Abstract: Aspects generate application programming interface documents, wherein processors are configured to scan application programming interface code from representational state transfer request and from server-side responses, map matching application programming interface language definitions within a formal language definition database to matching language definition code values within the scanned code, and map matching object types within an application programming interface object type database to matching object code values within the scanned code.

Abstract: Aspects generate application programming interface documents, wherein processors are configured to scan application programming interface code from representational state transfer request and from server-side responses, map matching application programming interface language definitions within a formal language definition database to matching language definition code values within the scanned code, and map matching object types within an application programming interface object type database to matching object code values within the scanned code.

Abstract: A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed.

Abstract: An identity of a user performing an operation with respect to an application is propagated, from a point at which the user authenticates, to one or more other applications in a multi-product environment. The application may be a management console associated with an information cluster. In an embodiment, an administrator logs on to a management console (using an identity) and invokes a management operation. The management console then performs a programmatic remote access login (e.g., using SSH/RXA) to one or more nodes using a system account, invokes an application, and passes in the identity. As the application performs one or more management operations, audit events are logged, and these events each contain the identity that has been passed in by the management console during the SSH/RXA login.

Abstract: A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed.

Abstract: A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed.

Abstract: Authentication with credentials in a Java messaging service (“JMS”), including providing pre-authenticated credentials for a Java security domain for a user application and creating a JMS connection for the user application, including accepting the pre-authenticated credentials in a JMS connection function and authenticating the user application for the JMS in dependence upon the pre-authenticated credentials. Typical embodiments of the present invention also include caching the pre-authenticated credentials in the user application. Many embodiments also include caching the pre-authenticated credentials in a middleware security application.

Abstract: One disclosed aspect of the present invention includes authentication and user account automation within a compute cluster for each cluster node that requires password or other credential administration. For example, a storage appliance computing system may rely on a plurality of subsystems (such as databases, storage management software, and application servers) that each have internal user accounts with associated passwords and credential keys that need to be changed at frequent intervals. Rather than requiring an administrator to manually manage all of these accounts, the presently described invention includes techniques and an authentication manager component to automatically manage, update, and refresh authentication information as required. Further, the authentication manager component may be used to perform and propagate automatic credential changes such as new sets of SSH keys or updated passwords as required within a computing system, and respond to new nodes or out-of-sync credentialing scenarios.

Abstract: One disclosed aspect of the present invention includes authentication and user account automation within a compute cluster for each cluster node that requires password or other credential administration. For example, a storage appliance computing system may rely on a plurality of subsystems (such as databases, storage management software, and application servers) that each have internal user accounts with associated passwords and credential keys that need to be changed at frequent intervals. Rather than requiring an administrator to manually manage all of these accounts, the presently described invention includes techniques and an authentication manager component to automatically manage, update, and refresh authentication information as required. Further, the authentication manager component may be used to perform and propagate automatic credential changes such as new sets of SSH keys or updated passwords as required within a computing system, and respond to new nodes or out-of-sync credentialing scenarios.

Abstract: A method of policy management in a Data Loss Prevention (DLP) system uses a policy model that associates a user with one or more DLP endpoints. When an endpoint is added to the system, a set of policies for that endpoint are determined using an identity of the user that is associated with the endpoint and a list of roles or groups for that user. At policy distribution time, the method determines a set of endpoints to which the policy is to be distributed.

Abstract: An identity of a user performing an operation with respect to an application is propagated, from a point at which the user authenticates, to one or more other applications in a multi-product environment. The application may be a management console associated with an information cluster. In an embodiment, an administrator logs on to a management console (using an identity) and invokes a management operation. The management console then performs a programmatic remote access login (e.g., using SSH/RXA) to one or more nodes using a system account, invokes an application, and passes in the identity. As the application performs one or more management operations, audit events are logged, and these events each contain the identity that has been passed in by the management console during the SSH/RXA login.

