Abstract: In an architecture of a virtualized computing system plugins are less tightly integrated with a core user interface of a management server. Rather than being installed and executed at the management server as local plugins, the plugins are served as remote plugins from a plugin server, and may be accessed by a web client through a reverse proxy at the management server. Plugin operations may be executed at the plugin server and/or invoked from a user device where the web client resides. Furthermore, a plugin sandbox and other isolation configurations are provided at the user device, so as to further control access capability and interaction of the plugins.

Abstract: A method of securely exchanging a session token for a claims-based token by a plug-in integrated into an extensible system includes the steps of: transmitting, to an extensible system server of the extensible system, the session token and a request for a first claims-based token that corresponds to the session token and that is cryptographically signed by an authentication server; acquiring, from the extensible system server, the first claims-based token; transmitting, to the authentication server, the first claims-based token and a request for a second claims-based token; and receiving, from the authentication server, the second claims-based token, wherein the second claims-based token is cryptographically signed by the authentication server, and wherein if the second claims-based token is transmitted to a resource provider server hosting a resource provider service, the resource provider service performs a requested operation on behalf of an interactive user of the extensible system.

Abstract: Plugins are authenticated for purposes of accessing and using application program interfaces (APIs) of a management service of a virtualized computing environment. In an authentication process, each plugin is associated with a session ticket that is unique to the plugin. The session ticket may be in the form of a single-use token that has a finite duration, and which may be used by the plugin to establish a session with the APIs of the management service. Because of the single-use and finite duration constraints of the token, the plugin is unable to use the token for other sessions and other plugins are also unable to use the same token to conduct their own sessions with the management service.

Abstract: Example methods and systems to register and manage a plug-in in a virtualized computing environment have been disclosed. One example method includes initiating a deployment process to deploy a virtual appliance configured to host the plug-in, pushing information associated with a user interface on a management entity to the virtual appliance to be one or more Open Virtual Appliance (OVA) environment properties, powering on the virtual appliance and registering and managing the plug-in on the management entity through the UI.

Abstract: The present disclosure relates to routing of session tokens in a distributed extensible system. One method includes generating a session token by a first node in a distributed extensible system responsive to a login to a user interface of the distributed extensible system loaded by the first node, returning the session token to the user interface by the first node, pushing the session token from the user interface to a plugin server configured to trust a second node of the distributed extensible system, receiving a request at the second node to perform a particular action on the distributed extensible system, wherein the request is made by a plugin installed on the second node and includes the session token, routing the request to the first node based on an identifier in the session token, and performing the particular action on the extensible system responsive to verifying the session token by the first node.

Abstract: A method of securely exchanging a session token for a claims-based token by a plug-in integrated into an extensible system includes the steps of: transmitting, to an extensible system server of the extensible system, the session token and a request for a first claims-based token that corresponds to the session token and that is cryptographically signed by an authentication server; acquiring, from the extensible system server, the first claims-based token; transmitting, to the authentication server, the first claims-based token and a request for a second claims-based token; and receiving, from the authentication server, the second claims-based token, wherein the second claims-based token is cryptographically signed by the authentication server, and wherein if the second claims-based token is transmitted to a resource provider server hosting a resource provider service, the resource provider service performs a requested operation on behalf of an interactive user of the extensible system.

Abstract: In an architecture of a virtualized computing system plugins are less tightly integrated with a core user interface of a management server. Rather than being installed and executed at the management server as local plugins, the plugins are served as remote plugins from a plugin server, and may be accessed by a web client through a reverse proxy at the management server. Plugin operations may be executed at the plugin server and/or invoked from a user device where the web client resides. Furthermore, a plugin sandbox and other isolation configurations are provided at the user device, so as to further control access capability and interaction of the plugins.

Abstract: In an architecture of a virtualized computing system plugins are less tightly integrated with a core user interface of a management server. Rather than being installed and executed at the management server as local plugins, the plugins are served as remote plugins from a plugin server, and may be accessed by a web client through a reverse proxy at the management server. Plugin operations may be executed at the plugin server and/or invoked from a user device where the web client resides. Furthermore, a plugin sandbox and other isolation configurations are provided at the user device, so as to further control access capability and interaction of the plugins.

