Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a computer system receives authentication information for a private domain from an entity. The entity indicates that their private virtual machines are to be provisioned on a public cloud, where the entity's private domain is accessible using the authentication information. The computer system establishes a virtual network on the public cloud which is configured to host the entity's private virtual machines, where each virtual machine hosts remote applications. The computer system establishes an authenticated connection from the virtual network to the entity's private domain using the received authentication information and provides the entity's private virtual machines on the public cloud.

Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a computer system receives authentication information for a private domain from an entity. The entity indicates that their private virtual machines are to be provisioned on a public cloud, where the entity's private domain is accessible using the authentication information. The computer system establishes a virtual network on the public cloud which is configured to host the entity's private virtual machines, where each virtual machine hosts remote applications. The computer system establishes an authenticated connection from the virtual network to the entity's private domain using the received authentication information and provides the entity's private virtual machines on the public cloud.

Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a virtual network is established at a public cloud environment based on a request received from a private domain, and an authenticated session is established between the virtual network and the private domain. A virtual machine is hosted within the virtual network. The virtual machine is configured to be accessible to a user authenticated to the virtual machine, and is configured to run an application using data received from the private domain. Private data is received from the private domain over the authenticated session, and the authenticated user is provided access to the application running at the virtual machine, including providing the authenticated user access to the private data.

Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: The adjustment of a number of application launch endpoint servers that may be used to service incoming connection requests. Application launch endpoints are entities, such as running code, that may be used to launch other applications. Examples of endpoints include virtual machines or sessions in a session management server. The system load associated with the incoming connection rate and number of users is monitored. In response, an add threshold and a perhaps a remove threshold is calculated. If the system load rises above the add threshold, application launch endpoint server(s) are added to the set of endpoints that can handle incoming connection requests. If the system load falls below the remove threshold, application launch endpoint server(s) are removed from to the set of endpoints. The add and remove thresholds may be calculated per tenant, and adjusted based on tenant behavior.

Abstract: Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a virtual network is established at a public cloud environment based on a request received from a private domain, and an authenticated session is established between the virtual network and the private domain. A virtual machine is hosted within the virtual network. The virtual machine is configured to be accessible to a user authenticated to the virtual machine, and is configured to run an application using data received from the private domain. Private data is received from the private domain over the authenticated session, and the authenticated user is provided access to the application running at the virtual machine, including providing the authenticated user access to the private data.

Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a computer system receives authentication information for a private domain from an entity. The entity indicates that their private virtual machines are to be provisioned on a public cloud, where the entity's private domain is accessible using the authentication information. The computer system establishes a virtual network on the public cloud which is configured to host the entity's private virtual machines, where each virtual machine hosts remote applications. The computer system establishes an authenticated connection from the virtual network to the entity's private domain using the received authentication information and provides the entity's private virtual machines on the public cloud.

Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: The updating of virtual machines. A task broker schedules update tasks for multiple virtual machines on the host machine. As each update task is to be performed, if the virtual machine is not currently running, as might be the case for a personal virtual machine, the virtual machine is caused to begin running to allow the update task to be performed on the virtual machine. Also, a pooled virtual machine is updated by copying information from the old virtual hard drive to a location to allow the information to be preserved as the master image is updated. After the update is completed, the virtual machine is formed, associated with the new virtual hard drive, and copied back to the virtual machine.

Abstract: Embodiments are directed to authenticating a user to a remote application provisioning service. In one scenario, a client computer system receives authentication credentials from a user at to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications. The client computer system sends the received authentication credentials to an authentication service, which is configured to generate an encrypted token based on the received authentication credentials. The client computer system then receives the generated encrypted token from the authentication service, stores the received encrypted token and the received authentication credentials in a data store, and sends the encrypted token to the remote application provisioning service. The encrypted token indicates to the remote application provisioning service that the user is a valid user.

Abstract: An endpoint broker to provide application launch endpoints from multiple data centers having different tenancy sets. Upon accessing a request for an application launch endpoint connection for a user, the broker selects a data center, from amongst multiple data centers that have different tenancy sets, that is to provide an endpoint in satisfaction of the request. The endpoint broker identifies an endpoint from the selected data center, and then associates the identified endpoint with the user. The user is then provided access to the identified endpoint using the association. Thus, a user is not restricted to having an endpoint from a single data center. If there are concerns with providing an endpoint from one data center, an endpoint may be provided from another data center in a manner that is transparent to the user.

Abstract: The adjustment of a number of application launch endpoint servers that may be used to service incoming connection requests. Application launch endpoints are entities, such as running code, that may be used to launch other applications. Examples of endpoints include virtual machines or sessions in a session management server. The system load associated with the incoming connection rate and number of users is monitored. In response, an add threshold and a perhaps a remove threshold is calculated. If the system load rises above the add threshold, application launch endpoint server(s) are added to the set of endpoints that can handle incoming connection requests. If the system load falls below the remove threshold, application launch endpoint server(s) are removed from to the set of endpoints. The add and remove thresholds may be calculated per tenant, and adjusted based on tenant behavior.

Abstract: Embodiments are directed to authenticating a user to a remote application provisioning service. In one scenario, a client computer system receives authentication credentials from a user at to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications. The client computer system sends the received authentication credentials to an authentication service, which is configured to generate an encrypted token based on the received authentication credentials. The client computer system then receives the generated encrypted token from the authentication service, stores the received encrypted token and the received authentication credentials in a data store, and sends the encrypted token to the remote application provisioning service. The encrypted token indicates to the remote application provisioning service that the user is a valid user.

Abstract: Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a computer system receives authentication information for a private domain from an entity. The entity indicates that their private virtual machines are to be provisioned on a public cloud, where the entity's private domain is accessible using the authentication information. The computer system establishes a virtual network on the public cloud which is configured to host the entity's private virtual machines, where each virtual machine hosts remote applications. The computer system establishes an authenticated connection from the virtual network to the entity's private domain using the received authentication information and provides the entity's private virtual machines on the public cloud.

Abstract: The updating of virtual machines. A task broker schedules update tasks for multiple virtual machines on the host machine. As each update task is to be performed, if the virtual machine is not currently running, as might be the case for a personal virtual machine, the virtual machine is caused to begin running to allow the update task to be performed on the virtual machine. Also, a pooled virtual machine is updated by copying information from the old virtual hard drive to a location to allow the information to be preserved as the master image is updated. After the update is completed, the virtual machine is formed, associated with the new virtual hard drive, and copied back to the virtual machine.