公开(公告)号：US09703610B2

公开(公告)日：2017-07-11

申请号：US13239253

申请日：2011-09-21

Applicant: Robert Lee ,  Gene Gleyzer ,  Mark Falco ,  Cameron Purdy

Inventor： Robert Lee ,  Gene Gleyzer ,  Mark Falco ,  Cameron Purdy

IPC: G06F9/50 ,  G06F17/30 ,  H04L29/08

CPC classification number: G06F9/5083 ,  G06F17/30575 ,  H04L67/10

Abstract: A centralized resource distribution is described where the decision portion of partitioning data among cluster nodes is made centralized while the actual mechanics to implement the partitioning remain a distributed algorithm. A central distribution coordinator is used to create an extensible central strategy that controls how the data will be partitioned across the cluster. The work to implement this strategy is performed by all of the members individually and asynchronously, in accordance with a distributed algorithm. The central strategy can be communicated to all cluster members and each member can perform the partitioning as it relates to itself. For example, in accordance with the distributed algorithm, one node may decide that it needs to obtain a particular partition in light of the central strategy and carry out the necessary steps to obtain that data, while other nodes may be asynchronously performing other individual partition transfers relevant to those particular nodes.

公开(公告)号：US09477536B2

公开(公告)日：2016-10-25

申请号：US13473432

申请日：2012-05-16

Applicant: Mark Falco ,  Patrik Torstensson ,  Gene Gleyzer ,  Cameron Purdy

Inventor： Mark Falco ,  Patrik Torstensson ,  Gene Gleyzer ,  Cameron Purdy

IPC: G06F15/167 ,  G06F9/54

CPC classification number: G06F9/546 ,  G06F9/541

Abstract: A system and method for providing a message bus component or version thereof (referred to herein as an implementation), and a messaging application program interface, for use in an enterprise data center, middleware machine system, or similar environment that includes a plurality of processor nodes together with a high-performance communication fabric (or communication mechanism) such as InfiniBand. In accordance with an embodiment, the messaging application program interface enables features such as asynchronous messaging, low latency, and high data throughput, and supports the use of in-memory data grid, application server, and other middleware components.

公开(公告)号：US09063787B2

公开(公告)日：2015-06-23

申请号：US13352203

申请日：2012-01-17

Applicant: Robert H. Lee ,  Mark Falco ,  Gene Gleyzer ,  Cameron Purdy

Inventor： Robert H. Lee ,  Mark Falco ,  Gene Gleyzer ,  Cameron Purdy

IPC: G06F9/50 ,  G06F11/14

CPC classification number: H04L41/5054 ,  G06F9/5061 ,  G06F11/1425 ,  G06F2209/505 ,  H04L67/10 ,  H04L67/16

Abstract: A system and method is described for use with a data grid cluster, which uses cluster quorum to prevent split brain scenario. The data grid cluster includes a plurality of cluster nodes, each of which runs a cluster service. Each cluster service collects and maintains statistics regarding communication flow between its cluster node and the other cluster nodes in the data grid cluster. The statistics are used to determine a status associated with other cluster nodes in the data grid cluster whenever a disconnect event happens. The data grid cluster is associated with a quorum policy, which is defined in a cache configuration file, and which specifies a time period that a cluster node will wait before making a decision on whether or not to evict one or more cluster nodes from the data grid cluster.

Abstract translation: 描述了一种与数据网格集群一起使用的系统和方法，数据网格集群使用集群仲裁来防止分裂大脑情况。 数据网格集群包括多个集群节点，每个集群节点都运行集群服务。 每个集群服务收集和维护有关其集群节点和数据网格集群中其他集群节点之间的通信流量的统计信息。 当断开事件发生时，统计信息用于确定与数据网格集群中其他集群节点相关联的状态。 数据网格集群与在缓存配置文件中定义的仲裁策略相关联，并且指定集群节点在作出关于是否从数据中排除一个或多个集群节点的决定之前等待的时间段 网格集群。

公开(公告)号：US20120297056A1

公开(公告)日：2012-11-22

申请号：US13239253

申请日：2011-09-21

Applicant: Robert Lee ,  Gene Gleyzer ,  Mark Falco ,  Cameron Purdy

Inventor： Robert Lee ,  Gene Gleyzer ,  Mark Falco ,  Cameron Purdy

IPC: G06F15/173

CPC classification number: G06F9/5083 ,  G06F17/30575 ,  H04L67/10

Abstract: A centralized resource distribution is described where the decision portion of partitioning data among cluster nodes is made centralized while the actual mechanics to implement the partitioning remain a distributed algorithm. A central distribution coordinator is used to create an extensible central strategy that controls how the data will be partitioned across the cluster. The work to implement this strategy is performed by all of the members individually and asynchronously, in accordance with a distributed algorithm. The central strategy can be communicated to all cluster members and each member can perform the partitioning as it relates to itself. For example, in accordance with the distributed algorithm, one node may decide that it needs to obtain a particular partition in light of the central strategy and carry out the necessary steps to obtain that data, while other nodes may be asynchronously performing other individual partition transfers relevant to those particular nodes.

