Abstract: Embodiments perform automatic document handling by retrieving icons from local document handlers or from an application volumes manager, without installing the application locally. Embodiments further perform on-demand application mounting by intercepting and suspending requests to launch applications until the appropriate virtual disk, corresponding to the application, is mounted to the disk subsystem by the application volumes manager. The application launch is then resumed.

Abstract: Embodiments perform automatic document handling by retrieving icons from local document handlers or from an application volumes manager, without installing the application locally. Embodiments further perform on-demand application mounting by intercepting and suspending requests to launch applications until the appropriate virtual disk, corresponding to the application, is mounted to the disk subsystem by the application volumes manager. The application launch is then resumed.

Abstract: Disclosed are various approaches to automate vulnerability assessment implement policy-based mitigation. A plurality of vulnerability records from respective ones of a plurality of vulnerability feeds are aggregated. Each of the plurality of vulnerability records are stored in a standardized format. A plurality of enterprise-specific severity scores are generated by calculating an enterprise-specific severity score for each of the plurality of vulnerability records. Then, a web page can be created that includes at least a subset of the plurality of enterprise-specific severity scores and respective ones of the plurality of vulnerability records.

Abstract: The disclosure provides an approach for authenticating a user of a computer system, wherein the computer system implements a virtual desktop infrastructure (VDI), the method comprising connecting to a computing device through a network, receiving from the computing device authentication credentials, and determining whether the authentication credentials match an authorized user of the computer system. The approach further comprises extracting from the computing device features of the computing device, retrieving a machine learning (ML) model associated with the authorized user, wherein the ML model is at least one of (a) a supervised ML model or (b) an unsupervised ML model, and executing the ML model to authenticate the features of the computing device.

Abstract: The disclosure provides an approach for authenticating a user of a computer system, wherein the computer system implements a virtual desktop infrastructure (VDI), the method comprising connecting to a computing device through a network, receiving from the computing device authentication credentials, and determining whether the authentication credentials match an authorized user of the computer system. The approach further comprises extracting from the computing device features of the computing device, retrieving a machine learning (ML) model associated with the authorized user, wherein the ML model is at least one of (a) a supervised ML model or (b) an unsupervised ML model, and executing the ML model to authenticate the features of the computing device.

Abstract: Disclosed are various approaches to automate vulnerability assessment implement policy-based mitigation. A plurality of vulnerability records from respective ones of a plurality of vulnerability feeds are aggregated. Each of the plurality of vulnerability records are stored in a standardized format. A plurality of enterprise-specific severity scores are generated by calculating an enterprise-specific severity score for each of the plurality of vulnerability records. Then, a web page can be created that includes at least a subset of the plurality of enterprise-specific severity scores and respective ones of the plurality of vulnerability records.

Abstract: Systems, methods, and software described herein manage volumes and virtual machines using a location database gathered from a hypervisor management system. In one example, a method of operating a volume attachment service to manage volumes and virtual machines includes transferring a location request to a hypervisor management service to identify locations of one or more virtual machines. The method further provides, receiving the locations of the one or more virtual machines and storing the locations in a location database. The method also includes identifying a volume action request for a first virtual machine, and directing the volume action request to a hypervisor of the first virtual machine based on the locations in the location database.

Abstract: The disclosure provides an approach for authenticating a user of a computer system, wherein the computer system implements a virtual desktop infrastructure (VDI), the method comprising connecting to a computing device through a network, receiving from the computing device authentication credentials, and determining whether the authentication credentials match an authorized user of the computer system. The approach further comprises extracting from the computing device features of the computing device, retrieving a machine learning (ML) model associated with the authorized user, wherein the ML model is at least one of (a) a supervised ML model or (b) an unsupervised ML model, and executing the ML model to authenticate the features of the computing device.

Abstract: Disclosed are various approaches to automate vulnerability assessment implement policy-based mitigation. A plurality of vulnerability records from respective ones of a plurality of vulnerability feeds are aggregated. Each of the plurality of vulnerability records are stored in a standardized format. A plurality of enterprise-specific severity scores are generated by calculating an enterprise-specific severity score for each of the plurality of vulnerability records. Then, a web page can be created that includes at least a subset of the plurality of enterprise-specific severity scores and respective ones of the plurality of vulnerability records.

Abstract: Described herein are systems, methods, and software to enhance the management of inter-process communications (IPCs) for containers according to an implementation. In one implementation, a container management service executing on a host with a plurality of containers may identify an IPC object generation with a first identifier from one of the containers. Responsive to the request, the service may translate the first identifier into a second identifier, and store the IPC object in a memory system using the second identifier. Once stored, requests may be made from applications in approved containers for the object using the first identifier, and the service may retrieve the IPC object using the second identifier.

