Abstract: Aspects of the disclosure relate to cloud service automation of common image management. An image update orchestrator may receive a request to upgrade a virtual machine image. The image update orchestrator may spin up an instance of a virtual machine and provision the instance of the virtual machine with a virtual machine image and cause to install a plurality of software updates to the instance of the virtual machine. The image update orchestrator may take a snapshot of the instance of the virtual machine and generate a sealed master image. Finally, the image update orchestrator may cause to deploy, to one or more policy managed devices, the sealed master image.

Abstract: Aspects of the disclosure relate to cloud service automation of common image management. An image update orchestrator may receive a request to upgrade a virtual machine image. The image update orchestrator may spin up an instance of a virtual machine and provision the instance of the virtual machine with a virtual machine image and cause to install a plurality of software updates to the instance of the virtual machine. The image update orchestrator may take a snapshot of the instance of the virtual machine and generate a sealed master image. Finally, the image update orchestrator may cause to deploy, to one or more policy managed devices, the sealed master image.

Abstract: A system and methods for validating input data acquired through an interactive or non-interactive source. The system includes a common definition of input validation rules, and the capability of validating input without committing the input to the system.

Abstract: The embodiments are directed to methods and devices for creating one or more network groups. The methods and devices can define a network group with one or more properties. The methods and devices can identify a plurality of isolated networks, and can assign the plurality of isolated networks to the defined network group. The methods and devices can assign machines to at least one of the plurality of isolated networks, wherein the network group enables unrestricted routing.

Abstract: Aspects of the disclosure relate to cloud service automation of common image management. An image update orchestrator may receive a request to upgrade a virtual machine image. The image update orchestrator may spin up an instance of a virtual machine and provision the instance of the virtual machine with a virtual machine image and cause to install a plurality of software updates to the instance of the virtual machine. The image update orchestrator may take a snapshot of the instance of the virtual machine and generate a sealed master image. Finally, the image update orchestrator may cause to deploy, to one or more policy managed devices, the sealed master image.

Abstract: Methods and systems for sharing data among multiple services are described herein. Multiple services may access data from a shared data source. The services may subscribe to data sharing events. A data sharing service may iterate through the shared data source and transmit data retrieved from the shared data source in data sharing events. When the data sharing service reaches the end of the shared data source, the data sharing service may begin iterating through the shared data source again from the beginning. The data sharing events may be transmitted at a predetermined frequency. The services may subscribe to or unsubscribe from the data sharing events.

Abstract: Aspects of the disclosure relate to cloud service automation of common image management. An image update orchestrator may receive a request to upgrade a virtual machine image. The image update orchestrator may spin up an instance of a virtual machine and provision the instance of the virtual machine with a virtual machine image and cause to install a plurality of software updates to the instance of the virtual machine. The image update orchestrator may take a snapshot of the instance of the virtual machine and generate a sealed master image. Finally, the image update orchestrator may cause to deploy, to one or more policy managed devices, the sealed master image.

Abstract: Aspects of the disclosure relate to cloud service automation of common image management. An image update orchestrator may receive a request to upgrade a virtual machine image. The image update orchestrator may spin up an instance of a virtual machine and provision the instance of the virtual machine with a virtual machine image and cause to install a plurality of software updates to the instance of the virtual machine. The image update orchestrator may take a snapshot of the instance of the virtual machine and generate a sealed master image. Finally, the image update orchestrator may cause to deploy, to one or more policy managed devices, the sealed master image.

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

Abstract: Methods and systems for sharing data among multiple services are described herein. Multiple services may access data from a shared data source. The services may subscribe to data sharing events. A data sharing service may iterate through the shared data source and transmit data retrieved from the shared data source in data sharing events. When the data sharing service reaches the end of the shared data source, the data sharing service may begin iterating through the shared data source again from the beginning. The data sharing events may be transmitted at a predetermined frequency. The services may subscribe to or unsubscribe from the data sharing events.

Abstract: Aspects of the disclosure relate to cloud service automation of common image management. An image update orchestrator may receive a request to upgrade a virtual machine image. The image update orchestrator may spin up an instance of a virtual machine and provision the instance of the virtual machine with a virtual machine image and cause to install a plurality of software updates to the instance of the virtual machine. The image update orchestrator may take a snapshot of the instance of the virtual machine and generate a sealed master image. Finally, the image update orchestrator may cause to deploy, to one or more policy managed devices, the sealed master image.

Abstract: Aspects of the disclosure relate to providing type safe secure logging. A computing platform may receive application code comprising one or more calls to one or more logging methods. Subsequently, the computing platform may compile the application code comprising the one or more calls to the one or more logging methods to produce a compiled software application. During the compiling of the application code comprising the one or more calls to the one or more logging methods, the computing platform may enforce one or more type-based secure logging rules on the application code comprising the one or more calls to the one or more logging methods. Thereafter, the computing platform may store the compiled software application. In some embodiments, enforcing the one or more type-based secure logging rules may include allowing logging of one or more predetermined classes of objects.

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

Abstract: A system and methods for validating input data acquired through an interactive or non-interactive source. The system includes a common definition of input validation rules, and the capability of validating input without committing the input to the system.

Abstract: Aspects of the disclosure relate to providing type safe secure logging. A computing platform may receive application code comprising one or more calls to one or more logging methods. Subsequently, the computing platform may compile the application code comprising the one or more calls to the one or more logging methods to produce a compiled software application. During the compiling of the application code comprising the one or more calls to the one or more logging methods, the computing platform may enforce one or more type-based secure logging rules on the application code comprising the one or more calls to the one or more logging methods. Thereafter, the computing platform may store the compiled software application. In some embodiments, enforcing the one or more type-based secure logging rules may include allowing logging of one or more predetermined classes of objects.

Abstract: A system and methods for validating input data acquired through an interactive or non-interactive source. The system includes a common definition of input validation rules, and the capability of validating input without committing the input to the system.

Abstract: The embodiments are directed to methods and devices for creating one or more network groups. The methods and devices can define a network group with one or more properties. The methods and devices can identify a plurality of isolated networks, and can assign the plurality of isolated networks to the defined network group. The methods and devices can assign machines to at least one of the plurality of isolated networks, wherein the network group enables unrestricted routing.

Abstract: The embodiments are directed to methods and devices for creating one or more network groups. The methods and devices can define a network group with one or more properties. The methods and devices can identify a plurality of isolated networks, and can assign the plurality of isolated networks to the defined network group. The methods and devices can assign machines to at least one of the plurality of isolated networks, wherein the network group enables unrestricted routing.

Abstract: The embodiments are directed to methods and apparatuses for pairing delivery group machines with one or more server farms in computing networks. The methods and apparatus can allocate machines in a delivery group across one or more server farms in a manner that maximizes efficiency through better computer resource usage. The methods and apparatuses select a server farm having a largest available capacity, and allocate machines from a delivery group to the server farm. If the quantity of delivery group machines exceeds the server farm capacity, the remaining machines are allocated to a second server farm. The methods and appliances also provide for de-allocating server farms, by selecting a server farm with the least allocated capacity, and de-allocating one or more delivery group machines from the selected server farm to reduce the number of utilized server farms.

Abstract: One or more aspects of this disclosure may relate to using a configurable server farm preference for an application, desktop or other hosted resource. Additional aspects may relate to moving server farm workloads based on the configurable server farm preference. Further aspects may relate to performing reboot cycles, a reboot schedule and on-demand rebooting. Yet further aspects may relate to staggering individual machine reboot operations over a specified period of time and performing reboot operations such that some machines are available for user sessions during a reboot cycle.