Abstract: Examples of the present disclosure describe security context enforcement in a multi-tenant environment. Security context data may be transmitted through an un-secure multi-tenant computational environment. The security context data is secured by protection layers that restrict untrusted resources from running tenant applications and restrict the ability of unauthorized tenants to access context information associated with a tenant. Data may be received and evaluated at a component of a multi-tenant environment. If the component is a trusted component and the security context data indicates that the tenant is authorized to execute an application using a specified context, the component may run a tenant application in a context associated with the security context data.

Abstract: Examples of the present disclosure describe security context enforcement in a multi-tenant environment. Security context data may be transmitted through an un-secure multi-tenant computational environment. The security context data is secured by protection layers that restrict untrusted resources from running tenant applications and restrict the ability of unauthorized tenants to access context information associated with a tenant. Data may be received and evaluated at a component of a multi-tenant environment. If the component is a trusted component and the security context data indicates that the tenant is authorized to execute an application using a specified context, the component may run a tenant application in a context associated with the security context data.

Abstract: A system for automatically implementing high-level instructions in a distributed application program, where the high-level instructions reflect the behavior of the distributed application program, includes at least a tools component. The tools component is used to write high-level instructions in the form of declarative models, and place them in a repository. An executive component then receives the declarative models from the repository and refines them (e.g., via progressive elaboration) until there are no ambiguities. A platform-specific driver then translates the commands from the executive component, effectively turning the declarative model instructions into a set of imperative actions to be implemented in one or more application containers. The platform-specific driver also relays one or more event streams to an analytics means, which can result in modifications to the declarative models and corresponding new sets of instructions coming through the platform-specific driver at a later point.

Abstract: The present invention extends to methods, systems, and computer program products for monitoring distributed applications. Declarative application models are used. Operational data for a deployed application can be compared to an application intent expressed in a corresponding declarative application to provide more effective monitoring of application behavior. Application components can subscribe to an event fabric to receive configurations that indicate what events the application is to emit (i.e., publish into the event fabric) for monitoring. Thus, applications essentially subscribe to produce information (as opposed to subscribing to receive information). Monitoring can be dynamically adjusted in response to environment changes.

Abstract: The present invention extends to methods, systems, and computer program products for managing software lifecycle. Based on declarative models and knowledge of their interpretation, embodiments of the present invention facilitate lifecycle management for model-based software applications. Lifecycle models, such as, for example, lifecycle state machine models are stored in a shared repository such that executive services can determine how software application lifecycles are to be managed and transitioned. Software lifecycle activities can verify that a transition is possible and identify any errors preventing a lifecycle transition. Model-based error handling and error recovery mechanisms can be used to correct any identified errors.

Abstract: The present invention extends to methods, systems, and computer program products for modeling and managing heterogeneous applications. Application intent can be described in a relatively straight forward manner that abstracts underlying implementation details. Thus, application developers can develop applications without necessarily having to know extensive details of an underlying implementation environment. In any event, an application can be executed in different implementation environments without requiring changes to the corresponding model.

Abstract: A virtual environment can be configured to coordinate life cycles of virtual machines and application programs executing therein. In one implementation, the virtual environment includes an application layer and a virtual machine layer. The application layer communicates with the virtual machine layer to coordinate and directs virtual machine creation and deletion in a coordinated fashion with application programs. For example, the application layer receives a request to initiate an application program. The application layer determines from associated application properties the type and/or number of virtual machines to be created. The application layer then directs creation of the appropriate virtual machines (through the virtual machine layer), and further directs installation of the requested application programs therein.

Abstract: A system for automatically adjusting operation of a distributed application program includes analytics means having a monitoring component. The monitoring component receives one or more event streams of data corresponding to execution of one or more modules of the distributed application program. The monitoring component joins the received event streams with one or more declarative models to create operational data. A forensics component of the analytics means queries, such as by using data from a declarative model store, the operational data to identify trends or behavior information for the various modules or components of the distributed application program. A planner component then reviews data created by the forensics component to identify any needed changes to the declarative models. The planner component passes any modified declarative models back to the system, so that the distributed application program can operate more efficiently using the changes to the declarative models, as needed.

Abstract: A distributed application deployment engine uses declarative deployment data that describes deployment characteristics for application modules, and potential target environments. The engine uses the deployment data to potentially match a module to a deployment target. At some point, the modules may then be actually deployed on the identified deployment target. This may be performed for multiple modules in the distributed application, thereby deploying the distributed application in a distributed environment.

Abstract: The present invention extends to methods, systems, and computer program products for distributed behavior controlled execution of modeled applications. Embodiments of the invention facilitate the interoperation of a central data store along with various peer-to-peer functionalities. Thus, distributed applications can be executed in an environment that utilizes advantages of both a central data store and peer-to-peer messaging. A read-only portion of a centralized data store can be used to provide some behavior control over various processing systems during execution of a distributed software application. Thus, embodiments of the invention can be used to form a policy-driven collective of nodes forming a distributed, decentralized run-time for model-based applications. Utilizing a cooperating collective of nodes that comply with centralized polices and execute applications over a peer-to-peer fabric permits a distributed application runtime to accommodate distribution and decentralization on a large scale.

