Abstract: Approaches of reassigning a home region from a first data center to a second data center as requested by a customer are described herein. The home region is able to implement write operations to a domain, whereas other data centers cannot implement write operations to the domain. The customer can request the home region being reassigned to another data center such that the customer can utilize the other data center to implement write operations to the domain.

Abstract: Approaches of reassigning a home region from a first data center to a second data center as requested by a customer are described herein. The home region is able to implement write operations to a domain, whereas other data centers cannot implement write operations to the domain. The customer can request the home region being reassigned to another data center such that the customer can utilize the other data center to implement write operations to the domain.

Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

Abstract: Approaches of reassigning a home region from a first data center to a second data center as requested by a customer are described herein. The home region is able to implement write operations to a domain, whereas other data centers cannot implement write operations to the domain. The customer can request the home region being reassigned to another data center such that the customer can utilize the other data center to implement write operations to the domain.

Abstract: An approach of performing data center failover using an address that indicates a backup data center. The address includes common names indicating a data center with a domain and a backup datacenter with a replica of the domain. A cloud service provider can receive the address, establish a connection with an available data center, and failover to the backup data center if the data center with the connection becomes unavailable.

Abstract: In some aspects, an authentication service may divide authentication data into one or more data stripes, the authentication data including at least one of: user identifier (userID); group identifier (groupID); group membership; client identifier (clientID); dynamic group (DG) membership; or dynamic group identifier. The authentication service may store the one or more data stripes in one or more databases, the databases being contained in a host machine of a fleet, where the fleet contains one or more host machines. The authentication service may update the databases from the data stripe via a background thread. Numerous other aspects are described.

Abstract: The present embodiments relate to a CI replication service that can replicate domain data from IDCS control plane to data plane and to all subscribed regions of a domain. For instance, the CI replication service can provide replication of required resources of a domain for AuthN and AuthZ from an IDCS local region to other regions for high availability (e.g., to improve latency). The CI replication service can replicate the resources from a domain's home region to all subscribed regions for local availability of data for workloads running in those regions. Further, when a new region is subscribed for a domain, then the service can bootstrap that domain's data from home region before enabling that region for the domain.

Abstract: A server can receive a request to subscribe to a data tenancy in an extended region. The server can determine a size of stored data records associated with the data tenancy in a home region to be replicated in the extended region. Based in part on the size of the stored data records, the server can open a new communication channel dedicated to replicating the stored data records from the first server in the home region to the second server in the extended region. The server can pull the stored data records from the first server in the home region, store the pulled data records on the second sever in the extended region. The server can receive updated data records over an established communication channel between the first server in the home region and the second server in the extended region and store the updated data records on the second server.

Abstract: Distributed transactions are performed over a collection of servers operating as replicas of a data set, where a successful transaction involves meeting a quorum count of replicas that locally commit the transaction. However, performance constraints of data sets and consuming applications may vary (e.g., sensitivity to latency, scalability, and/or consistency), and the performance characteristics of the server set may be partly determined by the transactional commitment and quorum selection. The distributed transaction may be applied by designating the replicas as a set of followers and a leader that initiates the transaction and receives acknowledgments of local commits by each follower. On condition of the acknowledgments meeting a quorum count for the data set according to the performance characteristics of the application, the leader locally commits the transaction and delivers a result.

Abstract: Data services are often provided with consistency guarantees of either strong consistency models, comprising uniform wall-clock consistency, or eventual consistency models, where temporary logical inconsistency is guaranteed to be resolved only after full data propagation. However, the performance characteristics of contemporary services often require an intermediate consistency model, where some aspects of the service have specific consistency expectations and other aspects of the service are flexible, such as bounded staleness (e.g., a maximum delay in reaching consistency); session consistency (e.g., individual sessions remain logically consistent, but ordering may vary across sessions); and prefix consistency (e.g., each view during a session is logically consistent, but ordering may vary between session views).

