Abstract: Software updates within one or more regions of a multi-tenant cloud are coordinated. Tenant vs. tenant conflicts, tenant vs. infrastructure provider conflicts, and conflicts between security and another priority are identified and resolved using a shared update coordinator, update priority specifications, and availability specifications. An infrastructure update request may be presented to tenants for approval. Postponed infrastructure updates may be prioritized higher. Preventing exploits of zero-day vulnerabilities may be prioritized over meeting availability targets. Updates may be merged to reduce downtime, even when the updates originate from independently controlled entities. Maximum downtime, minimum fault domains, minimum virtual machines, permitted update start times, and other availability criteria may be specified. Updates may be preempted, or allowed to complete, based on their relative priorities.

Abstract: Software updates within one or more regions of a multi-tenant cloud are coordinated. Tenant vs. tenant conflicts, tenant vs. infrastructure provider conflicts, and conflicts between security and another priority are identified and resolved using a shared update coordinator, update priority specifications, and availability specifications. An infrastructure update request may be presented to tenants for approval. Postponed infrastructure updates may be prioritized higher. Preventing exploits of zero-day vulnerabilities may be prioritized over meeting availability targets. Updates may be merged to reduce downtime, even when the updates originate from independently controlled entities. Maximum downtime, minimum fault domains, minimum virtual machines, permitted update start times, and other availability criteria may be specified. Updates may be preempted, or allowed to complete, based on their relative priorities.

Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.

Abstract: A honeypot in a computer network is configured for use with a wide variety of computing resources that are defined by a network administrator or user which may include desktop and network resources such as address book contacts, instant messaging contacts, active directory user accounts, IP addresses, and files that contain particular content or that are stored in particular locations. The resources may be real for which protection against leakage is desired, or fake to operate as bait to lure and detect malicious attacks. The honeypot is implemented in an extensible manner so that virtually any resource may be honeypotted to apply honeypot benefits to resources beyond static IP addresses in order to improve both the breadth of information leakage prevention and the detection of malicious attacks.

Abstract: A computer implemented method, data processing system, and computer program product for automatically aggregating entities via a profile-driven management. A profile is created, wherein the profile includes a set of search criteria comprising one or more server attributes. A list of attributes of each server in the data processing system is obtained. Servers in the plurality of servers whose attributes meet the set of search criteria specified in the profile are then grouped to form a profile group. Once the servers are grouped into a profile, an administrative action may be performed on all of the servers in the profile group simultaneously.

Abstract: A computer implemented method, data processing system, and computer program product for nominating rules or policies for promotion through a policy hierarchy. An administrator at any level in a policy hierarchy may create a rule or policy. The administrator may then nominate the rule or policy for inclusion in a next higher level in the policy hierarchy. The rule or policy is evaluated at the next higher level. Responsive to an approval of the next higher level to include the rule or policy in the jurisdiction of the next higher level, the rule of policy is provided to all users under the jurisdiction. The nominating, evaluating, and providing steps may then be repeated for each higher level in the policy hierarchy.

Abstract: Two methods (native and clone) are used for installing software, such as an operating system, on client system(s) booting from shared storage. The native installation method configures an interconnection network to create an exclusive communication zone between the client system and the shared storage system and installs the operating system on the client system using the exclusive communication zone. After the software is installed, the method terminates the exclusive communication zone. The clone installation method utilizes a point-in-time copy feature of the shared storage system to clone an operating system drive instantaneously. After the drive is cloned, it is logically attached to a new client and the operating system is customized for that client.

Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.

Abstract: A honeypot in a computer network is configured for use with a wide variety of computing resources that are defined by a network administrator or user which may include desktop and network resources such as address book contacts, instant messaging contacts, active directory user accounts, IP addresses, and files that contain particular content or that are stored in particular locations. The resources may be real for which protection against leakage is desired, or fake to operate as bait to lure and detect malicious attacks. The honeypot is implemented in an extensible manner so that virtually any resource may be honeypotted to apply honeypot benefits to resources beyond static IP addresses in order to improve both the breadth of information leakage prevention and the detection of malicious attacks.

Abstract: Managing default values. A determination is automatically made that the first program is operating in the batch mode in which user interaction is not intended to affirm or change default values. In response, first current default values for input to the first program are determined, and a determination is made whether a user previously entered or affirmed the first current default values in an interactive mode. If so, the first program is allowed to proceed with operation using the first current default values. If not, the first program is not allowed to proceed with operation using the first current default values. A determination is automatically made that the second program is operating in the interactive mode in which user interaction is intended to affirm or change default values.

Abstract: A computer implemented method, data processing system, and computer program product for nominating rules or policies for promotion through a policy hierarchy. An administrator at any level in a policy hierarchy may create a rule or policy. The administrator may then nominate the rule or policy for inclusion in a next higher level in the policy hierarchy. The rule or policy is evaluated at the next higher level. Responsive to an approval of the next higher level to include the rule or policy in the jurisdiction of the next higher level, the rule of policy is provided to all users under the jurisdiction. The nominating, evaluating, and providing steps may then be repeated for each higher level in the policy hierarchy.

Abstract: A computer implemented method, data processing system, and computer program product for automatically aggregating entities via a profile-driven management. A profile is created, wherein the profile includes a set of search criteria comprising one or more server attributes. A list of attributes of each server in the data processing system is obtained. Servers in the plurality of servers whose attributes meet the set of search criteria specified in the profile are then grouped to form a profile group. Once the servers are grouped into a profile, an administrative action may be performed on all of the servers in the profile group simultaneously.

Abstract: A system for policy-based management in a computer environment, the system including at least one rule configured to be applied to an element of a computer environment, at least one policy including at least one of the rules, at least one profile including at least one element of the computer environment, at least one association defining a relationship between one of the policies and one of the profiles, and a computer configured to instaniate any of the associations, thereby invoking any of the rules included in the related policy for application to any of the elements in the related profile.

Abstract: Two methods (native and clone) are used for installing software, such as an operating system, on client system(s) booting from shared storage. The native installation method configures an interconnection network to create an exclusive communication zone between the client system and the shared storage system and installs the operating system on the client system using the exclusive communication zone. After the software is installed, the method terminates the exclusive communication zone. The clone installation method utilizes a point-in-time copy feature of the shared storage system to clone an operating system drive instantaneously. After the drive is cloned, it is logically attached to a new client and the operating system is customized for that client.

Abstract: A management computer controlling operations of computer systems in a number of positions within a chassis is programmed to receive a signal indicating that one of the computer systems has been installed and to determine whether it has been installed in a previously unoccupied position, installed in a previously occupied position, or moved from one position to another. If it has been installed in a previously unoccupied position, an operating system is installed for remote booting; if it has been installed in a previously occupied position, it is allowed to continue booting the operating system used by the computer it replaced; if it has been moved from one position to another, it is allowed to continue booting as before.