Abstract: The techniques described herein implement a proxy service associated with a public cloud platform. A proxy server receives a connection request sent via an account. The connection request includes a connection parameter such as a specific time the request is initiated, a specific location of a device used to initiate the request, or an identification of the device used to initiate the request. The proxy server maps the account to a policy. The proxy server then determines whether the connection parameter included in the request is anomalous to a corresponding parameter defined in the policy. In an event the connection parameter is an anomalous parameter, the proxy server takes actions to determine whether the policy can be dynamically updated to accommodate the anomalous parameter. If an accommodation can be made, a user or device does not have to wait an extended period of time to gain access to the resource.

Abstract: Techniques are described herein that are capable of providing client-assisted fulfillment of a resource request. For instance, the resource request initially may be directed to a machine that stores the resource (i.e., a resource machine). A resource access agent may redirect the resource request to a client device for purposes of fulfillment. For example, the resource access agent may intercept the resource request before the resource request reaches the resource machine and/or before the resource machine takes action with respect to the resource request. Such client-assisted fulfillment may (or may not) be provided in a single sign-on environment. A single sign-on environment is an environment in which multiple distinct software systems are accessible to a user based on a single authentication of the user.

Abstract: An input port for a computer system may retain potentially authenticable requests for processing while removing other connection requests from an incoming queue or request pool. The input port may continue to receive new requests even during a denial of service attack, allowing potentially legitimate requests to be processed. In a typical embodiment, a first in, first out buffer may be used to receive and process connection requests. When the buffer is full, any request that comes from a device having a previous connection with the computer system may be retained for authentication, while removing requests that come from unknown devices. Some embodiments may retain a list of known devices associated with administrators or other known users, and the list may be updated as those users are authenticated.

Abstract: An input port for a computer system may retain potentially authenticable requests for processing while removing other connection requests from an incoming queue or request pool. The input port may continue to receive new requests even during a denial of service attack, allowing potentially legitimate requests to be processed. In a typical embodiment, a first in, first out buffer may be used to receive and process connection requests. When the buffer is full, any request that comes from a device having a previous connection with the computer system may be retained for authentication, while removing requests that come from unknown devices. Some embodiments may retain a list of known devices associated with administrators or other known users, and the list may be updated as those users are authenticated.