Abstract: Methods, systems, and computer-readable media for creating and managing a multi-tiered service messaging architecture within a cloud service provider or computing environment. In one or more embodiments, the multi-tiered service messaging architecture may comprise a primary topic configured to receive and manage particular service messages. Services of the cloud are allocated a service topic to receive the service messages managed by the primary topic and may itself subscribe to the primary topic to receive the service messages. Through the subscription to the service topic, the service may receive the service messages provided by the primary topic. Still other sub-topics may subscribe to the service topics for additional subscriptions by services to receive the service messages provided by the primary topic.

Abstract: A method performed by an appliance includes receiving, from a managing server, information about a data pattern detection routine to detect abnormal data among operation data of the appliance, determining whether the operation data of the appliance matches a normal data pattern defined by the data pattern detection routine, determining the operation data as the abnormal data when the operation data does not match the normal data pattern, and transmitting the abnormal data to the managing server.

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

Abstract: Methods, computer-readable media, and apparatuses for checking the health of a cloud-based component. The method includes receiving, by a health event hub as output by a first device, a request for performing a health check on a second device; outputting, by the health event hub, the request to each health checker on the network; receiving, by the health event hub, a health data response output by at least one checker that is capable of performing the health check; collecting, by the health event hub, each health data response associated with the request output by the first device that is output by the at least one health checker that is capable of performing the health check on the second device; and outputting, by the health event hub to each health data collector on the network, each health data response associated with the request output by the first device.

Abstract: A system and method for visualizing and querying high dimensional data to a user. The system includes a user device, a data-pearls visualization and querying server. The server obtains the high dimensional data from the user device associated with user. The server generates data clusters and sub-divides the data clusters into non-overlapping subsets of data-pearls using a clustering technique. The server selects a shape for each data-pearl by comparing a distance between centroid of a data-pearl and a farthest point from a determined centroid using Lp norm distance measures. The server configures each data-pearl in a three-dimensional plot. The server enables the user to visualize the data-pearls on a screen of the user device. The server queries data based on a query using data dimension technique. The server dimensions data related to the query through determined classifiers based on filtered data after pruning unrelated data to the query.

Abstract: Methods and systems for sharing data among multiple services are described herein. Multiple services may access data from a shared data source. The services may subscribe to data sharing events. A data sharing service may iterate through the shared data source and transmit data retrieved from the shared data source in data sharing events. When the data sharing service reaches the end of the shared data source, the data sharing service may begin iterating through the shared data source again from the beginning. The data sharing events may be transmitted at a predetermined frequency. The services may subscribe to or unsubscribe from the data sharing events.

Abstract: Techniques for implementing a non-relational database that makes efficient use of collections within the database. For one or more collections, two or more sub-collections can be created for storing documents. Each collection can be configured as a single partition entity or a partitioned entity within the database. Each sub-collection is identified by a sub-collection identifier. If the collection is configured as a partitioned entity, then a partition key can be determined for documents to be accessed in the collection. The partition key can be extended with the sub-collection ID to form a compound property (sub-collection ID, partition key) that determines placements of the respective documents in the identified sub-collection across partitions of the collection. If the collection is configured as a single partition entity, then a field for the partition key is ignored and the respective documents are placed in the identified sub-collection within the single partition of the collection.

Abstract: Methods, systems, and computer-readable media for creating and managing a multi-tiered service messaging architecture within a cloud service provider or computing environment. In one or more embodiments, the multi-tiered service messaging architecture may comprise a primary topic configured to receive and manage particular service messages. Services of the cloud are allocated a service topic to receive the service messages managed by the primary topic and may itself subscribe to the primary topic to receive the service messages. Through the subscription to the service topic, the service may receive the service messages provided by the primary topic. Still other sub-topics may subscribe to the service topics for additional subscriptions by services to receive the service messages provided by the primary topic.

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

Abstract: Methods and systems for sharing data among multiple services are described herein. Multiple services may access data from a shared data source. The services may subscribe to data sharing events. A data sharing service may iterate through the shared data source and transmit data retrieved from the shared data source in data sharing events. When the data sharing service reaches the end of the shared data source, the data sharing service may begin iterating through the shared data source again from the beginning. The data sharing events may be transmitted at a predetermined frequency. The services may subscribe to or unsubscribe from the data sharing events.

