System and method for supporting dynamic offloading of video processing for user account management in a computing environment

US 9,166,897 B1
Filed: 09/24/2014
Issued: 10/20/2015
Est. Priority Date: 09/24/2014
Status: Active Grant

First Claim

Patent Images

1. A method for supporting privileged account management in a computing environment comprising a privileged account manager server and a target system wherein a plurality of users share access to a privileged account on the target system, the method comprising:

providing a privileged account manager operating on the privileged account manager server;

providing a recording agent operating on the target system;

receiving at the privileged account manager a request to access said privileged account on the target system from a particular user of the plurality of users;

providing said particular user with one-time access to a privileged account session for said privileged account on the target system in response to said request wherein said one-time access is terminated when said privileged account session is ended;

detecting establishment of said privileged account session for said privileged account on the target system with the recording agent;

in response to said detecting, capturing with the recording agent, a plurality of user session screens associated with said privileged account session;

initiating, via the recording agent on the target system, a video processing task, wherein the video processing task encodes the plurality of user session screens captured by the recording agent into a video;

determining with said recording agent whether a resource usage for performing the video processing task on the target system exceeds a threshold;

dynamically offloading the video processing task to the privileged account manager server, if the resource usage for performing the video processing task on the target system exceeds the threshold; and

storing said video on said privileged account manager server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method can support user account management in a computing environment. A managing server, such as a privileged account manager server, can use an agent to manage a target system in the computing environment. The agent on the target system can initiate a video processing task based on a plurality of user session screens recorded on the target system, wherein the video processing task encodes the plurality of user session screens into a video. Furthermore, the agent can determine whether a resource usage for performing the video processing task on the target system exceeds a threshold. Then, the agent can dynamically offload the video processing task to a managing server that operates to manage the target system, if the resource usage for performing the video processing task on the target system exceeds the threshold.

35 Citations

View as Search Results

30 Claims

1. A method for supporting privileged account management in a computing environment comprising a privileged account manager server and a target system wherein a plurality of users share access to a privileged account on the target system, the method comprising:
- providing a privileged account manager operating on the privileged account manager server;
  
  providing a recording agent operating on the target system;
  
  receiving at the privileged account manager a request to access said privileged account on the target system from a particular user of the plurality of users;
  
  providing said particular user with one-time access to a privileged account session for said privileged account on the target system in response to said request wherein said one-time access is terminated when said privileged account session is ended;
  
  detecting establishment of said privileged account session for said privileged account on the target system with the recording agent;
  
  in response to said detecting, capturing with the recording agent, a plurality of user session screens associated with said privileged account session;
  
  initiating, via the recording agent on the target system, a video processing task, wherein the video processing task encodes the plurality of user session screens captured by the recording agent into a video;
  
  determining with said recording agent whether a resource usage for performing the video processing task on the target system exceeds a threshold;
  
  dynamically offloading the video processing task to the privileged account manager server, if the resource usage for performing the video processing task on the target system exceeds the threshold; and
  
  storing said video on said privileged account manager server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, further comprising:
    - transmitting at least some of said plurality of user session screens to said privileged account manager server for encoding in response to dynamically offloading the video processing task.
  - 3. The method according to claim 2, further comprising:
    - using the privileged account manager server to encode said at least some of said plurality of user session screens in response to dynamically offloading the video processing task.
  - 4. The method according to claim 1, further comprising:
    - augmenting the video with a searchable metadata suitable for searching for particular patterns in said video.
  - 5. The method according to claim 1, further comprising:
    - defining the threshold based on CPU and memory usage for performing the video processing task on the target system.
  - 6. The method according to claim 5, further comprising:
    - tracking the resource usage for performing the video processing task on the target system, by maintaining a continuous moving average window of the CPU and memory usage.
  - 7. The method according to claim 1, further comprising:
    - discarding with the recording agent at least some of said plurality of captured user session screens associated with said privileged account session which were captured when the target system was considered idle.
  - 8. The method according to claim 7, further comprising:
    - monitoring, via the recording agent, the privileged account session on the target system.
  - 9. The method according to claim 1, wherein:
    - capturing with the recording agent, a plurality of user session screens associated with said privileged account session comprises capturing, the plurality of user session screens at a predetermined interval.
  - 10. The method according to claim 1, further comprising:
    - transferring the plurality of captured user session screens to the privileged account manager server, if the resource usage for performing the video processing task on the target system exceeds the threshold.
  - 11. The method according to claim 10, further comprising:
    - switching the video processing task back from the privileged account manager server to the recording agent, when the resource usage for performing the video processing task is reduced to below the threshold.
  - 12. The method according to claim 1, further comprising:
    - performing the video processing task on the target system, if the resource usage for performing the video processing task does not exceed the threshold.
  - 13. The method according to claim 12, further comprising:
    - calculating said threshold according to the hardware capability of the target system during the system boot-up.
  - 14. The method according to claim 1, further comprising:
    - replaying the video stored on said privileged account manager server to an administrator for monitoring said privileged account session.

