Remote system administration using command line environment

FIELD: information technology.

SUBSTANCE: present invention relates to the administration of network systems and, more specifically, to the command line environment, designed to administer a remote network system. The command line environment is configured to receive the command line, which includes many remote nodes. The environment of the command line is configured to establish a session, which may be constant for every connected remote node, and for initiating implementation of remote commands on these nodes. The session may be assigned to a variable, and remote execution can be performed simultaneously. The results of remote implementation are received and can be combined into an array.

EFFECT: possibility for allocation of task when establishing sessions in the command line environment of one system to other systems for improvement of operational characteristics.

32 cl, 6 dwg

 

The technical field to which the invention relates.

The present invention relates to the administration of network systems and, more specifically, to the command-line environment, designed for remote administration of the network system.

The level of technology

Computing systems and networks currently are complex and often very large. Some large companies may have thousands of individual computing systems, mutually connected via local and global computer networks. Coordinating the work of all these computing systems is critical to the success of the enterprise. For this reason, system designers strive to create useful administration tools for system administration.

Since a typical system administrator is a very experienced user, the administrative tools are often more complex than the application program intended for normal users. For example, the environment using the command line still remain popular among system administrators, even though the graphical user interface is preferred for normal users. Often administrators can perform relatively complex tasks faster using the command line than when ISOE is lovanii graphical interface.

A typical environment using the command line provided by the shell running in the computer system. Typically the command-line environment provides a few basic commands that the administrator can perform. For more complex tasks a typical command-line environment allows to organize a "pipelining" teams, which means that two or more commands can be entered on the same command line, and the results of each command is organized in the form of a "pipeline" or via the following command piped.

Despite the popularity among administrators, to date there has been little attention to, to make a command-line environment in a more convenient and more powerful, in particular, to administer the remote system. For example, the administrator often needs to perform some actions on the remote computer, or you must use the information gathered from one or more remote computers. However, even relatively simple tasks become daunting when you want remote control. In addition, due to the complexity of computing systems of the prior art it is necessary to redefine the meaning of the word "remote". For example, currently, the ' remote ' system can represent another process done is decomposing on the same computer, although existing command-line environment ignore this situation.

To date, the command-line environment, which would provide a complex administer the remote system was not available for professionals in this field.

The invention

The invention is directed to mechanisms and technologies designed for the complex management of the remote system. In short, the command-line environment is configured to accept a command line that includes many remote sites. The command-line environment is configured to establish a session, which can be constant for each remote site, and allows you to initiate the execution of remote commands on such nodes, the session may be assigned to a variable, and remote execution can be performed simultaneously. The results of the remote execution take, and they can be grouped in an array. The command-line environment can distribute the task establish sessions with other systems to improve performance.

Brief description of drawings

Figure 1 shows the functional block diagram generally illustrating a computing environment that allows for the use of the mechanisms and techniques described in accordance with the present invention.

Figure 2 shows the functionality of the nye block diagram, detail illustrating the operation of the command-line environment, introduced in figure 1.

Figure 3 shows a functional block diagram of the hierarchical topology of computer systems in a network environment that can be managed using this shell command line.

Figure 4 shows the logical sequence of operations, generally illustrating the steps that may be performed by a process for remote execution of at least part of the command-line instructions.

Figure 5 shows the logical sequence of operations, generally illustrating a process designed to improve the operating characteristics of the environment the command line when issuing a remote command in a large number of remote devices.

Figure 6 shows an example computing device that may use the illustrative environment of the command line.

A detailed description of the preferred option implementation

The following detailed description refers to one illustrative variant execution environment command line to execute remote commands. This description is intended for illustration only, and should not be construed as the only possible way of carrying out the invention.

Figure 1 shows the functional block diagram, generally illustrating a computing environment 100, which uses the mechanisms and technologies described in accordance with the present invention. Here are a few computer systems connected by a network 110. In particular, the network 110 connects the computing system administrator 112 with multiple remote computing systems (e.g., remote computer 120, the remote computer 121 and the remote computer 122. Several computer systems can be a part of the computer network of the enterprise or any other environment that you are administering the network. The remote computing system may be physically located anywhere.

The network 110 may represent any mechanism that interconnects various computing systems, such as a local area network, global computer network or the Internet. Each of the remote computing systems may be a separate computing system used by the end user, such as an employee of the company or the subscriber.

The administrator 112 is a computing system used by a system administrator or similar person, to maintain the computing environment 100. In other words, the administrator 112 issues a command and performs tasks that can send a status request or the status of other computing systems in the computing environment, and makes the change in od is Oh or more other computing systems. The administrator 112 may also request or change the state of the network 110. The administrator 112 includes a run-time environment that supports one or more processes, such as process And 113 and the process 114. Each process is leading, at least for one program or application. In addition, a single process (for example, the process And 113)may be a major process for one or more applications, such as applications Arr 115 and Arr 116. Applications are a relatively new mechanism that allows you to run multiple applications in the same process, while being isolated from other application programs. The application domain is a logical and physical boundary created by the running environment of the application program. Each area of application eliminates the influence of other application programs running in other areas of application, its configuration, security, or stability of its respective applications.

