Abstract: Embodiments of the present disclosure include systems and methods for providing query service of secured contents. A data collection service collects data and security context associated with the data from a data source and stores the data with the security attributes in a datastore, where the security attributes are derived from the security context and used to determine access to the data so that access to the data is consistent with the security context. Upon receiving a query and a user context of a requester making the query of the datastore, a set of query results is obtained. Based on the user context and security attributes, it is determined whether the requestor has a proper right to access the query results. If the requestor has a proper right to access the query results, access to the query results is granted.

Abstract: A system, method, and computer-readable medium for performing an authentication operation comprising: identifying a plurality of user devices associated with a user of an information handling system; determining when at least some of the plurality of user devices are within a predetermined range of the information handling system; and, authenticating the user as an authorized user of the information handling system when at least some of the plurality of user devices are within the predetermined range of the information handling system.

Abstract: Embodiments of the present disclosure include systems and methods for providing query service of secured contents. A data collection service collects data and security context associated with the data from a data source and stores the data with the security attributes in a datastore, where the security attributes are derived from the security context and used to determine access to the data so that access to the data is consistent with the security context. Upon receiving a query and a user context of a requester making the query of the datastore, a set of query results is obtained. Based on the user context and security attributes, it is determined whether the requestor has a proper right to access the query results. If the requestor has a proper right to access the query results, access to the query results is granted.

Abstract: One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible.

Abstract: An identification module receives a password request for a specified user and communicates an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user. The present invention also teaches an authentication module that communicates the password request to the identification module and receives the encrypted password field therefrom. Upon receiving the encrypted password field, the authentication module authenticates the specified user against the referenced directory object. In some embodiments, the encrypted password field is stored in an identification data store of an identification server and the directory object is stored in an authentication data store of an authentication server.

Abstract: One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible.

Abstract: Systems and methods for extending the capability of a directory processor by, for example, registering a control are presented. This control can be a non-native control, or a modification to a native control. Further, this disclosure describes example of systems and methods for performing a directory operation, which may include one or more controls. At least some of the one or more controls may be non-native or dynamic controls. In some cases, some of the controls may be native controls.

Abstract: Systems and methods for extending the capability of a directory processor by, for example, registering a control are presented. This control can be a non-native control, or a modification to a native control. Further, this disclosure describes example of systems and methods for performing a directory operation, which may include one or more controls. At least some of the one or more controls may be non-native or dynamic controls. In some cases, some of the controls may be native controls.

Abstract: In one embodiment of the present invention, a data-backup method includes partitioning a fingerprint namespace among a cluster of backup servers, the fingerprint namespace comprising fingerprints for representing units of data, each backup server of the cluster of backup servers managing units of data having fingerprints corresponding to an assigned partition of the fingerprint namespace. The method further includes receiving backup information from a client computing device for a block of data comprising units of data, the backup information including at least a fingerprint for each of the units of data and client-specific backup information. In addition, the method includes, utilizing the fingerprint for each of the units of data, deduplicating the units of data in parallel at the cluster of backup servers in accordance with the partitioning step, the deduplicating step comprising identifying ones of the units data already stored by the cluster of backup servers.

Abstract: A database statement categorization system can enable DBAs or other users to more easily find tunable database statements by categorizing the database statements. The database categorization system can analyze a DBMS to identify the types of database statements executed on the DBMS and can then categorize the statements automatically, outputting the categorization for presentation to a DBA (or other user). This categorization can advantageously separate less relevant statements that warrant less tuning or investigation from more relevant statements that may have a measurable impact on the performance of the database. By allowing users to focus on statements that are more likely to warrant attention, in certain embodiments the database categorization system streamlines the tuning process.

Abstract: Intelligent monitoring systems and methods for virtual environments are disclosed that understand various components of a virtual infrastructure and how the components interact to provide improved performance analysis to users. In certain examples, a monitoring system assesses the performance of virtual machine(s) in the context of the overall performance of the physical server(s) and the environment in which the virtual machine(s) are running. For instance, the monitoring system can track performance metrics over a determined period of time to view changes to the allocation of resources to virtual machines and their location(s) on physical platforms. Moreover, monitoring systems can utilize past performance information from separate virtual environments to project a performance impact resulting from the migration of a virtual machine from one physical platform to another.

Abstract: Systems and methods are disclosed that utilize a genetic algorithm to search for an index configuration for a collection of data such as, e.g., a database. Genetic algorithms can include stochastic search heuristics that mimic processes of natural evolution including inheritance, mutation, crossover, and selection. A population of chromosomes representing candidate index configurations can evolve to increase or optimize the fitness of the population and to identify the best (e.g., most fit) index configuration. Fitness of a chromosome may be measured based at least in part on the cost of computer resources used for executing Structured Query Language (SQL) statements in the indexed database.

