Abstract: Methods, systems, and computer program products for a protected graphical user interface for role-based application and data access are provided herein. A method for controlling access on an endpoint device to at least a portion of an application includes obtaining a default configuration indicating whether one or more widget functions associated with the application are enabled in a graphical user interface; modifying one or more of the widget functions in the default configuration to a disabled status in the graphical user interface based on a privilege configuration; determining if one or more user click events generated using the graphical user interface are associated with a widget function having the disabled status; and preventing the user click events having the disabled status from being provided to an operating system for further processing, wherein at least one of the steps is carried out by a computing device.

Abstract: In a set of problem log entries from a computing system, a subset of the set of problem log entries are identified, which pertain to a failed request. The subset is compared to a reference model which defines log entries per request type under a healthy state of the computing system, to identify a portion of the subset of problem log entries which deviate from corresponding log entries in the reference model. In the portion of the subset, at least one high-value log entry is identified. The at least one high-value log entry is output.

Abstract: In a set of problem log entries from a computing system, a subset of the set of problem log entries are identified, which pertain to a failed request. The subset is compared to a reference model which defines log entries per request type under a healthy state of the computing system, to identify a portion of the subset of problem log entries which deviate from corresponding log entries in the reference model. In the portion of the subset, at least one high-value log entry is identified. The at least one high-value log entry is output.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.

Abstract: A computer implemented method, data processing system, and computer program product control point in time access to a remote client device and auditing system logs of the remote client device by an auditing server device to determine whether monitored user activity on the remote client device associated with a work request was in compliance with one or more regulations.

Abstract: A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer.

Abstract: In a set of problem log entries from a computing system, a subset of the set of problem log entries are identified, which pertain to a failed request. The subset is compared to a reference model which defines log entries per request type under a healthy state of the computing system, to identify a portion of the subset of problem log entries which deviate from corresponding log entries in the reference model. In the portion of the subset, at least one high-value log entry is identified. The at least one high-value log entry is output.

Abstract: In a set of problem log entries from a computing system, a subset of the set of problem log entries are identified, which pertain to a failed request. The subset is compared to a reference model which defines log entries per request type under a healthy state of the computing system, to identify a portion of the subset of problem log entries which deviate from corresponding log entries in the reference model. In the portion of the subset, at least one high-value log entry is identified. The at least one high-value log entry is output.

Abstract: On a computer system, a shell is invoked, through which a plurality of commands and/or scripts can be executed. Individual ones of the plurality of commands and/or scripts are validated. Given individual ones of the plurality of commands and/or scripts, for which the validation is successful, are executed via the shell.

Abstract: Methods, systems, and computer program products for a protected graphical user interface for role-based application and data access are provided herein. A method for controlling access on an endpoint device to at least a portion of an application includes obtaining a default configuration indicating whether one or more widget functions associated with the application are enabled in a graphical user interface; modifying one or more of the widget functions in the default configuration to a disabled status in the graphical user interface based on a privilege configuration; determining if one or more user click events generated using the graphical user interface are associated with a widget function having the disabled status; and preventing the user click events having the disabled status from being provided to an operating system for further processing, wherein at least one of the steps is carried out by a computing device.

Abstract: A system and method for scheduling resources includes a memory storage device having a resource data structure stored therein which is configured to store a collection of available resources, time slots for employing the resources, dependencies between the available resources and social map information. A processing system is configured to set up a communication channel between users, between a resource owner and a user or between resource owners to schedule users in the time slots for the available resources. The processing system employs social mapping information of the users or owners to assist in filtering the users and owners and initiating negotiations for the available resources.

Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.

Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.

Abstract: It is determined whether a user is authorized to carry out a management operation on a plurality of information technology assets in parallel, based on a role of the user and at least one characteristic of the management operation. A risk level of the management operation, and at least one characteristic of the plurality of information technology assets, are both determined. Based on the risk level and the at least one characteristic of the plurality of information technology assets, an execution pattern for the management operation is specified. In at least some cases, the management operation is carried out on the plurality of information technology assets in parallel, in accordance with the execution pattern.

Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.

Abstract: In an environment wherein a front end system receives a service request, and a back end system responds to the request, a user of a target endpoint must be authenticated. A ticket ID is assigned to the service request, and responsive to an initiating action of the user, a virtual token is generated that has a specified relationship with the ticket ID. The virtual token is delivered to the user, and the user is prompted to present the token to a validating component associated with one of the front end or back end systems, wherein the validating component is configured to verify the token validity. If the token is found to be valid, the user is authenticated to access the specified target endpoint.

Abstract: A semiconductor device includes a first layer, first and second active areas disposed on the first layer; a trench disposed between the first and second active areas, an insulating oxide that fills the trench to a level below a surface of the first and second active layers, and a nitride cap disposed on top of the insulating oxide so that the first and second active areas can be cleaned without damaging the insulating oxide. A top surface of the nitride cap in regions adjacent to the first and second active areas in aligned with a top surface of the first and second active areas, a top surface of the nitride cap in a center region of the nitride cap is stepped below the top surface of the adjacent regions, and a void is formed between the top surface regions adjacent to the first and second active areas.

Abstract: Techniques for dynamically managing a sleep state of a virtual machine are provided. The techniques include detecting idleness of a virtual machine, putting the idle virtual machine into a sleep state, implementing a virtual machine surrogate, wherein the virtual machine surrogate listens to network traffic, enabling the virtual machine to handle network traffic that is capable of being handled by the virtual machine, and enabling the virtual machine to queue network traffic and wake-up the virtual machine in the sleep state for network traffic that the virtual machine surrogate is incapable of handling.

Abstract: Auditing system logs of a remote client device is provided. Login session information entered at a workstation device accessing the remote client device to perform an activity associated with a work request is received. An access token is generated based on the login session information and information associated with the work request on the remote client device. The access token is compared with an audit log report of the remote client device that includes the activity associated with the work request performed by the workstation device on the remote client device. It is determined whether information in the access token matches information in the audit log report of the remote client device. In response to determining that the information in the access token does not match the information in the audit log report of the remote client device, an action alert is sent.