Each computing system in a computing environment 100 supports a command-line environment, which implements the described mechanisms and technologies. As described in more detail below with reference to figure 2, the administrator 112 includes a command-line environment, which allows the floor the user to execute commands locally, or remotely. The administrator 112 is configured to establish a session between your local environment command prompt (also called "shell"), and any one or more remote systems. In this embodiment, the remote system includes a remote computing device (e.g., the remote computer 120), as well as other processes or applications in the local computing system (that is, in the administrator 112). In line with this, unlike existing systems, the user administrator 112 may connect to and remotely execute commands on remote computing devices, or other processes or applications on the local computing device. In addition, the administrator 112 creates a separate session for each remote system and, thus, initiates the command for simultaneous execution on multiple remote systems that were not provided previously.

Figure 2 presents a functional block diagram illustrating in more detail the work environment 200 of the command line that was introduced in figure 1. Figure 2 presents the administrator 112 and multiple remote systems 201. In this example, two remote systems (that is, the remote computer 120 and the remote computer 121) are remote computing condition the device. In contrast, another remote system (for example, the remote system 220 N) can be another process on the local computer that executes the program in another application area of application, or the like. With this embodiment, the administrator 112 performs remote administration remote systems 201.

Each remote system includes several "commands" (for example, cmds 222). Teams are a relatively small pieces of code that are used to perform system administration tasks. Examples may include the command "process"to identify each process running on the computing device, the command "dir" to identify files in the directory on the computing device, and many others. However, these commands may include any executable component on a remote system.

Each of the remote system 201 also includes a remote agent (for example, the agent 224), which is a component that responds to remote requests to perform one or more commands (e.g., cmds 222). In addition, the agents are configured to take the results of executing one or more commands and create a package that is returned to the requesting device. In one embodiment, these packages provide the Lena in the form of a transmitted serial object which includes the execution results, and meta-information such as the date and time of the call identifying information about a particular remote system, from which were issued the results, and information about the requesting object. This and possibly other information United in the return package 226 for transmission back to the requesting object (for example, the administrator 112).

The administrator 112 includes components that support the environment 200 command line. More specifically, the administrator 112 includes a team of 250, similar to commands, resident on remote systems that are used in system administration. Operations management environment 200 command line run through the mechanism 251 engine, which is configured to control the flow of transactions and information between each of the multiple components and between the administrator 112 and each remote system 201. Kernel mechanism allows you to accept user input (for example, through the shell or a similar tool) in the form of command-line instructions, and to perform an action in accordance with them. The specific format for such a statement is a command-line and technology of its processing are described in more detail below.

In addition, the environment 200 command line includes the function Manager 253 session. The environment 200 commands the second line configured to run remote commands on multiple remote systems. To this end between the administrator 112 and any remote systems 201, identified in the instruction command line is different "session". "Session" 230 represents a connection between the administrator 112 and associated remote systems 201. In response to the instruction of the command line that refers to the remote system Manager 253 session interacts with the agent (e.g. the agent 224) on a remote system, to call the process on the remote system and to create a connection with this process. Such a connection is called a "session". One or more sessions can be set from the command line using a specific command, for example, in this form:

$C=new/session-node N1, N2, N3-creds {XXX}-session yes.

In this example, the phrase "new session" indicates that there should be created a new session. The parameter "-node N1, N2, N3 indicates the nodes (remote systems)for which you are creating the session(s). Alternatively, instead of the "-nodes", can use the parameter "-workerprocess"to create a session for an alternative process on the local machine, or the parameter "-appdomain can be used to create a session for another application program to another application in the same process. The parameter "-creds {XXX}" identifies any specific credentials used to connect to the remote system 201. And finally, the option "-session yes" is used to specify whether to continue the session or not. The continuation of the session is used when multiple commands can be invoked remotely using various command lines. In contrast to previously known systems, the session allows you to reuse the remote process for a variety of command-line instructions. This ability improves automated administration and execution of the script.

Referring again to the example command line above, you can see that using the syntax "$From=", together with the creation of a new session, assigns a new session variable "$" environment. Variables 275 environment, in essence, represent variables that are supported by the shell, which were made available for other tasks and are often used for sharing information between processes or application programs. By assigning a session environment variable, various commands can make use of the session by mere reference to an environment variable. In addition, since a single session can include connections to multiple remote systems, multiple commands can be served by filing them into a single environment variable, which, thus, makes it easy to perform larger ("1:many"administrative for the Ah. Below is an illustration of a command line that can be applied to the use of this feature:

$A=rcmd $C get/process.