Abstract: A service control manager manages one or more services on a computing device, such as creating processes that host the services, stopping the processes that host the services, and so forth. The service control manager also provides a request to a resource manager to reserve, monitor, and/or place limitations on resources for each of the one or more services. For example, the service control manager can request to be notified when resource usage by a service exceeds a resource usage threshold value. These resources are various resources of the computing device, such as a processor (CPU), memory, storage device input/output (I/O), network usage, and so forth. If the usage of a resource by a service satisfies the resource usage threshold value for that resource for that service, then the resource manager notifies the service control manager so the service control manager can take an appropriate remedial action.

Abstract: Distributed transactions are performed over a collection of servers operating as replicas of a data set, where a successful transaction involves meeting a quorum count of replicas that locally commit the transaction. However, performance constraints of data sets and consuming applications may vary (e.g., sensitivity to latency, scalability, and/or consistency), and the performance characteristics of the server set may be partly determined by the transactional commitment and quorum selection. The distributed transaction may be applied by designating the replicas as a set of followers and a leader that initiates the transaction and receives acknowledgments of local commits by each follower. On condition of the acknowledgments meeting a quorum count for the data set according to the performance characteristics of the application, the leader locally commits the transaction and delivers a result.

Abstract: Data services are often provided with consistency guarantees of either strong consistency models, comprising uniform wall-clock consistency, or eventual consistency models, where temporary logical inconsistency is guaranteed to be resolved only after full data propagation. However, the performance characteristics of contemporary services often require an intermediate consistency model, where some aspects of the service have specific consistency expectations and other aspects of the service are flexible, such as bounded staleness (e.g., a maximum delay in reaching consistency); session consistency (e.g., individual sessions remain logically consistent, but ordering may vary across sessions); and prefix consistency (e.g., each view during a session is logically consistent, but ordering may vary between session views).

Abstract: A service control manager manages one or more services on a computing device, such as creating processes that host the services, stopping the processes that host the services, and so forth. The service control manager also provides a request to a resource manager to reserve, monitor, and/or place limitations on resources for each of the one or more services. For example, the service control manager can request to be notified when resource usage by a service exceeds a resource usage threshold value. These resources are various resources of the computing device, such as a processor (CPU), memory, storage device input/output (I/O), network usage, and so forth. If the usage of a resource by a service satisfies the resource usage threshold value for that resource for that service, then the resource manager notifies the service control manager so the service control manager can take an appropriate remedial action.

Abstract: Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services.

Abstract: One or more systems and/or techniques are provided for background task management. A background manager may receive a notification from a background task that the background task is waiting for an event, and may also receive a waitable object from the background task, where the waitable object is used by the background task to wait for the event. Responsive to the waitable object not being triggered within a period of time, the background manager may implement a power management policy for a computing device hosting the background task.

Abstract: Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services.

Abstract: A stream processing execution engine evaluates development-time performance characteristic estimates in combination with run-time parameters to schedule execution of stream processing software components in a stack of a stream processing application that satisfy a defined performance criterion in a heterogeneous hardware device. A stream processing application includes a stack of interdependent stream processing software components. A stream processing execution engine evaluates one or more performance characteristics of multiple computational resources in the heterogeneous hardware device. Each performance characteristic is associated with performance of a computational resource in executing a computational-resource-dependent instance of a stream processing software component. The stream processing execution engine schedules within the run-time environment a computational resource on which to execute a computational-resource-dependent instance of one of the stream processing software components.

Abstract: Architecture for exposing a virtual private network of peer devices into the public domain via an overlay network. Computing devices, peripheral devices, as well as mobile devices can be physically distributed, but appear to belong to the same virtual private (or home) network, and be accessible from anywhere. Benefits include access to user media/documents from anywhere, searching of all connected devices from one location, multicast and broadcast connectivity, management of the private network and the associated policies, and device discovery on the private network from across public networks. P2P networks and ad-hoc networks can be exposed as a virtual interface, as well as the utilization of client operating systems to create the virtual network, grouping, graphing, the integration with relay services and other NAT/firewall traversal schemes, and the creation of a P2P overlay manager on a physical NIC (network interface card) address rather than a virtual address.