Abstract: A computer implemented method, apparatus, and computer usable program code for processing event data. In response to receiving an event, a size of the event data for the event is compared to a threshold size to form a comparison. The information about an event and event data is stored in a first entry in a main table in a database if the comparison indicates that the size of the event data is one that can be stored in the main table. The information about the event is placed in the first entry in the main table if the size is greater than the threshold size. The event data is stored in a second entry in an overflow table if the size is greater than the threshold size, wherein the entry includes a pointer to the first entry. The main table and overflow table form a live set and hold the current live data.

Abstract: A computer implemented method, apparatus, and computer usable program code for creating normalized data from markup language data. User defined parameters are received for retrieving event data, wherein the parameters define a type of event and a subset of attributes for the type of event. In response to receiving the parameters, a process is configured using the type of event and the subset of attributes for the type of event to form a configured process. A set of records is processed using the configured process, wherein the configured process places data corresponding to each attribute in the subset of attributes for the type of event from the set of records into a table to form the normalized data.

Abstract: A computer implemented method, apparatus, and computer usable program code for creating normalized data from markup language data. User defined parameters are received for retrieving event data, wherein the parameters define a type of event and a subset of attributes for the type of event. In response to receiving the parameters, a process is configured using the type of event and the subset of attributes for the type of event to form a configured process. A set of records is processed using the configured process, wherein the configured process places data corresponding to each attribute in the subset of attributes for the type of event from the set of records into a table to form the normalized data.

Abstract: A computer implemented method, apparatus, and computer usable program code for processing event data. In response to receiving an event, a size of the event data for the event is compared to a threshold size to form a comparison. The information about an event and event data is stored in a first entry in a main table in a database if the comparison indicates that the size of the event data is one that can be stored in the main table. The information about the event is placed in the first entry in the main table if the size is greater than the threshold size. The event data is stored in a second entry in an overflow table if the size is greater than the threshold size, wherein the entry includes a pointer to the first entry. The main table and overflow table form a live set and hold the current live data.

Abstract: Authentication with credentials in a Java messaging service (“JMS”), including providing pre-authenticated credentials for a Java security domain for a user application and creating a JMS connection for the user application, including accepting the pre-authenticated credentials in a JMS connection function and authenticating the user application for the JMS in dependence upon the pre-authenticated credentials. Typical embodiments of the present invention also include caching the pre-authenticated credentials in the user application. Many embodiments also include caching the pre-authenticated credentials in a middleware security application.

Abstract: A system, method and program product enabling applications to be dynamically bound to resources as required by an application. Resource access exceptions are intercepted and, where access is authorized, cause the application to be bound to one of a plurality of processors linked in an asymmetric multiple processor configuration which has access to the resource required. If access is not permitted, an error is generated. Applications may invoke operating system application programming interfaces to register requirements for access to particular resources and to receive operating system feedback on resource assignment conflicts and potential processor thrashing situations. The operating system maintains a list of mapping processors to resources and manages the authorization of resource access by applications. Application processes are dynamically bound to a particular processor as necessary to meet resource requirements.

Abstract: Configuration changes are dynamically applied to a cluster multiprocessing system by enqueuing a configuration change event. When the configuration change event is processed, the prior configuration is backed up and each software component applies a relevant portion of a configuration change transaction in an ordered, synchronized manner. Each software component applies its portion of the transaction either by reinitialization or a logged transition operation. If the configuration change transaction fails, the software components roll back the portions, of the configuration change already applied in an ordered, synchronized manner to restore the prior configuration. Multiple events for different configuration changes may be enqueued.

Abstract: A user definable set of event rollup relationships are maintained as a configuration element. Transitive closure of event rollup relationships is checked at the time of specification to detect cycles and prevent runtime errors. When an event to be processed is detected, the event is compared to defined rollup relationships and queued events to determined if the detected event may be rolled up into at least one queued event or vice versa. If the detected event may be rolled up into a queued event, the detected event is not queued. When any of the queued event may be rolled up into the detected event, the queued events are deleted if processing has not already begun.