Abstract: Techniques for dynamic server groups that can be patched together using stream clustering algorithms, and learning components in order to reuse the repeatable patterns using machine learning are provided herein. In one example, in response to a first risk associated with a first server device, a risk assessment component patches a server group to mitigate a vulnerability of the first server device and a second server device, wherein the server group is comprised of the first server device and the second server device. Additionally, a monitoring component monitors data associated with a second risk to the server group to mitigate the second risk to the server group.

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

Abstract: Users of an endpoint remediation system can be assigned to different roles, from which they can request exceptions, approve exceptions, and/or enable remediation on endpoint devices. The compliance scanning and enforcing process can be automated, while allowing entities to request and/or approve certain exceptions. Therefore, security compliance for customers can be actively managed to provide visibility to the endpoint device compliance state at any time.

Abstract: Deleting files may include identifying files stored in a storage device to delete based on one or more deletion rules. The identified files are categorized into at least a first group and a second group. Deletion of files may be triggered based on a free space threshold. Deletion of files in the first group may be triggered. If the free space threshold is not met by deleting the files in the first group, deletion of files in the second group is triggered based on one or more of prioritization and cost optimization.

Abstract: A method, product, and apparatus for treating idle servers in a cloud system provide for extrapolating a purpose of each of a plurality of servers by comparing a list of processes active on the server to a plurality of lists of processes associated with a plurality of purposes; selecting vectors of idle/active features corresponding to the extrapolated purposes of each of the plurality of servers; classifying as idle or active each of the plurality of servers, by assessing the specified feature vectors using a linear support vector machine; validating as idle or active each server classified as idle, by assessing the connectivity of the server with all servers classified as active; and implementing at least one treatment option on servers that have been validated as idle. The treatment options may include terminating, terminating with snapshot, and stopping a virtual machine.

Abstract: A method, product, and apparatus for treating idle servers in a cloud system provide for extrapolating a purpose of each of a plurality of servers by comparing a list of processes active on the server to a plurality of lists of processes associated with a plurality of purposes; selecting vectors of idle/active features corresponding to the extrapolated purposes of each of the plurality of servers; classifying as idle or active each of the plurality of servers, by assessing the specified feature vectors using a linear support vector machine; validating as idle or active each server classified as idle, by assessing the connectivity of the server with all servers classified as active; and implementing at least one treatment option on servers that have been validated as idle. The treatment options may include terminating, terminating with snapshot, and stopping a virtual machine.

Abstract: A method to perform server provisioning on a plurality of computer systems to generate a plurality of target virtual machines includes: obtaining configurations from a pool comprising at least one existing candidate virtual server or server image through a discovery process; performing a clustering analysis on the configurations to group the configurations into at least two groups; and for each group, selecting a configuration from among the configurations of the group as a candidate virtual machine image; determining a cost of actions required to be performed on the candidate virtual image to result in target virtual machines with a same configuration as the configurations of the group; and selecting the candidate virtual image with the lowest cost.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: One or more embodiments identify server management actions for resolving problems associated with one or more nodes in information technology infrastructure. In one embodiment, a node-ticket record for an information processing node associated with at least one problem ticket is generated. A set of node-ticket clusters is queried based on the node-ticket record. Each of the set of node-ticket clusters maps a set of server management actions to set of historical node-ticket records associated with the node-ticket cluster. The set of server management actions was previously performed to resolve at least one operational problem associated with at least one information processing node. At least one set of server management actions associated with at least one of the set of node-ticket clusters corresponding to the node-ticket record within a given threshold is identified based on the querying.

Abstract: Methods, systems, and computer program products for a protected graphical user interface for role-based application and data access are provided herein. A method for controlling access on an endpoint device to at least a portion of an application includes obtaining a default configuration indicating whether one or more widget functions associated with the application are enabled in a graphical user interface; modifying one or more of the widget functions in the default configuration to a disabled status in the graphical user interface based on a privilege configuration; determining if one or more user click events generated using the graphical user interface are associated with a widget function having the disabled status; and preventing the user click events having the disabled status from being provided to an operating system for further processing, wherein at least one of the steps is carried out by a computing device.

