Abstract: A secure guest of a computing environment requests confidential data. The confidential data is included in metadata of the secure guest, which is stored in a trusted execution environment of the computing environment. Based on the request, the confidential data is obtained from the metadata of the secure guest that is stored in the trusted execution environment.

Abstract: A secure guest of a computing environment requests confidential data. The confidential data is included in metadata of the secure guest, which is stored in a trusted execution environment of the computing environment. Based on the request, the confidential data is obtained from the metadata of the secure guest that is stored in the trusted execution environment.

Abstract: An initial program load of a system component of a computing environment is performed. A determination is made as to whether one or more signatures of one or more signed binary code components relating to the system component are verified. Based on determining that the one or more signatures are verified, additional verification is performed. The additional verification includes obtaining a select binary code component of one or more binary code components relating to the system component and determining whether the select binary code component is a particular signed binary code component. Based on determining that the select binary code component is the particular signed binary code component, a check is performed. The initial program load is continued based on a successful check.

Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.

Abstract: Operating a node cluster system with a plurality of nodes in a network, wherein the cluster system appears to be a single node with only one specific network address to its network environment. Providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database and processing of the traffic by the responsible node or otherwise by the node having the master function.

Abstract: A method for starting a secure guest includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine (VM) on the host server. The VM is dispatched on the host server by the hypervisor. The VM includes a reboot instruction. The reboot instruction is triggered by the hypervisor to restart the VM in a secure mode.

Abstract: An initial program load of a system component of a computing environment is performed. A determination is made as to whether one or more signatures of one or more signed binary code components relating to the system component are verified. Based on determining that the one or more signatures are verified, additional verification is performed. The additional verification includes obtaining a select binary code component of one or more binary code components relating to the system component and determining whether the select binary code component is a particular signed binary code component. Based on determining that the select binary code component is the particular signed binary code component, a check is performed. The initial program load is continued based on a successful check.

Abstract: A method for starting a secure guest includes receiving, by a hypervisor that is executing on a host server, a request to dispatch a virtual machine (VM) on the host server. The VM is dispatched on the host server by the hypervisor. The VM includes a reboot instruction. The reboot instruction is triggered by the hypervisor to restart the VM in a secure mode.

Abstract: Secure processing within a computing environment is provided by incrementally decrypting a secure operating system image, including receiving, for a page of the secure operating system image, a page address and a tweak value used during encryption of the page. Processing determines that the tweak value has not previously been used during decryption of another page of the secure operating system image, and decrypts memory page content at the page address using an image encryption key and the tweak value to facilitate obtaining a decrypted secure operating system image. Further, integrity of the secure operating system image is verified, and based on verifying integrity of the secure operating system image, execution of the decrypted secure operating system image is started.

Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.

Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.

Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.

Abstract: Operating a node cluster system with a plurality of nodes in a network, wherein the cluster system appears to be a single node with only one specific network address to its network environment. Providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database and processing of the traffic by the responsible node or otherwise by the node having the master function.

Abstract: Operating a node cluster system with a plurality of nodes in a network, wherein the cluster system appears to be a single node with only one specific network address to its network environment. Providing a shared socket database for linking network connection port identifications of a common set of network connection port identifications to the individual nodes, assigning a master function to one of the nodes, sending incoming traffic to all nodes of the cluster system wherein each node verifies its responsibility for this traffic individually, exclusive assignment of a network connection port to the responsible node for the duration of a connection of the corresponding application process by means of the corresponding network connection port identification and the link established by the shared socket database and processing of the traffic by the responsible node or otherwise by the node having the master function.

Abstract: An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform.

Abstract: A method and system for generically describing and manipulating arbitrary data structures. The method comprises the steps of reading resource-specific information from a resource-specifying source (e.g., an XWL file); specifying the structure comprising the resources; generating hierarchical control information (for example, a tree reflecting the structure); and enabling an access to a desired resource by calling a resource access performer with a respective reference to the resource.