公开(公告)号：US08627136B2

公开(公告)日：2014-01-07

申请号：US12978866

申请日：2010-12-27

申请人： Hari Shankar ,  Huadong Liu ,  Hua Li

发明人： Hari Shankar ,  Huadong Liu ,  Hua Li

IPC分类号： G06F11/00

CPC分类号： H04L41/0654 ,  G06F11/2028 ,  G06F11/2038 ,  G06F11/2046 ,  G06F11/2097

摘要： A novel RDMA connection failover technique that minimizes disruption to upper subsystem modules (executed on a computer node), which create requests for data transfer. A new failover virtual layer performs failover of an RDMA connection in error so that the upper subsystem that created a request does not have knowledge of an error (which is recoverable in software and hardware), or of a failure on the RDMA connection due to the error. Since the upper subsystem does not have knowledge of a failure on the RDMA connection or of a performed failover of the RDMA connection, the upper subsystem continues providing requests to the failover virtual layer without interruption, thereby minimizing downtime of the data transfer activity.

摘要翻译： 一种新颖的RDMA连接故障切换技术，可最大限度地减少上层子系统模块（在计算机节点上执行）的干扰，从而创建数据传输请求。 新的故障转移虚拟层错误地执行RDMA连接的故障转移，以便创建请求的上级子系统不知道错误（可在软件和硬件中恢复）或RDMA连接发生故障，因为 错误。 由于上级子系统不知道RDMA连接上的故障或RDMA连接的已执行故障转移，上级子系统会继续向故障转移虚拟层提供请求，而不会中断，从而最大限度地减少数据传输活动的停机时间。

公开(公告)号：US20050138419A1

公开(公告)日：2005-06-23

申请号：US10741634

申请日：2003-12-19

申请人： Pratik Gupta ,  Govindaraj Sampathkumar ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

发明人： Pratik Gupta ,  Govindaraj Sampathkumar ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

IPC分类号： G06F11/30 ,  H04L9/32

CPC分类号： G06F21/6218

摘要： An automated, bottom-up role discovery method for a role based control system includes automatically extracting identities and attributes from data sources and automatically clustering the identities based on the attributes to form recommended roles. The recommended roles may be modified by intervention of an administrator. Additionally, the recommended roles may be aggregated by defining the role definition as an attribute of each constituent identity, and re-clustering the identities to generate refined roles. The recommended, modified, and/or refined roles may then be utilized in a role based control system, such as a role based access control system. Periodically performing the role discovery process provides a means to audit a role based access control system.

摘要翻译： 用于基于角色的控制系统的自动化的自下而上角色发现方法包括自动从数据源提取身份和属性，并根据属性自动聚类身份以形成推荐角色。 推荐的角色可以通过管理员的干预来修改。 另外，推荐的角色可以通过将角色定义定义为每个组成标识的属性来进行聚合，并重新聚集身份以生成精细角色。 然后，可以在基于角色的控制系统（例如基于角色的访问控制系统）中使用推荐的，修改的和/或细化的角色。 定期执行角色发现过程提供了一种审核基于角色的访问控制系统的方法。

公开(公告)号：US11281654B2

公开(公告)日：2022-03-22

申请号：US11876953

申请日：2007-10-23

申请人： Snehal S. Antani ,  Soloman J. Barghouthi ,  Mohammad N. Fakhar ,  Sajan Sankaran ,  Hari Shankar

发明人： Snehal S. Antani ,  Soloman J. Barghouthi ,  Mohammad N. Fakhar ,  Sajan Sankaran ,  Hari Shankar

IPC分类号： G06F9/52 ,  G06F16/23

摘要： Roll back strategies for database deadlock resolution are customized by identifying a first transaction to a database, identifying a second transaction to the database and detecting a deadlock between the first and second transactions with respect to the database. The deadlock is resolved based upon a predetermined roll back strategy associated with at least one of the first or second transactions to identify a select one of the first and second transactions for roll back and a request is conveyed to roll back the selected one of the first and second transactions, wherein the preferred transaction is allowed to continue processing.

公开(公告)号：US07284000B2

公开(公告)日：2007-10-16

申请号：US10741708

申请日：2003-12-19

申请人： David G. Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent C. Williams ,  Sharon L. Cutcher ,  Sumit Taank ,  Brian A. Stube ,  Hari Shankar

发明人： David G. Kuehr-McLaren ,  Pratik Gupta ,  Govindaraj Sampathkumar ,  Vincent C. Williams ,  Sharon L. Cutcher ,  Sumit Taank ,  Brian A. Stube ,  Hari Shankar

IPC分类号： G06F17/30

CPC分类号： G06F17/00 ,  G06F17/30 ,  G06Q10/00 ,  G06Q10/06 ,  G06Q10/10 ,  Y10S707/99939

摘要： Policies defining the entitlements to be assigned to a new identity joining a role are automatically generated. An automatic policy assigns a new identity the entitlements commonly owned by a predetermined number of identities in the role, which may be all of the role identities. A conditional policy recommends that a new identity be assigned the non-commonly-owned entitlements associated with the role identity whose non-entitlement attributes most closely match the non-entitlement attributes of the new identity. This may be automatically determined by iterating through a vector that maps the non-commonly-owned entitlements with the non-entitlement attributes of each role identity, comparing the non-entitlement attributes of the new identity to find the closest match. The non-commonly-owned entitlements of that identity are then recommended to be assigned to the new identity, upon approval.

