resources are presented. Hardware capacity and information is collected over multiple processing environments for hardware resources. The information is mapped to logical business resources and resource pools. Capacity is rolled up and managed within logical groupings and the information gathering is managed via in-memory and on-file caching techniques.

Abstract: In a computing system environment for viewing, accessing, and executing computing resources on one or more computing devices of a user, methods and apparatus include creating an object configured to provide at least one navigational aid for display on at least one of the computing devices. The object allows a user to view, navigate to, and access the computing resource. The object further includes one or more computing policies defining access rights for the computing resource and a listing of one or more other computing resources required for loading and/or executing the computing resource. Other computing resources necessary for loading and/or executing the computing resource are held separate from the object, thus providing information needed to execute the computing resource to the user while abstracting methods and resources required to build and use the computing resource.

Abstract: Methods for correlating configuration change data to an application installation/removal event for a computer system are provided. Configuration change data records for the computer system are retrieved. The application installation/removal event is identified. Correlation criteria are determined. A plurality of the configuration change data records are automatically identified as being associated with the identified application installation/removal event based on the determined correlation criteria and a characteristic of the configuration change data records.

Abstract: Some embodiments of the present invention provide resource management systems, methods and computer program products that support web services by identifying a web service as an object in a common information model. Additional embodiments of the present invention provide systems, methods and computer program products that provide web services from an object-oriented resource management system using a published web services description, e.g., a WSDL file.

Abstract: Methods, systems and computer program products are provided for invariant representation of computer network information technology (IT) managed resources. A common information model for representing the managed resources is defined. An identification of a resource managed by an IT resource management point product is received. The identification includes an identification of a representation used by the point product for the resource managed by the point product. It is determined if an invariant representation for the resource managed by the point product has previously been defined under the common information model. The representation used by the point product for the resource managed by the point product is associated with the previously defined invariant representation for the resource managed by the point product when an invariant representation for resource managed by the point product has been previously defined.

Abstract: Methods for monitoring changes in objects on a computer system include receiving a request to generate a baseline snapshot of a plurality of objects having associated object types. The object types include at least one object having an object type not managed by a file system of the computer system. Current information is obtained, responsive to the request to generate a baseline snapshot, from a plurality of data collectors to determine at least one attribute of each of the objects to define the baseline snapshot. A request for a baseline report for the objects is received. Updated information is obtained, responsive to the request for a baseline report, from the plurality of data collectors to update the at least one attribute of each of the objects. The baseline snapshot is compared to the obtained updated information to determine if any of the objects have changed.

Abstract: A system, method, and computer-readable medium for performing network system diagnostics is provided. The method includes obtaining a respective identification of a first target device and a second target device deployed in a network; iteratively querying neighbor devices of at least one node in a communications path between the first and second target devices, wherein the neighbor devices and the first and second target device may comprise heterogeneous network nodes; and generating a layer 2 path trace that comprises identification of network devices interconnected on a physical path between the first and second target devices. A computer-readable medium includes instructions for execution by a processing system, wherein the instructions are configured to perform the foregoing method. A system includes a data processing system including a processor device for executing a diagnostics engine implemented as a set of computer-executable instructions configured to perform the foregoing method.

Abstract: Methods for monitoring changes in objects on a computer system include receiving a request to generate a baseline snapshot of a plurality of objects having associated object types. The object types include at least one object having an object type not managed by a file system of the computer system. Current information is obtained, responsive to the request to generate a baseline snapshot, from a plurality of data collectors to determine at least one attribute of each of the objects to define the baseline snapshot. A request for a baseline report for the objects is received. Updated information is obtained, responsive to the request for a baseline report, from the plurality of data collectors to update the at least one attribute of each of the objects. The baseline snapshot is compared to the obtained updated information to determine if any of the objects have changed.

Abstract: A path of a communication connection between a first node and a second node is determined. The path includes at least one connecting node. A first set of network performance data associated with the communication connection is obtained. Ones of a plurality of diagnostic rules is automatically evaluated based on the obtained first set of network performance data to identify a second set of network performance data to be collected.