This example builds on the previous example, calling a remote command (rcmd) get/process on remote systems with the session identified in the variable "$" environment. In accordance with the above command line, each remote command is initiated at the same time. This property represents a significant improvement compared to existing command-line environments, which would require the programming cycle or perform similar operations to run the command in each remote system. Thus, the technology, in accordance with this variant of execution, provides improved performance while processing a command, instead of having sequential execution of each remote command.

In addition, the results of each individual remote commands are combined into the variable "$A" environment with an aggregator 255. In other words, when one remote system, the connection of which is indicated in the session"$", returns your return package (for example, the return package 226), aggregator 255 includes data in the specified environment variable, in this case "$A". Thus, subsequent commands and tasks have access to the result of the m command in many remote systems. The results recorded in a variable environment in the form of a packaged array. Aggregator 255 reduces the information that associates the source of each packet with the results from the specific index in a variable environment. Thus, components of environment 200 command line can easily access the results of each device, each process or each area of application, if required or necessary. In one embodiment, the access to aggregated results can be done synchronously, for example, when all returned results. Alternatively, access to the results may be provided via environment variable, as they are received.

Similarly, the mechanism 251 engine allows to enforce the command line in resegregation, so the team can have access to the results of remote execution, as return results. For example, if the user is interested in to determine any of the multiple remote computing devices, in which there is an excess of a certain amount of free memory, in this case, the command may accordingly be terminated after will be found the first such device. In this case, the aggregator 255 and mechanism 251 nuclei can interact so that h is on the evaluation of results will be performed asynchronously. The information about the source of the results is still available.

Consider the case when the command is designed to run on a very large number of remote devices, perhaps hundreds or even thousands of devices. In this case, it may be preferable not to initiate concurrent execution of all these commands. At the same time to improve performance, you can use the function 257 "valve". Valve 257 interacts with the mechanism 251 kernel and possibly with the Manager 253 session to limit the number of connections that are made during the session, which prevents network congestion or resource administrator 112. For example, the parameter "-throttle 50 you can use the command line to specify that not more than 50 connections can be active at a time. This improvement helps to prevent overloading of resources administrator 112 or network. Alternatively, the valve 257 may also interact with other mechanisms related to performance, to control the impact on performance when the remote command execution. For example, the valve 257 can interact with the QOS mechanisms (KU, quality of services) to limit the impact on network bandwidth. In addition, the valve 257 may be configured to communicate with each deletion is authorized agent for regulating impact on the performance characteristics of each remote system, for example, CPU or storage device, or the like.

Figure 3 shows a functional block diagram of the hierarchical topology 300 of computing systems in a network environment, the administration of which can be controlled using command-line environment described above. You can imagine that the system described above can be used to issue remote instructions in a very large number of remote devices, for example, included in the network of a large enterprise. To this end, the system command-line implements a hierarchical topology 300 to avoid overloading the administrator 112 in the case of a large number of connections.

As shown, the topology 300 includes the administrator 112 and distributed network computing devices 301. Distributed network 301 includes a hierarchical structure with the first level 310 of the computing device, consisting of a server (i.e. server And 302, the server 303 and server 304), each of which controls a group of computing devices on the second layer 312. One or more computing devices of the second level (for example, the server 361 D) may, in turn, have their own child device, located on the third level 314, and so forth. Distributed network 301, shown in figure 3, is represented only in the quality of the ve illustrations, and it should be understood that a complex network can contain multiple levels of servers, and thousands of computing devices.

In this embodiment, the multiple computing devices in a distributed network 301 includes components (e.g., the agent 308), which can interact together with the administrator 112 to facilitate the distribution of work related to the execution of the command instructions. More specifically, the instruction command line passed to the administrator 112 may affect a very large number of computing devices in a distributed network 301. Accordingly, the administrator 112, instead of locally to initiate all connections required for complete instructions, distributes the task among multiple child devices in a distributed network 301. This distribution can be accomplished in at least two ways.

First, when the administrator 112 does not have information about the schema of a distributed network 301, such administrator 112 may issue an instruction to execute the commands in each server on the first level 310, with additional instructions run this command on each of their subsidiaries devices or any of their respective subsidiaries devices that are identified in the set of matching nodes. Thisway, the task actual start of each connection is distributed to other computing devices. Computing device at the first level 310 may further delegate some of the tasks in the slave computing device residing on the second level 312, for example, the server D 361.

Secondly, in the case where the administrator 112 has information about the layout of a distributed network 301 and can identify which servers drive each of the boundary nodes, the administrator 122 may divide the team into subcommands for each branch of a distributed network 301, containing the involved nodes. Then, the administrator 112 delivers these subcommands directly to the controller of the involved nodes. In essence, this technology allows the administrator 112 to support the management in respect of which server or node in a distributed network 301 actually performs the command statement. In addition, this technology simplifies the task performed by subordinates computing devices, due to the fact that they do not need to determine whether they are involved in the child device.

