Abstract: In an embodiment, a method includes receiving, by a server, a request from a user for translation of a multi-format embedded file (MFEF) document, where the MFEF document includes a plurality of embedded elements. Responsive to the request for the MFEF document, the server automatically identifies element types of the embedded elements, where the embedded elements include a first element type and a second element type. The server also identifies foreign-language embedded elements from among the plurality of embedded elements, where the foreign-language embedded elements are embedded elements that are in a language other than a preferred language of the user. The server selects translators to translate the foreign-language embedded elements, including selecting a first translator for translating the first element type of foreign-language embedded elements and a second translator for translating the second element type of foreign-language embedded elements.

Abstract: A method of administering a shared pool of computer system resources by a control node by monitoring a first cluster with a first and second node and a second cluster with a third and fourth node. The method also includes maintaining, by the first cluster, a record of parameters and maintaining, by the second cluster, a record of parameters. The method also includes monitoring, by the control node, a database of the records. The method also includes determining, by the control node, whether the parameter associated with write traffic between the first and third node exceeds a threshold value, and responsive to the parameter exceeding the threshold value, instructing, by the control node, the second node to be a responding node. The method also includes notifying a user to check the computer system resources when the parameter exceeds the threshold value.

Abstract: Examples of techniques for failure detection for central electronics complex (CEC) group management are described herein. An aspect includes issuing a first virtual input/output server (VIOS) probe to a hardware management console (HMC) of a central electronics complex (CEC) group. Another aspect includes receiving a first response packet that includes health data corresponding to a plurality of VIOSes. Another aspect includes determining, based on the first response packet, that cluster down is indicated on a first VIOS. Another aspect includes, based on determining that cluster down is indicated on the first VIOS, getting a VIOS state for the first VIOS from the HMC. Another aspect includes determining based on the VIOS state that the first VIOS is in a down state and determining that the first VIOS is unhealthy. Another aspect includes updating a health data entry corresponding to the first VIOS to indicate that the first VIOS is unhealthy.

Abstract: A write operation storing data in a first storage device is duplicated to a first replication file. A set of differences between a first version of the first replication file determined at a first time and a second version of the first replication file determined at a second time is determined, the set of differences comprising a set of results of duplicated write operations occurring between the first time and the second time. At a second file system, storage of the set of differences in a second storage device is caused, creating a duplicate in the second storage device of the data stored in the first storage device.

Abstract: In an embodiment, a method includes receiving, by a server, a request from a user for translation of a multi-format embedded file (MFEF) document, where the MFEF document includes a plurality of embedded elements. Responsive to the request for the MFEF document, the server automatically identifies element types of the embedded elements, where the embedded elements include a first element type and a second element type. The server also identifies foreign-language embedded elements from among the plurality of embedded elements, where the foreign-language embedded elements are embedded elements that are in a language other than a preferred language of the user. The server selects translators to translate the foreign-language embedded elements, including selecting a first translator for translating the first element type of foreign-language embedded elements and a second translator for translating the second element type of foreign-language embedded elements.

Abstract: Examples of techniques for failure detection for central electronics complex (CEC) group management are described herein. An aspect includes issuing a first virtual input/output server (VIOS) probe to a hardware management console (HMC) of a central electronics complex (CEC) group. Another aspect includes receiving a first response packet that includes health data corresponding to a plurality of VIOSes. Another aspect includes determining, based on the first response packet, that cluster down is indicated on a first VIOS. Another aspect includes, based on determining that cluster down is indicated on the first VIOS, getting a VIOS state for the first VIOS from the HMC. Another aspect includes determining based on the VIOS state that the first VIOS is in a down state and determining that the first VIOS is unhealthy. Another aspect includes updating a health data entry corresponding to the first VIOS to indicate that the first VIOS is unhealthy.

Abstract: Examples of techniques for failure detection for central electronics complex (CEC) group management are described herein. An aspect includes issuing a first logical partition (LPAR) probe to a hardware management console (HMC) of a central electronics complex (CEC) group, wherein the CEC group comprises a plurality of LPARs. Another aspect includes receiving a first response packet from the HMC corresponding to the first LPAR probe, wherein the first response packet comprises health data corresponding to a first LPAR of the plurality of LPARs. Another aspect includes storing the health data corresponding to the first LPAR in a first health data entry corresponding to the first LPAR. Another aspect includes, for a second LPAR of the plurality of LPARs that was not included in the first response packet, updating a second health data entry corresponding to the second LPAR to indicate that the second LPAR is healthy.

Abstract: Examples of techniques for failure detection for central electronics complex (CEC) group management are described herein. An aspect includes issuing a first logical partition (LPAR) probe to a hardware management console (HMC) of a central electronics complex (CEC) group, wherein the CEC group comprises a plurality of LPARs. Another aspect includes receiving a first response packet from the HMC corresponding to the first LPAR probe, wherein the first response packet comprises health data corresponding to a first LPAR of the plurality of LPARs. Another aspect includes storing the health data corresponding to the first LPAR in a first health data entry corresponding to the first LPAR. Another aspect includes, for a second LPAR of the plurality of LPARs that was not included in the first response packet, updating a second health data entry corresponding to the second LPAR to indicate that the second LPAR is healthy.

Abstract: The present invention provides a system and method for automatically hiding sensitive information, obtainable from a process table, from other processes that should not access the sensitive information. The system and method include a sensitive command attribute table that is used by a system administrator to designate the commands and command attributes that will typically be associated with sensitive information. The sensitive command attribute table is used when a command is entered that requests information from the process table to be displayed or output. In response, a search of the process table entries is made to determine if a command and/or its attribute in the process table matches an entry in the sensitive command attribute table. If so, the command, its attributes, and/or its attribute values are blanked from the output of the process table information.

