Abstract: Provided are a method, system, and article of manufacture for selecting a resource manager to satisfy a service request. A catalog indicating a plurality of resource managers and at least one service offered by the resource managers is provided. Further provided is resource manager information indicating resource availability information for resource managers offering at least one service. A request for a requested service from a subscriber is received. The catalog is processed to identify resource managers publishing the requested service and the resource manager information is processed to determine at least one identified resource manager publishing the requested service that also satisfies at least one rule applicable to the service request.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum. Another aspect includes, based on receiving a request to perform a deletion transaction on said data object for deleting said data object from the storage system: verifying metadata validity by checking the cryptographic checksum for the metadata associated with said data object to detect possible tampering of the metadata; verifying retention expiration by determining that a current date is past the retention date comprised in said metadata; and based on successful verification of metadata validity and retention expiration, authorizing deletion of said data object by the storage system.

Abstract: A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree.

Abstract: Embodiments relate to digital data retention management. An aspect includes calculating a retention date associated with a data object in a storage system. Another aspect includes generating a cryptographic checksum for metadata relating to said data object, the metadata comprising the retention date. Another aspect includes storing said metadata and said cryptographic checksum.

Abstract: A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.

Abstract: A distributed computing system provides at least one service, and the service is provided by resources of the distributed computing system. Resources are represented by a topology graph including storage, application and database server nodes joined by edges indicative of relationships between nodes. Predefined parameters are monitored that are indicative of operating characteristics of the distributed computing system when providing the service. Values of the predefined parameters are compared with respective predetermined performance threshold values. The performance threshold values are determined based on a service level agreement (SLA). The SLA includes a service level objective (SLO). The performance threshold values are indicative of the respective operating characteristics prior to an event. Rules are provided for selecting a combination of application, storage and database server nodes to meet the SLO for each parameter of the parameter.

Abstract: Provided are a method, system, and article of manufacture for selecting a resource manager to satisfy a service request. A catalog indicating a plurality of resource managers and at least one service offered by the resource managers is provided. Further provided is resource manager information indicating resource availability information for resource managers offering at least one service. A request for a requested service from a subscriber is received. The catalog is processed to identify resource managers publishing the requested service and the resource manager information is processed to determine at least one identified resource manager publishing the requested service that also satisfies at least one rule applicable to the service request.

Abstract: Provided are a method, system, and article of manufacture for selecting a resource manager to satisfy a service request. A catalog indicating a plurality of resource managers and at least one service offered by the resource managers is provided. Further provided is resource manager information indicating resource availability information for resource managers offering at least one service. A request for a requested service from a subscriber is received. The catalog is processed to identify resource managers publishing the requested service and the resource manager information is processed to determine at least one identified resource manager publishing the requested service that also satisfies at least one rule applicable to the service request.

Abstract: Further provided are a method, system, and article of manufacture for determining, transmitting, and receiving performance information with respect to an operation performed locally and at remote nodes. Performance information is determined with respect to performing an operation at a node and transmitted to remote nodes over a network. Performance information is received from the remote nodes with respect to the remote nodes performing the operation. The determined and received performance information is used to determine whether to perform the operation at one of the remote nodes or the node. Other embodiments are disclosed and claimed.