Abstract: The adjustment of a number of application launch endpoint servers that may be used to service incoming connection requests. Application launch endpoints are entities, such as running code, that may be used to launch other applications. Examples of endpoints include virtual machines or sessions in a session management server. The system load associated with the incoming connection rate and number of users is monitored. In response, an add threshold and a perhaps a remove threshold is calculated. If the system load rises above the add threshold, application launch endpoint server(s) are added to the set of endpoints that can handle incoming connection requests. If the system load falls below the remove threshold, application launch endpoint server(s) are removed from to the set of endpoints. The add and remove thresholds may be calculated per tenant, and adjusted based on tenant behavior.

Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

Abstract: The adjustment of a number of application launch endpoint servers that may be used to service incoming connection requests. Application launch endpoints are entities, such as running code, that may be used to launch other applications. Examples of endpoints include virtual machines or sessions in a session management server. The system load associated with the incoming connection rate and number of users is monitored. In response, an add threshold and a perhaps a remove threshold is calculated. If the system load rises above the add threshold, application launch endpoint server(s) are added to the set of endpoints that can handle incoming connection requests. If the system load falls below the remove threshold, application launch endpoint server(s) are removed from to the set of endpoints. The add and remove thresholds may be calculated per tenant, and adjusted based on tenant behavior.

Abstract: Techniques for extending federation services to access desktop applications are herein described. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: As described herein, a computer system receives a first indication that an interactive login session is to be established. The first indication includes user credentials for establishing the interactive login session. The computer system then establishes the interactive login session using the received user credentials. The interactive login session includes a data transfer endpoint for receiving data from other sessions. The computer system receives a second indication that a child session is to be established in parallel to the established interactive login session. The child session is configured to direct input and output data through a loopback connection to the data transfer endpoint of the interactive login session. The computer system also establishes the child session using the received user credentials. The child session then transfers at least a portion of data to the data transfer endpoint of the interactive login session using the loopback connection.

Abstract: Exemplary techniques for enabling single sign-on to an operating system configured to conduct a remote presentation session are disclosed. In an exemplary embodiment, a user credential can be encrypted using an encryption key generated by a remote presentation session server and sent to a client. The client can send the encrypted user credential to the remote presentation session server. The remote presentation session server can decrypt the user credential and use it to log a user into an operating system running on the remote presentation session server. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract: Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.

Abstract: As described herein, a computer system receives a first indication that an interactive login session is to be established. The first indication includes user credentials for establishing the interactive login session. The computer system then establishes the interactive login session using the received user credentials. The interactive login session includes a data transfer endpoint for receiving data from other sessions. The computer system receives a second indication that a child session is to be established in parallel to the established interactive login session. The child session is configured to direct input and output data through a loopback connection to the data transfer endpoint of the interactive login session. The computer system also establishes the child session using the received user credentials. The child session then transfers at least a portion of data to the data transfer endpoint of the interactive login session using the loopback connection.

Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.

Abstract: Exemplary techniques for enabling single sign-on to an operating system configured to conduct a remote presentation session are disclosed. In an exemplary embodiment, a user credential can be encrypted using an encryption key generated by a remote presentation session server and sent to a client. The client can send the encrypted user credential to the remote presentation session server. The remote presentation session server can decrypt the user credential and use it to log a user into an operating system running on the remote presentation session server. In addition to the foregoing, other techniques are described in the claims, the detailed description, and the figures.

Abstract: Techniques for extending federation services to access desktop applications are herein described. In addition to the foregoing, other aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Disclosed are techniques for sharing user credentials between multiple client applications when connecting to a set of remote resources. The mechanism enables a single sign-on between a terminal server web access service and the remote applications, remote desktops and corresponding terminal servers accessible through the service. User credentials may be received by one of the client applications and passed to a credential store running as a local software object in association with the user's logon session. Further requests to launch a new remote connection may then pass through the credential store. Upon successful validation of the request, the credential store may attach user credential information to the request and pass the request to the requested client. The requested client may also execute as a software object associated with the current logon session. The client may then use the supplied credential for authentication to the requested resource or application.

Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.