Abstract: Methods, devices, and computer-readable media for providing access to a web-based application from a remote computing device having a software environment that is incompatible with the web application are presented. In some embodiments, a virtual server may receive from a client device, a request to execute a web application, where at least a first portion of the web application may be hosted by the virtual server and a second portion of the web application may be hosted by a second server. In response to the request by the client device, the web application may be executed at the virtual server. Then a user interface of the web application may be sent to the client device to be presented in a local browser at the client device.

Abstract: A computing system may include a virtualization server configured to run virtual sessions for a plurality of client devices, with each virtual session having a respective user profile associated therewith, and each user profile having a unique access token associated therewith. The system may further include a cloud computing service configured to store the user profiles, receive access tokens from the virtualization server upon initiation of virtual sessions associated with respective user profiles and provide the user profiles to the virtualization server responsive thereto, and cooperate with the virtualization server to synchronize changes in the user profiles responsive to the user sessions based upon the respective access tokens.

Abstract: Methods, systems, computer-readable media, and apparatuses for updating a multi-tenant virtualization system are described herein. Session launch data for a plurality of end users associated with a plurality of tenants is obtained from a session database, and queried. The session launch data is analyzed for session launch activity. An update time is obtained based on the analysis. A component of the multi-tenant virtualization system is updated at the determined update time. During the updating, new sessions by the plurality of end users associated with the plurality of tenants are prevented from launching.

Abstract: A computer system may include a plurality of client computing devices, and a plurality of host computing devices each configured to provide virtual computing sessions for the client computing devices. Each host computing device may have a virtual delivery agent (VDA) associated therewith configured to connect the client computing devices with the virtual computing sessions. The VDAs within a first group may be configured to operate during off-peak hours, and VDAs within a second group different than the first group may be configured not to operate during the off-peak hours. The client computing devices may be configured to request virtual computing sessions from the VDAs in accordance with respective VDA leases, and each VDA lease may include at least one of the VDAs from the first group.

Abstract: Methods and systems for providing bidirectional communications between client devices and server devices are described herein. Server devices in a cluster may bidirectionally communicate with client devices in a resource site via direct connections or virtual connections. One or more server devices may act as intermediate server devices for communications via virtual connections, and may distinguish different types of messages based on header contents of the messages.

Abstract: Methods and systems for tracking tainted connection agents, such as without a trusted central authority, are described herein. During a server outage, a client device may verify that a connection agent is untainted based on a public-key encryption or certificate-based system. If the connection agent is untainted, a server may sign a public key or certificate associated with the connection agent. The server may provide, to the client device, a lease, a public key associated with the server. The connection agent may sign data generated by the client device. The client device may verify a signature of the signed public key, such as based on the public key associated with the server. The client device may verify a signature of the signed data, such as based on the verified public key associated with the connection agent.

Abstract: Methods, devices, and computer-readable media for providing access to a web-based application from a remote computing device having a software environment that is incompatible with the web application are presented. In some embodiments, a virtual server may receive from a client device, a request to execute a web application, where at least a first portion of the web application may be hosted by the virtual server and a second portion of the web application may be hosted by a second server. In response to the request by the client device, the web application may be executed at the virtual server. Then a user interface of the web application may be sent to the client device to be presented in a local browser at the client device.

Abstract: A computer system may include at least one client computing device, and a plurality of host computing devices each configured to provide virtual computing sessions for the at least one client computing device. Each host computing device may have a virtual delivery agent (VDA) associated therewith configured to connect the at least one client computing device with the virtual computing sessions. The at least one client computing device may be configured to request virtual computing sessions from the VDAs in accordance with an ordered list of the VDAs. The VDAs may be configured to re-direct new session requests from the at least one client computing device to a lower VDA in the ordered list when an existing virtual computing session is already active with the host computing device associated with the lower VDA.

Abstract: Aspects described herein relate to methods, devices and systems that allow for a client device, as part of a remote access or cloud-based network environment, to map external user identities to desktops and applications. Local user accounts can be dynamically generated on a virtual delivery agent. A mapping of the local user account to an external identity can be secured using signed tokens and maintained by a broker machine that allocates resources for the deployment of particular applications to the client device from the virtual delivery agent. This allows for the removal of any dependency on an Active Directory for maintaining user identities or federated sign-on services, greatly simplifying the management of user identities within the system and allowing for greater compatibility across client devices.

Abstract: A technique provides access to content within a computing environment. The technique involves identifying a set of network addresses of a webpage, the webpage being associated with an application. Each of the set of network addresses is associated with content related to the application, and at least one of the set of network addresses is associated with content that is blocked. The technique further involves generating a set of assessed values for the set of network addresses of the webpage based on assessment criteria, and configuring a content filter to allow access to the content associated with the at least one of the set of network addresses based on the set of assessed values.

