Abstract: A first datastore discovers a configuration item (CI), without a persistent unique identifier in a distributed datastores environment. When the first datastore has authoritative naming rights, it determines an authoritative identification for the CI. When the first datastore has advisory naming rights, it suggests a name for the CI to a second datastore having authoritative naming rights. The second datastore determines that a pre-existing identification for the CI in the second datastore is the authoritative identification for the CI. If there is no pre-existing identification for the CI in the second data store, the second data store accepts the suggested name as the authoritative identification for the CI. When the first datastore has no naming rights for the CI, it sends the CI to a third data store having authoritative naming rights for the CI to get an authoritative identification for the CI.

Abstract: A first datastore discovers a configuration item (CI), without a persistent unique identifier in a distributed datastores environment. When the first datastore has authoritative naming rights, it determines an authoritative identification for the CI. When the first datastore has advisory naming rights, it suggests a name for the CI to a second datastore having authoritative naming rights. The second datastore determines that a pre-existing identification for the CI in the second datastore is the authoritative identification for the CI. If there is no pre-existing identification for the CI in the second data store, the second data store accepts the suggested name as the authoritative identification for the CI. When the first datastore has no naming rights for the CI, it sends the CI to a third data store having authoritative naming rights for the CI to get an authoritative identification for the CI.

Abstract: Disclosed are methods and systems to provide coordinated identification of data items across a plurality of distributed data storage repositories (datastores). In one disclosed embodiment, a single configuration management database (CMDB) controls identification rights for all CIs as they are first identified in a master/slave relationship with all other CMDBs in the distributed environment. In a second embodiment, a plurality of CMDBs divide identification rights based upon coordination identification rules where certain CMDBs are assigned authoritative identification rights for CIs matching the rules of a particular CMDB in the distributed environment. In a third embodiment, one or more of the plurality of CMDBs may also have advisory identification rights for CIs which do not already have an identifiable unique identity and can coordinate with an authoritative CMDB to establish an identity for CIs.

Abstract: Data is often populated into Configuration Management Databases (CMDBs) from different sources. Because the data can come from a variety of sources, it may have inconsistencies—and may even be incomplete. A Normalization Engine (NE) may be able to automatically clean up the incoming data based on certain rules and knowledge. In one embodiment, the NE takes each Configuration Item (CI) or group of CIs that are to be normalized and applies a rule or a set of rules to see if the data may be cleaned up, and, if so, updates the CI or group of CIs accordingly. In particular, one embodiment may allow for the CI's data to be normalized by doing a look up against a Product Catalog and/or an Alias Catalog. In another embodiment, the NE architecture could be fully extensible, allowing for the creation of custom, rules-based plug-ins by users and/or third parties.

Abstract: Techniques are described to allow the deprecation of classes in an object-oriented data model, such as a CDM for a CMDB. When a class is deprecated and replaced by another existing or new class, data associated with instances of the deprecated class may be migrated to the replacement class. A mapping between the deprecated class and its replacement class may be provided to allow existing applications to continue to access data using the deprecated class without change until the deprecated class is finally deleted or the application is updated to use the replacement class. New applications written to use the object-oriented data model after the deprecation may use the replacement class to access data instances created using the original data model.

Abstract: Disclosed are methods and systems to provide coordinated identification of data items across a plurality of distributed data storage repositories (datastores). In one disclosed embodiment, a single configuration management database (CMDB) controls identification rights for all CIs as they are first identified in a master/slave relationship with all other CMDBs in the distributed environment. In a second embodiment, a plurality of CMDBs divide identification rights based upon coordination identification rules where certain CMDBs are assigned authoritative identification rights for CIs matching the rules of a particular CMDB in the distributed environment. In a third embodiment, one or more of the plurality of CMDBs may also have advisory identification rights for CIs which do not already have an identifiable unique identity and can coordinate with an authoritative CMDB to establish an identity for CIs.

Abstract: Disclosed are methods and systems to provide coordinated identification of data items across a plurality of distributed data storage repositories (datastores). In one disclosed embodiment, a single configuration management database (CMDB) controls identification rights for all CIs as they are first identified in a master/slave relationship with all other CMDBs in the distributed environment. In a second embodiment, a plurality of CMDBs divide identification rights based upon coordination identification rules where certain CMDBs are assigned authoritative identification rights for CIs matching the rules of a particular CMDB in the distributed environment. In a third embodiment, one or more of the plurality of CMDBs may also have advisory identification rights for CIs which do not already have an identifiable unique identity and can coordinate with an authoritative CMDB to establish an identity for CIs.

