Abstract: Various example embodiments are directed to systems and methods for migrating a database from a source database having a source schema to a target database having a target schema. For example the migrating may comprise a pre-migration phase and a migration phase. The pre-migration phase may comprise either executing a pre-migration command to modify at least a portion of the source database or generating a pre-migration object at the source database. The migration phase may comprise selecting at least one column from the source database that was modified during the pre-migration phase and writing the at least one column to the target database.

Abstract: A method performed by a computing system includes, with a computing system, receiving an application and a security policy corresponding to the application, the security policy for use with a security enforcement mechanism, with the computing system, receiving a data structure associated with the application and the security policy, wherein the data structure associates a logged denial by the security enforcement mechanism with a rule of the security policy, wherein the data structure further associates the logged denial with a test for the rule, the test to determine if the rule prevents the denial, with the computing system, applying the test using a temporary security policy, the temporary security policy having the rule removed, and with the computing system, in response to determining that the applying does not result in a denial corresponding to the logged denial, flagging the data structure.

Abstract: A method performed by a computing system includes, with a computing system, receiving an application and a security policy corresponding to the application, the security policy for use with a security enforcement mechanism, with the computing system, receiving a data structure associated with the application and the security policy, wherein the data structure associates a logged denial by the security enforcement mechanism with a rule of the security policy, wherein the data structure further associates the logged denial with a test for the rule, the test to determine if the rule prevents the denial, with the computing system, applying the test using a temporary security policy, the temporary security policy having the rule removed, and with the computing system, in response to determining that the applying does not result in a denial corresponding to the logged denial, flagging the data structure.

Abstract: Some embodiments of a system and a method to verify compliance in a disconnected system have been presented. For instance, a provider server can collect system management server state hashes from a set of computer systems in transactions not directly related to billing between the provider server and the computer systems. The computer systems may be coupled to a system management server that is within an internal network of a customer. The provider server can verify compliance information submitted by the customer using the system management server state hashes collected without communicating with the system management server in the internal network.

Abstract: Systems and methods for executing compliance verification or remediation scripts. An example method may comprise: identifying, by a computer system, a compliance script to be executed; determining a value of a cryptographic hash function of at least part of the identified compliance script; identifying, based on the value of the cryptographic hash function, an installation path of a corresponding digitally signed compliance script pre-installed on the computer system, the digitally signed compliance script associated with a security context; and executing, within the security context, the digitally signed compliance script.

Abstract: Some embodiments of a system and a method to verify compliance in a connected system have been presented. For instance, a system management server provided by a software vendor is installed in a customer's network to manage a set of computer systems belonging to the customer. The system management server can provide cryptographically timestamped hashes of states of the system management server to the software vendor periodically to allow the software vendor to verify compliance information from the customer.

Abstract: Various example embodiments are directed to systems and methods for migrating a database from a source database having a source schema to a target database having a target schema. For example, a computing device may identify a first source schema table associated with a first migration instruction. The first migration instruction may comprise a plurality of migration instruction sets. Each of the plurality of migration instruction sets may correspond to a version of the first source schema table. The computing device may determine that there is a match between the first source schema table and a first migration instruction set and may execute the first migration instruction set. Executing the first migration instruction set may comprise selecting at least one column of the first source schema table and writing the at least one column of the first source schema table to a first target schema table.

Abstract: Various example embodiments are directed to systems and methods for migrating a database from a source database having a source schema to a target database having a target schema. For example the migrating may comprise a pre-migration phase and a migration phase. The pre-migration phase may comprise either executing a pre-migration command to modify at least a portion of the source database or generating a pre-migration object at the source database. The migration phase may comprise selecting at least one column from the source database that was modified during the pre-migration phase and writing the at least one column to the target database.

Abstract: Systems and methods for executing compliance verification or remediation scripts. An example method may comprise: identifying, by a computer system, a compliance script to be executed; determining a value of a cryptographic hash function of at least part of the identified compliance script; identifying, based on the value of the cryptographic hash function, an installation path of a corresponding digitally signed compliance script pre-installed on the computer system, the digitally signed compliance script associated with a security context; and executing, within the security context, the digitally signed compliance script.

