Abstract: A method of connecting a software-defined data center (SDDC) to a cloud platform to enable the cloud platform to deliver cloud services to the SDDC includes the steps of: deploying an agent platform appliance that is connected to a management network of the SDDC; and deploying a plurality of agents on the agent platform appliance, wherein the agents include a first agent that is configured to issue a command to a component of the SDDC to perform an operation requested by a cloud service of the cloud platform and a second agent that is configured to acquire an authentication token for authenticating to the component of the SDDC, and wherein the second agent acquires the authentication token from the component of the SDDC, and the first agent acquires the authentication token from the second agent and transmits the command and the authentication token to the component of the SDDC.

Abstract: Items of inventory of a data center are organized in a hierarchical manner across nodes of at least one hierarchical tree. A method of generating items of inventory of the data center to which a user has access includes generating a plurality of first user access paths based on permissions given to the user at one or more nodes of a first hierarchical tree, and performing a database look-up on an inventory database using the first user access paths to determine the inventory items of the data center to which the user has access. The inventory database stores for each inventory item of the data center identifying information that uniquely identifies the inventory item and node information indicating the node of the first hierarchical tree where the inventory item is arranged.

Abstract: A method of controlling access to components of an SDDC in a hybrid environment, the hybrid environment including a cloud platform from which cloud services are delivered to the SDDC through agents deployed on an agent platform appliance, includes the steps of: transmitting to a first component of the SDDC, a request to create a first account for accessing the first component of the SDDC by a first agent, which is one of the agents deployed on the agent platform appliance; in response to the first agent requesting access to the first component of the SDDC, transmitting to the first component of the SDDC, credentials associated with the first account and a request for a first authentication token that authorizes the access to the first component of the SDDC; and upon receiving the first authentication token from the first component of the SDDC, transmitting the first authentication token to the first agent.

Abstract: A method of exchanging messages between a software-defined data center (SDDC) and a cloud platform through a plurality of agents deployed on an agent platform appliance that is connected to a management network of the SDDC, to enable the cloud platform to deliver cloud services to the SDDC, includes the steps of: acquiring an access token from a first agent of the plurality of agents; communicating with a message broker cloud service using the access token to exchange messages with the message broker cloud service, the exchanged messages including a first message from one of the cloud services to one or more of the plurality of agents and a second message from a second agent of the plurality of agents to one of the cloud services; and delivering the first message to the one or more agents.

Abstract: Commands that are input through a cloud platform are delivered to a management appliance of a software-defined data center (SDDC). A number of tokens are issued in the process of delivering the commands from the cloud platform to the management appliance. A method of issuing a command to the management appliance to modify an inventory of virtual objects deployed in the SDDC, includes: retrieving a message generated by a cloud service, the message including a task to modify the inventory of virtual objects deployed in the SDDC, a first token identifying a user who requested the task, and a second token containing information about the management appliance and a role assigned to the user; exchanging the first and second tokens with the management appliance for an authentication token for accessing the management appliance; and transmitting the command to the management appliance along with the authentication token.

Abstract: A method of executing a workload initiated from a cloud platform, in a software-defined data center (SDDC), wherein the cloud platform delivers cloud services to the SDDC, includes the steps of: deploying a first agent in an agent appliance platform that is connected to a management network of the SDDC, wherein the first agent is an agent of one of the cloud services and issues commands to execute the workload on the SDDC; and upon completion of the workload, deleting the first agent from the agent appliance platform.

Abstract: A method of managing configurations of a software-defined data center (SDDC) includes: retrieving a current configuration of a first management appliance of the SDDC and a current configuration of a second management appliance of the SDDC; calling a first custom resource object of a container orchestration platform to acquire a desired configuration of the first management appliance and calling a second custom resource object of the container orchestration platform to acquire a desired configuration of the second management appliance; determining a difference between the current and desired configurations of the first management appliance and instructing the first management appliance to apply the desired configuration of the first management appliance; and determining a difference between the current and desired configurations of the second management appliance and instructing the second management appliance to apply the desired configuration of the second management appliance.

Abstract: The present disclosure is related to devices, systems, and methods for TLS server certificate replacement using a notification mechanism. An example method can include establishing a first secure TLS connection between a client and a server verified by a first TLS certificate, creating a subscription for the client to receive a notification associated with a TLS certificate change, loading a second certificate to replace the first certificate, providing a notification to the client, wherein the notification includes the second certificate and a web token scoped to the client, and establishing a second secure TLS connection verified by the second TLS certificate responsive to the client verifying the web token.

Abstract: A method of managing lifecycle of agents of cloud services running in a customer environment according to a desired state of the agents includes comparing a running state of the agents against the desired state. Upon determining that the running state includes a first agent that is not present in the desired state, the first agent is removed. Upon determining that the desired state includes a second agent that is not present in the running state, the second agent is deployed. Upon determining that there is a drift in the running state of a third agent from the desired state of the third agent, the third agent of the desired state is deployed while the third agent of the running state continues execution. The third agent of the running state is removed after the third agent of the desired state executes without errors for a period of time.