Abstract: Secure communications between services or components of a cloud computing system, are facilitated by generating at a first service provided by a first computing entity of a cloud computing system, a request for computing resources, generating at the first computing entity a digital data signature based at least on the request, using a private key associated with the first service; and inserting the digital data signature within an HTTP header associated with the request. A computer data network is used to communicate the request to a second service. The second service extracts the digital data signature and uses a public key to validate the digital data signature.

Abstract: A computing system may include a virtualization server configured to run virtual sessions for a plurality of client devices and a cloud computing service. The cloud computing service may be configured to launch a series of test virtual sessions on a recurring basis at the virtualization server based upon a set of user credentials, and generate a failure report based upon a failure of the virtualization server to launch a test virtual session from among the series of test virtual sessions.

Abstract: Aspects of the disclosure relate to using service pool architecture for multitenant services to support canary release. An enterprise canary release server may create a plurality of service pools for a tenant in a cloud-based system that supports a plurality of tenants, where each service pool may comprise a plurality of microservices. The enterprise canary release server may receive a request to perform a canary release for a new version of software and identify a first microservice out of the plurality of microservices in a first service pool. The enterprise canary release server may instantiate a new microservice in the first service pool and enable data plane connectivity between the new microservice and a second microservice. Accordingly, the enterprise canary release server may disable data plane connectivity between the first microservice and the second microservice.

Abstract: Methods, systems, and computer-readable media for creating and managing cloud servers and services using a multi-tenant multi-session catalog with machine-level isolation are described herein. In one or more embodiments, a cloud service provider may receive requests from one or more tenants for predefined numbers of servers. The cloud service provider may initialize a plurality of servers, wherein the plurality of servers is less than a sum of the totality of server requests, and create a catalog of unassigned servers of the plurality of servers. Responsive to a logon request from a user of a tenant, the cloud service provider may assign a server from the catalog of unassigned servers to the tenant, remove the server from the catalog of unassigned servers, broker the user of the tenant to connect to the server, and limit access to the server to only users of the tenant.

Abstract: Methods and systems for providing services using mixed instance catalogs are described herein. A catalog may comprise a plurality of first virtual machines and a plurality of second virtual machines. The capacity of a first virtual machine may be larger than the capacity of a second virtual machine. Connection requests to access a service associated with the catalog may be distributed among the plurality of first virtual machines and the plurality of second virtual machines.

Abstract: Secure communications between services or components of a cloud computing system, are facilitated by generating at a first service provided by a first computing entity of a cloud computing system, a request for computing resources, generating at the first computing entity a digital data signature based at least on the request, using a private key associated with the first service; and inserting the digital data signature within an HTTP header associated with the request. A computer data network is used to communicate the request to a second service. The second service extracts the digital data signature and uses a public key to validate the digital data signature.

Abstract: Methods, systems, and computer-readable media for creating and managing cloud servers and services using a multi-tenant multi-session catalog with machine-level isolation are described herein. In one or more embodiments, a cloud service provider may receive requests from one or more tenants for predefined numbers of servers. The cloud service provider may initialize a plurality of servers, wherein the plurality of servers is less than a sum of the totality of server requests, and create a catalog of unassigned servers of the plurality of servers. Responsive to a logon request from a user of a tenant, the cloud service provider may assign a server from the catalog of unassigned servers to the tenant, remove the server from the catalog of unassigned servers, broker the user of the tenant to connect to the server, and limit access to the server to only users of the tenant.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide password encryption for hybrid cloud services. A workspace cloud connector internally residing with an entity may intercept user credentials associated with an internal application being transmitted to an external cloud service. The workspace cloud connector may generate an encryption key and encrypt the user credentials via a reversible encryption methodology. The workspace cloud connector may encrypt the encryption key using an irreversible encryption methodology (e.g., use a hashing function to produce a first hash). The workspace cloud connector may transmit the encrypted user credentials and the first hash to a virtual delivery agent via a first path (e.g., via the external cloud service). In response, the workspace cloud connector may receive an address of the virtual delivery agent and, using the address, may send the encryption key to the virtual delivery agent via a second path different from the first path.

Abstract: Aspects of the present disclosure involve automatically generating a script for, e.g., capturing configuration information associated within software services and related computing components accessible throughout a network (e.g., a cloud). The script may be executed to capture such data traffic of the software deployed within the network.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide password encryption for hybrid cloud services. A workspace cloud connector internally residing with an entity may intercept user credentials associated with an internal application being transmitted to an external cloud service. The workspace cloud connector may generate an encryption key and encrypt the user credentials via a reversible encryption methodology. The workspace cloud connector may encrypt the encryption key using an irreversible encryption methodology (e.g., use a hashing function to produce a first hash). The workspace cloud connector may transmit the encrypted user credentials and the first hash to a virtual delivery agent via a first path (e.g., via the external cloud service). In response, the workspace cloud connector may receive an address of the virtual delivery agent and, using the address, may send the encryption key to the virtual delivery agent via a second path different from the first path.