Abstract: The techniques described herein facilitate scope-based certificate deployment for secure dedicated tenant access in multi-tenant, cloud-based content and collaboration environments. In some embodiments, a method is described that includes receiving an incoming authentication request from an access system, wherein the authentication request includes metadata, extracting the metadata from the authentication request, and processing the metadata to identify a tenant corresponding to the request. A tenant-specific certificate associated with the tenant is then accessed and provided to the access system for validation by a third-party certificate authority.

Abstract: In one embodiment, a network file management system 120 may use a persistent metadata store 410 and an access control list 420 to facilitate a batch rollout. The network file management system 120 may maintain a content database 312. A network file management system 120 may store a metadata set for the content database 312 in a separate persistent metadata store 410.

Abstract: The techniques described herein facilitate scope-based certificate deployment for secure dedicated tenant access in multi-tenant, cloud-based content and collaboration environments. In some embodiments, a method is described that includes receiving an incoming authentication request from an access system, wherein the authentication request includes metadata, extracting the metadata from the authentication request, and processing the metadata to identify a tenant corresponding to the request. A tenant-specific certificate associated with the tenant is then accessed and provided to the access system for validation by a third-party certificate authority.

Abstract: The techniques described herein facilitate scope-based certificate deployment for secure dedicated tenant access in multi-tenant, cloud-based content and collaboration environments. In some embodiments, a method is described that includes receiving an incoming authentication request from an access system, wherein the authentication request includes metadata, extracting the metadata from the authentication request, and processing the metadata to identify a tenant corresponding to the request. A tenant-specific certificate associated with the tenant is then accessed and provided to the access system for validation by a third-party certificate authority.

Abstract: Technologies are described for updating a live system with static changes. According to some examples, changes such as installing and/or removing features may be applied to a cloud based service in live environment without disrupting the service. New software may be patched and installed on an upgraded machine (i.e., server). New features, diagnostics, and language packs may be added. Existing features and certificates may be removed. To accomplish these, new software to be installed and existing software to be removed may be detected. Removal and additions may be performed without preparation and activation of replacement farms.

Abstract: The techniques described herein facilitate scope-based certificate deployment for secure dedicated tenant access in multi-tenant, cloud-based content and collaboration environments. In some embodiments, a method is described that he includes receiving an incoming authentication request from an access system, wherein the authentication request includes metadata, extracting the metadata from the authentication request, and processing the metadata to identify a tenant corresponding to the request. A tenant-specific certificate associated with the tenant is then accessed and provided to the access system for validation by a third-party certificate authority.

Abstract: Disclosed herein are systems, methods, and software to enhance the upgrade process with respect to software service deployments. In at least one implementation, a user interface to an administrative portal for administering an initial deployment of a software service is presented and a notification that an upgrade is available is surfaced therein. In response to a selection of the notification in the user interface, upgrade controls are surfaced in the user interface for controlling a pace of the upgrade with respect to service components of the initial deployment. The upgrade is then applied incrementally to the service components based least in part on the pace of the upgrade specified via the upgrade controls.

Abstract: Technologies are described for updating a live system with static changes. According to some examples, changes such as installing and/or removing features may be applied to a cloud based service in live environment without disrupting the service. New software may be patched and installed on an upgraded machine (i.e., server). New features, diagnostics, and language packs may be added. Existing features and certificates may be removed. To accomplish these, new software to be installed and existing software to be removed may be detected. Removal and additions may be performed without preparation and activation of replacement farms.

Abstract: Disclosed herein are systems, methods, and software to enhance the upgrade process with respect to software service deployments. In at least one implementation, a user interface to an administrative portal for administering an initial deployment of a software service is presented and a notification that an upgrade is available is surfaced therein. In response to a selection of the notification in the user interface, upgrade controls are surfaced in the user interface for controlling a pace of the upgrade with respect to service components of the initial deployment. The upgrade is then applied incrementally to the service components based least in part on the pace of the upgrade specified via the upgrade controls.

Abstract: In one embodiment, a network file management system 120 may use a persistent metadata store 410 and an access control list 420 to facilitate a batch rollout. The network file management system 120 may maintain a content database 312. A network file management system 120 may store a metadata set for the content database 312 in a separate persistent metadata store 410.