It should be noted that each of these technologies is simplified due to the fact that the returned results (see figure 2) contain sufficient information to identify the source of the result is in and command instructions to which these results apply. In the absence of such information, the administrator 112 and each delegate to the device, it would require coordination to ensure the comparability of results returned from a particular node, in the case when such information is required.

Figure 4 shows the logical sequence of operations, generally illustrating the steps that may perform process 400 for remote execution of at least part of the command-line instructions. The process 400 begins at step 401 where the runtime command line enters the command line. Although any runtime command line, suitable for embodiments of the described technology is acceptable, the command-line environment, as described in co-pending application No. 10/693785 for U.S. patent entitled Administrative Tool Environment, filed October 24, 2003, is particularly suitable for this purpose. That is, this patent application U.S. and fully given here as a reference.

At step 403 determines that the received command string includes at least one command that is used for remote execution in one or more remote systems. Remote execution means executing at a remote computing device, in another process in the local computing device, or in other applications in the same local process.

In steps 405 and 407, the command-line environment initiates continuous session for each identified remote system and executes a remote command on each remote system. Alternatively, you can use a single session, which includes separate connections to each remote device. As noted above, the environment variable can be assigned a persistent session. In addition, each connection in the session may be sequentially or simultaneously caused to execute a remote command. Improving the operation of these stages are presented in figure 5 and described below.

At step 409 receives the results of the remote command execution. As noted above, these results can be presented in the form of the returned package or transmitted in serial form object, which includes the execution results, and other identifying information related to a remote host that executed the command, etc.

Figure 5 shows the logical sequence of operations, generally illustrating a process 500 that is designed to improve performance shell command line when issuing a remote command in a large number of remote devices. The process 500 begins at step 501 where the command line is divided into many subcommands on the basis of information related to what is involved nodes is controlled by what controller in the set of controllers. Then, in step 503, each subcommand is passed into each of the identified controller for those involved nodes managed by specific controllers. Finally, at step 505 the results coming from each controller, agregation. Since each of the results includes information about the node is the source, at the stage of mounting is not lost valuable information about which node generated these results, if such information is required.

The command-line environment, described above, has several advantages compared to existing systems. The possibility of continuing the session allows re-use remote processes for many teams. Multiple commands can be aggregated in one session, which allows to provide a simple simultaneous processing remote commands without having to use worker threads, or similar instrument. And the task of executing a remote command can be distributed to other systems to improve performance. These and other advantages apparent to experts in the field of technology.

Figure 6 presents an example computing device that can be used in the example environment command page is key. In the most basic configuration, computing device 600 typically includes at least one processor 602 and system memory device 604. Depending on the exact configuration and type of computing device, system memory device 604 may be volatile (such as RAM), non-volatile (such as ROM, mass storage device type, flash, etc. or some combination thereof. The system storage device 604 typically includes an operating system 605, one or more program modules 606, and may include program data 607. Operating system 606 includes infrastructure 620 on the basis of components that supports components (including properties and events), objects, inheritance, polymorphism, reflection, and provides an object-oriented application programming interface (API, API)based on components, such as NETTMFramework, produced by Microsoft Corporation, Redmond, Washington. Operating system 605 can also include environment 200 command line, such as described above. This basic configuration is shown in figure 6 components shown inside the dashed line 608.

Computing device 600 can have additional properties or functional blocks, for Example, computing device 600 may also include additional data storage devices (removable and/or non-removable)such as, for example, magnetic disks, optical disks or tape. Such additional devices represented at 6 in the form of removable storage device 609 and non-removable storage device 610. Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented with the use of any method or technology designed to store information such as machine-readable instructions, data structures, program modules or other data. The system storage device 604, a removable storage device 609 and non-removable memory 610 are examples of computer storage media. Computer storage media include, without limitation, RAM, ROM, EPROM memory devices like flash or memory device built using other technologies, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other media that can be used to store the desired information, access to which can is t to be provided by computing device 600. Any such computer storage media may be part of the device 600. The computer device 600 may also have input device(s) 612, such as a keyboard, mouse, pen, voice input device information, the touch input device information, etc. Output device(s) 614, such as a display, speakers, printer, etc. may also be present. Such devices are well known in the art, and it does not require a detailed description.

The computer device 600 may also contain compounds 616 data that allows the device to provide communication with other computing devices 618, for example, over the network. Connection 616 data represent one of the examples of the transmission medium. Environment data can usually be embodied in the form of machine-readable instructions, data structures, program modules or other data signal, the modulated data, such as fluctuations of the carrier frequency, or using a different transport mechanism, and includes any medium of information transfer. The term "signal, the modulated data signals, one or more characteristics which change or set so as to ensure the ability to encode information in the signal. In the operation of example, and without limitation, communication media includes cable environment, such as a cable network or direct cable connection, and wireless environments, such as acoustic, RF, infrared and other wireless environments. Used herein, the term " carrier, readable by a computer, includes as media for storing information, and media for data transfer.

