Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

Abstract: Methods and systems for coordinating migration for a database of a service are described herein. Multiple releases of the service may be simultaneously implemented, and these multiple releases may access a shared database. As new releases of the service are activated, the database may be incrementally migrated to a new data schema version. The new data schema version may be compatible with each release of the service that is in use. After a migration has begun, instances of the service may be instructed to perform database operations using methods compatible with the new data schema version. Continuation tokens may be returned during the migration, which indicate portions of the shared database that have not yet been migrated. If an error occurs during the migration, the continuation tokens may be discarded, and the migration may be restarted.

Abstract: A method of performing operations involving accessing a set of protected computing resources of a computing device includes (a) receiving, by a frontend service, an instruction via a network connection, the instruction directing the computing device to perform an operation involving accessing the set of protected resources, the set of protected computing resources being configured to refuse access to the frontend service, (b) in response to receiving the instruction, sending a request from the frontend service to a backend service, the request instructing the backend service to access the set of protected resources, the backend service being configured to not communicate via the network connection, the set of protected computing resources being configured to permit access to the backend service, and (c) in response to the backend service receiving the request from the frontend service, the backend service accessing the set of protected resources in fulfillment of the operation.

Abstract: Described embodiments provide systems and methods for stateless modification of operating system registry data across network boundaries. The system includes a processor coupled to memory and configured to execute instructions to receive, within a first network, a request to apply a modification to an operating system registry of a second device within a second network different from the first network. The processor queues data describing the requested modification, receives a polling request from the second device, and transmits, to the second device responsive to the polling request, the queued data describing the requested modification for the second device to apply to the operating system registry of the second device. For example, the requested modification may be to create a key, to create a value, to delete a key, or to delete a value.

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

Abstract: Methods and systems for sharing data among multiple services are described herein. Multiple services may access data from a shared data source. The services may subscribe to data sharing events. A data sharing service may iterate through the shared data source and transmit data retrieved from the shared data source in data sharing events. When the data sharing service reaches the end of the shared data source, the data sharing service may begin iterating through the shared data source again from the beginning. The data sharing events may be transmitted at a predetermined frequency. The services may subscribe to or unsubscribe from the data sharing events.

Abstract: A technique increases capacity in a topic-subscription messaging system. The technique involves, during a first time period, operating a first topic structure of the system. The first topic structure includes a first topic and a plurality of first subscriptions coupled with the first topic. The technique further involves, during a second time period, providing a second topic structure which includes a second topic and a plurality of second subscriptions coupled with the second topic. The technique further involves, during a third time period, providing a link from the second topic structure to the first topic structure making (i) the second topic structure a parent to the first topic structure and (ii) the first topic structure a child to the second topic structure, the link conveying messages from a particular second subscription of the second topic structure to the first topic of the first topic structure.

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

Abstract: A technique increases capacity in a topic-subscription messaging system. The technique involves, during a first time period, operating a first topic structure of the system. The first topic structure includes a first topic and a plurality of first subscriptions coupled with the first topic. The technique further involves, during a second time period, providing a second topic structure which includes a second topic and a plurality of second subscriptions coupled with the second topic. The technique further involves, during a third time period, providing a link from the second topic structure to the first topic structure making (i) the second topic structure a parent to the first topic structure and (ii) the first topic structure a child to the second topic structure, the link conveying messages from a particular second subscription of the second topic structure to the first topic of the first topic structure.

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

Abstract: Methods and systems for scrubbing log files using scrubbing engines are described herein. For example, a local scrubbing server may receive a plurality of log messages from an application executing on a cloud server. Then, the local scrubbing server may store the plurality of log messages in an in-memory queue of the cloud server. After, the local scrubbing server may scrub a log message from the in-memory queue based on determining whether the log message satisfies criteria information. Further, the local scrubbing server may transmit, to a central service computing platform, the log message. Subsequently, the central service computing platform may receive, from the local scrubbing server, the log message. Additionally, the central service computing platform may perform a second review of the log message. Then, the central service computing platform may transmit, to a third party logging service, the log message.

