Abstract: Methods, systems and computer program products for content management and collaboration systems. Embodiments address handling remotely-stored preformatted previews of remotely stored content objects for display on a user device without having to store a local copy of the remotely stored content objects to the user device. A user operates a content object viewer that is provided as part of the operating system running on the user device. As provided, the content object viewer includes a graphical user interface for accessing files of the operating system. Using the graphical user interface capabilities of the content object viewer, the user selects a particular one of the remotely stored content objects. Upon such selection, the content object viewer displays a preview of the particular one of the remotely stored content objects without having to have a local copy of the particular one of the remotely stored content objects at the user device.

Abstract: Methods, systems and computer program products for managing shared content directory structure metadata stored on client devices. A method embodiment includes identifying a collaboration system that stores one or more content objects that are organized in accordance with a directory structure. Requests pertaining to the content objects are raised by processing entities running on the client device. The requests include instructions to retrieve one or more of multiple types of metadata associated with the directory elements that constitute the directory structure. Based on timing and patterns of requests pertaining to the content objects, a monitoring function detects unwanted runaway retrieval by a runaway process. To prevent further unwanted runaway retrieval of the metadata, the runaway process is blocked from continuing its pattern of unwanted (runaway) retrieval. The collaboration system is notified of characteristics of the runaway process.

Abstract: Methods, systems and computer program products for managing shared content directory structure metadata stored on client devices. A method embodiment includes identifying a collaboration system that stores one or more content objects that are organized in accordance with a directory structure. Requests pertaining to the content objects are raised by processing entities running on the client device. The requests include instructions to retrieve one or more of multiple types of metadata associated with the directory elements that constitute the directory structure. Based on timing and patterns of requests pertaining to the content objects, a monitoring function detects unwanted runaway retrieval by a runaway process. To prevent further unwanted runaway retrieval of the metadata, the runaway process is blocked from continuing its pattern of unwanted (runaway) retrieval. The collaboration system is notified of characteristics of the runaway process.

Abstract: Methods, systems and computer program products for content management and collaboration systems. Embodiments address handling remotely-stored preformatted previews of remotely stored content objects for display on a user device without having to store a local copy of the remotely stored content objects to the user device. A user operates a content object viewer that is provided as part of the operating system running on the user device. As provided, the content object viewer includes a graphical user interface for accessing files of the operating system. Using the graphical user interface capabilities of the content object viewer, the user selects a particular one of the remotely stored content objects. Upon such selection, the content object viewer displays a preview of the particular one of the remotely stored content objects without having to have a local copy of the particular one of the remotely stored content objects at the user device.

Abstract: Approaches for managing potentially malicious files using one or more isolated environments. In response to receiving a request to perform an action on a file, a client applies a policy to determine whether the action is deemed trustworthy. The client identifies, without human intervention, an isolated environment, executing or to be executed on the client, in which the action is to be performed based on whether the action is deemed trustworthy. In this way, embodiments allow a user to make use of data deemed untrusted in certain cases without allowing the untrusted data from having unfettered access to the resources of the client. If the requested action is performed in a different isolated environment from which the action was requested, embodiments enable the performance of the action to be performed seamlessly to the user.

Abstract: Approaches for launching an application within a virtual machine. In response to receiving a request to launch an application, a device instantiates, without human intervention and based on a policy, a virtual machine in which the application is to be launched. The policy determines which resources of a device, such as a mobile device or computer system, are accessible to the virtual machine. The policy may, but need not, determine whether the virtual machine has access to a type of resource which obligates the user of the device to make a monetary payment for the user of the resource.

Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.

Abstract: Approaches for rendering a file within a display mode. A guest module, executing within a virtual machine, determines that a process executing within the virtual machine is requesting to display a file. The guest module sends a request to display the file to a host module which executes within a host operating system. After the host module receives the request, the host module determines whether a user initiated the display of the file. Upon the host module determining that the file is permitted to be displayed, the host module determines a particular display mode for the file. Thereafter, the host module causes the file to be displayed in the particular display mode. Files may be automatically displayed in a configurable display mode in a secure manner.

Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.

Abstract: Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print or digitally transfer at least a portion of the digital file, the virtual machine converts at least a portion of the digital file from an original format to a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print or digitally transfer the portion of the digital file. The host OS may consult policy data in determining how to service the instruction to print or digitally transfer the digital file.

Abstract: Approaches for an operating system to ascertain whether files stored its file system have been deemed trustworthy. When an operating system receives a request to perform an operation involving a file that is stored within the file system maintained by the operating system, the operating system requests the file from a driver. In turn, the driver consults a set of trust data to identify whether the file has been previously deemed trustworthy. Upon the driver determining that the file has been deemed trustworthy, the driver provides the file to the operating system in a first format. On the other hand, upon the driver determining that the file has not been deemed trustworthy, the driver provides the file to the operating system in a second format that is different than the first format. Advantageously, the file is stored in a single format in the file system.

Abstract: Approaches for securing resources of a virtual machine. An application executes on a host operating system. A user instructs the application to display a file. In response, a host module executing on the host operating system instructs a guest module, executing within a virtual machine, to render the file within the virtual machine. The application displays the file using screen data which was created within the virtual machine and defines a rendered representation of the file. The user is prevented from accessing any resource of the virtual machine unrelated to the file. The virtual machine may consult policy data to determine how to perform certain user-initiated actions within the virtual machine. Examples of the file include image, a document, an email, and a web page.

Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.

Abstract: Approaches for transferring a file using a virtualized application. A virtualized application executes within a virtual machine residing on a physical machine. When the virtualized application is instructed to download a file stored external to the physical machine, the virtualized application displays an interface which enables at least a portion of a file system, maintained by a host OS, to be browsed while preventing files stored within the virtual machine to be browsed. Upon the virtualized application receiving input identifying a target location within the file system, the virtualized application stores the file at the target location. The virtualized application may also upload a file stored on the physical machine using an interface which enables at least a portion of a file system of a host OS to be browsed while preventing files in the virtual machine to be browsed.

Abstract: Approaches for processing a digital file in a manner designed to minimize exposure of any malicious code contained therein. A digital file resides with a virtual machine. When the virtual machine receives an instruction to print, fax, or email the digital file, the virtual machine creates, from the digital file existing in an original format, a copy of the digital file in a different format within the virtual machine. The different format preserves a visual presentation of the digital file without supporting metadata or file format data structures of the original format. The virtual machine instructs the host OS to print the copy of the digital file, send a facsimile of the copy of the digital file, or email the copy of the digital file. The host OS may consult policy data in determining how to carry out the request vis-à-vis the digital file.

Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.

Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.

Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.

Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.

Abstract: A service appliance is installed between production servers running service applications and service users. The production servers and their service applications provide services to the service users. In the event that a production server is unable to provide its service to users, the service appliance can transparently intervene to maintain service availability. To maintain transparency to service users and service applications, service users are located on a first network and production servers are located on a second network. The service appliance assumes the addresses of the service users on the second network and the addresses of the production servers on the first network. Thus, the service appliance obtains all network traffic sent between the production server and service users. While the service application is operating correctly, the service appliance forwards network traffic between the two networks using various network layers.