Abstract: A trust management system may be configured to compute a trust level for a compute resource based on a trust manifest corresponding to compute resource. Based on the construction of a trust manifest for each class of compute resources, a trust level may be computed for a wide range of compute resources, including bare-metal hosts, hypervisor hosts, virtual machines and containers. A trust manifest may specify one or more inputs for calculating the trust level, as well as how the inputs are to be processed to arrive at the trust level. The one or more inputs may include integrity measurements determined in accordance with one or more integrity measurement methods and security assessments determined in accordance with one or more security assessment methods. The inputs for the trust level calculation may be evaluated by one or more rule statements specified in the trust manifest, the evaluation of which returns the trust level for the compute resource.

Abstract: Techniques are described to allow the deprecation of classes in an object-oriented data model, such as a CDM for a CMDB. When a class is deprecated and replaced by another existing or new class, data associated with instances of the deprecated class may be migrated to the replacement class. A mapping between the deprecated class and its replacement class may be provided to allow existing applications to continue to access data using the deprecated class without change until the deprecated class is finally deleted or the application is updated to use the replacement class. New applications written to use the object-oriented data model after the deprecation may use the replacement class to access data instances created using the original data model.

Abstract: An agile governance system provides recommendations for infrastructure change requests concerning a cloud-based computer environment in accordance with security policies regarding data to be used in connection with applications impacted by the requests. The nature and character of the data is determined using an interactive dialog with a requesting entity. Possible responses provided by the requesting entity are mapped to security policy requirements, which, in turn, are used to determine infrastructure stack requirements. Where pre-approved solutions that satisfy the security needs for the requested infrastructure change exist, they are recommended; otherwise, the requesting entity is presented with the recommendation for the requested infrastructure change along with a list of required approvals and approvers.

Abstract: Techniques are described to allow the deprecation of classes in an object-oriented data model, such as a CDM for a CMDB. When a class is deprecated and replaced by another existing or new class, data associated with instances of the deprecated class and its replacement class may be provided to allow existing applications to continue to access data using the deprecated class without change until the deprecated class is finally deleted or the application is updated to use the replacement class. New applications written to use the object-oriented model after the deprecation may use the replacement class to access data instances created using the original data model.

Abstract: A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

Abstract: An agile governance system provides recommendations for infrastructure change requests concerning a cloud-based computer environment in accordance with security policies regarding data to be used in connection with applications impacted by the requests. The nature and character of the data is determined using an interactive dialog with a requesting entity. Possible responses provided by the requesting entity are mapped to security policy requirements, which, in turn, are used to determine infrastructure stack requirements. Where pre-approved solutions that satisfy the security needs for the requested infrastructure change exist, they are recommended; otherwise, the requesting entity is presented with the recommendation for the requested infrastructure change along with a list of required approvals and approvers.

Abstract: A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

Abstract: A harmonized governance system for a heterogeneous agile environment affords abstraction and normalization of resources, operations, and roles, and respective attributes and contexts of such resources, operations, and roles, of respective individual agile environments that make up the heterogeneous agile environment. Such abstraction frees administrators from having to understand and be conversant in agile environment-specific syntaxes required for management of the different agile environments, and allows for normalized reporting and auditing across them. Data sources of the harmonized governance system store information mappings that facilitate this abstraction and normalization of the agile environment-specific syntaxes and as new attributes and contexts of resources, operations, and roles of the agile environment-specific syntax are discovered they are mapped to new counterparts in a heterogeneous agile environment syntax.

Abstract: An agile governance system provides recommendations for infrastructure change requests concerning a cloud-based computer environment in accordance with security policies regarding data to be used in connection with applications impacted by the requests. The nature and character of the data is determined using an interactive dialog with a requesting entity. Possible responses provided by the requesting entity are mapped to security policy requirements, which, in turn, are used to determine infrastructure stack requirements. Where pre-approved solutions that satisfy the security needs for the requested infrastructure change exist, they are recommended; otherwise, the requesting entity is presented with the recommendation for the requested infrastructure change along with a list of required approvals and approvers.

Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Abstract: Techniques are described to allow the deprecation of classes in an object-oriented data model, such as a CDM for a CMDB. When a class is deprecated and replaced by another existing or new class, data associated with instances of the deprecated class and its replacement class may be provided to allow existing applications to continue to access data using the deprecated class without change until the deprecated class is finally deleted or the application is updated to use the replacement class. New applications written to use the object-oriented model after the deprecation may use the replacement class to access data instances created using the original data model.

Abstract: Techniques are described to allow the deprecation of classes in an object-oriented data model, such as a CDM for a CMDB. When a class is deprecated and replaced by another existing or new class, data associated with instances of the deprecated class may be migrated to the replacement class. A mapping between the deprecated class and its replacement class may be provided to allow existing applications to continue to access data using the deprecated class without change until the deprecated class is finally deleted or the application is updated to use the replacement class. New applications written to use the object-oriented data model after the deprecation may use the replacement class to access data instances created using the original data model.