Abstract: The present invention relates to a non-intrusive method and apparatus for automatically dispatching security rules in a cloud environment. The method comprises: forming a composition application model of an application in the cloud environment, said composition application model including at least types of various servers for deploying said application; generating a topology model of said various servers in the cloud environment; automatically generating security rules to be adopted by the server-side firewalls of respective servers based on the application context of said application, said composition application model and said topology model; and dispatching said security rules to each server-side firewall based on said composition application model and topology model.

Abstract: Methods, systems, computer program products, and methods of doing business by using dynamic capacity-on-demand techniques for re-routing traffic in a distributed computing network. When demand on an enterprise's resources exceeds some predetermined level, dynamic modifications cause static content (such as images) to be served from resources which are external to the enterprise, such as a caching system which is located close to the enterprise's end users. When demand falls below the predetermined level, the modifications are effectively reversed, such that the external resources are no longer used. The predetermined level may apply to a single monitored device, or to a group of monitored devices. The dynamic capacity-on-demand techniques may also be used for dynamic types of content, such as for dynamically re-routing access to an application program executing on an external resource, and may be used for internal capacity-on-demand as well.

Abstract: A method, system and computer program product for selecting an appropriate platform to run an application deployed in a cloud computing environment. The appropriate platform is selected by employing a two phase process, where the first phase occurs prior to the deployment of the application and the second phase occurs after the application has been deployed. In the first phase, the cloud computing node selects a platform using various factors, such as application binaries, application metadata and artifacts, and qualities of service and application requirements. In the second phase, the cloud computing node determines whether an alternative platform needs to be implemented for subsequent deployments of the application using various factors, such as application runtime metrics and garbage collection metrics. In this manner, an appropriate platform is automatically selected thereby removing the requirement for the user to indicate the type of platform for the target environment.

Abstract: A method, system and computer program product for selecting an appropriate platform to run an application deployed in a cloud computing environment. The appropriate platform is selected by employing a two phase process, where the first phase occurs prior to the deployment of the application and the second phase occurs after the application has been deployed. In the first phase, the cloud computing node selects a platform using various factors, such as application binaries, application metadata and artifacts, and qualities of service and application requirements. In the second phase, the cloud computing node determines whether an alternative platform needs to be implemented for subsequent deployments of the application using various factors, such as application runtime metrics and garbage collection metrics. In this manner, an appropriate platform is automatically selected thereby removing the requirement for the user to indicate the type of platform for the target environment.

Abstract: A method, system and computer program product for dynamically quantifying a demand for the software components deployed in a cloud environment. An administrative server generates a table mapping the software levels of the software components of the deployed software stacks with the number of instances of the deployed software stacks tracked over a period of time. The depth weight based on subtracting a depth index (zero-based) from a depth size is calculated for each software component, where a depth index refers to the software level of the software component in question and a depth size refers to the number of software levels for the software stack bearing the software component in question. A metric used in quantifying the demand for the software component (“popularity index”) is then determined for each software component based on the number of deployed instances and the depth weight for that software component.

Abstract: The present invention relates to a non-intrusive method and apparatus for automatically dispatching security rules in a cloud environment. The method comprises: forming a composition application model of an application in the cloud environment, said composition application model including at least types of various servers for deploying said application; generating a topology model of said various servers in the cloud environment; automatically generating security rules to be adopted by the server-side firewalls of respective servers based on the application context of said application, said composition application model and said topology model; and dispatching said security rules to each server-side firewall based on said composition application model and topology model.

Abstract: A method, system and computer program product for dynamically quantifying a demand for the software components deployed in a cloud environment. An administrative server generates a table mapping the software levels of the software components of the deployed software stacks with the number of instances of the deployed software stacks tracked over a period of time. The depth weight based on subtracting a depth index (zero-based) from a depth size is calculated for each software component, where a depth index refers to the software level of the software component in question and a depth size refers to the number of software levels for the software stack bearing the software component in question. A metric used in quantifying the demand for the software component (“popularity index”) is then determined for each software component based on the number of deployed instances and the depth weight for that software component.

Abstract: A method, system and computer program product for selecting an appropriate platform to run an application deployed in a cloud computing environment. The appropriate platform is selected by employing a two phase process, where the first phase occurs prior to the deployment of the application and the second phase occurs after the application has been deployed. In the first phase, the cloud computing node selects a platform using various factors, such as application binaries, application metadata and artifacts, and qualities of service and application requirements. In the second phase, the cloud computing node determines whether an alternative platform needs to be implemented for subsequent deployments of the application using various factors, such as application runtime metrics and garbage collection metrics. In this manner, an appropriate platform is automatically selected thereby removing the requirement for the user to indicate the type of platform for the target environment.

Abstract: Some embodiments of the inventive subject matter are directed to a debugging system (“system”) configured to access a work flow document. The workflow document may include references to flow activities connected by flow connectors, forming a workflow path. Some of the flow connectors may have breakpoints. The debugging system can insert command instructions for a hypertext transfer protocol (HTTP) request into the workflow document at locations associated with the flow connectors and initiate a test run of the workflow path. In some embodiments, during the test run, when one of the flow connectors is reached, the system executes the command instructions for the HTTP request, sending the HTTP request to a debugger application (“debugger”). If a breakpoint is associated with the flow connector, the debugger can delay response to the HTTP request, otherwise the debugger can respond immediately. A user can debug the workflow document during the delay.

