Abstract: An Information Technology (IT) system display method and computer program product. A description is provided of a configuration of devices, network segments, and vertical connectors relating to an IT structure. The devices are initially distributed to form a distribution of the devices in a matrix representing a display screen. A defined goal value of the configuration is a function of a length and weight of each network segment, a length and weight of each vertical connector, and a penalty for each crossing of a device by a network segment. An overlay pattern of the network segments and the vertical connectors overlayed on the matrix is displayed in accordance with the description and the final distribution of the devices in the matrix. The goal value for the final distribution is lower than for the initial distribution. The final distribution is displayed on the display screen together with the overlay pattern.

Abstract: A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack.

Abstract: A computer-implemented method for optimizing an aspect of an Information Technology (IT) structure of an IT system, the aspect of the IT structure is optimized with respect to at least one control parameter. The IT structure includes a plurality of elements. Each element independently is a hardware element, a software element, or a combination of a hardware element and a software element. Each control parameter has a value that is specific to each element of the IT structure.

Abstract: Method, system, and product for authenticating database connections between a database server box having a database server and a database gateway; and an application server box having an application server and a connection authenticator. The application server and the connection authenticator are connected to the database server over an IP network. A TCP connection is established from the database gateway to the connection authenticator. The authenticator authenticates the application server and permits routing database requests and responses to and from the database server.

Abstract: A firewall rule generation method, a load balancing rule generation method, and a wrapper generation method, for an Information Technology (IT) system, associated computer program products, and an associated processes for integrating computing infrastructure. The firewall rule generation method generates firewall rules allowing data transmission between a computer and a client, and subsequently assigns the firewall rules to firewalls of the IT system. The load balancing rule generation method assigns a load balancing mechanism to a load balanced group to which execution of an application is assigned, wherein the load balanced group has servers therein. For a client and computer having a communication protocol therebetween that is not allowed by a security policy, the wrapper generation method generates a communication protocol wrapper that opens a Transmission Control Protocol (TCP) connection between the client and the computer such that the TCP connection is allowed by the security policy.

Abstract: A method and system is provided to provide single sign on (SSO) functionality in a network that avoids storing a user's credentials in persistent storage. A session may be initiated with a portal which sends a session ID derivative as a credential string instead of a user's password to a target application. When the target application attempts to authenticate the user, by sending a request to a LDAP directory, the request is intercepted by a LDAP proxy that instead validates the UserID with the LDAP directory and the password is validated by a credential validator component which verifies with the portal that the credential string presented as the user password has been produced from the active session ID. In an embodiment, the credential string validator validates each short-living credential only once and upon detecting a second validation request for the same string, initiates a security breech process.

Abstract: A method for single-sign on of a user on a client machine to one or more target applications on target application servers in a computer information-processing network, including: accessing an access server from the client machine; entering user-specific access server logon credentials for logon and access to the access server; selecting a target application; presenting to the target application by the access server, previously stored user-specific target application logon credentials for logon and access to the target application in a form and according to a protocol recognizable by the target application thereby logging into the target application on behalf of the user and establishing a target application session; sending from the access server to the client machine, information for establishing a connection from the client machine to the target application; and establishing a target application session, bypassing the access server, between the client machine and the target application.

Abstract: The invention provides a method, apparatus and algorithm for data processing that allows for hypothesis generation and the quantitative evaluation of its validity. The core procedure of the method is the construction of a hypothesis-parameter, acting as an “ego” of the non-biological reasoning system. A hypothesis-parameter may be generated either based on totality of general knowledge facts as a global description of data, or by a specially designed “encapsulation” technique providing for generation of hypothesis-parameters in unsupervised automated mode, after which a hypothesis-parameter is examined for the concordance with a totality of parameters describing objects under analysis. The hypothesis examination (verification) is done by establishing a number of copies of a hypothesis-parameter that may adequately compensate for the rest of existing parameters so that the clustering could rely on a suggested hypothesis-parameter.