Abstract: Techniques for implementing a non-relational database that makes efficient use of collections within the database. For one or more collections, two or more sub-collections can be created for storing documents. Each collection can be configured as a single partition entity or a partitioned entity within the database. Each sub-collection is identified by a sub-collection identifier. If the collection is configured as a partitioned entity, then a partition key can be determined for documents to be accessed in the collection. The partition key can be extended with the sub-collection ID to form a compound property (sub-collection ID, partition key) that determines placements of the respective documents in the identified sub-collection across partitions of the collection. If the collection is configured as a single partition entity, then a field for the partition key is ignored and the respective documents are placed in the identified sub-collection within the single partition of the collection.

Abstract: Methods, systems, and computer-readable media for creating and managing a multi-tiered service messaging architecture within a cloud service provider or computing environment. In one or more embodiments, the multi-tiered service messaging architecture may comprise a primary topic configured to receive and manage particular service messages. Services of the cloud are allocated a service topic to receive the service messages managed by the primary topic and may itself subscribe to the primary topic to receive the service messages. Through the subscription to the service topic, the service may receive the service messages provided by the primary topic. Still other sub-topics may subscribe to the service topics for additional subscriptions by services to receive the service messages provided by the primary topic.

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

Abstract: Aspects described herein may utilize self-federation in a plugin-based authentication system to support combinations of authentication processes. The authentication system may include a plugin that executes an authentication process that is a combination of two or more other authentication processes. This plugin may handle the combined authentication process by self-federating back to the authentication interface, generating its own authentication requests under each of the subsidiary authentication processes. Thus, the self-federating plugin corresponding to the combined authentication process may allow the authentication system to support authentication requests that indicate the combined authentication process. This “chained” authentication process, accomplished through self-federation, may allow the authentication system to reuse existing code paths and avoid downsides associated with duplication of code.

Abstract: A technique for managing a read cache in an eventually-consistent data store includes, in response to a read request for a specified data element, receiving the specified data element from the read cache as well as a remaining TTL (time to live) of the data element, as indicated by a timer for that data element in the read cache. If the remaining TTL falls below a predetermined value, the technique triggers an early refresh of the specified data element, prior to its expiration. Consequently, later-arriving read requests to the same data element that arrive before the data element has been refreshed experience cache hits, thus avoiding the need to perform their own time-consuming refresh operations.

Abstract: Methods, systems, and computer-readable media for creating and managing a multi-tiered service messaging architecture within a cloud service provider or computing environment. In one or more embodiments, the multi-tiered service messaging architecture may comprise a primary topic configured to receive and manage particular service messages. Services of the cloud are allocated a service topic to receive the service messages managed by the primary topic and may itself subscribe to the primary topic to receive the service messages. Through the subscription to the service topic, the service may receive the service messages provided by the primary topic. Still other sub-topics may subscribe to the service topics for additional subscriptions by services to receive the service messages provided by the primary topic.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: Described herein are systems and methods for managing releases of global services in a controlled manner. A computing environment may include a first release of a global service, a second release of the global service, and a manager service. The first and second release may be enabled and disabled. The first release may be enabled and the second release may be disabled. The second release may be ready for use in the computing environment after passing one or more checks. A manager service may enable use of the second release in the computing environment. The manager service may disable use of (but maintain execution of) the first release in the computing environment. The second release may be determined to have one or more issues. Responsive to determining the second release has issue(s), the manager service may disable use of the second release and re-enable use of the first release.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide creation and management of composite tokens for use with services in a virtual environment without the user having to re-authenticate each time the user accesses a different service. A composite identity server may receive a request to upgrade a first authentication token for a user. The composite identity server may redirect a user agent to an identity provider for authentication and, in response, may receive a second authentication token for the user. The composite identity server may send the second authentication token to a federated microservice and, in response, may receive one or more claims of the second authentication token designated for inclusion in a composite token. The composite identity server may generate a composite token including the one or more claims of the first authentication token and one or more claims of the second authentication token.

Abstract: A technique for managing a read cache in an eventually-consistent data store includes, in response to a read request for a specified data element, receiving the specified data element from the read cache as well as a remaining TTL (time to live) of the data element, as indicated by a timer for that data element in the read cache. If the remaining TTL falls below a predetermined value, the technique triggers an early refresh of the specified data element, prior to its expiration. Consequently, later-arriving read requests to the same data element that arrive before the data element has been refreshed experience cache hits, thus avoiding the need to perform their own time-consuming refresh operations.