Although the above detailed description of specific embodiments and embodiments, this detailed description is intended to meet the prescribed rules of description and not for limitation of the following claims. Thus, the present invention, as defined by the claims, is not limited to the specific features described above. Instead, the present invention claimed in any of its forms or modifications which are within the appropriate scope of the applied claims, appropriately interpreted in accordance with the doctrine of equivalents.

1. Machine-readable media containing executable computer instructions that allow for the remote execution of commands, and instructions include:
the reception command-line instructions, including a remote command, and remote command Ident is Viceroy an executable task, designed to run on the remote system;
initiating a session, at least two remote systems;
the purpose of each session environment variable configured so that multiple commands can use this session by referring to the environment variable, and
the urge to simultaneously execute a remote command on each of the at least two remote systems, including the submission of a remote command in a single environment variable.

2. Machine-readable media according to claim 1, in which the session holds the connection between the system, which was adopted by the instruction command line.

3. Machine-readable media of claim 1, wherein the session is initiated as a permanent session, which is available for the following remote commands.

4. Machine-readable media according to claim 3, additionally containing the reception of the second command-line instructions that includes a second remote command, and the urge to do a second remote command using persistent sessions.

5. Machine-readable media of claim 1, wherein the remote system includes a remote agent, configured to return information to the local system, and the information includes at least one of: results of the execution met the information and the information about the remote system, from which were issued the results.

6. Machine-readable media of claim 1, wherein the remote system includes an alternative process.

7. Machine-readable media of claim 1, wherein the remote system includes an alternate area of the application that resides in the local computer system.

8. Machine-readable media of claim 1, wherein prompting a remote command contains a delegation of the stage, prompting a remote command to the controller associated with the subset of the at least two remote systems.

9. Machine-readable media of claim 8, in which each of the at least two remote systems contains a node in the hierarchical network topology, and the controller stores the position in the hierarchy between the subset of the at least two remote systems and system receiving an instruction command line.

10. Machine-readable media of claim 1, wherein the remote command is executed simultaneously in each of the at least two remote systems.

11. Machine-readable media according to claim 1, additionally containing an aggregation of results of execution of each remote command.

12. Machine-readable media according to claim 11, in which the aggregate results in the array.

13. Machine-readable media according to claim 11, in cat the rum results include information which identifies the remote system from which these results were received.

14. Running on the computer way of remote command, containing the steps:
welcome in the local system, the first command string that identifies the remote system;
the urge to create a session between the local system and the remote system, and the session includes a connection to a remote process resident on the remote system;
the purpose of the session environment variable configured so that multiple commands can use the session by reference to an environment variable,
filing a remote command in a variable environment to encourage a remote command in the remote process and
storing the results of execution of remote commands in an environment variable associated with the session.

15. Running on a computer the method according to 14, further containing a supply of the second remote commands in an environment variable to urge the second remote command to run remote commands in a remote process, and storing the results of the second run remote commands in an environment variable.

16. Running on a computer the method according to 14, which prompted the creation of the session includes the creation of an environment variable and makes available a variable to al the other tasks.

17. Executed on a computer a method according to clause 16, in which the first command line further comprises a parameter that identifies the environment variable associated with this session.

18. Running on a computer the method according to 14, in which the step of prompting the creation of the session further comprises the distribution of the burden of initiating a connection with another computing device other than the local system.

19. Running on a computer the method according to 14, in which the command line is optional identifies the data access rights for use when creating a session between the local system and the remote system.

20. Machine-readable storage medium containing executable computer instructions designed to perform the method according to 14.

21. Machine-readable storage medium containing executable computer components, comprising:
Manager session, designed to create and maintain a session between the local system and one or more remote systems, each session can provide hosting for a variety of connections between the local system and remote systems;
the purpose of each session environment variable configured so that multiple commands can simultaneously use each CE is NS by reference to an environment variable, and
filing a remote command in a variable environment to encourage a remote command to one or more remote systems;
aggregator made with the possibility of receiving the results of the remote execution of commands, and each of these results is associated with the remote system, and aggregator, also made with the possibility of aggregating the results into an array; and
the valve is made with the possibility of restrictions on the query the number of active connections in each session.

22. Machine-readable storage medium according to item 21, in which each of the results in the array associated with the remote system from which these results were obtained.

23. Machine-readable storage medium according to item 21, wherein the aggregator is additionally made with the possibility of availability results in desegregation.

24. Machine-readable storage medium according to item 21, wherein the aggregator is additionally made with the possibility of mounting results in a variable environment associated with the session established by the session Manager.

25. Machine-readable storage medium according to item 21, in which the valve is additionally made with the possibility of interaction with other mechanisms based on performance, to control the impact on the performance characteristics of the, provided remote command execution.

26. Machine-readable storage medium according A.25, where other mechanisms based on performance, contain a mechanism of quality services.

27. Machine-readable storage medium according A.25, where other mechanisms based on performance, include the agent on the remote system, which is designed to control the impact on the resources of a remote system.

