Abstract: Embodiments are directed to implementing rate controls to limit faults detected by timeout and to learning and adjusting an optimal timeout value. In one scenario, a computer system identifies cloud components that have the potential to fail within a time frame that is specified by a timeout value. The computer system establishes a number of components that are allowed to fail during the time frame specified by the timeout value and further determines that the number of component failures within the time frame specified by the timeout value has exceeded the established number of components that are allowed to fail. In response, the computer system increases the timeout value by a specified amount of time to ensure that fewer than or equal to the established number of components fail within the time frame specified by the timeout value.

Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.

Abstract: Methods, systems, and computer-readable media for deploying an updated image to nodes propagated throughout a distributed computing platform are provided. Upon receiving an indication to install a patch to an operating system residing on the nodes, an existing image of the operating system is accessed at a staging service. The staging service generates the updated image by applying the patch to the existing image. The process of applying the patch includes mounting the existing image of the operating system to a virtual machine, copying the patch to the mounted existing image, setting a command within the existing image that executes upon activating the virtual machine, and activating the virtual machine, thereby executing the command. This directs the patch to be installed. The updated image is pushed to the nodes. The nodes are configured to utilize the updated image as the operating system without performing an individual installation of the patch.

Abstract: A form of multicast, referred to as “on-demand multicast,” provides a methodology that allows for “on demand” multicasting of data. On-demand multicast allows clients to join or leave a transmission at any point. There is no transmission session start or end time—the session is continuously available, although data is not necessarily continuously transmitted. Data blocks missed by late-joining clients are retransmitted per amalgamated client requests through multiple transmission cycles until all clients that have joined the transmission session receive all content. Once a client has received all data blocks comprising the content for the session, the client may exit the ongoing session.

Abstract: Embodiments described herein are directed to migrating affected services away from a faulted cloud node and to handling faults during an upgrade. In one scenario, a computer system determines that virtual machines running on a first cloud node are in a faulted state. The computer system determines which cloud resources on the first cloud node were allocated to the faulted virtual machine, allocates the determined cloud resources of the first cloud node to a second, different cloud node and re-instantiates the faulted virtual machine on the second, different cloud node using the allocated cloud resources.

Abstract: Embodiments described herein are directed to migrating affected services away from a faulted cloud node and to handling faults during an upgrade. In one scenario, a computer system determines that virtual machines running on a first cloud node are in a faulted state. The computer system determines which cloud resources on the first cloud node were allocated to the faulted virtual machine, allocates the determined cloud resources of the first cloud node to a second, different cloud node and re-instantiates the faulted virtual machine on the second, different cloud node using the allocated cloud resources.

Abstract: Embodiments are directed to establishing a model for testing cloud components and to preventing cascading failures in cloud components. In one scenario, a computer system models identified cloud components (including cloud hardware components and/or cloud software components) as health entities. Each health entity is configured to provide state information about the cloud component. The computer system establishes declarative safety conditions which declaratively describe cloud computing conditions that are to be maintained at the identified cloud components. The computer system then tests against the declarative safety conditions to determine which cloud components are or are becoming problematic. Upon determining that an error has occurred, the computer system notifies users of the error and the component at which the error occurred. Guarded interfaces are established to ensure that actions taken to fix the error do not cause further failures.

Abstract: Methods, systems, and computer-readable media for facilitating coordination between a fabric controller of a cloud-computing network and a service application running in the cloud-computing network are provided. Initially, an update domain (UD) that includes role instance(s) of the service application is selected, where the service application represents a stateful application is targeted for receiving a tenant job executed thereon. The process of coordination involves preparing the UD for execution of the tenant job, disabling the role instance(s) of the UD to an offline condition, allowing the tenant job to execute, and restoring the role instance(s) to an online condition upon completing execution of the tenant job.

Abstract: A system that includes multiple hosts, each having physical resources, a hypervisor, and a host agent that causes the virtual machines to operate above the hypervisor so as to be abstracted from the physical resources. A host fabric reviews requests to instantiate or upgrade a virtual machine, identifies a corresponding virtual machine image to instantiate the virtual machine from in order to honor the request, and determines whether the virtual machine to be instantiated has a valid lease on the virtual machine image. If the requestor does not have a valid lease, the request is blocked. If the requestor does have a valid lease, the host fabric facilitates the instantiation of the virtual machine from the virtual machine image. This prevents or eliminates the chances of multiple instances of the same virtual machine image writing to the virtual machine image at the same time.

Abstract: Embodiments described herein are directed to migrating affected services away from a faulted cloud node and to handling faults during an upgrade. In one scenario, a computer system determines that virtual machines running on a first cloud node are in a faulted state. The computer system determines which cloud resources on the first cloud node were allocated to the faulted virtual machine, allocates the determined cloud resources of the first cloud node to a second, different cloud node and re-instantiates the faulted virtual machine on the second, different cloud node using the allocated cloud resources.