Abstract: The database command rewriting system rewrites a first database command that includes language specific for a first database management system command into a second database command suitable for a second database management system. The database command rewriting system receives the first database command and identifies the specific language. Furthermore, the database command rewriting system retrieves a rule based on the identified language. Using the retrieved rule, the database command system rewrites the first database command to the second database command and transmits the second database command to the second database management system.

Abstract: A computer system can be updated and/or reconfigured quickly by preparing a list of attributes of the system and computing a fingerprint based on the list. The fingerprint serves as a key to a database of precomputed upgrade plans. If a matching plan is found, it can be executed to update the computer system without performing a time-consuming dependency resolution operation. If no applicable precomputed plan is found, a plan must then be computed, but the computed plan may be saved in the database to speed up future system updates.

Abstract: An upgrade controller that compares the contents of a reference database with an upgraded database is described. In one embodiment, the upgrade controller connects to the reference and upgraded database and retrieves the list of tables. For each of the tables, the upgrade controller compares the content of the reference and the upgraded table. The upgrade controller compares the table contents by comparing the contents on a record-by-record basis. In addition, the upgrade controller can use a whitelist of tables and columns to reduce the number of false positive(s) that could be generated during the comparison.

Abstract: Some embodiments of a system and a method to validate database schema upgrade using denormalization have been presented. For instance, a database deployment engine may upgrade a database from a first version to a second version. The database upgraded stores a set of entities. By applying denormalization to both the upgraded database and a reference database (which contains a newly installed second version of the database), a database validation engine may reduce false positives during validation of the database schema upgrade scripts usable by customers to upgrade their database schema to the latest version.

Abstract: An upgrade controller that compares the contents of a reference database with an upgraded database is described. In one embodiment, the upgrade controller connects to the reference and upgraded database and retrieves the list of tables. For each of the tables, the upgrade controller compares the content of the reference and the upgraded table. The upgrade controller compares the table contents by comparing the contents on a record-by-record basis. In addition, the upgrade controller can use a whitelist of tables and columns to reduce the number of false positive(s) that could be generated during the comparison.

Abstract: Some embodiments of a system and a method to verify compliance in a connected system have been presented. For instance, a system management server provided by a software vendor is installed in a customer's network to manage a set of computer systems belonging to the customer. The system management server can provide cryptographically timestamped hashes of states of the system management server to the software vendor periodically to allow the software vendor to verify compliance information from the customer.

Abstract: Some embodiments of a system and a method to verify compliance in a disconnected system have been presented. For instance, a provider server can collect system management server state hashes from a set of computer systems in transactions not directly related to billing between the provider server and the computer systems. The computer systems may be coupled to a system management server that is within an internal network of a customer. The provider server can verify compliance information submitted by the customer using the system management server state hashes collected without communicating with the system management server in the internal network.

Abstract: Some embodiments of a system and a method to validate database schema upgrade using denormalization have been presented. For instance, a database deployment engine may upgrade a database from a first version to a second version. The database upgraded stores a set of entities. By applying denormalization to both the upgraded database and a reference database (which contains a newly installed second version of the database), a database validation engine may reduce false positives during validation of the database schema upgrade scripts usable by customers to upgrade their database schema to the latest version.

Abstract: The database command rewriting system rewrites a first database command that includes language specific for a first database management system command into a second database command suitable for a second database management system. The database command rewriting system receives the first database command and identifies the specific language. Furthermore, the database command rewriting system retrieves a rule based on the identified language. Using the retrieved rule, the database command system rewrites the first database command to the second database command and transmits the second database command to the second database management system.

Abstract: A computer system can be updated and/or reconfigured quickly by preparing a list of attributes of the system and computing a fingerprint based on the list. The fingerprint serves as a key to a database of precomputed upgrade plans. If a matching plan is found, it can be executed to update the computer system without performing a time-consuming dependency resolution operation. If no applicable precomputed plan is found, a plan must then be computed, but the computed plan may be saved in the database to speed up future system updates.