28. Machine-readable storage medium according to item 21, further containing a kernel mechanism that is configured to control the flow of information in each of several components.

29. Machine-readable storage medium according p, in which the kernel mechanism is additionally configured to delegate the task of initiating a session to another system in the hierarchy of remote systems.

30. Machine-readable storage medium according to item 21, in which the remote system includes a remote agent is configured to return information to the local system, and the information includes at least one of: the results of implementation, meta information, and information about the remote system from which were issued the results.

31. Machine-readable storage medium according to item 21, in which the remote system contains alternative is passive process.

32. Machine-readable storage medium according to item 21, in which the remote system contains alternative applications.



 

Same patents:

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to planning of access to storage device and more precisely to prevention of operation of program, which is performed from monopolization of access to memory device. System for control of access to memory device comprises the following components: facility for classification of processes, which have access to memory device as high-priority and low-priority processes; facility for control of memory device activity, which follows requests for access from high-priority processes to memory device, and facility for suspension of access of low-priority processes to memory device on the basis of activity of access to memory device of high-priority processes. For control of activity of high-priority processes access counter is used, at that request of memory device increases counter condition, and response from memory device reduces counter condition, and access is presented to memory device for low-priority processes, when counter condition is equal to zero.

EFFECT: possibility to provide access to applications that intensely use memory device, without delay in functioning of other applications in computer.

15 cl, 7 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to processing multimedia data in a computing environment. On the data carrier, there are commands executed by the computer, providing for an interface for communication with the demultiplexer component, dividing the multiplexed multimedia stream into elementary streams. The interface contains commands for initiating the demultiplexer component and its configuration. There is dynamic installation of a descriptor of active presentation with regard to the demultiplexer component. The new input multiplexed stream is transmitted in form of input samples into the demultiplexer component. The above mentioned active presentation is extracted, in accordance with the active presentation descriptor of at least, one elementary stream, and then transmitted in form of output samples. The samples currently in the input and output queues are cleared.

EFFECT: enabling a user to consistently use data of a multiplexed stream, for example DV, for generating elementary stream data, including audio and video (compressed and uncompressed), and provision for use of demultiplexers as independent components.

21 cl, 7 dwg

FIELD: physics, computer facilities.

SUBSTANCE: invention concerns content delivery, in particular, to its fill. System of fill of content includes site of content, the supplier of content and the third party. The content site represents a window which shows course of fill of file of content, represents additional content while the content file is loaded, and gives possibility of a select of an additional content. The supplier of content serves as server-source for content file. The third party accepts the information on file of content and gives additional content.

EFFECT: expansion of functionality.

23 cl, 15 dwg

FIELD: information technology.

SUBSTANCE: present invention relates to the mechanism of digital rights management (DRM), and more specifically, to the method and apparatus for sharing content between domains with different DRM. The first DRM-device comprises an unpacking resource for unpacking the contents formatted with first DRM, into clean resources, metadata and rights expression; conversion means for transforming each of the clean resources, metadata, and the expression of rights in its own predefined neutral format, respectively; means of forming neutral-formatted contents, combining the converted resources, metadata and rights of expression, adding to the pre-defined header information; and transferring means for transmission of neutral-formatted contents of the second DRM-mentioned device. The second DRM-device comprises means of extracting the clean resources, metadata, and the expression rights of the neutral-formatted contents, transferred from the above mentioned first DRM-device, and means of packing of the extracted clean resources, the metadata and expression of the rights in the contents formatted with second DRM.

EFFECT: more functional capabilities.

26 cl, 8 dwg

FIELD: information technology.

SUBSTANCE: present invention relates to the identification of an executable file, or another beneficiary for determining the credibility of the resource object so that this object can provide a resource for the executable file. Resource is received from the resource provider for a resource requester, which functions on a computer device. The resource requester has an associated identifier descriptor. The identifier descriptor includes information related to security, giving the environment in which the resource requester operates. An identification code (ID code) is generated in accordance with loaded resource requester and the loaded identifier descriptor, based on the loaded resource requester and the loaded identification code. The resource provider makes sure that the calculated id-Code in request for a resource coincides with one of one or more valid id-Codes for the identified resource requester, so as conclude, that resource requester and identifier descriptor can be trusted, and the resource provider responds to the request by providing the resource requester with the resource.

EFFECT: invention can increase the credibility of executable files, or other recipient of the resource by the resource providers.

36 cl, 4 dwg

FIELD: physics, computation technology.

SUBSTANCE: invention concerns method and device of digital rights management. When authorisation on server is not accessible, operations with minimised risk are allowed by implementation of internal authorisation scheme. Authorisation method for operation to be performed on digital element involves definition of first operation group members including first predetermined group of operations on digital element, and second operation group including second predetermined group of operations on digital elements; comparison of predetermined operation to be performed on digital element to operations included in each indicated operation group; external authorisation with access to authorising server if operation belongs to first operation group; internal authorisation by device if operation belongs to second operation group; and authorisation of operation to be performed on digital element if one of listed authorisations brings positive result.