摘要翻译： 将自动生成定义要分配给加入角色的新身份的权利的策略。 自动策略将新身份分配给角色中预定数量的身份共同拥有的权利，这些身份可能是所有角色身份。 条件政策建议将新身份分配给与非授权属性与新身份的非授权属性最接近的角色身份相关联的非共同所有权利。 这可以通过迭代通过将非共同所有权利与每个角色身份的非授权属性进行映射的向量来自动确定，比较新身份的非授权属性以找到最接近的匹配。 然后，建议将该身份的非共同所有权利分配给新身份，并经批准。

公开(公告)号：US20050138420A1

公开(公告)日：2005-06-23

申请号：US10741904

申请日：2003-12-19

申请人： Govindaraj Sampathkumar ,  Pratik Gupta ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

发明人： Govindaraj Sampathkumar ,  Pratik Gupta ,  David Kuehr-McLaren ,  Vincent Williams ,  Sharon Cutcher ,  Sumit Taank ,  Brian Stube ,  Hari Shankar

IPC分类号： H04L9/00

CPC分类号： G06Q10/10 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2145

摘要： A role hierarchy is automatically generated by hierarchically ranking roles in a role based control system, each role including a plurality of identities having attributes. Iteratively at each hierarchical level: each non-cohesive role (wherein, in this case, at least one attribute is not possessed by every identity in the role) is replaced, at the same hierarchical level, by a cohesive role formed by grouping identities having at least one common attribute. The remaining identities are clustered into children roles based on attributes other than the common attribute, and the children roles are added to the role hierarchy at a hierarchical level below the cohesive role. If no common attribute exists in the non-cohesive role, the role is clustered into two or more new roles based on all the attributes in the role, and the non-cohesive role is replaced with the new roles at the same hierarchical level.

摘要翻译： 通过在基于角色的控制系统中对角色进行分级排序自动生成角色层次结构，每个角色包括具有属性的多个身份。 迭代地在每个层次级别：每个非凝聚的角色（其中，在这种情况下，角色中的每个身份不具有至少一个属性）在相同的层次上由通过将身份分组 至少有一个共同的属性。 剩余的身份基于公共属性以外的属性聚类成儿童角色，并且儿童角色被添加到角色层次结构中，层级低于凝聚角色。 如果非凝聚角色中不存在共同属性，则该角色将基于角色中的所有属性聚集到两个或多个新角色中，并且将非相关角色替换为同一层次级别的新角色。

公开(公告)号：US09237168B2

公开(公告)日：2016-01-12

申请号：US13473835

申请日：2012-05-17

申请人： Jianxin Wang ,  Hari Shankar ,  Trevor Highland ,  Niranjan Koduri ,  Daryl Odnert

发明人： Jianxin Wang ,  Hari Shankar ,  Trevor Highland ,  Niranjan Koduri ,  Daryl Odnert

IPC分类号： H04L29/06

CPC分类号： H04L63/166 ,  H04L63/0236 ,  H04L63/0428

摘要： Traffic control techniques are provided for intercepting an initial message in a handshaking procedure for a secure communication between a first device and a second device at a proxy device. Identification information associated with the second device is extracted from the initial message. A policy is applied to communications between the first device and second device based on the identification information.

摘要翻译： 业务控制技术被提供用于在握手过程中拦截初始消息以在代理设备处的第一设备和第二设备之间的安全通信。 从初始消息中提取与第二设备相关联的识别信息。 基于识别信息，将策略应用于第一设备和第二设备之间的通信。

公开(公告)号：US09100366B2

公开(公告)日：2015-08-04

申请号：US13613829

申请日：2012-09-13

申请人： Haiyan Luo ,  Hari Shankar ,  Daryl Odnert ,  Niranjan Koduri

发明人： Haiyan Luo ,  Hari Shankar ,  Daryl Odnert ,  Niranjan Koduri

IPC分类号： H04L29/06 ,  G06F21/55 ,  G06F21/62

CPC分类号： H04L63/105 ,  G06F21/552 ,  G06F21/6218 ,  H04L63/0227 ,  H04L63/0281

摘要： A policy is established comprising a condition having a multiphase attribute of a multiphase transaction. Phase specific policies are established for each phase in which the multiphase attribute may become known. The multiphase transaction is evaluated according to the phase specific policies at each phase of the multiphase transaction in which the multiphase attribute may become known until a policy decision of the policy is determined.

