Abstract: An actuator to execute on a server may be automatically selected based on risk of failure and damage to the server. Requirement specification and environment parameters may be received. A subset of actuators may be selected based on a risk threshold from an actuator catalog database storing actuator information and actuator risk metadata associated with a plurality of actuators. The actuator risk metadata may be augmented with risk information. A ranked list of the subset of actuators may be generated based on the actuator risk metadata associated with each actuator in the subset. An actuator in the ranked list may be executed on the server.

Abstract: Embodiments relate to an intelligent computer platform to utilize machine learning techniques to minimize compliance risk. Data, collected from a plurality of sources is subject to analysis and correlation to assess impact across data points. The assessment measures impact between at least two different compliance domains, facilitates understanding of cross-impact between compliance domains, and provides an estimation of compliance risk. A recommendation plan for one or more new compliance activities is created and dynamically subject to a machine learning reinforcement algorithm.

Abstract: A method provides for controlling compliance remediation that includes performing compliance inspection runs by account nodes for multiple accounts. Inspection results of the inspection runs from each account node are aggregated by an account cognitive policy advisory (CPA) service. The inspection results from each account are aggregated. It is determined whether remediations are required by analyzing the inspection results combined with a current compliance mode of a server. Upon a determination that the current compliance mode of the server is a first mode, the account CPA service determines whether a policy fingerprint has changed. Upon a change to the policy fingerprint, compliance enforcement runs on the account nodes are temporarily suspended.

Abstract: A self-service experience for a change requester is provided. Authorized endpoint changes are identified along with corresponding change types. Resource attributes are identified and corresponding parameters of the resources are changed according to change window requirements. Where the changes comply with business policies, the changes are executed.

Abstract: A method provides for controlling compliance remediation that includes performing compliance inspection runs by account nodes for multiple accounts. Inspection results of the inspection runs from each account node are aggregated by an account cognitive policy advisory (CPA) service. The inspection results from each account are aggregated. It is determined whether remediations are required by analyzing the inspection results combined with a current compliance mode of a server. Upon a determination that the current compliance mode of the server is a first mode, the account CPA service determines whether a policy fingerprint has changed. Upon a change to the policy fingerprint, compliance enforcement runs on the account nodes are temporarily suspended.

Abstract: An intelligent computer platform to provide intent identification, mining and refinement, and dynamic application of the intent to pipeline. Natural language processing (NLP) is utilized with respect to the intent identification and refinement. A pipeline tool to support the function of the intent is identified, and a corresponding dynamic modification of a corresponding pipeline template takes place to integrate the tool into a stage of the corresponding template. Program code that aligns with the dynamic modification of the pipeline template is generated, thereby incorporating the searched intents into the functional aspect(s) represented in the pipeline.

Abstract: Embodiments relate to an intelligent computer platform to utilize machine learning techniques to minimize compliance risk. Data, collected from a plurality of sources is subject to analysis and correlation to assess impact across data points. The assessment measures impact between at least two different compliance domains, facilitates understanding of cross-impact between compliance domains, and provides an estimation of compliance risk. A recommendation plan for one or more new compliance activities is created and dynamically subject to a machine learning reinforcement algorithm.

Abstract: An intelligent computer platform to provide intent identification, mining and refinement, and dynamic application of the intent to pipeline. Natural language processing (NLP) is utilized with respect to the intent identification and refinement. A pipeline tool to support the function of the intent is identified, and a corresponding dynamic modification of a corresponding pipeline template takes place to integrate the tool into a stage of the corresponding template. Program code that aligns with the dynamic modification of the pipeline template is generated, thereby incorporating the searched intents into the functional aspect(s) represented in the pipeline.

Abstract: An actuator to execute on a server may be automatically selected based on risk of failure and damage to the server. Requirement specification and environment parameters may be received. A subset of actuators may be selected based on a risk threshold from an actuator catalog database storing actuator information and actuator risk metadata associated with a plurality of actuators. The actuator risk metadata may be augmented with risk information. A ranked list of the subset of actuators may be generated based on the actuator risk metadata associated with each actuator in the subset. An actuator in the ranked list may be executed on the server.

Abstract: An actuator to execute on a server may be automatically selected based on risk of failure and damage to the server. Requirement specification and environment parameters may be received. A subset of actuators may be selected based on a risk threshold from an actuator catalog database storing actuator information and actuator risk metadata associated with a plurality of actuators. The actuator risk metadata may be augmented with risk information. A ranked list of the subset of actuators may be generated based on the actuator risk metadata associated with each actuator in the subset. An actuator in the ranked list may be executed on the server.

Abstract: A self-service experience for a change requester is provided. Authorized endpoint changes are identified along with corresponding change types. Resource attributes are identified and corresponding parameters of the resources are changed according to change window requirements. Where the changes comply with business policies, the changes are executed.

Abstract: On a computer system, a shell is invoked, through which a plurality of commands and/or scripts can be executed. Individual ones of the plurality of commands and/or scripts are validated. Given individual ones of the plurality of commands and/or scripts, for which the validation is successful, are executed via the shell.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: A method is provided to eliminate many of the manual steps in a server change management process, creating a self-service experience for a change requester. The method may automatically retrieve the current state of a server; constrain the requested change to a valid, feasible specification; verify that the requested change is compliant with business policies; implement the changes automatically; and develop a knowledge base of automated change risk that is used to modify the change management business process by identifying safe changes that can be performed outside of change windows and/or during change freezes. The method can be applied to changes to physical servers, virtual servers, and servers in a cloud environment.

Abstract: It is determined whether a user is authorized to carry out a management operation on a plurality of information technology assets in parallel, based on a role of the user and at least one characteristic of the management operation. A risk level of the management operation, and at least one characteristic of the plurality of information technology assets, are both determined. Based on the risk level and the at least one characteristic of the plurality of information technology assets, an execution pattern for the management operation is specified. In at least some cases, the management operation is carried out on the plurality of information technology assets in parallel, in accordance with the execution pattern.

Abstract: A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key.

Abstract: Deleting files may include identifying files stored in a storage device to delete based on one or more deletion rules. The identified files are categorized into at least a first group and a second group. Deletion of files may be triggered based on a free space threshold. Deletion of files in the first group may be triggered. If the free space threshold is not met by deleting the files in the first group, deletion of files in the second group is triggered based on one or more of prioritization and cost optimization.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: An actuator to execute on a server may be automatically selected based on risk of failure and damage to the server. Requirement specification and environment parameters may be received. A subset of actuators may be selected based on a risk threshold from an actuator catalog database storing actuator information and actuator risk metadata associated with a plurality of actuators. The actuator risk metadata may be augmented with risk information. A ranked list of the subset of actuators may be generated based on the actuator risk metadata associated with each actuator in the subset. An actuator in the ranked list may be executed on the server.

Abstract: Methods, systems, and computer program products for a protected graphical user interface for role-based application and data access are provided herein. A method for controlling access on an endpoint device to at least a portion of an application includes obtaining a default configuration indicating whether one or more widget functions associated with the application are enabled in a graphical user interface; modifying one or more of the widget functions in the default configuration to a disabled status in the graphical user interface based on a privilege configuration; determining if one or more user click events generated using the graphical user interface are associated with a widget function having the disabled status; and preventing the user click events having the disabled status from being provided to an operating system for further processing, wherein at least one of the steps is carried out by a computing device.