Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC), the primary vNIC being configured to permit incoming traffic. The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured to permit outgoing traffic from the computer system to the shell subnet.

Abstract: Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for utilising multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for utilising multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the second ary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Described herein is a system and method for providing a messaging cluster with hybrid partitions. In accordance with an embodiment, a computer environment or messaging system includes a cluster of message brokers, which supports a hybrid of one or more fixed type partitions and/or on-demand type partitions. A message producer can be associated with a configuration that indicates a type of partition to be used for connection with that message producer. The cluster of message brokers assign to that connection a partition of the type indicated by the connection. Upon a load-balancing or failover of a message broker having active connections to message producers, those connections having an indication of fixed type partition are assigned to the same partition at a failed-over message broker, while those connections having an indication of on-demand type partition can be assigned to any on-demand partition at the failed-over message broker.

Abstract: Systems and methods are provided, for use in a messaging subsystem, which supports flow control of messages between producers and consumers. A system can include at least one producer that is operable to send messages in a batch to one or more consumers via at least one destination; and one or more consumers that are operable to process messages received from the at least one producer via the at least one destination. The system can also include a message broker which includes the at least one destination and which manages communications between the at least one producer and the one or more consumers. The message broker includes a flow controller that is operable to monitor a producing rate and a consuming rate, and dynamically adjust a batch size of the batch at the at least one producer based on the producing rate and the consuming rate to communicate the messages more efficiently.

Abstract: Described herein is a system and method for providing a messaging cluster with hybrid partitions. In accordance with an embodiment, a computer environment or messaging system includes a cluster of message brokers, which supports a hybrid of one or more fixed type partitions and/or on-demand type partitions. A message producer can be associated with a configuration that indicates a type of partition to be used for connection with that message producer. The cluster of message brokers assign to that connection a partition of the type indicated by the connection. Upon a load-balancing or failover of a message broker having active connections to message producers, those connections having an indication of fixed type partition are assigned to the same partition at a failed-over message broker, while those connections having an indication of on-demand type partition can be assigned to any on-demand partition at the failed-over message broker.

Abstract: Systems and methods are provided, for use in a messaging subsystem, which supports flow control of messages between producers and consumers. A system can include at least one producer that is operable to send messages in a batch to one or more consumers via at least one destination; and one or more consumers that are operable to process messages received from the at least one producer via the at least one destination. The system can also include a message broker which includes the at least one destination and which manages communications between the at least one producer and the one or more consumers. The message broker includes a flow controller that is operable to monitor a producing rate and a consuming rate, and dynamically adjust a batch size of the batch at the at least one producer based on the producing rate and the consuming rate to communicate the messages more efficiently.

Abstract: For a flexible error trace mechanism, embodiments may be implemented for C/C++ interface libraries, or in programs written in C/C++ or other programming languages. In one embodiment, when an error occurs in a function call, a trace element may be recorded that may include the source file name, function name, line number and other information that may be used to identify the error. In one embodiment, the library function may call a plurality of library functions in a function call stack. For each of the plurality of library functions, if the library function generates an error, an error trace element may be added to the error trace. After completion of the library function, the program may obtain the error trace for the library function. The error(s), if any, may be debugged using the information in the obtained error trace.

Abstract: A system and method for providing pluggable authentication and access control in computer systems and services are described. The authentication and access control process may be categorized into three components: an authentication protocol, a user repository and an access control model. In one embodiment, the authentication and access control mechanism may be implemented as three pluggable modules: an authentication protocol handler module for the authenticator side, an authentication protocol handler for the side to be authenticated, and an access control context module on the authenticator side. The pluggable modules may be exchangeable to support a variety of authentication types, user repositories, and access control models. The authentication protocol handlers provide symmetrical methods to handle requests and responses in the authentication process that reflect the symmetrical nature of the authentication process.

Abstract: A system and method for providing pluggable authentication and access control in computer systems and services are described. The authentication and access control process may be categorized into three components: an authentication protocol, a user repository and an access control model. In one embodiment, the authentication and access control mechanism may be implemented as three pluggable modules: an authentication protocol handler module for the authenticator side, an authentication protocol handler for the side to be authenticated, and an access control context module on the authenticator side. The pluggable modules may be exchangeable to support a variety of authentication types, user repositories, and access control models. The authentication protocol handlers provide symmetrical methods to handle requests and responses in the authentication process that reflect the symmetrical nature of the authentication process.