Abstract: Disclosed are techniques for providing a platform that allows a user to remotely establish a connection with a virtual machine operating on a server farm In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may interact with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers.

Abstract: Techniques for configuring a commodity server to host virtual hard disks are disclosed herein. In an exemplary embodiment, a virtual hard disk file can be split into a plurality of differencing VHD files and one or more of the files can be downloaded to a virtualization host as it runs off the VHD files stored on the server. After the one or more VHD files are downloaded, the virtualization host can be configured to use the local copy instead of the copy on the commodity server. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract: Systems, methods, and computer-readable storage media are disclosed for roaming profiles and application compatibility in multi-user systems. In an embodiment, a user profile exists on a plurality of client computers. Each client computer executes a roaming profile client that intercepts a change to an application's settings. The roaming profile client sends this change to a roaming profile server that stores it. When the user profile logs on to a second client computer, the roaming profile server sends an indication of the change to a second roaming profile client on the second client computer. This roaming profile client alters the settings for the application on the second client computer such that, when the user session executes the application on the second client computer, the application reflects the change.

Abstract: Techniques are disclosed for virtualizing internet protocol (IP) addresses in terminal server sessions. Techniques include receiving requests for a virtual IP address from a client component, determining whether the requestor can use the virtual IP address, and either returning a requested virtual IP address or returning an indication that the requestor cannot use a virtual IP address. Methods for determining whether a virtual IP address can be used and methods for choosing a virtual IP address are disclosed.

Abstract: Techniques are disclosed for virtualizing internet protocol (IP) addresses in terminal server sessions. A client component comprises a layer service provider (LSP) and a name service provider (NSP) that intercept a socket call to associate a port with a socket for a terminal server session. The client component queries a server component for a virtual IP address, and the server component determines whether the terminal server session can use a virtual IP address. Where the session can use a virtual IP address, the server returns a virtual IP address and the client component binds the socket call to the virtual IP address. Where the session cannot use a virtual IP address, the server returns an indication of that, and the client component acts as a proxy for that socket call and any future calls for that socket.

Abstract: Systems, methods, and computer-readable storage media are disclosed for roaming profiles and application compatibility in multi-user systems. In an embodiment, a user profile exists on a plurality of client computers. Each client computer executes a roaming profile client that intercepts a change to an application's settings. The roaming profile client sends this change to a roaming profile server that stores it. When the user profile logs on to a second client computer, the roaming profile server sends an indication of the change to a second roaming profile client on the second client computer. This roaming profile client alters the settings for the application on the second client computer such that, when the user session executes the application on the second client computer, the application reflects the change.

Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

Abstract: Systems, methods, and computer-readable storage media are disclosed for roaming profiles and application compatibility in multi-user systems. In an embodiment, a user profile exists on a plurality of client computers. Each client computer executes a roaming profile client that intercepts a change to an application's settings. The roaming profile client sends this change to a roaming profile server that stores it. When the user profile logs on to a second client computer, the roaming profile server sends an indication of the change to a second roaming profile client on the second client computer. This roaming profile client alters the settings for the application on the second client computer such that, when the user session executes the application on the second client computer, the application reflects the change.

Abstract: Disclosed are techniques for providing a platform and application program interface (API) that leverages a terminal services session broker infrastructure to support third party plug-in applications. In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may interact with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers.

Abstract: Techniques for extending federation services to access desktop applications are herein described. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Aspects of the subject matter described herein relate to delegating application invocation back to a client. In aspects, a server hosts an application that has a user interface that is presented on a client. User interaction on the user interface is encoded and sent to the server to give to the application. When the user uses the application such that another application is to be executed, a server delegator determines whether to execute the other application on the server or the client. If the application is to be executed on the client, the server delegator instructs a component that executes on the client to execute the application on the client. Otherwise, the application is executed on the server and data representing the user interface of the application is sent to the client so that the client may present the user interface to a user.

Abstract: Techniques for configuring and operating a virtual desktop session are disclosed herein. In an exemplary embodiment, an inter-partition communication channel can be established between a virtualization platform and a virtual machine. The inter-partition communication channel can be used to configure a guest operating system to conduct virtual desktop sessions and manage running virtual desktop sessions. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract: Techniques for enabling two-factor authentication for terminal services are described. A client receives an authentication token from an authentication server. The authentication token is used as a factor for authenticating the client to a terminal services device. Native authentication of the client is also performed.

Abstract: The present invention extends to methods, systems, and computer program products for group based allocation of terminal server network bandwidth. Output packets are classified into groups based on classification criteria. Output packets for each group are queue into a corresponding queue. During a queue flush cycle each queue containing data is flushed for an essentially equal amount of time. Flushing each queue essentially equally reduces the negative impact that can otherwise result when a subset of sessions (or even a single session) request(s) a disproportional share of terminal server network bandwidth. Responsiveness can be further increased by distributing the essentially equal amount for each queue across the queue flush cycle.

Abstract: Embodiments that facilitate the fair and dynamic distribution of central processing unit (CPU) time are disclosed. In accordance with one embodiment, a method includes organizing one or more processes into one or more groups. The method further includes allocating a CPU time interval for each group. The allocation of a CPU time interval for each group is accomplished by equally distributing a CPU cycle based on the number of groups. The method also includes adjusting the allocated CPU time intervals based on a change in the quantity of the one or more groups.

Abstract: Techniques for facilitating automatic detection of a type of wireless network are described. In accordance with one or more embodiments, wireless network client(s) can automatically detect the “type” of a network (e.g., method of authentication and encryption) without requiring input from the user. In accordance with one or more embodiments, a wireless network detection system having a connection component and a detection component is provided. The connection component facilitates connection of a client system to at least one of a plurality of wireless networks. The detection component identifies a type of an available wireless network. Identification can be based, for example, upon information received in an information element and/or iterative probing of the wireless network beacon.

Abstract: A system and method for facilitating automatic detection of a type of wireless network is provided. In accordance with an aspect of the present invention, wireless network client(s) can automatically detect the “type” of a network (e.g., method of authentication and encryption) without requiring input from the user. For example, unencrypted network, WEP encrypted network requiring a WEP key, WPA encrypted network requiring a pre-shared key, an IEEE 802.1x enabled network supporting WPA and/or an IEEE 802.1x enabled network not supporting WPA. In accordance with an aspect of the present invention, a wireless network detection system having a connection component and a detection component is provided. The connection component facilitates connection of a client system to at least one of a plurality of wireless networks. The detection component identities a type of an available wireless network.

Abstract: Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.

Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.