Abstract: Aspects of the disclosure relate to dynamic model configuration and execution. A computing platform may receive first model data comprising first model execution configuration data and first model output configuration data. The computing platform may generate a first model based on the first model execution configuration data. The computing platform may distribute, to a plurality of computing platforms, the first model, the first model execution configuration data, and the first model output configuration data. The computing platform may receive a second request to execute one or more models from a third computing platform. The computing platform may receive, from the third computing platform, first model execution data. The computing platform may execute the first model based on the first model execution data and the first model execution configuration data to generate a first model output score.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining a number of allowed lists and initiating a change in a number of lists. The method includes receiving a defined list count of a plurality of lists of a coupling facility structure, monitoring list usage by the coupling facility structure, determining that additional lists are required by the coupling facility structure above the defined list count, based on the monitored list usage. The method includes, in response to determining that additional lists are required by the coupling facility structure, determining a new number of lists, where the new number of lists are based on an availability of space for the new number of lists on the coupling facility structure and the new number of lists exceeds the defined list count. The method includes rebuilding coupling facility structure based upon the determined new number of lists.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining a number of allowed lists and initiating a change in a number of lists. The method includes receiving a defined list count of a plurality of lists of a coupling facility structure, monitoring list usage by the coupling facility structure, determining that additional lists are required by the coupling facility structure above the defined list count, based on the monitored list usage. The method includes, in response to determining that additional lists are required by the coupling facility structure, determining a new number of lists, where the new number of lists are based on an availability of space for the new number of lists on the coupling facility structure and the new number of lists exceeds the defined list count. The method includes rebuilding coupling facility structure based upon the determined new number of lists.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

Abstract: The invention determines if a security association (SA) extends end-to-end between a source node originating a connection and a destination node. In such a case, there will be no ambiguities in routing due to network address translation, and the SA is allowed. In the preferred embodiment, both end nodes of a security connection test themselves and the remote node for gateway status to determine if any ambiguities might exist in network routing due to the presence of a network address translator.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.

Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify source applications that are served by a NAPT. If an arriving packet encapsulates an encrypted packet and has passed through an NAPT en route to the destination host, the encapsulated packet is decrypted to obtain an original source port number and original packet protocol from the decrypted packet. A source port mapping table (SPMT) is searched for an association between the NAPT source address, the original source port, and the original packet protocol associated with the NAPT source address and port number. If an incorrect association is found, the packet is rejected as representing an illegal duplicate source; that is, a second packet from a different host served by a NAPT that is USING the same SOURCE port and protocol.