Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.

Abstract: Usage-limited passcodes support authentication when onboarding new employees, when recovering access after an enrolled device is lost or temporarily unavailable, or when registering passwordless authentication methods for new devices during an out of the box setup, among other scenarios. Usage-limited passcodes are also referred to as “temporary access passes” or TAPs. TAP usage may be limited to a specific number of uses, particular kinds of uses, certain time periods, or a combination thereof. A TAP includes a code string and an implementation of corresponding tokens, rights, and other identity aspects within an enhanced access control infrastructure. TAP usage may supplement or replace other authentication, and in particular may replace authentication through a username and password combination, thereby enhancing both usability and security. Self-service identity confirmation may be used to obtain a TAP. Redirection to a federated domain identity provider may be avoided during TAP authentication.

Abstract: Various methods and systems are provided for providing on-demand emergency management. On-demand emergency management includes emergency management operations (e.g., certificate update operations or managed-secrets rollover operations) for accelerated deployment and expedited installation of certificates or secrets. In operation, a host secret manager on a host machine communicates with client secret managers on virtual machines running the host machine, to provide expedited installation of secrets on the virtual machines. During the certificate update operations, the host secret manager communicates the certificate update secret package having a new secret state to a client secret manager that installs the new certificate state on the virtual machine.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution across scope boundaries. A cross-scope secrets management service (“SMS”) can be utilized to store, renew and distribute secrets across boundaries in a distributed computing environment such as regional boundaries. In some embodiments, locally scoped secrets management services subscribe to receive updates from the cross-scope secrets management service. As secrets are renewed, they are automatically propagated to a subscribing local scope and distributed by the local secrets management service. In various embodiments, SMS can autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored.

Abstract: Various methods and systems are provided for autonomous management for a managed service identity. A first token request, for a secret, is generated at a managed service. The secret supports authenticating the managed service for performing operations in a distributed computing environment. The first token request includes an identity identifier of the managed service. The first token request is communicated to a credentials manager which is associated with a secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in the distributed computing environment. Based on communicating the first token request to credentials manager, the token is received, via the credentials manager, from the secret token service. The token is received based in part on the credentials manager generating a second token request for the token and communicating the second token request and a secret associated with the managed service to the secret token service.

Abstract: Various methods and systems are provided for providing on-demand emergency management. On-demand emergency management includes emergency management operations (e.g., certificate update operations or managed-secrets rollover operations) for accelerated deployment and expedited installation of certificates or secrets. In operation, a host secret manager on a host machine communicates with client secret managers on virtual machines running the host machine, to provide expedited installation of secrets on the virtual machines. During the certificate update operations, the host secret manager communicates the certificate update secret package having a new secret state to a client secret manager that installs the new certificate state on the virtual machine.

Abstract: In various embodiments, methods and systems for game development based on an integrated game development cloud computing platform are provided. Development components that facilitate game development using an integrated game-cloud component are initiated. An input is received to perform a game development task. The game development task is associated with one or more games. The game development task is executed using the integrated game-cloud component. The integrated game-cloud component comprises a game-development-platform development component and a cloud-computing-platform development component combined into an integrated development component supported on the integrated game development cloud computing platform. The game development task can be associated with a first game-platform and a second game-platform of a selected game. The game-platform functions with a cross-platform support component having an integrated core module and an integrated game-platform module.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution across scope boundaries. A cross-scope secrets management service (“SMS”) can be utilized to store, renew and distribute secrets across boundaries in a distributed computing environment such as regional boundaries. In some embodiments, locally scoped secrets management services subscribe to receive updates from the cross-scope secrets management service. As secrets are renewed, they are automatically propagated to a subscribing local scope and distributed by the local secrets management service. In various embodiments, SMS can autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored.

