Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. A computing device may receive from an identity provider a token authenticating that a user of a client device is at a first location. The computing device may determine, based on the token, one or more labels for a session associated with the user. Each label of the one or more labels is associated with a corresponding security group. Based on the one or more labels, the user of the client device may be granted access to sensitive data.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory. The at least one processor is configured to implement a rule processor to receive a UI element recognition rule comprising one or more UI element specifications and a response action from a workspace server, and generate a task identifier for the received UI element recognition rule; implement a computer vision (CV) processor to receive the task identifier from the rule processor, and recognize, based on the one or more UI element specifications and the task identifier, a UI element presented at the client computer system; and implement an action handler configured to execute the response action based on the task identifier and in response to the recognized UI element.

Abstract: Techniques are provided for a coordinated microservice system including a worker orchestrator and multiple worker instances, which are tasked with performing a limited and specific operation, such as reading messages from a queue on behalf of a microservice. In operation, each worker instance of each microservice can use, or otherwise depend upon, one or more external systems or other dependencies to perform at least some of its respective function(s). The worker coordinator is a microservice separate from the workers. The worker orchestrator monitors operational state data from each instance of the workers and computes an updated policy based on an expected throughput that accommodates current load demands. The worker coordinator then sends the policy to the respective microservices, which implement the policy to help to maintain the overall system health.

Abstract: Described embodiments provide systems and detecting and predicting virtual CPU resource starvation of a virtual machine. One or more processors can determine, within a time period, a count of a number of delays in occurrences of a timer interrupt scheduled for a virtual processor of a virtual machine executing an application. The one or more processors can compare the count of the number of delays with a threshold established for the time period. The one or more processors can execute a process to migrate the application to a second one or more processors based at least on the comparison of the count of the number of delays with the threshold.

Abstract: Techniques are provided for a coordinated microservice system including a coordinator and multiple services, which interact with each other. Each of the services can have multiple execution instances, which run independently of each other. In operation, each instance of each service can use, or otherwise depend upon, one or more of the other services to perform at least some of its respective function(s). The coordinator monitors execution requests from each instance of the services to other services and calculates an available capacity of the other services upon which the requesting services depend to execute each of the execution requests based on the monitored performance metrics of the other services and level(s) of resource consumption associated with each of the execution requests. The coordinator then selects one of the execution requests based on the available capacity of the other services to service the execution requests without degrading the other services.

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

Abstract: Methods and systems for file locking are described herein. An on-premise file share may store files that are accessible to both a local on-premise client and a remote off-premise client. The off-premise file share may request to check-out one of the files. In response, one of multiple nodes may obtain for the file a file handle with exclusive write access. File locking information may be stored at the file share that indicates the node that holds the file handle and that indicates the file is in a locked state whereby other remote off-premise clients or local on-premise clients are prevented from editing the file.

Abstract: A computing device includes a memory and at least one processor configured to cooperate with the memory. The processor is to boot the computing device, and direct generated data to data storage. The data storage includes at least one persistent layer and a non-persistent layer. The processor determines if the data is to be stored in the at least one persistent layer or the non-persistent layer based on a version of the operating system being used to boot the computing device.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide for the intermediated retrieval of applications on a network. A computing device may be configured to receive an application from an application server on a network. Based on, for example, the network conditions between the computing device and the application server, the computing device may query a plurality of intermediary servers. Based on a decision that, for example, the network conditions between the computing device, application server, and a selected intermediary server are better than the network conditions between the computing device and the application server, the computing device may cause the application to be retrieved by a host application of the selected intermediary server. The host application may process and transmit the application to the computing device. The computing device may display the processed application and transmit user input corresponding to the processed application to the intermediary server.