EFFECT: enhanced security level of operations with digital content.

13 cl, 5 dwg

FIELD: information technologies.

SUBSTANCE: data of serial interface for detection of dual-in-line memory module (DIMM) presence in electronically erasable programmable read-only memory (EEPROM) is encoded using closed key of motherboard with which this dual-in-line memory module (DIMM) is to be used, so that only basic input-output system (BIOS) of specified motherboard could decode presence detection serial (SPD) interface data to complete downloading.

EFFECT: improving protection of computer system integrity by blocking the use of memory modules retrieved from original motherboard in another motherboard.

15 cl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to protection systems. Unit of protection and method realise requests for data from USB device or other similar device, at that protected component may realise protected communication to device without variation of underlying USB bus protocol, or device, even where software that controls the bus is not trusted. Protection unit (physically separated or integrated in device or concentrator) intercepts data transmitted from device into protected component in response to request for data. Signal of data reception confirmation unavailability is transmitted into protected component, and data are coded. The following request for data is intercepted, and coded data are sent in response. Confirmation of data reception from protected component in device is allowed to reach the device. In order to process request for installation, permit command that contains coded and decoded installation command is sent to protection unit. If coding is checked successfully, then installation command sent to device (via protection unit), is allowed to reach the device.

EFFECT: provision of improved protection.

32 cl, 6 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to methods and devices for performance of operation requested by user over content element. Invention is intended for authorization of operation requested by the first user over content element on the basis of user right. User right may identify the first user or second user and authorise performance of requested operation by user over content element. If user right identifies the second user, then operation is authorised on reception of information on relation of the user right of the first user and user right of the second user. It is preferable that information consists of one or more domain certificates that identify the first and second users as members of one and the same authorised domain. It is preferable that right for content is used, which permits the operation, at that user right authorises performance of right for content by the second user.

EFFECT: provides control of rights for content for groups of people on the basis of persons, not devices.

19 cl, 3 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to control of generation of cryptographic keys in an information media, comprising a party which generates the key and distributes the key information for the party using the key. Through a given unilateral function of deriving keys, a relationship between key generations is determined, which is such that, earlier generation of keys can be more efficiently derived from later generation, but not the opposite. Each time, when necessary, the party using the key iteratively receives the given unilateral function of deriving keys for outputting the key information of at least, one previous key generation from the key information of new key generation. That way, memory requirements for the party using the key can considerably be reduced.

EFFECT: protection of data during recording.

32 cl, 6 dwg

FIELD: physics, computer facilities.

SUBSTANCE: invention concerns an information processing device, system and method of updating of the software. When user computer 103 sends the identifier of the user to central computer 102, central computer 102 orders to user computer 103 to gain the URL-address of field of 104 storages of modules which corresponds to the identifier of the user and stores modules which the user should gain. User computer 103 provides access to field of storage of modules by means of the URL-address, gains the list of modules, and compares the list to modules which are placed by the current moment on it, and the solution on makes, whether it is necessary to gain modules. If the solution on necessity of reception of modules, the user computer 103 recurringly is accepted access provides to field of storage of modules and gains the module.

EFFECT: simple and convenient updating of the software and simultaneous decrease of load on users, suppliers of the software and the central computer.

11 cl, 17 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns network management, particularly system and method of principal identification in network environment. Improved network architecture applies superauthorised unit holding identification data catalogue for forwarding request identification tasks to logical input of relevant authorised units. Identification tasks can be implemented by authorised units over name space boundaries if superauthorised unit prescribes so, resulting in principal account transition without account ID change. Version of invention implementation identification data catalogue containing a list connecting account identifiers to the relevant identifying authorised units.

EFFECT: possible transition of principals over security boundaries without changing account identifiers and resource protection level.

25 cl, 8 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns method of first radio communication network (WLAN) user identification and payment charging for services of communication between user device (laptop) and first radio communication network (WLAN), involving use of mobile radio communication system including mobile station (MS) and mobile radio communication network (PLMN). User and/or mobile station (MS) identification data is transmitted by user device (laptop) from first radio communication network (WLAN) to mobile radio communication network (PLMN), or mobile station (MS) sends information request signal to mobile radio communication network (PLMN) for access to first radio communication network (WLAN). In response, mobile radio communication network (PLMN) sends charged short message to mobile station (MS), containing information on access to first radio communication network (WLAN). Payment charging for communication between user device (laptop) and first radio communication network (WLAN) is performed by charging for short message in mobile radio communication system.

EFFECT: possible user identification and payment charging for the use of first radio communication network (WLAN) without involving new equipment and additional investments.

8 cl, 3 dwg

FIELD: physics; communication.

