Abstract: A system and method for delegating a user authentication process for a networked application to an authentication proxy. A networked application may request a user to provide authentication information in order to access the application. Upon receiving this authentication information from the user, the client side of the networked application sends the information to the server side of the networked application. The server side of the application may then determine an appropriate authentication agent associated with the user to delegate the authentication process to. For example, for each application user, the server side of the application may maintain information associated with the user, such as the user's employer. The application may then match this employer information to an authentication agent running in the employer's network domain, and the authentication process may then be delegated to this authentication agent.

Abstract: The present invention provides a system and method for discovering configuration data in a computer system. The system retrieves at least one component indicator from a component blueprint, database or other location. A target computer is probed according to the retrieved component indicator. The results of the probing are used to generate at least one verification rule, which are used to verify the existence of the software component associated with the retrieved component indicator.

Abstract: Comparison of configuration information between software applications, hosts computers or components of software applications using application blueprints. Comparison includes selecting the elements for comparison, determining the type of elements for comparison, selecting the appropriate algorithm for comparison depending upon whether the element type is a software application, a host computer or a components of software application. Comparing the selected elements according to the algorithm includes comparing the configuration information according to the meta-data in the blueprints associated with the elements being compared.

Abstract: Discovery of software components including selecting agent-less indicators for a software component, probing one or more target computers according to the selected agent-less indicators, and receiving the results of the probe. The results of the probe are compared to a component blueprint to determine if there is one or more software components that match the results of the probe. In the event of a match, agent-less verification rules are selected and applied. The results of the application of the agent-less verification rules are compared to the expected results of the agent verification rules from the component blueprint to verify the existence of the software component.

Abstract: The present invention provides rule sets and a system and method for creating and enforcing rule sets in a computer management system. Rules specifying a constraint on an attribute of a computer system may be created to enforce a policy. Multiple rules may be arranged into rule sets, specifying multiple constraints for a target computer system. Rules or rule sets are enforced against a target computer system to determine whether the rule or rules are satisfied. In the event an attribute of the computer system does not satisfy a constraint, the system declares the rule failed and may take action according to a severity attribute specified in the failed rule.

Abstract: The present invention provides a data model for organizing configuration information for computer systems. The data model utilizes blueprints to structure the data for configuration discovery and management of the computer system. The data model supports a comprehensive organization of the software components associated with providing a service, and provides detailed configuration information for the components of the service across a distributed topology. In one embodiment, the blueprints are collections of rules specifying the actions a configuration management system may take in discovering, comparing and acting upon configuration data.

Abstract: A system is for managing an application enterprise, wherein the application enterprise includes a plurality of distributed instances of a plurality of applications. The system includes a plurality of application blueprints, each application blueprint modeling a separate application. An enterprise data store is to hold enterprise data, representative of one or more states of the instances, according to the application blueprints. An application enterprise bus provides a standard interface to the enterprise data. A plurality of enterprise data access tools that each access the enterprise data via the application enterprise bus and provide a view of the current state of the application enterprise based thereon.

Abstract: A system and method for performing single sign-on authentication for networked applications. A system for integrating networked applications via an application shell is described. In response to a user utilizing a client program to access a master server and provide the master server with information identifying the user, the master server returns code usable by the client program for running the application shell. The application shell may be operable to intercept user attempts to launch an application from the application shell environment and may in response determine invocation parameters to send to the application, which the application can use to automatically authenticate the user.

Abstract: A system and method for delegating a user authentication process for a networked application to an authentication proxy. A networked application may request a user to provide authentication information in order to access the application. Upon receiving this authentication information from the user, the client side of the networked application sends the information to the server side of the networked application. The server side of the application may then determine an appropriate authentication agent associated with the user to delegate the authentication process to. For example, for each application user, the server side of the application may maintain information associated with the user, such as the user's employer. The application may then match this employer information to an authentication agent running in the employer's network domain, and the authentication process may then be delegated to this authentication agent.