Abstract: Embodiments of the present disclosure relate to automatically and dynamically elevating permissions on a mainframe system. Initially, a user may request an elevation class which corresponds to elevated class resources of the mainframe system. The elevation class may enable the user to perform actions to datasets, files, applications, or systems of the mainframe system the user may not otherwise be able to perform. If the user has permission to the elevation class, a user identification corresponding to the user and the elevation class is registered in an elevated permission structure. An access control environment element (ACEE) is dynamically created with the elevated permission structure and the elevated class resources of the elevation class are associated with the ACEE. The user can then be validated with access to the elevated class resources. At the expiration of a limited duration of time, the elevated class resources are automatically disassociated with the ACEE.

Abstract: Embodiments of the present disclosure relate to automatically and dynamically elevating permissions on a mainframe system. Initially, a user may request an elevation class which corresponds to elevated class resources of the mainframe system. The elevation class may enable the user to perform actions to datasets, files, applications, or systems of the mainframe system the user may not otherwise be able to perform. If the user has permission to the elevation class, a user identification corresponding to the user and the elevation class is registered in an elevated permission structure. An access control environment element (ACEE) is dynamically created with the elevated permission structure and the elevated class resources of the elevation class are associated with the ACEE. The user can then be validated with access to the elevated class resources. At the expiration of a limited duration of time, the elevated class resources are automatically disassociated with the ACEE.

Abstract: A method, apparatus and computer program product for improved load balancing provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.

Abstract: Inventive embodiments are directed to a system and methods that manage file access in an MVS file management system, which allows for the same name to be allocated to different files. When multiple files share the same name, the name of each file is modified in order to render those files unrecognizable to an operating system. Thereafter, one file may be purposefully provided with the “shared” name. When a computer process requests access to a file and specifies the shared name, the operating system locates the first instance of the shared name in the MVS file management system. As the other files are unrecognizable, the operating system locates the only instance of the shared name and the corresponding file that was purposefully provided with the shared name. The operating system provides the computer process with access to that particular file. The name shared by the unrecognizable files may be subsequently restored.

Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: A method, apparatus and computer program product for improved load balancing provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.

Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.

Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.

Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: An application deployed in a public cloud is enabled to access an on-premises resource securely and without requiring additional ports on a firewall. A pair of security gateways is instantiated, one at the cloud, and another located on-premises. Each gateway can access information that is necessary to locate and establish a secure connection to the on-premises resource. In response to a determination that the application needs to access the on-premises resource, the data set is used to locate the resource. A communication request is then issued from the cloud gateway to the on-premises gateway over a socket-based communication channel established between the gateways. The communication request is sent over an HTTP-based protocol such that the application is able to access the on-premises resource without requiring an additional IP address/port to be defined at the firewall. Proxied connectivity is then enabled from the application to the on-premises resource.

Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.

Abstract: A method that provides for the grouping under a same workload of both application instances in an application tier, and data sharing members in a data tier. This grouping enables a workload manager to make recommendations (to load balancer appliances) about how to distribute workload connections, e.g., based on metrics gathered from both the application and data tiers. In this approach, both applications and data sources are grouped into a workload grouping, and health, status and capacity information about both of these tiers (application and data) is then used to determine an overall distribution policy for the workload. These different tiers can reside on the same or different operating system environments.

Abstract: Preventing duplicate sources in a network that uses network address port translation on an established connection. In response to receiving an inbound packet at a destination host, input values are obtained therefrom and used to consult a mapping. If no match is found, a translation is performed, whereby a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.

Abstract: Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.

Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.