Abstract: A system and method for tailoring container images stored in a container image registry to a specific microarchitecture that a host operating system is running on in a virtualized environment. A container image fetch request is sent to the container image registry. Microarchitecture identification instructions are received from the image registry in response to the container image fetch request. Results from the microarchitecture identification instructions are transmitted to the container image registry to identify the specific microarchitecture that the host operating system is running on in the virtualized environment, and a container within the virtualized environment is started using an optimal container image received from the container image registry, the optimal container image being tailored to the specific microarchitecture to leverage the functionalities and capabilities of the specific microarchitecture of the computing system.

Abstract: A method and system for improving virtual machine allocation and migration is provided. The method includes initiating a migration process for migrating database files of a virtual machine from a first hardware device to a second hardware device. A checkpoint and restart command is transmitted to a first hypervisor of the first hardware device and a request for a cryptographic key from a memory encryption engine is received. The cryptographic key is transmitted to a first enclave and the first enclave is encrypted resulting in an encrypted enclave. A resulting a data file comprising the database files is generated and the encrypted enclave is disconnected from the first hardware device. The encrypted enclave is destroyed and checkpoint and restart code is executed for restarting the first hardware device.

Abstract: Aspects define a union mixed secure virtual machine image to include an encrypted code virtualization machine for code machine instructions of a first retrieved package; and an unsecure virtualization hypervisor that includes a non-encrypted code virtualization machine for code machine instructions of a second retrieved package and a non-encrypted data storage device.

Abstract: Aspects provide for a virtual machine structure wherein processors are configured to create an encrypted code virtualization machine for code machine instructions of a retrieved package that has a security field value that indicates secure code, wherein the code machine instructions of the first retrieved package are allocated to encrypted code memory regions of a computer memory resource. Configured processors further create a non-encrypted code virtualization machine in non-encrypted code memory regions of a computer memory resource comprising code machine instructions of another retrieved package that has a security field value that does not indicate secure code; and define a union mixed secure virtual machine image to include (as a function of) the encrypted code virtualization machine and the non-encrypted code virtualization machine.

Abstract: A method and system for improving virtual machine allocation and migration is provided. The method includes initiating a migration process for migrating database files of a virtual machine from a first hardware device to a second hardware device. A checkpoint and restart command is transmitted to a first hypervisor of the first hardware device and a request for a cryptographic key from a memory encryption engine is received. The cryptographic key is transmitted to a first enclave and the first enclave is encrypted resulting in an encrypted enclave. A resulting a data file comprising the database files is generated and the encrypted enclave is disconnected from the first hardware device. The encrypted enclave is destroyed and checkpoint and restart code is executed for restarting the first hardware device.

Abstract: A system and method for tailoring container images stored in a container image registry to a specific microarchitecture that a host operating system is running on in a virtualized environment includes sending a container image fetch request to the container image registry, receiving microarchitecture identification instructions from the image registry in response to the container image fetch request, the microarchitecture identification instructions configured to be run on the host operating system, transmitting results from the microarchitecture identification instructions to the container image registry to identify the specific microarchitecture that the host operating system is running on in the virtualized environment, and starting a container within the virtualized environment using an optimal container image received from the container image registry, the optimal container image being tailored to the specific microarchitecture to leverage as many functionalities and capabilities of the specific microarc

Abstract: Aspects define a union mixed secure virtual machine image to include an encrypted code virtualization machine for code machine instructions of a first retrieved package; and an unsecure virtualization hypervisor that includes a non-encrypted code virtualization machine for code machine instructions of a second retrieved package and a non-encrypted data storage device.

Abstract: Aspects provide for a virtual machine structure wherein processors are configured to create an encrypted code virtualization machine for code machine instructions of a retrieved package that has a security field value that indicates secure code, wherein the code machine instructions of the first retrieved package are allocated to encrypted code memory regions of a computer memory resource. Configured processors further create a non-encrypted code virtualization machine in non-encrypted code memory regions of a computer memory resource comprising code machine instructions of another retrieved package that has a security field value that does not indicate secure code; and define a union mixed secure virtual machine image to include (as a function of) the encrypted code virtualization machine and the non-encrypted code virtualization machine.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: A method and system for remotely managing business processes via a mobile device is provided. The method includes enabling, for a user, an application integrated with analytic models and geo-positioning technology. The user and a location of the user are identified. Preferences associated with the user are identified and a status of business processes associated with the entity at the location is monitored. In response, a status of the entity at the location is determined. Status data associated with the status is presented to the user via the mobile device. The status data is based on the preferences. The user may initiate an escalation process based on the status provided.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: A method and system for remotely managing business processes via a mobile device is provided. The method includes enabling, for a user, an application integrated with analytic models and geo-positioning technology. The user and a location of the user are identified. Preferences associated with the user are identified and a status of business processes associated with the entity at the location is monitored. In response, a status of the entity at the location is determined. Status data associated with the status is presented to the user via the mobile device. The status data is based on the preferences. The user may initiate an escalation process based on the status provided.