Abstract: Methods, systems, and non-transitory computer-readable media are described herein. In some embodiments, a computing platform may deploy a cloud application comprising a first instance of the cloud application. Further, the computing platform may direct a DNS to the first instance of the cloud application. Next, the computing platform may determine that a second instance of the cloud application should be deployed. Additionally, the computing platform may create a first global traffic manager configured with at least a first endpoint and a second endpoint, where the first endpoint is associated with the first instance and is enabled, and where the second endpoint is associated with the second instance, and is disabled. Subsequently, the computing platform may direct the DNS to the first global traffic manager. The computing platform may then direct the DNS to the first global traffic manager, enable the second endpoint.

Abstract: Described embodiments provide systems and methods for stateless modification of operating system registry data across network boundaries. The system includes a processor coupled to memory and configured to execute instructions to receive, within a first network, a request to apply a modification to an operating system registry of a second device within a second network different from the first network. The processor queues data describing the requested modification, receives a polling request from the second device, and transmits, to the second device responsive to the polling request, the queued data describing the requested modification for the second device to apply to the operating system registry of the second device. For example, the requested modification may be to create a key, to create a value, to delete a key, or to delete a value.

Abstract: Methods and systems for coordinating migration for a database of a service are described herein. Multiple releases of the service may be simultaneously implemented, and these multiple releases may access a shared database. As new releases of the service are activated, the database may be incrementally migrated to a new data schema version. The new data schema version may be compatible with each release of the service that is in use. After a migration has begun, instances of the service may be instructed to perform database operations using methods compatible with the new data schema version. Continuation tokens may be returned during the migration, which indicate portions of the shared database that have not yet been migrated. If an error occurs during the migration, the continuation tokens may be discarded, and the migration may be restarted.

Abstract: Methods and systems for sharing data among multiple services are described herein. Multiple services may access data from a shared data source. The services may subscribe to data sharing events. A data sharing service may iterate through the shared data source and transmit data retrieved from the shared data source in data sharing events. When the data sharing service reaches the end of the shared data source, the data sharing service may begin iterating through the shared data source again from the beginning. The data sharing events may be transmitted at a predetermined frequency. The services may subscribe to or unsubscribe from the data sharing events.

Abstract: Described embodiments provide systems and methods for stateless modification of operating system registry data across network boundaries. The system includes a processor coupled to memory and configured to execute instructions to receive, within a first network, a request to apply a modification to an operating system registry of a second device within a second network different from the first network. The processor queues data describing the requested modification, receives a polling request from the second device, and transmits, to the second device responsive to the polling request, the queued data describing the requested modification for the second device to apply to the operating system registry of the second device. For example, the requested modification may be to create a key, to create a value, to delete a key, or to delete a value.

Abstract: Methods and systems for coordinating migration for a database of a service are described herein. Multiple releases of the service may be simultaneously implemented, and these multiple releases may access a shared database. As new releases of the service are activated, the database may be incrementally migrated to a new data schema version. The new data schema version may be compatible with each release of the service that is in use. After a migration has begun, instances of the service may be instructed to perform database operations using methods compatible with the new data schema version. Continuation tokens may be returned during the migration, which indicate portions of the shared database that have not yet been migrated. If an error occurs during the migration, the continuation tokens may be discarded, and the migration may be restarted.

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

Abstract: Methods and systems for routing a user request for a service to a version of the service in a geographical region associated with the user are described herein. The service may be deployed in multiple geographical regions, and the service may have multiple versions in each of the geographical regions. A user device may send a request for a service to a first server in a geographical region. The first server may determine whether the user is associated with the geographical region. Responsive to determining that the user is not associated with the geographical region, the first server may ask one or more servers in other geographical regions whether the user is associated with any of the other geographical regions.

Abstract: Methods, systems, and non-transitory computer-readable media are described herein. In some embodiments, a computing platform may deploy a cloud application comprising a first instance of the cloud application. Further, the computing platform may direct a DNS to the first instance of the cloud application. Next, the computing platform may determine that a second instance of the cloud application should be deployed. Additionally, the computing platform may create a first global traffic manager configured with at least a first endpoint and a second endpoint, where the first endpoint is associated with the first instance and is enabled, and where the second endpoint is associated with the second instance, and is disabled. Subsequently, the computing platform may direct the DNS to the first global traffic manager. The computing platform may then direct the DNS to the first global traffic manager, enable the second endpoint.