Abstract: The current document is directed to distributed-secure-storage systems, and processes carried out within the distributed-secure-storage systems, that provide for secure storage and retrieval of secrets within distributed computer systems, including private encryption keys used for client authentication during establishment of secure communications channels. The secret-storage systems partition an input secret into multiple secret shares and distribute the secret shares among multiple secret-share-storing node subsystems, without persistently storing the secret itself. An agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes.

Abstract: The current document is directed to distributed-secure-storage systems, and processes carried out within the distributed-secure-storage systems, that provide for secure storage and retrieval of confidential and critical data, referred to as “secrets,” within distributed computer systems. The secret-storage systems partition an input secret into multiple secret shares and distribute the secret shares among multiple secret-share-storing node subsystems, without persistently storing the secret itself. An agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes. The multiple secret-share-storing nodes additionally cooperate to periodically alter the stored secret shares corresponding to a secret in a way that allows agents to recover the original secret, or derived data, from all or a portion of the altered secret shares or derived-data shares.

Abstract: A method of managing a transaction in a control plane executing on a computing system that manages a plurality of services includes: receiving, at the control plane from a client, a plurality of first requests for at least one target service of the plurality of services, each of the plurality of first requests including a transaction indicator identifying the transaction; executing at least one handler of the at least one target service to process the plurality of first requests; receiving, at the control plane from the client, a commit request for the transaction coordinator service, the commit request including an instruction to commit the transaction; and executing a handler of the transaction coordinator service to process the commit request and notify the at least one target service of a status of the commit request.

Abstract: Methods and apparatus to generate a customized application blueprint are disclosed. An example method includes generating an application definition for an unmanaged application associated with a first computing unit, selecting a first logical template associated with an unmodified version of a service provided by the first computing unit, generating an application blueprint including the first logical template, modifying the first logical template included in the application blueprint based on a first property of the first computing unit, inserting a dependency between a first logical template representative of the first computing unit and a second logical template representative of a second computing unit, and deploying a managed application according to the application blueprint to implement the unmanaged application.

Abstract: Methods and apparatus to automatically configure monitoring of a virtual machine are disclosed. An example apparatus includes a service analyzer to: identify a first virtual machine in a first application definition, the first application definition identifying virtual machines included in a first application, the first virtual machine currently running in the first application; and detect a second virtual machine currently running in the first application, the second virtual machine not included in the first application definition; and a virtual machine analyzer to: generate a second application definition, the second application definition created by adding the second virtual machine to the first application definition; and store the second application definition in an application configuration database.

Abstract: The current document is directed to distributed-secure-storage systems, and processes carried out within the distributed-secure-storage systems, that provide for secure storage and retrieval of confidential and critical data, referred to as “secrets,” within distributed computer systems. The secret-storage systems partition an input secret into multiple secret shares and distribute the secret shares among multiple secret-share-storing node subsystems, without persistently storing the secret itself. An agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes. The multiple secret-share-storing nodes additionally cooperate to periodically alter the stored secret shares corresponding to a secret in a way that allows agents to recover the original secret, or derived data, from all or a portion of the altered secret shares or derived-data shares.

Abstract: The current document is directed to distributed-secure-storage systems, and processes carried out within the distributed-secure-storage systems, that provide for secure storage and retrieval of secrets within distributed computer systems, including private encryption keys used for client authentication during establishment of secure communications channels. The secret-storage systems partition an input secret into multiple secret shares and distribute the secret shares among multiple secret-share-storing node subsystems, without persistently storing the secret itself. An agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes.

Abstract: Methods and apparatus to automatically configure monitoring of a virtual machine are disclosed. An example apparatus includes a service analyzer to: identify a first virtual machine in a first application definition, the first application definition identifying virtual machines included in a first application, the first virtual machine currently running in the first application; and detect a second virtual machine currently running in the first application, the second virtual machine not included in the first application definition; and a virtual machine analyzer to: generate a second application definition, the second application definition created by adding the second virtual machine to the first application definition; and store the second application definition in an application configuration database.

