摘要:
Systems, methods and computer-readable media provide for identifying a physical machine corresponding to a virtual machine. A system assigns a data center machine identifier to a physical computing device in a data center, along with a physical location for the physical computing system. In response to creating a virtual machine on the physical computing device, the system creates a mapping from a virtual machine identifier for the virtual machine to the data center machine identifier for the physical computing system.
摘要:
In a method for selecting a remote application service from a plurality of remote application services containing a requested electronic resource, a computer receives a request for an electronic resource. The computer sends a request for a geographic location of each node in the plurality of nodes containing the electronic resource. The computer determines a distance between the geographic location of each node in the plurality of nodes and the geographic location of the origin of the request for the electronic resource, respectively. The computer selects a remote application service based at least partially on the distance between the geographic location of each node and the geographic location of the origin of the request for the electronic resource.
摘要:
Systems, methods and computer-readable media provide for identifying a physical machine corresponding to a virtual machine. A system assigns a data center machine identifier to a physical computing device in a data center, along with a physical location for the physical computing system. In response to creating a virtual machine on the physical computing device, the system creates a mapping from a virtual machine identifier for the virtual machine to the data center machine identifier for the physical computing system.
摘要:
An approach is provided that allows an administrator to set a new password at a wireless access point, such as a traditional WAP or a wireless router. The wireless access point creates a message that includes the new password. The message is encrypted using the old password that was previously set for the wireless network. The encrypted message is wirelessly transmitted from the wireless access point to the active client devices (those clients currently accessing the wireless network). The clients decrypt the message using the old password that was previously provided to the clients. The clients retrieve the new password from the message. The clients construct a new message that is encrypted using the new password. The new message is wirelessly transmitted from the clients to the wireless access device and serves as an acknowledgement.
摘要:
Methods, systems, and media to automatically deploy an, e.g., a JS2EE file between environments are disclosed. Embodiments include hardware and/or software for selecting one or more applications in an original system for export. The applications along with their corresponding application data, configuration data, and descriptor files, are compressed into one or more archive files such as Enterprise Archives (EARs). Variable configuration data associated with the target environment is identified so the values of the variable configuration data can be adapted for the target environment. Then, the target environment is adapted for installation of the application and the application is installed in the target environment. Advantageously, this deployment of the application may reduce the chance of user error, require less J2EE knowledge and script maintenance, and complete faster than deployments effected manually.
摘要:
Authentication operations are performed within a CORBA-compliant environment with client applications using the JAAS programming model. A client application obtains an interoperable object reference (IOR) for a target object on a remote server that is protected within a security domain. After the client application invokes the target object, an object request is generated, and a request-level interceptor obtains the IOR for the target object and extracts an identifier for the security domain from the IOR. If a credential for the security domain is not in the current execution context of the client application, i.e., the current JAAS subject in the JAAS programming model, then the request-level interceptor performs an authentication operation with the security domain on behalf of the client application, receives an authentication credential, and places the authentication credential into the execution context of the client application. The object request is further processed in association with the obtained credential.
摘要:
An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.
摘要:
A method and system that enables cross-border compliance with export restrictions of particular computer technology, including software loaded on a computing device. The computing device is loaded with software, and has a country location device, such as a low-end GPS device. The country location device (country locator) stores the present geographic location of the device in a location register. When the computing device is turned on or the software is activated for operation on the computing device, a security utility of the software compares the value in the register against a list of pre-established locations that are export-restricted. When the value matches (or falls within a range) of one of pre-established locations, the features of the software that are export restricted are automatically disabled.
摘要:
Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
摘要:
A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.