摘要翻译： 建立包括具有多相交易的多相属性的条件的策略。 针对可以将多相属性知道的每个阶段建立相位特定策略。 根据多阶段事务的每个阶段的阶段特定策略来评估多阶段事务，其中多阶段属性可以在其中被确定，直到策略的策略决定被确定为止。

公开(公告)号：US20140075497A1

公开(公告)日：2014-03-13

申请号：US13613829

申请日：2012-09-13

申请人： Haiyan Luo ,  Hari Shankar ,  Daryl Odnert ,  Niranjan Koduri

发明人： Haiyan Luo ,  Hari Shankar ,  Daryl Odnert ,  Niranjan Koduri

IPC分类号： G06F21/00

CPC分类号： H04L63/105 ,  G06F21/552 ,  G06F21/6218 ,  H04L63/0227 ,  H04L63/0281

摘要： A policy is established comprising a condition having a multiphase attribute of a multiphase transaction. Phase specific policies are established for each phase in which the multiphase attribute may become known. The multiphase transaction is evaluated according to the phase specific policies at each phase of the multiphase transaction in which the multiphase attribute may become known until a policy decision of the policy is determined.

摘要翻译： 建立包括具有多相交易的多相属性的条件的策略。 针对可以将多相属性知道的每个阶段建立相位特定策略。 根据多阶段事务的每个阶段的阶段特定策略来评估多阶段事务，其中多阶段属性可以在其中被确定，直到策略的策略决定被确定为止。

公开(公告)号：US20110099500A1

公开(公告)日：2011-04-28

申请号：US12606966

申请日：2009-10-27

申请人： Jared Smith ,  Gurminder Singh ,  Sandra Lo ,  Hari Shankar

发明人： Jared Smith ,  Gurminder Singh ,  Sandra Lo ,  Hari Shankar

IPC分类号： G06F3/048

CPC分类号： H04L41/22 ,  G06F3/0482 ,  G06F2203/04803

摘要： A computer-implemented method, comprising determining a displayable sub range of events from among event records in a stored repository of network event data; determining a start time; in response to determining the start time, loading from the repository, a subset of a specified number of event records representing only network events that occurred at one or more network infrastructure elements before the start time; graphically displaying, in a first portion of a screen display on a display unit, an event graph that plots a number of network events that occurred in each of a plurality of discrete time periods represented by the sub range of events, and between the start time and the end time; graphically displaying, over the event graph, a time slider and a loaded event indicator area that is delimited by the start time and the end time; displaying, in a second portion of the screen display, a table listing only such network events as occurred between the start time and end time as indicated by the loaded event indicator area; wherein the steps are performed by one or more computing devices.

摘要翻译： 一种计算机实现的方法，包括从存储的网络事件数据库中的事件记录中确定事件的可显示子范围; 确定开始时间; 响应于确定开始时间，从存储库加载指定数量的事件记录的子集，其仅表示在开始时间之前在一个或多个网络基础设施元素处发生的网络事件; 在显示单元的屏幕显示的第一部分中以图形方式显示事件图，其绘制在由子事件范围表示的多个离散时间段中的每个中发生的网络事件的数量，以及在事件的开始时间 和结束时间 通过事件图形图形地显示由开始时间和结束时间界定的时间滑块和加载的事件指示器区域; 在屏幕显示的第二部分中显示仅列出如由加载的事件指示符区域指示的在开始时间和结束时间之间发生的网络事件的表; 其中所述步骤由一个或多个计算设备执行。

公开(公告)号：US20090089429A1

公开(公告)日：2009-04-02

申请号：US11864365

申请日：2007-09-28

申请人： Snehal S. Antani ,  Mohammad N. Fakhar ,  Hari Shankar

发明人： Snehal S. Antani ,  Mohammad N. Fakhar ,  Hari Shankar

IPC分类号： G06F15/173

CPC分类号： H04L67/02 ,  H04L29/12141 ,  H04L61/1558

摘要： Systems, methods and computer program products are provided for identifying a first component on a first server and a second component on a second server for co-location, where the first and second servers are within a domain boundary; inspecting available server resources within the domain boundary; determining a select server in the domain boundary for co-location based upon the inspection of available server resources; and autonomically co-locating the first and second components to the select server.

摘要翻译： 系统，方法和计算机程序产品被提供用于识别第一服务器上的第一组件和用于共同定位的第二服务器上的第二组件，其中第一和第二服务器在域边界内; 检查域边界内的可用服务器资源; 基于对可用服务器资源的检查，确定用于共同定位的域边界中的选择服务器; 以及将第一和第二组件自动地共同定位到选择服务器。