Patent application number | Description | Published |
20080259790 | RELIABLE AND RESILIENT END-TO-END CONNECTIVITY FOR HETEROGENEOUS NETWORKS - Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage. | 10-23-2008 |
20080263082 | RECOVERY SEGMENT IDENTIFICATION IN A COMPUTING INFRASTRUCTURE - A solution for managing a computer infrastructure is provided. In particular, the solution can generate a set of tentative recovery segments for the computer infrastructure based on a related resource graph and a set of partition rules. The related resource graph can be generated based on a managed resource graph, which includes resource type information for each node in the managed resource graph. The set of tentative recovery segments can be used to manage the computer infrastructure and/or a set of recovery segments, which includes recovery characteristic(s) for each segment can be generated based on the set of tentative recovery segments and a set of recovery segment templates. In any event, the invention provides a solution that fully and/or partially automates the identification of recovery segments within a computer infrastructure, thereby enabling a more effective management of the computer infrastructure. | 10-23-2008 |
20100071025 | SECURING LIVE MIGRATION OF A VIRTUAL MACHINE WITHIN A SERVICE LANDSCAPE - In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM cna be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link. | 03-18-2010 |
20110038256 | RELIABLE AND RESILIENT END-TO-END CONNECTIVITY FOR HETEROGENEOUS NETWORKS - Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage. | 02-17-2011 |
20110126194 | SHARED SECURITY DEVICE - A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed. | 05-26-2011 |
20120110155 | MANAGEMENT OF A DATA NETWORK OF A COMPUTING ENVIRONMENT - An integrated hybrid system is provided. The hybrid system includes compute components of different types and architectures that are integrated and managed by a single point of control to provide federation and the presentation of the compute components as a single logical computing platform. | 05-03-2012 |
20120198542 | Shared Security Device - A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed. | 08-02-2012 |
20120213059 | RELIABLE AND RESILIENT END-TO-END CONNECTIVITY FOR HETEROGENEOUS NETWORKS - Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage. | 08-23-2012 |
20120222087 | APPLICATION BASED INTRUSION DETECTION - Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected. | 08-30-2012 |
20130111037 | MANAGEMENT OF A DATA NETWORK OF A COMPUTING ENVIRONMENT | 05-02-2013 |
20140156837 | METHOD AND SYSTEM FOR GENERIC APPLICATION LIVELINESS MONITORING FOR BUSINESS RESILIENCY - A system and method for monitoring liveliness includes a management device which has an application layer where applications are executed. A connection monitor is located other than on the application layer, and the connection monitor is configured to receive requests from clients and deliver the requests to components on the application layer. The components include a generic application monitor which responds to liveliness monitor requests from the clients for all applications monitored, and one or more applications which response to requests to that application. | 06-05-2014 |
20140201365 | IMPLEMENTING A PRIVATE NETWORK ISOLATED FROM A USER NETWORK FOR VIRTUAL MACHINE DEPLOYMENT AND MIGRATION AND FOR MONITORING AND MANAGING THE CLOUD ENVIRONMENT - A method, system and computer program product for optimizing quality of service settings for virtual machine deployment and migration. A first network (e.g., user network) is provided that is dedicated to running user workloads deployed on virtual machines. A second network (e.g., cloud management network), isolated from the first network, is also provided that is dedicated to virtual machine deployment and migration. As a result of the first and second networks not being shared, the administrative server utilizes unique quality of service settings for virtual machine deployment and migration supported by the second network that would otherwise not be possible if the first and second networks were shared. | 07-17-2014 |
Patent application number | Description | Published |
20080320147 | METHOD AND APPARATUS FOR POLICY-BASED PACKET CLASSIFICATION - A method, apparatus, and computer implemented instructions for processing a request in a data processing system. The request is received. In response to a first hash value being present within the request, the first hash value is compared to a second hash value that was computed locally, wherein the second hash value represents a current policy configuration for assigning a quality of service. In response to a match between the first hash value and the second hash value, other information in the request is used to establish a quality of service for packets associated with the request. | 12-25-2008 |
20090063673 | END-TO-END (E2E) SERVICE LEVEL AGREEMENT (SLA) COMPLIANCE ACROSS BOTH MANAGED AND UNMANAGED NETWORK SEGMENTS - Embodiments of the present invention address deficiencies of the art in respect to e2e SLA support in a network of both manageable and unmanageable portions and provide a method, system and computer program product for e2e SLA compliance across both managed and unmanaged network segments. In one embodiment of the invention, a method for e2e SLA compliance across both managed and unmanaged network segments can be provided. The method can include identifying both a managed segment and an unmanaged segment of an e2e network for a communications path implicated by an SLA, determining an observed delay for the unmanaged segment of the e2e network, computing from a desired delay for the communications path and the observed delay a differential delay, and constraining the managed segment to meet the differential delay in order to assure meeting the desired delay for the communications path implicated by the SLA. | 03-05-2009 |
20110125914 | END-TO-END (E2E) SERVICE LEVEL AGREEMENT (SLA) COMPLIANCE ACROSS BOTH MANAGED AND UNMANAGED NETWORK SEGMENTS - Embodiments of the present invention address deficiencies of the art in respect to e2e SLA support in a network of both manageable and unmanageable portions and provide a method, system and computer program product for e2e SLA compliance across both managed and unmanaged network segments. In one embodiment of the invention, a method for e2e SLA compliance across both managed and unmanaged network segments can be provided. The method can include identifying both a managed segment and an unmanaged segment of an e2e network for a communications path implicated by an SLA, determining an observed delay for the unmanaged segment of the e2e network, computing from a desired delay for the communications path and the observed delay a differential delay, and constraining the managed segment to meet the differential delay in order to assure meeting the desired delay for the communications path implicated by the SLA. | 05-26-2011 |