Abstract: A user device initiates a network access authentication operation via a network access device with a network access authentication server, e.g., a Remote Authentication Dial-In User Service (RADIUS) server, which also generates an X.509 proxy certificate and includes the proxy certificate with the information, such as a set of network access parameters, that is returned to the user device in response to a successful completion of the network access authentication operation. The user device extracts and stores the proxy certificate. The network access parameters are used by the user device to communicate via the network access device on a network, which supports a grid. When the user device accesses a resource in the grid, the proxy certificate is already available, thereby obviating the need to generate a new proxy certificate and allowing a user of the user device to experience an integrated single-sign-on for network access and grid access.

Abstract: A computer implemented method, data processing system, and computer program product for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.

Abstract: A user device initiates a network access authentication operation via a network access device with a network access authentication server, e.g., a Remote Authentication Dial-In User Service (RADIUS) server, which also generates an X.509 proxy certificate and includes the proxy certificate with the information, such as a set of network access parameters, that is returned to the user device in response to a successful completion of the network access authentication operation. The user device extracts and stores the proxy certificate. The network access parameters are used by the user device to communicate via the network access device on a network, which supports a grid. When the user device accesses a resource in the grid, the proxy certificate is already available, thereby obviating the need to generate a new proxy certificate and allowing a user of the user device to experience an integrated single-sign-on for network access and grid access.

Abstract: Exemplary methods, systems, and products are described that operate generally by moving subroutine return address protection to the processor itself, in effect proving atomic locks for subroutine return addresses stored in a stack, subject to application control. More particularly, exemplary methods, systems, and products are described that write protect subroutine return addresses by calling a subroutine, including storing in a stack memory address a subroutine return address and locking, by a computer processor, the stack memory address against write access. Calling a subroutine may include receiving in the computer processor an instruction to lock the stack memory address. Locking the stack memory address may be carried out by storing the stack memory address in a protected memory lockword. A protected memory lockword may be implemented as a portion of a protected content addressable memory.

Abstract: A user device initiates a network access authentication operation via a network access device with a network access authentication server, e.g., a Remote Authentication Dial-In User Service (RADIUS) server, which also generates an X.509 proxy certificate and includes the proxy certificate with the information, such as a set of network access parameters, that is returned to the user device in response to a successful completion of the network access authentication operation. The user device extracts and stores the proxy certificate. The network access parameters are used by the user device to communicate via the network access device on a network, which supports a grid. When the user device accesses a resource in the grid, the proxy certificate is already available, thereby obviating the need to generate a new proxy certificate and allowing a user of the user device to experience an integrated single-sign-on for network access and grid access.

Abstract: The present invention provides a system and method for automatically hiding sensitive information, obtainable from a process table, from other processes that should not access the sensitive information. The system and method include a sensitive command attribute table that is used by a system administrator to designate the commands and command attributes that will typically be associated with sensitive information. The sensitive command attribute table is used when a command is entered that requests information from the process table to be displayed or output. In response, a search of the process table entries is made to determine if a command and/or its attribute in the process table matches an entry in the sensitive command attribute table. If so, the command, its attributes, and/or its attribute values are blanked from the output of the process table information.

Abstract: Exemplary methods, systems, and products are described that operate generally by moving subroutine return address protection to the processor itself, in effect proving atomic locks for subroutine return addresses stored in a stack, subject to application control. More particularly, exemplary methods, systems, and products are described that write protect subroutine return addresses by calling a subroutine, including storing in a stack memory address a subroutine return address and locking, by a computer processor, the stack memory address against write access. Calling a subroutine may include receiving in the computer processor an instruction to lock the stack memory address. Locking the stack memory address may be carried out by storing the stack memory address in a protected memory lockword. A protected memory lockword may be implemented as a portion of a protected content addressable memory.

Abstract: A computer implemented method for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.

Abstract: A computer implemented method, data processing system, and computer program product for monitoring system events and providing real-time response to security threats. System data is collected by monitors in the computing system. The expert system of the present invention compares the data against information in a knowledge base to identify a security threat to a system resource in a form of a system event and an action for mitigating effects of the system event. A determination is made as to whether a threat risk value of the system event is greater than an action risk value of the action for mitigating the system event. If the threat risk value is greater, a determination is made as to whether a trust value set by a user is greater than the action risk value. If the trust value is greater, the expert system executes the action against the security threat.

Abstract: The present invention provides a system and method for automatically hiding sensitive information, obtainable from a process table, from other processes that should not access the sensitive information. The system and method include a sensitive command attribute table that is used by a system administrator to designate the commands and command attributes that will typically be associated with sensitive information. The sensitive command attribute table is used when a command is entered that requests information from the process table to be displayed or output. In response, a search of the process table entries is made to determine if a command and/or its attribute in the process table matches an entry in the sensitive command attribute table. If so, the command, its attributes, and/or its attribute values are blanked from the output of the process table information.

Abstract: A method and system for enabling secure IPsec tunnels within NAT without compromising security. A local network is configured with a gateway machine connected to the Internet and having an IPsec ID for interfacing with the Internet and a local IP/interface address for interfacing with the local network. Client machines are connected to the gateway machine and communicate with the Internet via the gateway and network address translation (NAT) techniques. Each client machine is configured with a local IP/interface address. The client machines are also provided with an alias of the IPsec ID for the gateway machine. When an IPsec request is received by the gateway machine to establish a tunnel (secure communication) with one of the clients, the gateway machine forwards the packet to the particular client using NAT. The client machine receives the request and since it has an alias of the gateway's IPsec ID, the client machine will confirm that it has one of the IPsec IDs in the packet.