Abstract: Embodiments provide migration of services across different clusters to balance utilization and meet customer demands. Different service migration options may be performed with or without downtime. The artifacts of the service are moved to a new destination cluster. The service is created on the new destination cluster and staged so that the service is almost ready to start. In one embodiment, the service is stopped on the old cluster and started on the new cluster. After stopping the service, DNS is updated to point to the service on the new cluster. In another embodiment, the service is stopped on the old cluster and started on the new cluster with the same IP address to avoid DNS reprogramming and associated delays. In a further embodiment, the migration is performed without downtime by moving the service part by part from one cluster to another.

Abstract: Embodiments are directed to implementing rate controls to limit faults detected by timeout and to learning and adjusting an optimal timeout value. In one scenario, a computer system identifies cloud components that have the potential to fail within a time frame that is specified by a timeout value. The computer system establishes a number of components that are allowed to fail during the time frame specified by the timeout value and further determines that the number of component failures within the time frame specified by the timeout value has exceeded the established number of components that are allowed to fail. In response, the computer system increases the timeout value by a specified amount of time to ensure that fewer than or equal to the established number of components fail within the time frame specified by the timeout value.

Abstract: Embodiments are directed to establishing a model for testing cloud components and to preventing cascading failures in cloud components. In one scenario, a computer system models identified cloud components (including cloud hardware components and/or cloud software components) as health entities. Each health entity is configured to provide state information about the cloud component. The computer system establishes declarative safety conditions which declaratively describe cloud computing conditions that are to be maintained at the identified cloud components. The computer system then tests against the declarative safety conditions to determine which cloud components are or are becoming problematic. Upon determining that an error has occurred, the computer system notifies users of the error and the component at which the error occurred. Guarded interfaces are established to ensure that actions taken to fix the error do not cause further failures.

Abstract: Goal state indicators can be communicated from a fabric controller of a computer cluster to each of multiple compute instances in the computer cluster managed by the fabric controller. The goal state indicators can be formatted according to a structured protocol that defines multiple possible goal states. Additionally, status reports can be received from the compute instances. Each of the status reports can indicate a current state of one of the compute instances relative to a goal state previously indicated in a goal state indicator communicated to that one of the compute instances.

Abstract: A multicast content provider operates on a multicast server in conjunction with a multicast transmission protocol that is independent of the content data transmitted and allows extensibility in the content provider to distribute any type of content. The content provider module is designed to find, read, write, and transform particular types of data into a form acceptable for transmission by the transmission protocol on the multicast server. The transmission protocol is agnostic to the type, size, format, or location of the data file. The content provider module manages these issues so that the transmission protocol does not have to. This relationship between the content provider module and the transmission protocol establishes a “generic” multicast solution, capable of complete flexibility with regard to content delivery.

Abstract: Applications, such as cloud services, may be deployed within a network environment (e.g., a cloud computing environment). Unfortunately, when the applications are instantiated within the network environment, they have the ability to compromise the security of other applications and/or the infrastructure of the network environment. Accordingly, as provided herein, a security scheme may be applied to a network environment within which an application is to be instantiated. The security scheme may comprise one or more security layers (e.g., virtual machine level security, application level security, operating system level security, etc.) derived from an application service model describing the application and/or resources allocated to the application.

Abstract: A system that includes multiple hosts, each having physical resources, a hypervisor, and a host agent that causes the virtual machines to operate above the hypervisor so as to be abstracted from the physical resources. A host fabric reviews requests to instantiate or upgrade a virtual machine, identifies a corresponding virtual machine image to instantiate the virtual machine from in order to honor the request, and determines whether the virtual machine to be instantiated has a valid lease on the virtual machine image. If the requestor does not have a valid lease, the request is blocked. If the requestor does have a valid lease, the host fabric facilitates the instantiation of the virtual machine from the virtual machine image. This prevents or eliminates the chances of multiple instances of the same virtual machine image writing to the virtual machine image at the same time.

Abstract: The provisioning of a virtual machine when booted from virtual storage. During virtual machine boot from an image, the virtual machine detects storage media. The virtual machine acquires a provisioning agent and provisioning data from the detected storage media. The virtual machine uses the provisioning data to provision itself, and executes the provisioning agent. The provisioning agent may monitor the progress of the provisioning and/or report a status of the provisioning. The virtual machine may operate in a cloud computing environment, the status of the provisioning agent being returned to the user through the cloud environment. The user need not generate the provisioning data in a format readable by the virtual machine. Instead, perhaps some naturally entered user input is used to automatically generate the properly formatted provisioning data using perhaps a service in the cloud.

Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.

Abstract: A control protocol is used to deploy and install an operating system image on a client. The data structure of the control protocol includes an operation code corresponding to an operation associated with the deployment and installation of the operating system image on the client. When a server receives a request packet from the client, the server parses the request packet and sends the parsed request packet to a provider. The provider then executes the operation associated with the operation code and generates a return value. The return value is sent to the server. The server then composes a reply packet including the return value and transmits the reply packet to the client.