Abstract: Switching from primary to backup data storage by preparing a backup copy of multiple data sets, where, prior to the preparing, the backup copy is updated in accordance with a backup protocol specifying synchronously updating the backup copy to reflect changes made to one type of data stored in a primary copy of the data sets, and asynchronously updating the backup copy to reflect changes made to another type of data stored in the primary copy, and where the preparing includes identifying any inconsistency in any interdependent data in the data sets of the backup copy in accordance with a predefined schema of interdependent data in the data sets, and correcting any identified inconsistency in the data sets of the backup copy in accordance with a predefined inconsistency correction protocol, and causing the backup copy to be used in place of the primary copy for directly servicing data transactions.

Abstract: A system for producing secure data management software, comprising at least one hardware processor adapted to: receive a plurality of data patterns, each comprising at least one data field identifier selected from a set of protected data field identifiers of at least one data repository, at least one output target, and an access instruction; identify in a plurality of computer instructions of the data management software one or more forbidden output instructions by matching one or more reaching definitions of some of the plurality of computer instructions with one or more of the plurality of data patterns; and remove the one or more forbidden output instructions from the plurality of computer instructions.

Abstract: Switching from primary to backup data storage by preparing a backup copy of multiple data sets, where, prior to the preparing, the backup copy is updated in accordance with a backup protocol specifying synchronously updating the backup copy to reflect changes made to one type of data stored in a primary copy of the data sets, and asynchronously updating the backup copy to reflect changes made to another type of data stored in the primary copy, and where the preparing includes identifying any inconsistency in any interdependent data in the data sets of the backup copy in accordance with a predefined schema of interdependent data in the data sets, and correcting any identified inconsistency in the data sets of the backup copy in accordance with a predefined inconsistency correction protocol, and causing the backup copy to be used in place of the primary copy for directly servicing data transactions.

Abstract: A system for producing secure data management software, comprising at least one hardware processor adapted to: receive a plurality of data patterns, each comprising at least one data field identifier selected from a set of protected data field identifiers of at least one data repository, at least one output target, and an access instruction; identify in a plurality of computer instructions of the data management software one or more forbidden output instructions by matching one or more reaching definitions of some of the plurality of computer instructions with one or more of the plurality of data patterns; and remove the one or more forbidden output instructions from the plurality of computer instructions.

Abstract: A system for executing one or more operating-system-level virtualization software objects (virtualization containers), comprising: at least one hardware processor connected to at least one data communication network interface, and adapted to: for each of the one or more containers: execute the container in at least one isolated process of an operating system, wherein the container is created from one or more software image files comprising a plurality of data patterns, each data pattern comprising at least one output target and an access instruction; and while executing the container: identify at least one forbidden input-output (I/O) instruction of the virtualization container, by matching an instruction target of at least one of a plurality of I/O instructions of the virtualization container with at least one output target of at least one data pattern of the plurality of data patterns; and decline execution of the forbidden I/O instruction(s).

Abstract: A checkpoint trigger initiating a synchronization of a first virtual machine with a second virtual machine may be received, the first virtual machine being executed with at least a first virtual processor and a second virtual processor. The first virtual processor may be paused, while the first virtual machine is allowed to continue executing, using the second virtual processor. The synchronization may be executed, including transferring memory pages of the first virtual machine for storage by the second virtual machine, and the first virtual processor may be released and execution of the first virtual machine may be resumed, using the first virtual processor and the second virtual processor.

Abstract: A checkpoint trigger initiating a synchronization of a first virtual machine with a second virtual machine may be received, the first virtual machine being executed with at least a first virtual processor and a second virtual processor. The first virtual processor may be paused, while the first virtual machine is allowed to continue executing, using the second virtual processor. The synchronization may be executed, including transferring memory pages of the first virtual machine for storage by the second virtual machine, and the first virtual processor may be released and execution of the first virtual machine may be resumed, using the first virtual processor and the second virtual processor.

Abstract: A method for retrieving stored information from a storage node includes operating a computing device to generate a memory access request comprising a virtual memory address that identifies a first storage node and at least a second storage node based on the virtual memory address. The method further includes operating the computing device to transmit a retrieve request to both the first storage node and the second storage node to retrieve stored information. The first and the second storage nodes are each enabled to store a copy of the stored information, and are included in a plurality of storage nodes that constitute an extended memory. If a first response from the first storage node is received before a second response is received from the second storage node, then the method further includes operating the computing devices to receive the stored information from the first storage node.

Abstract: A method and apparatus for protecting a remote computer connected through a network to a main computer, by creating a cryptokey on the main computer, supplying the cryptokey to the remote computer and mounting a partition on the remote computer using the cryptokey. The cryptokey is not persistently stored on the remote computer but rather saved in its memory, and the connection of the remote computer to the main computer is periodically tested. Once the remote computer is disconnected, the encrypted partition is unmounted and the cryptokey is erased form the memory, thus disabling access of an attacker to data stored in the encrypted partition. The method incorporates swap partition encryption using a cryptokey created each time during the boot of the remote computer.

Abstract: A meta language for developing object classes to be used in multi-platform systems, optionally using multiple environments and languages. The code of the object classes comprise structure and logic. The code is converted into native languages, for example by preprocessing mechanisms, and then compiled if necessary into programs executable by the computing platforms. Further supplied is one or more class hierarchies, supplying the basic functionality for a multiplicity of classes and persistency capabilities, so as to enable the developer to inherit the classes and further expedite development. The meta code can also be converted into schema files, such as LDAP schema files.

Abstract: A method and apparatus for remotely installing and managing computerized landscape of soft appliances in automatic and secure manner. A repository of components, units and resources required for all appliances is created. Then for each appliance, an appliance definition is created using a user interface component. An appliance object is created based on the definition, and an installation or management program or script is automatically generated according to the appliance object. Installation can be fully automatic, in which operating system resources and components and other units are transferred to the installed appliance, or semi-automatic in which the installing person has to provide the required media for the components. Certificates are created and transferred to the installing person, and then used during installation of secure parts of the appliance.

Abstract: A method and apparatus for synchronizing a file between a sender and a receiver. The sender comprises a base version of the file and optionally one or more delta files. The receiver issues a request to get updates for the file and indicates a unique ID associated with the version available at the receiver. The sender determines the version available to the receiver, and updates the receiver with all delta files accumulated since the receiver received the last update of the file. If the version of the receiver is older than the base version, then the base version and all delta files are sent to the receiver.

Abstract: A method and apparatus for protecting a remote computer connected through a network to a main computer, by creating a cryptokey on the main computer, supplying the cryptokey to the remote computer and mounting a partition on the remote computer using the cryptokey. The cryptokey is not persistently stored on the remote computer but rather saved in its memory, and the connection of the remote computer to the main computer is periodically tested. Once the remote computer is disconnected, the encrypted partition is unmounted and the cryptokey is erased form the memory, thus disabling access of an attacker to data stored in the encrypted partition. The method incorporates swap partition encryption using a cryptokey created each time during the boot of the remote computer.