Abstract: In one embodiment of the present invention, a data-backup method includes partitioning a fingerprint namespace among a cluster of backup servers, the fingerprint namespace comprising fingerprints for representing units of data, each backup server of the cluster of backup servers managing units of data having fingerprints corresponding to an assigned partition of the fingerprint namespace. The method further includes receiving backup information from a client computing device for a block of data comprising units of data, the backup information including at least a fingerprint for each of the units of data and client-specific backup information. In addition, the method includes, utilizing the fingerprint for each of the units of data, deduplicating the units of data in parallel at the cluster of backup servers in accordance with the partitioning step, the deduplicating step comprising identifying ones of the units data already stored by the cluster of backup servers.

Abstract: Embodiments of systems and methods are described for instant provisioning (e.g., cloning, copying, replicating, migrating, backing up, restoring, etc.) of virtual machines, virtual machine files, or other types of files (e.g., database files). In some implementations, a cloned virtual machine file can present an illusion to multiple applications accessing the cloned file that the cloned file contains all the appropriate data (e.g., a file system volume), even while the clone file is still being filled with relevant data. In some embodiments, the systems and methods use a file system filter driver to intercept and redirect certain input/output (I/O) requests to the cloned file. The file system filter driver may use a data structure (e.g., a bitmap) to determine which logical units of the clone file have already been filled with data. In some embodiments, the systems and methods use the operating system to handle cached I/O requests, which may improve efficiency.

Abstract: Embodiments of the system described herein can be implemented in a software application that runs on a host device or is embedded in a logic or memory device such as a gate array, EEPROM, a control, or dynamical system. The system embodiment allows a set of similar or dissimilar intelligent devices or sensors, which may be interconnected with any type of network or bus, to replicate data between themselves for the purpose of remote backup, redundancy, content distribution, or measurements. The attributes of the data, which may be changed or created on one device or passed through the device, are tracked and journaled in volatile or non-volatile storage in a first phase. This occurs in real-time as the data changes or passes through the device. In a second phase, the attributes that match patterns pre-specified in a configuration are used to decide what changes or the content to replicate to one or more devices. In a third phase, the data is replicated.

Abstract: Systems and methods are disclosed for performing operations on a host system with one or more virtual machines without persistently storing an agent or daemon thereon. In certain examples, a management server is configured to inject dependencies, such as binary data, over a network to the host system for performing a requested operation. For instance, systems and methods can establish a secure shell (SSH) port forwarding connection through which dependencies stored on the management server are injected into a service console of the host system. The injected dependencies can then be executed and/or used to perform the requested operation, such as a backup or compression operation on virtual machine data. Once the requested operation has completed, the injected binaries are preferably removed from the host system so as to conserve system resources.

Abstract: An identification module receives a password request for a specified user and communicates an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user. The present invention also teaches an authentication module that communicates the password request to the identification module and receives the encrypted password field therefrom. Upon receiving the encrypted password field, the authentication module authenticates the specified user against the referenced directory object. In some embodiments, the encrypted password field is stored in an identification data store of an identification server and the directory object is stored in an authentication data store of an authentication server.

Abstract: A data management system or “DMS” provides data services to data sources associated with a set of application host servers. The DMS typically comprises one or more regions, with each region having one or more clusters. A given cluster has one or more nodes that share storage. When providing continuous data protection and data distribution, the DMS nodes create distributed active object storage to provide the necessary real-time data management services. The distributed object store can be built above raw storage devices, a traditional file system, a special purpose file system, a clustered file system, and a database. The DMS active object store provides an indexing service to the active objects. In an illustrative embodiment, any object property that has a given attribute is indexed and, as a result, the attribute becomes searchable. The DMS provides hierarchical distributed indexing using index trees to facilitate searching.

Abstract: A data management system (“DMS”) provides an automated, continuous, real-time, substantially no downtime data protection service to one or more data sources. A host driver embedded in an application server captures real-time data transactions, preferably in the form of an event journal. The driver functions to translate traditional file/database/block I/O and the like into a continuous, application-aware, output data stream. The host driver includes an event processor that can perform a recovery operation to an entire data source or a subset of the data source using former point-in-time data in the DMS. The recovery operation may have two phases. First, the structure of the host data in primary storage is recovered to the intended recovering point-in-time. Thereafter, the actual data itself is recovered. The event processor enables such data recovery in an on-demand manner, by allowing recovery to happen simultaneously while an application accesses and updates the recovering data.

Abstract: A data management method wherein a real-time history of a database system is stored as a logical representation and the logical representation is then used for any point-in-time recovery of the database system. More specifically, a method for capturing transaction data, binary data changes, metadata, and events, and for tracking a real-time history of a database system according to the events. The method enables tracking and storing of consistent checkpoint images of the database system, and also enables tracking of transaction activities between checkpoints. The database system may be recovered to any consistent checkpoint or to any point between two checkpoints.