Abstract translation: 描述集中式资源分配，其中集群节点之间的分区数据的决定部分被集中，而实现分区的实际机制仍然是分布式算法。 中央分配协调器用于创建可扩展的中央策略，以控制如何在集群中分区数据。 根据分布式算法，实现该策略的工作由所有成员单独和异步地执行。 中央策略可以传递给所有集群成员，每个成员可以执行与自身相关的分区。 例如，根据分布式算法，一个节点可以根据中心策略来决定是否需要获取特定的分区，并执行必要的步骤来获得该数据，而其他节点可能异步执行其他单独的分区传输 与这些特定节点相关。

公开(公告)号：US20050097352A1

公开(公告)日：2005-05-05

申请号：US10961701

申请日：2004-10-08

Applicant: Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

Inventor： Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

IPC: H04L9/00 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/20

Abstract: A system and method for a dynamically configurable security system, comprising, a process having one or more resources to be protected, and a security service module coupled to the process, one or more plugin security provider modules that are compatible with and extend the security service module, wherein the security service module is capable of receiving security information updates, and wherein the security service module is capable of controlling access to the one or more resources based on the security information updates through the use of the one or more plugin security provider modules.

Abstract translation: 一种用于动态可配置的安全系统的系统和方法，包括：具有一个或多个要保护的资源的进程，以及耦合到所述进程的安全服务模块，与所述安全服务兼容并扩展所述安全服务的一个或多个插件安全提供者模块 模块，其中所述安全服务模块能够接收安全信息更新，并且其中所述安全服务模块能够通过使用所述一个或多个插件安全提供者模块来基于所述安全信息更新来控制对所述一个或多个资源的访问 。

公开(公告)号：US20050097350A1

公开(公告)日：2005-05-05

申请号：US10961674

申请日：2004-10-08

Applicant: Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

Inventor： Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

IPC: G06F11/30 ,  G06F15/173 ,  G06F21/00 ,  H04L9/00

CPC classification number: G06F21/6218 ,  H04L63/105 ,  H04L63/20

Abstract: A system and method for distributing information from a first process to one or more security service modules, said system comprising the steps of, a remote interface capable of accepting first information from the first process, a provisioning service provider coupled to the remote interface and capable of obtaining the first information from the remote interface, and further capable of providing second information to a local interface, wherein the second information is based on the first information and is tailored for the one or more security service modules, the local interface capable of providing the second information to the one or more security service modules and wherein the one or more security service modules are capable of accepting the second information and performing at least one of the following: adjusting a configuration of the one or more security service modules to reflect the second information, and protecting access to at least one resource based on the second information.

Abstract translation: 一种用于将信息从第一进程分发到一个或多个安全服务模块的系统和方法，所述系统包括以下步骤：能够接收来自第一进程的第一信息的远程接口，耦合到远程接口的提供服务提供商和能够 从所述远程接口获取所述第一信息，并且还能够向本地接口提供第二信息，其中所述第二信息基于所述第一信息，并针对所述一个或多个安全服务模块进行定制，所述本地接口能够提供 将所述第二信息提供给所述一个或多个安全服务模块，并且其中所述一个或多个安全服务模块能够接受所述第二信息并且执行以下中的至少一个：调整所述一个或多个安全服务模块的配置以反映 第二信息，以及基于第二信息保护对至少一个资源的访问 配合

公开(公告)号：US09262229B2

公开(公告)日：2016-02-16

申请号：US13352209

申请日：2012-01-17

Applicant: Robert H. Lee ,  Mark Falco ,  Gene Gleyzer ,  Cameron Purdy

Inventor： Robert H. Lee ,  Mark Falco ,  Gene Gleyzer ,  Cameron Purdy

IPC: G06F15/16 ,  G06F9/50 ,  G06F11/14

CPC classification number: H04L41/5054 ,  G06F9/5061 ,  G06F11/1425 ,  G06F2209/505 ,  H04L67/10 ,  H04L67/16

Abstract: A system and method is described for use with a data grid cluster, for supporting service level quorum in the data grid cluster. The data grid cluster includes a plurality of cluster nodes that support performing at least one service action. A quorum policy, defined in a cache configuration file associated with the data grid cluster, can specify a minimum number of service members that are required in the data grid cluster for performing the service action. The data grid cluster uses the quorum policy to determine whether the service action is allowed to be performed, based on a present state of the plurality of cluster nodes in the data grid cluster.