Abstract: A system for automatically adjusting operation of a distributed application program includes analytics means having a monitoring component. The monitoring component receives one or more event streams of data corresponding to execution of one or more modules of the distributed application program. The monitoring component joins the received event streams with one or more declarative models to create operational data. A forensics component of the analytics means queries, such as by using data from a declarative model store, the operational data to identify trends or behavior information for the various modules or components of the distributed application program. A planner component then reviews data created by the forensics component to identify any needed changes to the declarative models. The planner component passes any modified declarative models back to the system, so that the distributed application program can operate more efficiently using the changes to the declarative models, as needed.

Abstract: A system for automatically adjusting operation of a distributed application program includes analytics means having a monitoring component. The monitoring component receives one or more event streams of data corresponding to execution of one or more modules of the distributed application program. The monitoring component joins the received event streams with one or more declarative models to create operational data. A forensics component of the analytics means queries, such as by using data from a declarative model store, the operational data to identify trends or behavior information for the various modules or components of the distributed application program. A planner component then reviews data created by the forensics component to identify any needed changes to the declarative models. The planner component passes any modified declarative models back to the system, so that the distributed application program can operate more efficiently using the changes to the declarative models, as needed.

Abstract: The present invention extends to methods, systems, and computer program products for performing requested commands for model-based applications. Embodiments of the invention permit efficient implementation of operations for model-based applications. Since drivers that are to implement an operation request data for implementing the operation, embodiments significantly reduce the likelihood of superfluous data being exchanged between an executive service and drivers. Further, if an operation is interrupted before implementation is complete, the operation can be resumed without having to re-perform already completed portions of the operation. Additionally, a user can be regularly updated on the progress of their commands.

Abstract: A virtual environment can be configured to coordinate life cycles of virtual machines and application programs executing therein. In one implementation, the virtual environment includes an application layer and a virtual machine layer. The application layer communicates with the virtual machine layer to coordinate and directs virtual machine creation and deletion in a coordinated fashion with application programs. For example, the application layer receives a request to initiate an application program. The application layer determines from associated application properties the type and/or number of virtual machines to be created. The application layer then directs creation of the appropriate virtual machines (through the virtual machine layer), and further directs installation of the requested application programs therein.

Abstract: A distributed application deployment engine uses declarative deployment data that describes deployment characteristics for application modules, and potential target environments. The engine uses the deployment data to potentially match a module to a deployment target. At some point, the modules may then be actually deployed on the identified deployment target. This may be performed for multiple modules in the distributed application, thereby deploying the distributed application in a distributed environment.

Abstract: The present invention extends to methods, systems, and computer program products for performing requested commands for model-based applications. Embodiments of the invention permit efficient implementation of operations for model-based applications. Since drivers that are to implement an operation request data for implementing the operation, embodiments significantly reduce the likelihood of superfluous data being exchanged between an executive service and drivers. Further, if an operation is interrupted before implementation is complete, the operation can be resumed without having to re-perform already completed portions of the operation. Additionally, a user can be regularly updated on the progress of their commands.

Abstract: The present invention extends to methods, systems, and computer program products for modeling and managing heterogeneous applications. Application intent can be described in a relatively straight forward manner that abstracts underlying implementation details. Thus, application developers can develop applications without necessarily having to know extensive details of an underlying implementation environment. In any event, an application can be executed in different implementation environments without requiring changes to the corresponding model.

Abstract: The present invention extends to methods, systems, and computer program products for managing software lifecycle. Based on declarative models and knowledge of their interpretation, embodiments of the present invention facilitate lifecycle management for model-based software applications. Lifecycle models, such as, for example, lifecycle state machine models are stored in a shared repository such that executive services can determine how software application lifecycles are to be managed and transitioned. Software lifecycle activities can verify that a transition is possible and identify any errors preventing a lifecycle transition. Model-based error handling and error recovery mechanisms can be used to correct any identified errors.

Abstract: The present invention extends to methods, systems, and computer program products for monitoring distributed applications. Declarative application models are used. Operational data for a deployed application can be compared to an application intent expressed in a corresponding declarative application to provide more effective monitoring of application behavior. Application components can subscribe to an event fabric to receive configurations that indicate what events the application is to emit (i.e., publish into the event fabric) for monitoring. Thus, applications essentially subscribe to produce information (as opposed to subscribing to receive information). Monitoring can be dynamically adjusted in response to environment changes.

Abstract: A system for automatically implementing high-level instructions in a distributed application program, where the high-level instructions reflect the behavior of the distributed application program, includes at least a tools component. The tools component is used to write high-level instructions in the form of declarative models, and place them in a repository. An executive component then receives the declarative models from the repository and refines them (e.g., via progressive elaboration) until there are no ambiguities. A platform-specific driver then translates the commands from the executive component, effectively turning the declarative model instructions into a set of imperative actions to be implemented in one or more application containers. The platform-specific driver also relays one or more event streams to an analytics means, which can result in modifications to the declarative models and corresponding new sets of instructions coming through the platform-specific driver at a later point.