Abstract: Methods and apparatus to automatically configure monitoring of a virtual machine are disclosed. An example method includes identifying a first virtual machine in a first application definition. The example method also includes automatically installing an agent on a second virtual machine when (1) the second virtual machine is not included in the first application definition and (2) the second virtual machine is identified as having a designated configuration, and updating a status of the agent of the second virtual machine to indicate that the installed agent is running. The example method also includes applying a monitoring policy to the second virtual machine, the monitoring policy to be executed by the agent based on a resource automatically identified by the agent of the second virtual machine.

Abstract: A method of managing a transaction in a control plane executing on a computing system that manages a plurality of services includes: receiving, at the control plane from a client, a plurality of first requests for at least one target service of the plurality of services, each of the plurality of first requests including a transaction indicator identifying the transaction; executing at least one handler of the at least one target service to process the plurality of first requests; receiving, at the control plane from the client, a commit request for the transaction coordinator service, the commit request including an instruction to commit the transaction; and executing a handler of the transaction coordinator service to process the commit request and notify the at least one target service of a status of the commit request.

Abstract: Methods and apparatus to generate a customized application blueprint are disclosed. An example method includes generating an application definition for an unmanaged application associated with a first computing unit, selecting a first logical template associated with an unmodified version of a service provided by the first computing unit, generating an application blueprint including the first logical template, modifying the first logical template included in the application blueprint based on a first property of the first computing unit, inserting a dependency between a first logical template representative of the first computing unit and a second logical template representative of a second computing unit, and deploying a managed application according to the application blueprint to implement the unmanaged application.

Abstract: Methods and apparatus to generate a customized application blueprint are disclosed. An example method includes determining a first computing unit within an application definition, identifying a property for the first computing unit, and generating an application blueprint based on the identified property of the computing unit.

Abstract: Methods and apparatus to automatically configure monitoring of a virtual machine are disclosed. An example method includes identifying a first virtual machine in a first application definition. The example method also includes automatically installing an agent on a second virtual machine when (1) the second virtual machine is not included in the first application definition and (2) the second virtual machine is identified as having a designated configuration, and updating a status of the agent of the second virtual machine to indicate that the installed agent is running. The example method also includes applying a monitoring policy to the second virtual machine, the monitoring policy to be executed by the agent based on a resource automatically identified by the agent of the second virtual machine.

Abstract: Methods and apparatus to automatically configure monitoring of a virtual machine are disclosed. An example method includes identifying a virtual machine in an application definition, automatically installing an agent on the virtual machine when the virtual machine is identified as having a designated configuration, automatically identifying, via the agent, a resource associated with the virtual machine and, based on the resource, applying a monitoring policy to the virtual machine to be executed by the agent.

Abstract: Computational methods and systems for identifying a subset of a set of metrics that can be used to monitor a resource are described. The subset is representative of the information provided by the full set of metrics. Correlations are calculated for each pair of metrics and metrics with the highest correlations to other metrics in the set of metrics are deleted to obtain the representative subset of metrics. Deletion of metrics from the set of metrics may be optimized for accuracy or cost. The smaller representative subset of metrics can then be used to monitor the resource.

Abstract: Methods and apparatus to generate a customized application blueprint are disclosed. An example method includes determining a first virtual machine within an application definition, automatically identifying a property for the first virtual machine, and generating an application blueprint based on the identified property of the virtual machine.

Abstract: Methods and apparatus to generate a customized application blueprint are disclosed. An example method includes determining a first computing unit within an application definition, identifying a property for the first computing unit, and generating an application blueprint based on the identified property of the computing unit.

Abstract: Methods and apparatus to automatically configure monitoring of a virtual machine are disclosed. An example method includes identifying a virtual machine in an application definition, automatically installing an agent on the virtual machine when the virtual machine is identified as having a designated configuration, automatically identifying, via the agent, a resource associated with the virtual machine and, based on the resource, applying a monitoring policy to the virtual machine to be executed by the agent.

Abstract: Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise's managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server.

Abstract: Methods and apparatus to generate a customized application blueprint are disclosed. An example method includes determining a first virtual machine within an application definition, automatically identifying a property for the first virtual machine, and generating an application blueprint based on the identified property of the virtual machine.