Abstract: Examples disclosed herein provide systems, methods, and software to provide individualized applications to remote desktop sessions. In one example, a method of operating a remote desktop server to provide individualized applications to remote desktop users includes identifying a request from a user for a remote desktop session. The method further includes, in response to the request, identifying one or more applications associated with the user that are stored in at least one hidden volume, and virtually overlaying application objects associated with the one or more applications in at least one non-hidden volume. The method also provides initiating the remote desktop session with the at least one non-hidden volume accessible to the user.

Abstract: The disclosure provides an approach for authenticating a user of a computer system, wherein the computer system implements a virtual desktop infrastructure (VDI), the method comprising connecting to a computing device through a network, receiving from the computing device authentication credentials, and determining whether the authentication credentials match an authorized user of the computer system. The approach further comprises extracting from the computing device features of the computing device, retrieving a machine learning (ML) model associated with the authorized user, wherein the ML model is at least one of (a) a supervised ML model or (b) an unsupervised ML model, and executing the ML model to authenticate the features of the computing device.

Abstract: Disclosed are various approaches to automate vulnerability assessment implement policy-based mitigation. A plurality of vulnerability records from respective ones of a plurality of vulnerability feeds are aggregated. Each of the plurality of vulnerability records are stored in a standardized format. A plurality of enterprise-specific severity scores are generated by calculating an enterprise-specific severity score for each of the plurality of vulnerability records. Then, a web page can be created that includes at least a subset of the plurality of enterprise-specific severity scores and respective ones of the plurality of vulnerability records.

Abstract: Described herein are systems, methods, and software to provide enhanced security when opening applications. In one implementation, an application service receives, over a network, an application request from an end user device to support a file open request on the end user device, wherein the application request occurs based on a security status of a file associated with the file open request. The application service further allocates a virtual node with an application to the end user device to support the application request, provides a remote connection for the application to the end user device, and opens the file in the application of the virtual node to support the file open request.

Abstract: Systems, methods, and software are described herein for operating a data management system, including executing an attached application and application data on a first virtual machine running a first operating system, separating the attached application and application data from the first virtual machine, and dynamically attaching the application and application data to a second virtual machine running an updated version of the first operating system.

Abstract: Systems, methods, and software described herein provision application volumes for a plurality of virtual machines. In one example, a method of provisioning volumes for attachment to virtual machines includes provisioning an application in a virtual volume of a first virtual drive format, and identifying one or more alternative virtual drive formats for the application. The method further includes duplicating the application in the virtual volume to one or more additional virtual volumes corresponding to the one or more alternative virtual drive formats. The method also includes storing the virtual volume and the one or more additional virtual volumes in separate storage repositories, wherein each of the storage repositories is associated with one or more virtual machines and a particular virtual drive format.

Abstract: Disclosed herein are systems, methods, and software for attaching applications to a computing device based on a file type selection. In one example, a method for operating an application attaching system to dynamically make applications available to a computing device includes identifying an application attach triggering event based on a file selection of a certain file type on the computing device. The method further includes, in response to the application attach triggering event, identifying an application within an application volume based on the certain file type. The method also includes attaching the application volume to computing device, and associating the application to the certain file type on the computing device.

Abstract: Described herein are systems, methods, and software to provide virtualized computing sessions with attachable volumes to requesting users. In one implementation, a virtual computing service identifies a service login for an end user to initiate a virtual computing session. In response to the service login, the virtual computing service identifies a virtual machine to allocate to the virtual computing service, and initiates a user login process to log the end user into the virtual machine. The virtual computing service further initiates, prior to completing the user login process, a volume attach process to attach at least one storage volume to the virtual machine based on credentials associated with the service login.

Abstract: Examples disclosed herein provide systems, methods, and software for avoiding data replication using sparse files. In one example, a method of using a sparse file to manage modifications to read-only files includes identifying an open file request on a computing system for a read-only file, and generating the sparse file corresponding to the read-only file. The method further includes identifying a modification to the read-only file and, responsive to identifying the modification, initiate a write to the sparse file based on the modification and identifying the write in a region map.

Abstract: Described herein are systems, methods, and software to enhance the management of inter-process communications (IPCs) for containers according to an implementation. In one implementation, a container management service executing on a host with a plurality of containers may identify an IPC object generation with a first identifier from one of the containers. Responsive to the request, the service may translate the first identifier into a second identifier, and store the IPC object in a memory system using the second identifier. Once stored, requests may be made from applications in approved containers for the object using the first identifier, and the service may retrieve the IPC object using the second identifier.