Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: Methods and protocols coordinate enforcement of application traffic shaping limits within clusters of middleware appliance information handling systems (MA IHSs). The protocols dynamically set the local traffic shaping requirements at each entry point of an MA IHS. Each MA IHS receives from other MA IHSs runtime statistics containing local shaping requirements and rates of requests. The method uses runtime statistics to measure performance against specified traffic shaping goals, and based on this comparison uses unique protocols to dynamically adjust the local shaping requirements in each MA IHS. The method may eliminate the need to statistically bind service domains to particular MA IHSs. Additional MA IHSs activate and/or deactivate service domains to accommodate service domain (server farm) CPU resource demands.

Abstract: Methods and protocols coordinate enforcement of application traffic shaping limits within clusters of middleware appliance information handling systems (MA IHSs). The protocols dynamically set the local traffic shaping requirements at each entry point of an MA IHS. Each MA IHS receives from other MA IHSs runtime statistics containing local shaping requirements and rates of requests. The method uses runtime statistics to measure performance against specified traffic shaping goals, and based on this comparison uses unique protocols to dynamically adjust the local shaping requirements in each MA IHS. The method may eliminate the need to statistically bind service domains to particular MA IHSs. Additional MA IHSs activate and/or deactivate service domains to accommodate service domain (server farm) CPU resource demands.

Abstract: Delegation of processing functions to specialized appliances in an enterprise is provided. An appliance typically comprises a combination of hardware and resident firmware that addresses needs in a computing environment, such as by providing common message transformation, integration, security, filtering and other functions. Delegation is carried out by specifying at least one XML function for front-process offloading from a server to a corresponding appliance configured to receive messages pushed towards the server, communicating management directives to the appliance for configuring the appliance to perform the specified XML function(s) according to specific requirements dynamically specified by the server and communicating instructions to the appliance so that the appliance augments received event messages with intermediate processing information based upon the front-process offloading, as received event messages pass through the appliance.

Abstract: A protocol to enable management of opaque entities in a computing environment comprises an events component and a commands component. The events component enables a manager to utilize a received event communicated by a corresponding managed entity to indicate when administration or other management actions have occurred to domain information on the corresponding managed entity. The commands component interacts with the managed entities in response to the events component receiving corresponding events there from. The commands component further comprises commands for backing up the domain information stored by the managed entities as opaque configuration objects, for restoring the domain information to the managed entities as opaque configuration objects and for querying an identified one of the plurality of managed entities to determine whether two domain configurations are semantically different in a way that allows the configuration to remain opaque to the manager.

Abstract: Methods, systems and computer program products are provided for selectively allowing a user of a multi-user system access to a plurality of resources in a network. Pursuant to these methods, systems and computer program products, a request, originated by a user of the multi-user system, may be received to transmit a message over the network to one of the plurality of resources in the network. A security zone associated with this resource may then be identified. Pursuant to the operations of the present invention, if it is determined that the user is authorized access to the identified security zone, the message may be forwarded over the network to the resource.

Abstract: A protocol to enable management of opaque entities in a computing environment comprises an events component and a commands component. The events component enables a manager to utilize a received event communicated by a corresponding managed entity to indicate when administration or other management actions have occurred to domain information on the corresponding managed entity. The commands component interacts with the managed entities in response to the events component receiving corresponding events there from. The commands component further comprises commands for backing up the domain information stored by the managed entities as opaque configuration objects, for restoring the domain information to the managed entities as opaque configuration objects and for querying an identified one of the plurality of managed entities to determine whether two domain configurations are semantically different in a way that allows the configuration to remain opaque to the manager.

Abstract: An appliance manager for managing appliances in a networked environment comprises a subscription component, a hierarchy component, a storage component, an interface component and a management component. The subscription component identifies active subscribed-to appliances to be managed and the hierarchy component organizes subscribed-to appliances into at least one managed set of configuration-identical devices, where each managed set has a roaster appliance and zero or more slave appliances. The storage component stores managed data associated with the subscribed-to appliances. The interface component receives events from active subscribed-to appliances, wherein the appliance manager exchanges information with a select active subscribed-to appliance in response to receiving a corresponding event there from.

Abstract: Methods, systems and computer program products are provided for selectively allowing a user of a multi-user system access to a plurality of resources in a network. Pursuant to these methods, systems and computer program products, a request, originated by a user of the multi-user system, may be received to transmit a message over the network to one of the plurality of resources in the network. A security zone associated with this resource may then be identified. Pursuant to the operations of the present invention, if it is determined that the user is authorized access to the identified security zone, the message may be forwarded over the network to the resource.