Abstract: Methods and apparatus enforce a secure internet connection from a mobiles endpoint computing device. A security policy for the endpoint is defined based on its location. From that location, an internet connection is established and detected. This event triggers the launching of a full VPN tunnel connection including an NDIS firewall forcing packet traffic through a port of the endpoint computing device assigned by the security policy and/or MAC/IP addresses of a VPN concentrator. Thereafter, the packet traffic is monitored for compliance with the security policy. This includes determining whether packet traffic over the assigned port is observed within a given time or packet traffic is attempted over other ports. Monitoring occurs whether or not the protocol of the VPN tunnel connection is known. Other features contemplate quarantining for improper operation of the VPN tunnel, undertaking remediation, and computer program products, to name a few.

Abstract: Methods and apparatus enforce a secure internet connection from a mobiles endpoint computing device. A security policy for the endpoint is defined based on its location. From that location, an internet connection is established and detected. This event triggers the launching of a full VPN tunnel connection including an NDIS firewall forcing packet traffic through a port of the endpoint computing device assigned by the security policy and/or MAC/IP addresses of a VPN concentrator. Thereafter, the packet traffic is monitored for compliance with the security policy. This includes determining whether packet traffic over the assigned port is observed within a given time or packet traffic is attempted over other ports. Monitoring occurs whether or not the protocol of the VPN tunnel connection is known. Other features contemplate quarantining for improper operation of the VPN tunnel, undertaking remediation, and computer program products, to name a few.

Abstract: A system and method is presented for database restoration in a distributed data system. The distributed data system has a first database on a first server which needs restoration. The first database is first restored with a predetermined full backup file, the full backup file being made at a first predetermined time. The first database is then restored with one or more incremental backup files, the incremental backup files being made since the first predetermined time and having the most recent backup file made at a second predetermined time. A transaction log documenting data transactions since the second predetermined time is then examined. One or more transactions listed in the transaction log after the second predetermined time are then executed since they are not included in the incremental backup files.

Abstract: A system and method is presented for incremental replication of changes in a state based distributed database synchronization system. If a destination server has one previously established yet unsatisfied synchronization point, a starting synchronization point is formed by extracting the unsatisfied synchronization point from the destination server, identifying a type identifier within the extracted unsatisfied synchronization point identifying a predetermined set of synchronization algorithms and an execution order thereof, identifying a current key within the extracted unsatisfied synchronization point which indicates one of the predetermined set of synchronization algorithms to be started for execution, and adjusting a target state of the destination server to one older than or equal to an established target state specified by the extracted unsatisfied synchronization point.

Abstract: A method and system for moving a subtree of objects from a source location to a destination location. The method includes receiving an input identifying a subtree at a source location. The subtree includes a parent object and exists in a hierarchical tree of objects. The directory includes object containment rules which prohibit certain parent/child relationships among the objects. An input signal identifying a destination location in a destination tree is received. A destination location includes a destination object to which the subtree will be subordinate. The parent object of the subtree is modified to an object type sufficient to comply with object containment rules, and the subtree is moved from the source location to the destination location. The present invention can handle both intra-tree and inter-tree moves of subtrees.