Abstract: Described embodiments provide systems and methods for securely storing private information of a user on a device of the user. A server may register a mobile device to store credentials of a user thereon, based on authentication of the user of the mobile device. The server may encrypt credentials of the user using a key of the server. The server may send the encrypted credentials to the registered mobile device for storage thereon without the key. The server may send a code to an endpoint device to initiate authentication of the user with use of the mobile device. The server may receive the encrypted credentials from the mobile device in response to the authentication. The server may decrypt the encrypted credentials using an encryption key of the server. The server may send the decrypted credentials to the endpoint device to authenticate the user at the endpoint device.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to detect entry of data into a username entry field of a login form served to a web browser from a website. The at least one processor is further configured to detect a paste operation associated with the login form. The at least one processor is further configured to identify a focus for the paste operation. The at least one processor is further configured to perform a security action in response to the focus not being directed to a field other than a password entry field of the login form. Th security action may include blocking the paste operation, providing a warning, and/or obtaining confirmation for the paste operation.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to identify a first domain name associated with a website that served a login form to a web browser. The at least one processor is further configured to identify a one-time password (OTP) entry request served from the website in response to transmitting user credentials to the website. The at least one processor is further configured to identify a second domain name associated with an OTP server that provided an OTP. The at least one processor is further configured to perform a security action in response to determining that the first domain name differs from the second domain name. The security action may include blocking a response to the OTP request from the website, providing a warning, and/or obtaining confirmation for the response to the OTP entry request.

Abstract: Described embodiments provide systems and methods for selecting a device via which to access a server. A service having one or more processors coupled with memory may detect a measure of experience for a client device in accessing a server via a first device being below a threshold. The service may identify, responsive to the detection, a plurality of devices available for the client device to access the server. The service may determine a distance between each of the plurality of devices and at least one of the client device or the server. The service may select a second device from the plurality of devices via which the client device is to access the server based at least on the distance between the second device and at least one of the client device or the server.

Abstract: A user space driver for input/output traffic distribution and packet processing is provided. A device can establish a driver in user space with access to a memory mapped region shared with a kernel of the device. The driver can access a packet stored to the memory mapped region by a network interface of the device responsive to receipt of the packet. The driver can provide the packet to a selected application of a plurality of applications for processing by the selected application.

Abstract: A virtual disk is provided to a computing environment. The virtual disk includes identity information to enable identification of a virtual machine within the computing environment. A size of the virtual disk is increased within the computing environment to enable the virtual disk to act as a storage for the identity information and as a cache of other system data to operate the virtual machine. The virtual machine is booted within the computing environment. The virtual machine is configured to at least access the virtual disk that includes both identity information and caches other system data to operate the virtual machine. Related apparatus, systems, techniques and articles are also described.

Abstract: Systems and methods for scoring audio/video (A/V) sessions may include a first client which identifies an A/V signal for a session of an A/V application between the first client and a second client, and metrics of a network path between the first client and the second client. The first client may determine a first score for the A/V signal by applying one or more features corresponding to the A/V signal to a model trained to generate the first score. The client may generate a session score for the session based on the first score and the metrics of the network path.

Abstract: Described embodiments provide systems and methods for identifying malicious attempts to detect vulnerabilities in an application. At least one processor may determine a mean and a standard variation of character counts of each of a plurality of characters from a plurality of sets of data. The at least one processor may determine a distance metric for each of the characters in each of the sets of data. For a corresponding set of data, the at least one processor may determine a number of outliers to determine whether the corresponding set of data is anomalous.

Abstract: Described herein are systems and methods for transferring data corresponding to scannable codes. A first device can transmit, responsive to identifying that a user of the first device copied data, an indication to a service that the first device copied the data. The indication can cause the service to enable a second device to paste the data copied from the first device. The first device can receive a request to copy the data from the first device to paste on the second device of the user. The first device can display, responsive to the request, a scannable code corresponding to the copied data to be scanned by a camera of the second device to enable the user of the second device to paste the copied data.

Abstract: Described embodiments provide systems and methods for determining bounce-able machines. One or more processors can be coupled to memory. The one or more processors can identify data associated with a history of actions performed on a plurality of machines. The one or more processors can determine, using the data, a change in performance of the plurality of machines if a sequence of actions were applied to one or more of the plurality of machines. The one or more processors can select a machine of the plurality of machines based on at least on the change in performance of the machine satisfying a threshold. The one or more processors can initiate, responsive to the selection, the sequence of actions on the machine.

Abstract: A method for creating and executing a micro-application includes receiving a user selection of a user interface element within a user interface of a primary application. Source code associated with the selected user interface element is parsed to obtain at least one attribute associated with the selected user interface element. Data associated with the selected user interface element is identified based on the source code. A response based on the at least one attribute and the data is generated. A microapp configured to process the response to obtain the data from within the primary application is generated.