Abstract: Disclosed herein are systems, methods, and software to enhance the upgrade process with respect to software service deployments. In at least one implementation, a user interface to an administrative portal for administering an initial deployment of a software service is presented and a notification that an upgrade is available is surfaced therein. In response to a selection of the notification in the user interface, upgrade controls are surfaced in the user interface for controlling a pace of the upgrade with respect to service components of the initial deployment. The upgrade is then applied incrementally to the service components based least in part on the pace of the upgrade specified via the upgrade controls.

Abstract: Objects are placed on hosts using hard constraints and soft constraints. The objects to be placed on the host may be many different types of objects. For example, the objects to place may include tenants in a database, virtual machines on a physical machine, databases on a virtual machine, tenants in directory forests, tenants in farms, and the like. When determining a host for an object, a pool of hosts is filtered through a series of hard constraints. The remaining pool of hosts is further filtered through soft constraints to help in selection of a host. A host is then chosen from the remaining hosts.

Abstract: Objects are placed on hosts using hard constraints and soft constraints. The objects to be placed on the host may be many different types of objects. For example, the objects to place may include tenants in a database, virtual machines on a physical machine, databases on a virtual machine, tenants in directory forests, tenants in farms, and the like. When determining a host for an object, a pool of hosts is filtered through a series of hard constraints. The remaining pool of hosts is further filtered through soft constraints to help in selection of a host. A host is then chosen from the remaining hosts.

Abstract: An online service includes managed databases that include one or more tenants (e.g. customers, users). A multi-tenant database may be split between two or more databases while the database being split continues processing requests. For example, web servers continue to request operations on the database while content is being moved. After moving the content, tenant traffic is automatically redirected to the database that contains the tenant's content.

Abstract: Upgrade control checks may be provided. A user may be notified that at least one upgrade is available. In response to receiving a selection of the at least one upgrade from the user, a check may be made to determine whether the at least one upgrade conflicts with an existing component. If no conflict is detected, the upgrade may be performed. If a conflict does exist, a repair may be attempted.

Abstract: An online service includes managed databases that include one or more tenants (e.g. customers, users). A multi-tenant database may be split between two or more databases while the database being split continues processing requests. For example, web servers continue to request operations on the database while content is being moved. After moving the content, tenant traffic is automatically redirected to the database that contains the tenant's content.

Abstract: A cloud manager is utilized in the patching of physical machines and virtual machines that are used within an online service, such as an online content management service. The cloud manager assists in the scheduling of the application of software patches to the machines (physical and virtual) within the network such that the availability of the online service is maintained while machines are being patched. The machines to be patched are partitioned into groups that are patched at different times. Generally, the groups are partitioned into a highly available independent groups of machines such that one or more of the groups that are not currently being patched continue to provide the service(s) of the group that is being patched. The machines (physical and virtual) within each of the groups may be patched in parallel.

Abstract: An online service includes managed databases that include one or more tenants (e.g. customers, users). A multi-tenant database may be split between two or more databases while the database being split continues processing requests. For example, web servers continue to request operations on the database while content is being moved. After moving the content, tenant traffic is automatically redirected to the database that contains the tenant's content.

Abstract: Objects are placed on hosts using hard constraints and soft constraints. The objects to be placed on the host may be many different types of objects. For example, the objects to place may include tenants in a database, virtual machines on a physical machine, databases on a virtual machine, tenants in directory forests, tenants in farms, and the like. When determining a host for an object, a pool of hosts is filtered through a series of hard constraints. The remaining pool of hosts is further filtered through soft constraints to help in selection of a host. A host is then chosen from the remaining hosts.

Abstract: Software that would not normally be able to be installed on a machine through a remote process is installed by a high privilege installer running on the machine. A request is received from a remote machine to install software on the machine using the high privilege installer. The high privilege installer determines when software that was requested remotely is to be installed. For example, the high privilege installer may monitor an install queue for software to be installed. When there are entries in the install queue, the high privilege installer is used to install the software. When there are no entries in the install queue, the high privilege installer may sleep until there is more software that is identified to be installed.