Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: Technologies are described herein for loosely coupling a hosted application system with other computing systems that provide related functionality. A hosted application system is provided in one embodiment that is loosely coupled to a marketing system, a sign-up system, a billing system, and a support system. The loose coupling of the systems allows the hosted application system to be easily configured to restrict the software to which a particular customer can subscribe based upon the capacity of the hosted application system, the qualifications of a customer, or other factors. The computing systems may be configured to communicate via idempotent network APIs, thereby permitting multiple retries to ensure successful completion of requests.

Abstract: Technologies are described herein for implementing a hosted multi-tenant application system. The server computers utilized to provide the hosted application are organized into logical groupings of server computers called scale groups. One or more tenants are assigned to each scale group. When a new tenant is provisioned, the tenant is assigned to a scale group and a database server in the assigned scale group creates a database for the tenant. An association between the tenant and the scale group is also created in a shared configuration database. When a request is received from a tenant to access the hosted application, the shared configuration database is consulted to locate the scale group hosting the tenant. Once the appropriate scale group has been located, the request is redirected to the appropriate scale group for processing.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.

Abstract: Technologies are described herein for loosely coupling a hosted application system with other computing systems that provide related functionality. A hosted application system is provided in one embodiment that is loosely coupled to a marketing system, a sign-up system, a billing system, and a support system. The loose coupling of the systems allows the hosted application system to be easily configured to restrict the software to which a particular customer can subscribe based upon the capacity of the hosted application system, the qualifications of a customer, or other factors. The computing systems may be configured to communicate via idempotent network APIs, thereby permitting multiple retries to ensure successful completion of requests.

Abstract: Technologies are described herein for implementing a hosted multi-tenant application system. The server computers utilized to provide the hosted application are organized into logical groupings of server computers called scale groups. One or more tenants are assigned to each scale group. When a new tenant is provisioned, the tenant is assigned to a scale group and a database server in the assigned scale group creates a database for the tenant. An association between the tenant and the scale group is also created in a shared configuration database. When a request is received from a tenant to access the hosted application, the shared configuration database is consulted to locate the scale group hosting the tenant. Once the appropriate scale group has been located, the request is redirected to the appropriate scale group for processing.