Abstract: The system and method for intelligent workload management described herein may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads, wherein the management threads may converge information for managing identities and access credentials, enforcing policies, providing compliance assurances, managing provisioned and requested services, and managing physical and virtual infrastructure resources. In one implementation, an authentication server may generate authentication tokens defining access credentials for managed entities across a plurality of authentication domains, wherein the authentication tokens may control access to resources in an information technology infrastructure. For example, a management infrastructure may create service distributions for the managed entities, which may include virtual machine images hosted on physical resources.

Abstract: The system and method described herein may include a configuration management database containing various configuration items describing every known resource in a datacenter. Upon receiving a request proposing changes to the datacenter, the proposed changes may be approved for automated execution (i.e., without human intervention) in response to analyzing relationships modeled in the configuration management database and determining that the proposed changes have no potential impacts on essential or critical resources. Otherwise, an impact workflow may be created to coordinate interaction between various human participants to resolve the potential impacts. Further, in contexts where multiple proposed changes have been approved, the multiple proposed changes may be analyzed to detect any potential conflicts.

Abstract: The system and method for determining fuzzy cause and effect relationships in an intelligent workload management system described herein may combine potential causes and effects captured from various different sources associated with an information technology infrastructure with substantially instantaneous feedback mechanisms and other knowledge sources. As such, fuzzy correlation logic may then be applied to the combined information to determine potential cause and effect relationships and thereby diagnose problems and otherwise manage interactions that occur in the infrastructure. For example, information describing potential causes and potential effects associated with an operational state of the infrastructure may be captured and combined, and any patterns among the information that describes the multiple potential causes and effects may then be identified.

Abstract: Techniques for evaluating and managing cloud networks are provided. Geographical locations for cloud processing environments are combined with attributes and usage metrics to form associations between each cloud processing environment's geographical location and that cloud's corresponding attributes and usage metrics. A map is organized for the associations to form a cloud network. The map is dynamically updated, supplied to services, and rendered for evaluation of the cloud network.

Abstract: Mechanisms to secure data on a hard reset of a device are provided. A hard reset request is detected on a handheld device. Before the hard reset is permitted to process an additional security compliance check is made. Assuming, the additional security compliance check is successful and before the hard reset is processed, the data of the handheld device is backed up to a configurable location.

Abstract: Techniques for automatically classifying processes are presented. Processes executing on a multicore processor machine are evaluated to determine shared resources between the processes, excluding shared system resources. A determination is then made based on the evaluation to group the processes as a single managed resource within an operating system of the multicore processor machine.

Abstract: Methods and computer program product relate to user input auto-completion. The methods and product are executable on a processing device in a computing system environment so as to provide an auto-completion scheme with enhanced capabilities that improve user efficiency when performing a task.

Abstract: Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network.

Abstract: Techniques for packet processing with removal of Internet Protocol (IP) layer routing dependencies are presented. Encrypted packets associated with network communications occurring via a VPN and IP tunnel are grabbed off the network stack before being processed by an IP layer of the network stack. Next, an IP header is generated for the encrypted packets and the encrypted packets are sent to a socket application. The socket application provides the encrypted packets back to the network stack at the data link layer for delivery to the VPN over the IP tunnel.

Abstract: Cluster-free techniques for enabling a directory protocol-based Domain Name System (DNS) service for high availability are presented. A DNS service monitors a node for wild-carded IP address that migrate to the node when a primary node fails to service DNS requests for a directory of the network. The DNS service forwards the wild-carded IP address to a distributed directory service for resolution and uses the distributed directory service to dynamically configure the DNS service for directly handling subsequent DNS requests made to the directory over the network while the primary node remains inoperable over the network.

Abstract: Mechanisms to persist object relations are provided. A project is defined as a series of interrelated objects having dependencies and relationships with one another. The dependencies and relationships are maintained via a storage organization for files that define the objects within a project storage environment for the project. Thus, the dependencies and relationships are not maintained via hardcoded instructions or references that are included within the files.

Abstract: Techniques for desktop migration are presented. A user authenticates to an original device and a token is generated for remoting to that device's desktop. A target device acquires the token while in proximity to the original device and uses the token to authenticate to a third-party service that provides a second token back to the target device. The second token permits the target device to authenticate and to directly connect via remoting software to the original device's desktop.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: Techniques for distributed storage aggregation are presented. A storage aggregation server interacts over a network with a plurality of contributing servers to organize and partition excess storage on each of the contributing servers as a logical Random Array of Independent Disks (RAID). Network resource can process Input/Output (I/O) operations over the network against the RAID using an Internet Small Computers Systems Interface (iSCSI) protocol.

Abstract: Techniques for achieving personal security via mobile devices are presented. A portable mobile communication device, such as a phone or a personal digital assistant (PDA), is equipped with geographic positioning capabilities and is equipped with audio and visual devices. A panic mode of operation can be automatically detected in which real time audio and video for an environment surrounding the portable communication device are captured along with a geographic location for the portable communication device. This information is streamed over the Internet to a secure site where it can be viewed in real time and/or later inspected.

Abstract: Techniques for privileged network routing are provided. As traffic is received at a gateway of a network backbone provider environment it is interrogated for predefined criteria. If the traffic satisfies the predefined criteria, then the information is routed within the network backbone provider environment to use a set of reserved and restricted resources to provide premium service for the traffic being routed through the network backbone provider environment.

Abstract: The system and method described herein for discovery enrichment in an intelligent workload management system may include a computing environment having a model-driven, service-oriented architecture for creating collaborative threads to manage workloads. In particular, the management threads may converge information for managing identities and access credentials, which may provide information that can enrich discovery of physical and virtual infrastructure resources. For example, a discovery engine may reference federated identity information stored in an identity vault and enrich a discovered infrastructure model with the federated identity information. Thus, the model may generally include information describing physical and virtualized resources in the infrastructure, applications and services running in the infrastructure, and information derived from the federated identity information that describes dependencies between the physical resources, the virtualized resources, the applications, and the services.

Abstract: Techniques for distributing content over a network via keys are provided. A key is associated with a particular destination or with a particular piece of content. A path management service derives and selectively communicates portions of a network path for moving the content to a destination on the basis of a value for a key. Any intermediate processing resource receives a next location within the path for forwarding the content from the path management service in response to presenting the key.

Abstract: Methods and apparatus involve intelligently pre-placing data for local consumption by workloads in a virtual computing environment. Access patterns of the data by the workload are first identified. Based thereon, select data portions are migrated from a first storage location farther away the workload to a second storage location closer the workload. Migration also occurs at a time when needed by the workload during use. In this manner, bandwidth for data transmission is minimized. Latency effects created by consumption of remotely stored data is overcome as well. In various embodiments, a data vending service and proxy are situated between a home repository of the data and the workload. Together they serve to manage and migrate the data as needed. Data recognition patterns are disclosed as is apportionment of the whole of the data into convenient migration packets. De/Encryption, (de)compression, computing systems and computer program products are other embodiments.

Abstract: Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another.