摘要:
A novel RDMA connection failover technique that minimizes disruption to upper subsystem modules (executed on a computer node), which create requests for data transfer. A new failover virtual layer performs failover of an RDMA connection in error so that the upper subsystem that created a request does not have knowledge of an error (which is recoverable in software and hardware), or of a failure on the RDMA connection due to the error. Since the upper subsystem does not have knowledge of a failure on the RDMA connection or of a performed failover of the RDMA connection, the upper subsystem continues providing requests to the failover virtual layer without interruption, thereby minimizing downtime of the data transfer activity.
摘要:
An automated, bottom-up role discovery method for a role based control system includes automatically extracting identities and attributes from data sources and automatically clustering the identities based on the attributes to form recommended roles. The recommended roles may be modified by intervention of an administrator. Additionally, the recommended roles may be aggregated by defining the role definition as an attribute of each constituent identity, and re-clustering the identities to generate refined roles. The recommended, modified, and/or refined roles may then be utilized in a role based control system, such as a role based access control system. Periodically performing the role discovery process provides a means to audit a role based access control system.
摘要:
Roll back strategies for database deadlock resolution are customized by identifying a first transaction to a database, identifying a second transaction to the database and detecting a deadlock between the first and second transactions with respect to the database. The deadlock is resolved based upon a predetermined roll back strategy associated with at least one of the first or second transactions to identify a select one of the first and second transactions for roll back and a request is conveyed to roll back the selected one of the first and second transactions, wherein the preferred transaction is allowed to continue processing.
摘要:
Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.
摘要:
A role hierarchy is automatically generated by hierarchically ranking roles in a role based control system, each role including a plurality of identities having attributes. Iteratively at each hierarchical level: each non-cohesive role (wherein, in this case, at least one attribute is not possessed by every identity in the role) is replaced, at the same hierarchical level, by a cohesive role formed by grouping identities having at least one common attribute. The remaining identities are clustered into children roles based on attributes other than the common attribute, and the children roles are added to the role hierarchy at a hierarchical level below the cohesive role. If no common attribute exists in the non-cohesive role, the role is clustered into two or more new roles based on all the attributes in the role, and the non-cohesive role is replaced with the new roles at the same hierarchical level.
摘要:
Traffic control techniques are provided for intercepting an initial message in a handshaking procedure for a secure communication between a first device and a second device at a proxy device. Identification information associated with the second device is extracted from the initial message. A policy is applied to communications between the first device and second device based on the identification information.
摘要:
A policy is established comprising a condition having a multiphase attribute of a multiphase transaction. Phase specific policies are established for each phase in which the multiphase attribute may become known. The multiphase transaction is evaluated according to the phase specific policies at each phase of the multiphase transaction in which the multiphase attribute may become known until a policy decision of the policy is determined.
摘要:
A policy is established comprising a condition having a multiphase attribute of a multiphase transaction. Phase specific policies are established for each phase in which the multiphase attribute may become known. The multiphase transaction is evaluated according to the phase specific policies at each phase of the multiphase transaction in which the multiphase attribute may become known until a policy decision of the policy is determined.
摘要:
A computer-implemented method, comprising determining a displayable sub range of events from among event records in a stored repository of network event data; determining a start time; in response to determining the start time, loading from the repository, a subset of a specified number of event records representing only network events that occurred at one or more network infrastructure elements before the start time; graphically displaying, in a first portion of a screen display on a display unit, an event graph that plots a number of network events that occurred in each of a plurality of discrete time periods represented by the sub range of events, and between the start time and the end time; graphically displaying, over the event graph, a time slider and a loaded event indicator area that is delimited by the start time and the end time; displaying, in a second portion of the screen display, a table listing only such network events as occurred between the start time and end time as indicated by the loaded event indicator area; wherein the steps are performed by one or more computing devices.
摘要:
Systems, methods and computer program products are provided for identifying a first component on a first server and a second component on a second server for co-location, where the first and second servers are within a domain boundary; inspecting available server resources within the domain boundary; determining a select server in the domain boundary for co-location based upon the inspection of available server resources; and autonomically co-locating the first and second components to the select server.