Abstract: Various embodiments collect unproductive resources in a network infrastructure. In one embodiment, data relating to resources of a network infrastructure is collected. An analytics model is selected based on a type of the collected data. The selected analytics model is executed to classify a resource unproductive or productive, and to assign a corresponding confidence level. An action plan for each confidence level is determined and the action plan is executed for the resource. The collected data may include resource utilization information, hypervisor information, cloud related meta-data, user knowledge and system knowledge. When data is only resource data, a resource mining model is selected. When the data includes reference data, a reference mining model is selected. When the data comprises reference data and resource data, a reference mining model is selected.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: One or more embodiments identify server management actions for resolving problems associated with one or more nodes in information technology infrastructure. In one embodiment, a node-ticket record for an information processing node associated with at least one problem ticket is generated. A set of node-ticket clusters is queried based on the node-ticket record. Each of the set of node-ticket clusters maps a set of server management actions to set of historical node-ticket records associated with the node-ticket cluster. The set of server management actions was previously performed to resolve at least one operational problem associated with at least one information processing node. At least one set of server management actions associated with at least one of the set of node-ticket clusters corresponding to the node-ticket record within a given threshold is identified based on the querying.

Abstract: A method to perform server provisioning on a plurality of computer systems to generate a plurality of target virtual machines includes: obtaining configurations from a pool comprising at least one existing candidate virtual server or server image through a discovery process; performing a clustering analysis on the configurations to group the configurations into at least two groups; and for each group, selecting a configuration from among the configurations of the group as a candidate virtual machine image; determining a cost of actions required to be performed on the candidate virtual image to result in target virtual machines with a same configuration as the configurations of the group; and selecting the candidate virtual image with the lowest cost

Abstract: Deleting files may include identifying files stored in a storage device to delete based on one or more deletion rules. The identified files are categorized into at least a first group and a second group. Deletion of files may be triggered based on a free space threshold. Deletion of files in the first group may be triggered. If the free space threshold is not met by deleting the files in the first group, deletion of files in the second group is triggered based on one or more of prioritization and cost optimization.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: A method is provided to eliminate many of the manual steps in a server change management process, creating a self-service experience for a change requester. The method may automatically retrieve the current state of a server; constrain the requested change to a valid, feasible specification; verify that the requested change is compliant with business policies; implement the changes automatically; and develop a knowledge base of automated change risk that is used to modify the change management business process by identifying safe changes that can be performed outside of change windows and/or during change freezes. The method can be applied to changes to physical servers, virtual servers, and servers in a cloud environment.

Abstract: On a computer system, a shell is invoked, through which a plurality of commands and/or scripts can be executed. Individual ones of the plurality of commands and/or scripts are validated. Given individual ones of the plurality of commands and/or scripts, for which the validation is successful, are executed via the shell.

Abstract: Distributed execution of commands and scripts may comprise a script execution manager having access to a library of executable objects comprising at least one or more of commands or scripts or combination of commands and scripts. A script execution console may be operable to present a graphical user interface for selecting an executable object from the library to execute and for selecting one or more managed computers, on which to execute the selected executable object. The script execution console may be further operable to present a dynamically updated collation of results from execution of the selected executable object. One or more script execution agents may be operable to run on the selected respective one or more managed computers and further operable to communicate with the script execution manager.

Abstract: Methods, systems, and computer program products for a protected graphical user interface for role-based application and data access are provided herein. A method for controlling access on an endpoint device to at least a portion of an application includes obtaining a default configuration indicating whether one or more widget functions associated with the application are enabled in a graphical user interface; modifying one or more of the widget functions in the default configuration to a disabled status in the graphical user interface based on a privilege configuration; determining if one or more user click events generated using the graphical user interface are associated with a widget function having the disabled status; and preventing the user click events having the disabled status from being provided to an operating system for further processing, wherein at least one of the steps is carried out by a computing device.