Abstract: Various methods and systems are provided for autonomous management for a managed service identity. A first token request, for a secret, is generated at a managed service. The secret supports authenticating the managed service for performing operations in a distributed computing environment. The first token request includes an identity identifier of the managed service. The first token request is communicated to a credentials manager which is associated with a secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in the distributed computing environment. Based on communicating the first token request to credentials manager, the token is received, via the credentials manager, from the secret token service. The token is received based in part on the credentials manager generating a second token request for the token and communicating the second token request and a secret associated with the managed service to the secret token service.

Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. In another embodiment, the number of active game sessions is monitored and computing resources are allocated dynamically as the number of sessions increases or decreases.

Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. In another embodiment, the number of active game sessions is monitored and computing resources are allocated dynamically as the number of sessions increases or decreases.

Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. In another embodiment, the number of active game sessions is monitored and computing resources are allocated dynamically as the number of sessions increases or decreases.

Abstract: Embodiments provide automated access policy enforcement, content rule enforcement, and data transformations in a binary large object (blob) storage service. Verified and unverified clients are allowed varying degrees of access to stored blobs. In response to a read request associated with a target blob of a particular blob type, criteria from the read request are used to execute one or more transformation functions defined by the blob type to create transformed data, and the transformed data is provided to the client. In response to a write request including a target blob of a particular blob type, a set of content rules associated with the blob type is executed against the target blob. The target blob is stored based on the content rules being successfully executed.

Abstract: Embodiments of the present invention monitor and dynamically allocate computing resources to game sessions running within a game service. A game service provides a remote gaming environments to which users connect over a wide area network, such as the internet. A game session runs a single instance of a game title. The game session runs the video game code responsible for creating the playing experience for the users. Various characteristics of the game session may be monitored and used to allocate computing resources. Usage of computing resources, such as central processing unit (“CPU”) may be monitored directly. In another embodiment, the number of players connected to the game session is monitored and computing resources are allocated dynamically as the number of players increases or decreases.

Abstract: Embodiments provide automated access policy enforcement, content rule enforcement, and data transformations in a binary large object (blob) storage service. Verified and unverified clients are allowed varying degrees of access to stored blobs. In response to a read request associated with a target blob of a particular blob type, criteria from the read request are used to execute one or more transformation functions defined by the blob type to create transformed data, and the transformed data is provided to the client. In response to a write request including a target blob of a particular blob type, a set of content rules associated with the blob type is executed against the target blob. The target blob is stored based on the content rules being successfully executed.

Abstract: Embodiments provide rule-based application configuration using a network service. A configuration parameter associated with an application includes a rule that specifies configuration data based on one or more criteria, such as by selecting a configuration value from a plurality of available configuration values. A request for configuration data corresponding to the configuration parameter is received from a client. The request includes one or more criteria describing a user associated with the client. Customized configuration data is determined based on the rule and the criteria of the request, and the customized configuration data is provided to the client. The client executes the application (e.g., a game) based on the customized configuration data.

Abstract: Embodiments provide automated access policy enforcement, content rule enforcement, and data transformations in a binary large object (blob) storage service. Verified and unverified clients are allowed varying degrees of access to stored blobs. In response to a read request associated with a target blob of a particular blob type, criteria from the read request are used to execute one or more transformation functions defined by the blob type to create transformed data, and the transformed data is provided to the client. In response to a write request including a target blob of a particular blob type, a set of content rules associated with the blob type is executed against the target blob. The target blob is stored based on the content rules being successfully executed.

Abstract: In various embodiments, methods and systems for game development based on an integrated game development cloud computing platform are provided. Development components that facilitate game development using an integrated game-cloud component are initiated. An input is received to perform a game development task. The game development task is associated with one or more games. The game development task is executed using the integrated game-cloud component. The integrated game-cloud component comprises a game-development-platform development component and a cloud-computing-platform development component combined into an integrated development component supported on the integrated game development cloud computing platform. The game development task can be associated with a first game-platform and a second game-platform of a selected game. The game-platform functions with a cross-platform support component having an integrated core module and an integrated game-platform module.