Abstract: Mechanisms for synchronizing an object set with a remote data store are often performed at a particular frequency, e.g., once per hour or day. However, the objects of the object set may have different priorities, and it may be advantageous to synchronize higher-priority objects more often than regular-priority objects. The synchronization mechanisms may also differ (e.g., high-priority object synchronization may be direct and/or holistic, while regular-priority object synchronization may be differential, cached, and/or involving version and/or conflict resolution). Additionally, a resource-based threshold may be applied to the high-priority objects (e.g., a bandwidth cap) in order to reduce resource exhaustion, and high-priority objects that are not synchronized within the threshold may be synchronized with the regular-priority objects.

Abstract: Techniques for data synchronization policies are described. In one or more implementations, techniques may be employed to set data synchronization (“sync”) policies for devices in a data sync environment. The sync policies specify parameters for sync operations in the sync environment, such as how frequently data sync operations are performed, what types of data are synced to particular devices, how frequently particular types of data are synced, and so on. In implementations, the sync policies consider the number of devices that are participating in a sync environment and attributes of the devices in specifying parameters for sync operations. Data can be synchronized among devices in the sync environment based on the sync policies.

Abstract: Application settings are roamed across multiple computing devices. Provider modules on the computing devices are run to retrieve application settings to be roamed and to roam those application settings across the multiple computing devices. Application setting changes initiated on a particular computing device are added to a history of application setting changes on the particular computing device, and also added to synchronization communication module for communication to one or more additional computing devices of the multiple computing devices. Application setting changes initiated by one of the one or more additional computing devices are received by the particular computing device and added to a history of application setting changes on the particular computing device, and are also incorporated into the application settings on the particular computing device.

Abstract: Application settings are roamed across multiple computing devices. Provider modules on the computing devices are run to retrieve application settings to be roamed and to roam those application settings across the multiple computing devices. Application setting changes initiated on a particular computing device are added to a history of application setting changes on the particular computing device, and also added to synchronization communication module for communication to one or more additional computing devices of the multiple computing devices. Application setting changes initiated by one of the one or more additional computing devices are received by the particular computing device and added to a history of application setting changes on the particular computing device, and are also incorporated into the application settings on the particular computing device.

Abstract: Mechanisms for synchronizing an object set with a remote data store are often performed at a particular frequency, e.g., once per hour or day. However, the objects of the object set may have different priorities, and it may be advantageous to synchronize higher-priority objects more often than regular-priority objects. The synchronization mechanisms may also differ (e.g., high-priority object synchronization may be direct and/or holistic, while regular-priority object synchronization may be differential, cached, and/or involving version and/or conflict resolution). Additionally, a resource-based threshold may be applied to the high-priority objects (e.g., a bandwidth cap) in order to reduce resource exhaustion, and high-priority objects that are not synchronized within the threshold may be synchronized with the regular-priority objects.

Abstract: Application settings are roamed across multiple computing devices. Provider modules on the computing devices are run to retrieve application settings to be roamed and to roam those application settings across the multiple computing devices. Application setting changes initiated on a particular computing device are added to a history of application setting changes on the particular computing device, and also added to synchronization communication module for communication to one or more additional computing devices of the multiple computing devices. Application setting changes initiated by one of the one or more additional computing devices are received by the particular computing device and added to a history of application setting changes on the particular computing device, and are also incorporated into the application settings on the particular computing device.

Abstract: Application settings are roamed across multiple computing devices. Provider modules on the computing devices are run to retrieve application settings to be roamed and to roam those application settings across the multiple computing devices. Application setting changes initiated on a particular computing device are added to a history of application setting changes on the particular computing device, and also added to synchronization communication module for communication to one or more additional computing devices of the multiple computing devices. Application setting changes initiated by one of the one or more additional computing devices are received by the particular computing device and added to a history of application setting changes on the particular computing device, and are also incorporated into the application settings on the particular computing device.

Abstract: Techniques for data synchronization policies are described. In one or more implementations, techniques may be employed to set data synchronization (“sync”) policies for devices in a data sync environment. The sync policies specify parameters for sync operations in the sync environment, such as how frequently data sync operations are performed, what types of data are synced to particular devices, how frequently particular types of data are synced, and so on. In implementations, the sync policies consider the number of devices that are participating in a sync environment and attributes of the devices in specifying parameters for sync operations. Data can be synchronized among devices in the sync environment based on the sync policies.

Abstract: A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.

Abstract: A method and data structure for separating application data from user data in a namespace. The data structure provides an intuitive profile layout for developers or users while supporting legacy applications. The namespace utilizes a hierarchical structure allowing access by developers or users over a network to information contained in identified public folders and/or a user's profile.

Abstract: Application settings are roamed across multiple computing devices. Provider modules on the computing devices are run to retrieve application settings to be roamed and to roam those application settings across the multiple computing devices. Application setting changes initiated on a particular computing device are added to a history of application setting changes on the particular computing device, and also added to synchronization communication module for communication to one or more additional computing devices of the multiple computing devices. Application setting changes initiated by one of the one or more additional computing devices are received by the particular computing device and added to a history of application setting changes on the particular computing device, and are also incorporated into the application settings on the particular computing device.