15. A system for supporting privileged account management in a computing environment, the system comprising:
- a privileged account manager server comprising one or more microprocessors;
  
  a target system comprising one or more microprocessors and memory;
  
  a privileged account on the target system wherein the privileged account is shared by a plurality of users;
  
  a privileged account manager, running on said privileged account manager server, wherein said privileged account manager is configured to receive a request to access said privileged account on the target system from a particular user of the plurality of users which share access to a privileged account on the target system, and provide said particular user with one-time access to a privileged account session for said privileged account on the target system in response to said request wherein said one-time access is terminated when said privileged account session is ended; and
  
  an agent on said target system wherein said agent is configured todetect establishment of said privileged account session for said privileged account on the target system;
  
  in response to said detecting, capture a plurality of user session screens associated with said privileged account session;
  
  initiate a video processing task, wherein the video processing task encodes the plurality of user session screens into a video;
  
  determine whether a resource usage for performing the video processing task on the target system exceeds a threshold; and
  
  dynamically offload the video processing task to the privileged account manager server, if the resource usage for performing the video processing task on the target system exceeds the threshold; and
  
  store said video on said privileged account manager server.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system according to claim 15, wherein:
    - the agent is configured to transmit at least some of said plurality of user session screens to said privileged account manager server for encoding in response to dynamically offloading the video processing task.
  - 17. The system according to claim 16, wherein:
    - the privileged account manager server is configured to encode said at least some of said plurality of user session screens in response to said offloading of the video processing task.
  - 18. The system according to claim 15, wherein:
    - said agent is configured to augment the video with a searchable metadata.
  - 19. The system according to claim 15, wherein:
    - the threshold is defined based on CPU and memory usage for performing the video processing task on the target system.
  - 20. The system according to claim 19, wherein:
    - said agent is configured to track the resource usage for performing the video processing task on the target system, by maintaining a continuous moving average window of the CPU and memory usage.
  - 21. The system according to claim 15, wherein:
    - said agent is configured to discard at least some of said plurality of captured user session screens associated with said privileged account session which were captured when the target system was considered idle.
  - 22. The system according to claim 21, wherein:
    - said agent operates to monitor the privileged account session on the target system.
  - 23. The system according to claim 15, wherein:
    - said agent is configured to capture the plurality of user session screens at a predetermined interval.
  - 24. The system according to claim 15, wherein:
    - said agent is configured to transfer the plurality of user session screens to the privileged account manager server, if the resource usage for performing the video processing task on the target system exceeds the threshold.
  - 25. The system according to claim 24, wherein:
    - said agent is configured to switch the video processing task back to the agent, when the resource usage for performing the video processing task is reduced to below the threshold.
  - 26. The system according to claim 15, wherein:
    - said agent is configured to perform the video processing task on the target system, if the resource usage for performing the video processing task does not exceed the threshold.
  - 27. The system according to claim 26, wherein:
    - said agent operates to transfer the video to the privileged account manager server.
  - 28. The system according to claim 15, wherein:
    - the privileged account manager server is configured to store the video to a database, and wherein the privileged account manager is configured to replay the stored video from the database to an administrator for monitoring said privileged account session.

29. A non-transitory machine readable storage medium having instructions stored thereon for supporting privileged account management in a computing environment comprising a privileged account manager server and a target system wherein a plurality of users share access to a privileged account on the target system, which instructions, when executed cause the computing environment to perform steps comprising:
- providing a privileged account manager operating on the privileged account manager server;
  
  providing a recording agent operating on the target system;
  
  receiving at the privileged account manager a request to access said privileged account on the target system from a particular user of the plurality of users;
  
  providing said particular user with one-time access to a privileged account session for said privileged account on the target system in response to said request wherein said one-time access is terminated when said privileged account session is ended;
  
  detecting establishment of said privileged account session for said privileged account on the target system with the recording agent;
  
  in response to said detecting, capturing with the recording agent, a plurality of user session screens associated with said privileged account session;
  
  initiating, via the recording agent on the target system, a video processing task, wherein the video processing task encodes the plurality of user session screens captured by the recording agent into a video;
  
  determining with said recording agent whether a resource usage for performing the video processing task on the target system exceeds a threshold;
  
  dynamically offloading the video processing task to the privileged account manager server, if the resource usage for performing the video processing task on the target system exceeds the threshold; and
  
  storing said video on said privileged account manager server.

30. A method for supporting privileged account management in a computing environment comprising a privileged account manager server and a target system wherein a plurality of users share access to a privileged account on the target system, the method comprising:
- providing a privileged account manager operating on the privileged account manager server;
  
  deploying, via the privileged account manager server, a recording agent on the target system;
  
  receiving at the privileged account manager a request to access said privileged account on the target system from a particular user of the plurality of users;
  
  providing said particular user with one-time access to a privileged account session for said privileged account on the target system in response to said request wherein said one-time access is terminated when said privileged account session is ended;
  
  detecting establishment of said privileged account session for said privileged account on the target system with the recording agent;
  
  in response to said detecting, monitoring, via said recording agent, said privileged account session on the target system, wherein the recording agent operates to record user activities in the privileged account session in a plurality of user session screens;
  
  initiating, via said recording agent, a video processing task on the target system, wherein the video processing task encodes the plurality of user session screens into a video;
  
  augmenting the video with a searchable metadata suitable for searching for particular patterns in said video;
  
  determining whether a resource usage for performing the video processing task on the target system exceeds a threshold;
  
  dynamically offloading the video processing task to the privileged account manager server if the resource usage for performing the video processing task on the target system exceeds the threshold;
  
  storing said video on said privileged account manager server; and
  
  replaying said stored video to an administrator using the privileged account manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sharma, Himanshu, Srinivasan, Sudhir Kumar, Sathyanarayan, Ramaprakash, Theebaprakasam, Arun, Kottahachchi, Buddhika Nandana
Primary Examiner(s)
DAILEY, THOMAS J

Application Number

US14/494,737
Time in Patent Office

391 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 43/0817   by checking functioning

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/14   using software, i.e. softwa...

H04L 43/16   Threshold monitoring

H04L 65/80   Responding to QoS

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

H04L 67/14   Session management for real...

H04L 67/30   Profiles

H04L 69/40   for recovering from a failu...

System and method for supporting dynamic offloading of video processing for user account management in a computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

System and method for supporting dynamic offloading of video processing for user account management in a computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others