Abstract: Techniques for persisting user data across secure shell instances are provided. A method includes receiving a first request from a session manager service to establish a connection to a secure shell instance and restore a user block volume with corresponding backup user data. The method may include reserving an empty block volume. The method may also include transmitting a backup data identifier associated with the corresponding backup user data to a backup service and receiving the corresponding backup user data from the backup service. The method may further include providing the corresponding backup user data to the empty block volume to create a restore volume and transmitting a restore volume identifier corresponding to a data center identifier to the session manager service. The method may include receiving a second request to attach the restore volume to a reserved instance, the second request being received from the session manager service.

Abstract: The present embodiments relate to a cloud shell extension framework. A cloud infrastructure (CI) service can invoke a cloud shell from a console to the CI. The service may request that context data to be added for use in a terminal session. The cloud shell extension can include a tool or script that can be used to obtain context data or sample code for preparing an environment specific to the service prior to the user interaction with the environment. The cloud shell extension can allow for a service to register an extension in the cloud shell framework, and their extension can be invoked when a client initiates the cloud shell with the service. The extension can allow for the invoked service to forward context data, such as environment variables, to be set in the terminal session for the client.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for persisting user data across secure shell instances are provided. A method includes receiving a first request from a session manager service to establish a connection to a secure shell instance and restore a user block volume with corresponding backup user data. The method may include reserving an empty block volume. The method may also include transmitting a backup data identifier associated with the corresponding backup user data to a backup service and receiving the corresponding backup user data from the backup service. The method may further include providing the corresponding backup user data to the empty block volume to create a restore volume and transmitting a restore volume identifier corresponding to a data center identifier to the session manager service. The method may include receiving a second request to attach the restore volume to a reserved instance, the second request being received from the session manager service.

Abstract: The present embodiments relate to a cloud shell extension framework. A cloud infrastructure (CI) service can invoke a cloud shell from a console to the CI. The service may request that context data to be added for use in a terminal session. The cloud shell extension can include a tool or script that can be used to obtain context data or sample code for preparing an environment specific to the service prior to the user interaction with the environment. The cloud shell extension can allow for a service to register an extension in the cloud shell framework, and their extension can be invoked when a client initiates the cloud shell with the service. The extension can allow for the invoked service to forward context data, such as environment variables, to be set in the terminal session for the client.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC), the primary vNIC being configured to permit incoming traffic. The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured to permit outgoing traffic from the computer system to the shell subnet.

Abstract: Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for persisting user data across secure shell instances are provided. A method includes receiving a first request from a session manager service to establish a connection to a secure shell instance and restore a user block volume with corresponding backup user data. The method may include reserving an empty block volume. The method may also include transmitting a backup data identifier associated with the corresponding backup user data to a backup service and receiving the corresponding backup user data from the backup service. The method may further include providing the corresponding backup user data to the empty block volume to create a restore volume and transmitting a restore volume identifier corresponding to a data center identifier to the session manager service. The method may include receiving a second request to attach the restore volume to a reserved instance, the second request being received from the session manager service.

Abstract: Techniques for persisting user data across secure shell instances are provided. The techniques include a method wherein a computer system receives a request to reserve a block volume, the request being received from a session manager service. The method also includes reserving the block volume, identifying a data center identifier of the block volume, returning the data center identifier of the block volume to the session manager service, attaching the block volume to a volume management fleet machine, receiving an instruction from the session manager service to release the block volume, creating a backup of the block volume comprising the data stored in the block volume, and releasing the block volume.

Abstract: The present embodiments relate to a cloud shell extension framework. A cloud infrastructure (CI) service can invoke a cloud shell from a console to the CI. The service may request that context data to be added for use in a terminal session. The cloud shell extension can include a tool or script that can be used to obtain context data or sample code for preparing an environment specific to the service prior to the user interaction with the environment. The cloud shell extension can allow for a service to register an extension in the cloud shell framework, and their extension can be invoked when a client initiates the cloud shell with the service. The extension can allow for the invoked service to forward context data, such as environment variables, to be set in the terminal session for the client.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for persisting user data across secure shell instances are provided. The techniques include a method wherein a computer system receives a request to reserve a block volume, the request being received from a session manager service. The method also includes reserving the block volume, identifying a data center identifier of the block volume, returning the data center identifier of the block volume to the session manager service, attaching the block volume to a volume management fleet machine, receiving an instruction from the session manager service to release the block volume, creating a backup of the block volume comprising the data stored in the block volume, and releasing the block volume.

Abstract: Techniques for utilising multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for utilizing multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the secondary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Techniques for persisting user data across secure shell instances are provided. The techniques include a method wherein a computer system receives a request to reserve a block volume, the request being received from a session manager service. The method also includes reserving the block volume, identifying a data center identifier of the block volume, returning the data center identifier of the block volume to the session manager service, attaching the block volume to a volume management fleet machine, receiving an instruction from the session manager service to release the block volume, creating a backup of the block volume comprising the data stored in the block volume, and releasing the block volume.

Abstract: Techniques for persisting user data across secure shell instances are provided. The techniques include a method wherein a computer system receives a request to reserve a block volume, the request being received from a session manager service. The method also includes reserving the block volume, identifying a data center identifier of the block volume, returning the data center identifier of the block volume to the session manager service, attaching the block volume to a volume management fleet machine, receiving an instruction from the session manager service to release the block volume, creating a backup of the block volume comprising the data stored in the block volume, and releasing the block volume.

Abstract: Techniques for utilising multiple network interfaces for a cloud shell are provided. The techniques include receiving, by a computer system, a command to execute an operation by the computer system, the command being received from a router via a primary virtual network interface card (vNIC). The computer system may execute the operation, generating an output of the operation. The techniques also include transmitting, by the computer system, a message comprising the output of the operation to a shell subnet via a secondary vNIC, the second ary vNIC being configured for unidirectional transmission from the computer system to the shell subnet. The shell subnet may be configured to transmit the output of the operation to an external network via a network gateway.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.