SUBSTANCE: present invention relates to data transfer networks. The essence of the invention lies in requesting activated property (325) in wireless device (300). Property (325) comprises extra functions and services, which supplement capabilities of wireless device (300) or become accessible to it, such as voice mail, speech recognition, properties of MPEG file format and access to the data transfer channel or increase in rate of data transfer. Wireless device (300) loads component (305) from load server (315), which has a logic device, so as to configure the wireless device (300), as well as server (325) of the service provider, for activation of property (325). Requested property (325) can be related to expiry of a period or some other licensing condition. After the expiry period, wireless device (300) and/or server of the service provider reconfigures, so as to deactivate property (325).

EFFECT: simplification of the interface for adding services.

19 cl, 5 dwg

FIELD: physics; communication.

SUBSTANCE: present invention pertains to wireless communication. The result is achieved by that, the wireless device selectively sends data on capabilities of the wireless device to an application program loading server and that server selectively determines access to one or more application programs, based on data on capabilities of the wireless device, attempting to gain access.

EFFECT: provision for adequate data on capabilities of a wireless device to a service supplier without complicating manufacture of the wireless device.

46 cl, 6 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns identification, particularly delimiting user access to subareas of network area. Effect of enhancement of network system resistance to unauthorised actions of malicious users intercepting cookie files is achieved by the use of first cookie file for identification in network area, such as World Wide Web domain, and use of second cookie file for identification in subarea of network area. When a user attempts to access network area or subarea, network area server identifies the user by obtaining pre-stored cookie file from user computer and checking the file validity for network area. After identification by validity check a cookie file for subarea of network area is generated for the user and sent to the user computer. When a user attempts to access subarea of network area, the cookie file sent to the user computer for the subarea is received and checked for validity in order to identify user for the subarea.

EFFECT: enhanced resistance of network system to unauthorised actions of malicious users.

40 cl, 4 dwg

FIELD: physics, computer technology.

SUBSTANCE: invention concerns system and method of modification application to files consisting of multiple parts. Method of implementing modification involves receiving request for access to a stream in file consisting of multiple parts, identification of modification list related to the stream upon receiving request, the list also included to file consisting of multiple parts, and implementation of listed modifications before implementing the request. If recoding is requested data are encoded, and if reading is requested data are decoded. Modification list depends on the order of required modifications and includes data structure with first stream including display for stream comparison to the name of modification list, second stream listing each stream modification, third stream for identification of information related to each listed modification.

EFFECT: possible automatic extraction of auxiliary objects, solution of problems arising therewith by a single addressing main object.

27 cl, 5 dwg

FIELD: physics; computer technology.

SUBSTANCE: present invention pertains to computer technology. The computer makes an authentication attempt at the server for automatic access to the first network. The server determines that the computer system is not authorised to access the first network. The computer system is authorised to access the second network with the objective of loading files, required for gaining access to the first network. A user interface is automatically provided in the computer system, for receiving the user-supplied signup information. The first document, based on a given layout which contains the user-supplied information, is sent to the server. If the server determines that, the user-supplied information is acceptable then a second document is received, which contains of an instruction for authorising access to the first network. The computer system provides a third document for compatible configuration of the computer system to gain access to the first network.

EFFECT: higher level of automation during initialisation and configuration of a computer system for accessing a network.

32 cl, 4 dwg

FIELD: information technologies.

SUBSTANCE: cooperative server-based invocation is run by e-mail. When user creates e-mail message with attachments, web-site for cooperative invocation is provided. Web-site for cooperative invocation allows to message receivers for cooperative attachment invocation. Thus user scores both advantage of cooperative e-mail attachment invocation usability, and advantages of server for cooperative invocation.

EFFECT: simplified system and cooperative server control method.

42 cl, 3 dwg

FIELD: information technologies.

SUBSTANCE: when the client requests attribute requiring server resources, the server receives client request and confirms the reception, but the client is disabled to use required attribute till the next server guide. E.g. during authorisation the server allocates minimum resources only required to maintain session and client authorisation. Thereafter the server allocates resources required to maintain client request, as soon as resources are available. Heretofore the server maintains communication session without ensuring request. Thus the server follows the resources instead of transmitting them respecting client interests. Besides it is not required to reapply client request if the server cannot solve it immediately, instead the server receives request and then starts to ensure it later as soon as related resources are available.

EFFECT: server is optional to maintenance to delay allocation by client request.

40 cl, 10 dwg, 1 tbl

FIELD: information technology.

SUBSTANCE: opportunity of realisation of wireless communication, and computing platform with a constantly placed platform of applied software for selective loading of applications on a platform on a network of wireless communication with a preliminarily defined protocol of protection for the loading and performance of applications on a platform, such as the verification of the presence of the certificate. The manager of the load is constantly placed on a computing platform and provides an opportunity of loading, storage and performance of applications which do not correspond to the preliminarily specific protocol of protection.

EFFECT: possibility of loading applications which are non-verified and which don't correspond.

21 cl, 4 dwg

Up!