Abstract: A computer implemented method, system, and computer program product for authenticating a remote host to a firewall. The illustrative embodiments allow a requesting host separated from a target host by a firewall to determine, based on exception handling code, that an original request sent to the target host has been intercepted and blocked by the firewall. The illustrative embodiments also allow the requesting host to automatically provide credentials that authenticate the requesting host to the firewall. The illustrative embodiments are particularly applicable in situations when requests are invoked without any user interaction, such as when a timer expires. In such a case, there is no user to provide the needed credentials to authenticate the requesting host. The illustrative embodiments enable a requesting host to access a target host without requiring user intervention.

Abstract: Some embodiments of the inventive subject matter are directed to a debugging system (“system”) configured to access a work flow document. The workflow document may include references to flow activities connected by flow connectors, forming a workflow path. Some of the flow connectors may have breakpoints. The debugging system can insert command instructions for a hypertext transfer protocol (HTTP) request into the workflow document at locations associated with the flow connectors and initiate a test run of the workflow path. In some embodiments, during the test run, when one of the flow connectors is reached, the system executes the command instructions for the HTTP request, sending the HTTP request to a debugger application (“debugger”). If a breakpoint is associated with the flow connector, the debugger can delay response to the HTTP request, otherwise the debugger can respond immediately. A user can debug the workflow document during the delay.

Abstract: A security mechanism for an application level protocol used to publish and edit web resources is extended to enable enforcement of a security policy on feed entries. The security mechanism ensures that only a certain class of privileged users can perform create, read, update and/or delete (CRUD) actions on feed entries, and it provides a uniform methodology for determining security access controls for resources. The techniques described herein enable selectively display of feed entries while at the same time maintaining a single document source for the privileged users.

Abstract: A computer implemented method, system, and computer program product for authenticating a remote host to a firewall. The illustrative embodiments allow a requesting host separated from a target host by a firewall to determine, based on exception handling code, that an original request sent to the target host has been intercepted and blocked by the firewall. The illustrative embodiments also allow the requesting host to automatically provide credentials that authenticate the requesting host to the firewall. The illustrative embodiments are particularly applicable in situations when requests are invoked without any user interaction, such as when a timer expires. In such a case, there is no user to provide the needed credentials to authenticate the requesting host. The illustrative embodiments enable a requesting host to access a target host without requiring user intervention.

Abstract: A method, system, and computer program product, by which portions of the session information that page-content is dependent upon are “pushed” to the client from the origin server in a way such that auxiliary servers, e.g. other application servers and edge-servers, have access to the session information and fragment dependancy data to generate auxiliary-server cache-IDs for the custom pages. This enables distribution of the load away from the origin server, allowing better application distribution and scalability through more effective caching.

Abstract: The present invention provides a method, system, computer program product, and method of doing business with automated electronic business (“e-business”) services by using a structured markup language processing engine and structured markup language documents. The structured markup language, which in the preferred embodiment is the Extensible Markup Language (“XML”), is used to describe the data and processing invocations to perform in carrying out e-business services (which may include invocation of a number of sub-services), and to automatically synchronize the interactions that are necessary in carrying out the service. The interactions may involve multiple business partners.

Abstract: A method, system, and computer program product, by which portions of the session information that page-content is dependent upon are “pushed” to the client from the origin server in a way such that auxiliary servers, e.g. other application servers and edge-servers, have access to the session information and fragment dependancy data to generate auxiliary-server cache-IDs for the custom pages. This enables distribution of the load away from the origin server, allowing better application distribution and scalability through more effective caching.

Abstract: A method, system, and computer program product, by which portions of the session information that page-content is dependent upon are “pushed” to the client from the origin server in a way such that auxiliary servers, e.g. other application servers and edge-servers, have access to the session information and fragment dependancy data to generate auxiliary-server cache-IDs for the custom pages. This enables distribution of the load away from the origin server, allowing better application distribution and scalability through more effective caching.

Abstract: The present invention generally relates to a method, system and program product for distributing portal content processing. Specifically, a request for portal content is received on a surrogate system and then passed to a portal system. The portal system will obtain and aggregate a first type of the requested content, and then package the aggregated content into a response. The response will also include place holders that correspond to the remaining type of the requested content. The response will then be transmitted to the surrogate system, which will, based upon the place holders, obtain the remaining type of portal content. Once obtained, the remaining type of portal content will replace the place holders in the response, and the response will be rendered for the requesting portal user.

Abstract: A method and apparatus for navigating screens in a legacy host system. In a preferred embodiment, requests for specific legacy host screens are received by a server. The server then navigates to the appropriate screen within the legacy host system and retrieves the host screen. Any intermediate screens navigated by the server in reaching the host screen are not displayed to the user. If variable data need be entered to access the host screen, the server sends the user a submittable form on which to enter the appropriate information, which, once entered and sent to the server, is used by the server to retrieve the host screen. Once the host screen has been retrieved, the server formats it into a web page format using a hypertext language and sends the screen to the user. Other screens within the legacy host system are accessed by user selection of selectable links displayed to the user.

Abstract: Methods, systems, computer program products, and methods of doing business by caching dynamic content fragments in a distributed cache and assembling requested content using these fragments. The disclosed techniques are non-invasive, and enable the benefits of distributed fragment caching to be extended to more applications, without regard to the programming model used when designing the application. An application developer specifies dependencies among content creating components (or, in alternative embodiments, it may be possible to infer this information), and if one of these components may be called upon to generate a content fragment dynamically, correlator data is programmatically created and attached to a message that references the component. A subsequent content generation request to the component then automatically carries the correlator data, and that data is programmatically restored.