Abstract: Techniques for identity and policy enforced cloud communications are presented. Cloud channel managers monitor messages occurring within a cloud or between independent clouds. Policy actions are enforced when processing the messages. The policy actions can include identity-based restrictions and the policy actions are specific to the messages and/or clouds within which the messages are being processed.

Abstract: Techniques for managing a secure communication session are provided. A non-browser application utilizes a browser to establish a secure communication session with a server. The session cookie set in the browser is mapped by the server to a secret token that is supplied via the browser to the non-browser application. The browser is then closed and the secure communication session between the server and the non-browser application continues unabated via the secret token.

Abstract: Techniques for visual integration of meeting spaces within a calendar system are presented. A meeting room can be viewed via a map and selected for scheduling a meeting. The map depicts the location of the meeting room within a facility of an enterprise. A meeting scheduler visually sees the meeting room within the map and can select the meeting room and acquire details about the meeting room.

Abstract: Cloud protection techniques are provided. A security breach is detected in a source cloud environment. An enterprise system processing in the source cloud environment is immediately locked down and is dynamically migrated to a target cloud environment. While the enterprise system is migrating, the source cloud environment creates a fake environment with fake resources within the source cloud environment to dupe an intruder having access as a result of the security breach. Metrics and logs are gathered with respect to activities of the intruder within the source cloud environment.

Abstract: Techniques for policy and identity-based workload provisioning are presented. Identities for requestors or workloads and identities for workloads are tied to specific policies. The specific policies are evaluated based on a stage of readiness for resources within a resource pool and based on resource identities for the resources within the resource pool. Resources are then dynamically provisioned based on the identity-based policy evaluation to handle workloads from the resource pool.

Abstract: Techniques for using the network as a memory device are provided. Network packets continue to circulate on a network using the network communication channel as a memory device. Nodes of the network are configured to selectively copy, use, verify, modify, create, and purge the network packets using file management semantics.

Abstract: Methods and apparatus teach defining an access policy to digital data available on one or more computing devices, including identifying one or more semantic attributes of at least one first digital data set and using the identified attributes to define policy dictating user access privileges. On receipt of a user request to access at least one second digital data set, semantic attributes are compared to the at least one first digital data set and access is allowed or not allowed based on the policy. Semantic attributes are selected from at least one of a closeness attribute, a relatedness attribute, and a semantic vector attribute. Also is taught configuring a policy enforcement agent on the one or more computing devices to undertake the comparing and to allow or not allow access. In turn, computer program products and computing systems for accomplishing the foregoing are provided.

Abstract: Techniques for environment single sign on are provided. Multiple identifiers for devices are associated as a single environment. A principal can be authenticated via any of the devices once to access protected resources and once authenticated the principal can access the protected resources from the other devices without re-authenticating.

Abstract: Techniques for privileged network routing are provided. As traffic is received at a gateway of a network backbone provider environment it is interrogated for predefined criteria. If the traffic satisfies the predefined criteria, then the information is routed within the network backbone provider environment to use a set of reserved and restricted resources to provide premium service for the traffic being routed through the network backbone provider environment.

Abstract: Techniques for project management instantiation and configuration are provided. A master project includes policy directives that drive the dynamic instantiation and configuration of resources for a project. The resources are instantiated and configured on demand and when resources are actually requested, in response to the policy directives.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: The system and method described herein may include a discovery engine that scans a network datacenter to inventory resources in the datacenter and populate a configuration management database with the resource inventory. One or more destination listeners created from the resource inventory may then selectively sample monitored flows in the datacenter to model interdependencies between the inventoried resources. For example, any monitored flows originating outside the datacenter or failing to correlate with the inventoried resources may be dropped, whereby the interdependencies may be modeled from a deliberately reduced sample of the monitored flows that have information relevant to modeling relationships between resources within the datacenter. Furthermore, directionalities for the monitored flows may be determined, wherein the directionalities provide further information relevant to modeling the relationships between the resources within the datacenter.

Abstract: Apparatus, systems, and methods may operate to monitor operations of at least one processor to define a set of executed applications executed under a first operating system over a selected time period; and to generate an image of a second operating system having sufficient resources to service a subset of the set of executed applications, the subset determined according to a usage pattern defined by at least a portion of the selected time period, the number of resources provided by the second operating system being less than or equal to the number of resources provided by the first operating system. The images may be loaded based on receipt of a menu selection. Additional apparatus, systems, and methods are disclosed.

Abstract: Techniques for scheduling and guaranteeing print jobs are presented. Print jobs are scheduled to process on a selected printer at user-defined dates and times. A print queue for the selected printer is managed to ensure that no subsequent print job begins on the printer when that subsequent print job cannot finish before a scheduled start time of a scheduled print job that has been guaranteed the scheduled start time on the printer.

Abstract: The system and method described herein may activate an automatic provisioning system within customer premise equipment via a digital subscriber line, cable modem, or other residential hub or gateway interface and access a remote directory service to locate appropriate addressing and other information to initialize the customer premise equipment. The gateway interface may automatically update a configuration, heal bugs, and perform other maintenance and tasks to manage the customer premise equipment. Multiple gateway interfaces or products or services associated therewith may be configured at one premise and version control may be maintained to ensure compatibility.

Abstract: Apparatus, systems, and methods may operate to execute a plurality of screen saver program instances to display a plurality of separately visible screen saver images using a single display device at substantially the same time. In some embodiments, some or all of the screen saver images are displayed in a plurality of non-overlapping display compartments. The images may be selectively assigned a dominant color, or color scheme. The compartments may have boundaries that can be selectively revised. Additional apparatus, systems, and methods are disclosed.

Abstract: Methods and apparatus involve extending functionality of legacy services. A legacy application has functionality designed for use on an original computing device. In a modern environment, virtual machines (VMs) operate as independent guests on processors and memory by way of scheduling control from a virtualization layer (e.g., hypervisor). At least one VM is provisioned to modify standard entry points of the original legacy application for new accessing of various system functions of the hardware platform. Representative functions include network access, processors, and storage. Policy decision points variously located are further employed to ensure compliance with computing policies. Multiple platforms and computing clouds are contemplated as are VMs in support roles and dedicated software appliances. In this manner, continued use of legacy services in modern situations allows participation in more capable environments and application capabilities heretofore unimagined.

Abstract: Techniques for auditing and controlling network services are provided. A proxy is interposed between a principal and a network service. Interactions between the principal and the service pass through the proxy. The proxy selectively raises events and evaluates policy based on the interactions for purposes of auditing and controlling the network service.

Abstract: Apparatus, systems, and methods may operate to restore an operational state of an associated virtual machine (VM) using encrypted information stored in encrypted memory locations. A single hypervisor may be used to encrypt and decrypt the information. Access may be permitted to a designated number of the encrypted memory locations only to a single application executed by the associated VM subject to the hypervisor. Access may be denied to any other application executed by the associated VM, or any other VM.

Abstract: Techniques for help desk management are provided. A user's experience with a resource is captured via a rating. The rating is recorded along with other metrics associated with a processing environment of the user and proactive action taken in response to configuration or performance problems with the user.