Abstract: Systems, methods, and computer-readable media for operating a dedicated virtual machine host cluster within cloud computing infrastructure are described herein. In one embodiment, an instance principal certificate that includes a virtual network identifier for a dedicated virtual network for the cluster is retrieved by a host computing device. The instance principal certificate is authenticated by the host against a switch to grant access of the host to a virtual network indicated by the virtual network identifier through a network interface card of the host. A virtual function of the network interface card of the host is allocated to a guest virtual machine. The guest virtual machine is launched in the host with the virtual function as a network device of the guest virtual machine.

Abstract: Systems, methods, and computer-readable media for operating a dedicated virtual machine host cluster within cloud computing infrastructure are described herein. In one embodiment, an instance principal certificate that includes a virtual network identifier for a dedicated virtual network for the cluster is retrieved by a host computing device. The instance principal certificate is authenticated by the host against a switch to grant access of the host to a virtual network indicated by the virtual network identifier through a network interface card of the host. A virtual function of the network interface card of the host is allocated to a guest virtual machine. The guest virtual machine is launched in the host with the virtual function as a network device of the guest virtual machine.

Abstract: Systems, methods, and other embodiments associated with cloud computing cluster isolation with strong authentication and automatic configuration deployment are described. In one embodiment, a method includes, in response to receiving an authentication frame through the uncontrolled port, (i) extracting data from the authentication frame for performing authentication, and (ii) parsing the authentication frame to identify a piggybacked virtual network identifier that functions as an instruction to create an isolated connection. If the authentication was successful and the piggybacked virtual network identifier was identified, creating the isolated connection between the controlled port and a virtual network that is identified by the piggybacked virtual network identifier.

Abstract: Systems, methods, and other embodiments associated with cloud computing cluster isolation with strong authentication and automatic configuration deployment are described. In one embodiment, a method includes, in response to receiving an authentication frame through the uncontrolled port, (i) extracting data from the authentication frame for performing authentication, and (ii) parsing the authentication frame to identify a piggybacked virtual network identifier that functions as an instruction to create an isolated connection. If the authentication was successful and the piggybacked virtual network identifier was identified, creating the isolated connection between the controlled port and a virtual network that is identified by the piggybacked virtual network identifier.

Abstract: Methods and systems for implementing a link layer path latency protocol (LLPLP) to monitor per-hop path latency are provided. According to one embodiment, a LLPLP message of a first type, including multiple hop records corresponding to multiple hops in a unique set of hops derived from all possible paths between a start node and an end node within the private network, is sent to a source node specified by a first hop record of the multiple hop records. Receipt of the LLPLP message by a source node specified in one or more hop records causes the source node to send one or more LLPLP messages of the first type to corresponding destination nodes. Receipt of the LLPLP message by a destination node specified in one or more hop records causes the destination node to calculate and return latency measurements for the appropriate hops via LLPLP messages of a second type.

Abstract: A secure key distribution server (SKDS) determines the identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once identity is established, keys may be securely distributed. The SKDS may also be implemented in a peer-to-peer configuration.

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract: Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.

Abstract: A plurality of phrases may be extracted from documents associated with one or more document sources. The plurality of phrases may be filtered and processed to determine a frequency in which the plurality of phrases appear in the documents and/or a number of the document sources in which each phrase appears. A weight may be assigned to each of the phrases and, based at least in part on the assigned weight, a visual representation of the plurality of phrases may be presented. The visual representation may be dynamically updated based at least in part on an updated frequency or an updated total number of document sources associated with any one of the plurality of phrases.

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract: Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.

Abstract: Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.

Abstract: Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.