Abstract translation: 描述了与数据网格集群一起使用的系统和方法，用于支持数据网格集群中的服务级定额。 数据网格集群包括支持执行至少一个服务动作的多个集群节点。 与数据网格集群相关联的缓存配置文件中定义的法定策略可以指定数据网格集群中执行服务操作所需的最少服务成员数。 基于数据网格簇中的多个集群节点的当前状态，数据网格集群使用仲裁策略来确定是否允许执行服务动作。

公开(公告)号：US20050262362A1

公开(公告)日：2005-11-24

申请号：US10961593

申请日：2004-10-08

Applicant: Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

Inventor： Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/20

Abstract: A memory for storing data for access by an application program being executed on a computer system, comprising, a data structure stored in said memory, said data structure including, a name attribute wherein the name identifies an action or a role, a resource attribute wherein the resource attribute specifies a resource in a hierarchy of resources and determines a scope for the name attribute, a subject attribute wherein the subject attribute specifies at least one of, a user and group, and wherein the application program accesses the memory through an interface that is part of a security service module.

Abstract translation: 一种用于存储由在计算机系统上执行的应用程序进行访问的数据的存储器，包括存储在所述存储器中的数据结构，所述数据结构包括名称属性，其中所述名称标识动作或角色，资源属性，其中 资源属性指定资源层级中的资源，并确定名称属性的范围，主题属性，其中主题属性指定用户和组中的至少一个，并且其中应用程序通过以下界面访问存储器： 是安全服务模块的一部分。

公开(公告)号：US20050257245A1

公开(公告)日：2005-11-17

申请号：US10961549

申请日：2004-10-08

Applicant: Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

Inventor： Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/0815 ,  H04L63/105 ,  H04L63/20

Abstract: A system and method for distributed enterprise security, comprising, a security control module (SCM) operable to accept information, wherein the information includes one or more policies, at least one security service module (SSM) operable to accept the information from the SCM, a role mapping module coupled to the at least one SSM, wherein the role mapping module is operable to map a user to at least one role based on the information, and wherein the information accepted by the SCM is relevant to the at least one SSM.

Abstract translation: 一种用于分布式企业安全性的系统和方法，包括：可操作以接受信息的安全控制模块（SCM），其中所述信息包括一个或多个策略，至少一个安全服务模块（SSM），可操作以接受来自所述SCM的信息， 角色映射模块，其耦合到所述至少一个SSM，其中所述角色映射模块可操作以基于所述信息将用户映射到至少一个角色，并且其中由所述SCM接受的所述信息与所述至少一个SSM相关。

公开(公告)号：US20050251852A1

公开(公告)日：2005-11-10

申请号：US10962106

申请日：2004-10-08

Applicant: Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

Inventor： Paul Patrick ,  David Byrne ,  Kenneth Yagen ,  Mingde Xu ,  Jason Howes ,  Mark Falco ,  Richard Riendeau

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L63/102 ,  H04L63/20

Abstract: A system and method for a distributed enterprise security, comprising, a first process capable of providing a second set of information derived from a first set of information, wherein the first set of information includes one or more of: a policy and configuration information, a security control module (SCM) capable of accepting the second set of information wherein the second set of information only includes information from the first set of information that is relevant to the SCM and wherein the SCM is capable of providing a third set of information wherein the third set of information is derived from the second set of information, a security service module (SSM) capable of accepting the third set of information from the SCM wherein the third set of information only includes information from the second set of information that is relevant to the SSM, wherein the SSM is capable of controlling access to one or more resources based on the third set of information, and wherein the SSM is capable of configuring the appropriate set of security services based on the third set of information.

Abstract translation: 一种用于分布式企业安全性的系统和方法，包括：能够提供从第一组信息导出的第二组信息的第一过程，其中所述第一组信息包括以下中的一个或多个：策略和配置信息， 能够接受第二组信息的安全控制模块（SCM），其中所述第二组信息仅包括来自与所述SCM相关的所述第一组信息的信息，并且其中所述SCM能够提供第三组信息，其中， 从第二组信息导出第三组信息，能够接受来自SCM的第三组信息的安全服务模块（SSM），其中第三组信息仅包括与第二组信息相关的信息 SSM，其中所述SSM能够基于所述第三组信息来控制对一个或多个资源的访问，并且其中所述SSM是 能够基于第三组信息配置适当的一组安全服务。