Abstract: Plugins are authenticated for purposes of accessing and using application program interfaces (APIs) of a management service of a virtualized computing environment. In an authentication process, each plugin is associated with a session ticket that is unique to the plugin. The session ticket may be in the form of a single-use token that has a finite duration, and which may be used by the plugin to establish a session with the APIs of the management service. Because of the single-use and finite duration constraints of the token, the plugin is unable to use the token for other sessions and other plugins are also unable to use the same token to conduct their own sessions with the management service.

Abstract: Plugins are authenticated for purposes of accessing and using application program interfaces (APIs) of a management service of a virtualized computing environment. In an authentication process, each plugin is associated with a session ticket that is unique to the plugin. The session ticket may be in the form of a single-use token that has a finite duration, and which may be used by the plugin to establish a session with the APIs of the management service. Because of the single-use and finite duration constraints of the token, the plugin is unable to use the token for other sessions and other plugins are also unable to use the same token to conduct their own sessions with the management service.

Abstract: Plugins are authenticated for purposes of accessing and using application program interfaces (APIs) of a management service of a virtualized computing environment. In an authentication process, each plugin is associated with a session ticket that is unique to the plugin. The session ticket may be in the form of a single-use token that has a finite duration, and which may be used by the plugin to establish a session with the APIs of the management service. Because of the single-use and finite duration constraints of the token, the plugin is unable to use the token for other sessions and other plugins are also unable to use the same token to conduct their own sessions with the management service.

Abstract: The disclosure provides an approach for installing and deploying a plug-in on a computer system so as to extend an extensible software. The plug-in is encapsulated in an installation file recognizable by the extensible software as indicating that the software modules within the installation file should be installed within their own local scope on the extensible software. The approach further provides a method for handling a request for an application programming interface by a service module of an installed plug-in. The method of handling the request includes determining whether the requested API is within a local scope of the service module, and if so, providing the API from the local scope, or otherwise, providing the API from the global scope of the extensible software.

Abstract: In an architecture of a virtualized computing system plugins are less tightly integrated with a core user interface of a management server. Rather than being installed and executed at the management server as local plugins, the plugins are served as remote plugins from a plugin server, and may be accessed by a web client through a reverse proxy at the management server. Plugin operations may be executed at the plugin server and/or invoked from a user device where the web client resides. Furthermore, a plugin sandbox and other isolation configurations are provided at the user device, so as to further control access capability and interaction of the plugins.

Abstract: The disclosure provides an approach for installing and deploying a plug-in on a computer system so as to extend an extensible software. The plug-in is encapsulated in an installation file recognizable by the extensible software as indicating that the software modules within the installation file should be installed within their own local scope on the extensible software. The approach further provides a method for handling a request for an application programming interface by a service module of an installed plug-in. The method of handling the request includes determining whether the requested API is within a local scope of the service module, and if so, providing the API from the local scope, or otherwise, providing the API from the global scope of the extensible software.

Abstract: Methods, systems, and computer programs for integration of user interface technologies. One of the methods includes receiving, from a user device, a user request to execute a web application, the web application being associated with one or more rendering systems, and each of the rendering systems executing one or more respective remote applications. Respective video streams for the remote applications are obtained from each of the rendering systems. Each of the video streams is provided for presentation on the user device. While the video streams are provided, data identifying a user event is received from the user device. The user event is determined to be intended for a first rendering system. The user event is provided to the first rendering system.

Abstract: Multiple TCP/IP stack processors on a host. The multiple TCP/IP stack processors are provided independently of TCP/IP stack processors implemented by virtual machines on the host. The TCP/IP stack processors provide multiple different default gateway addresses for use with multiple processes. The default gateway addresses allow a service to communicate across an L3 network. Processes outside of virtual machines that utilize the TCP/IP stack processor on a first host can benefit from using their own gateway, and communicate with their peer process on a second host, regardless of whether the second host is located within the same subnet or a different subnet. The multiple TCP/IP stack processors can use separately allocated resources. Separate TCP/IP stack processors can be provided for each of multiple tenants on the host. Separate loopback interfaces of multiple TCP/IP stack processors can be used to create separate containment for separate sets of processes on a host.

Abstract: Methods, systems, and computer programs for integration of user interface technologies. One of the methods includes receiving, from a user device, a user request to execute a web application, the web application being associated with one or more rendering systems, and each of the rendering systems executing one or more respective remote applications. Respective video streams for the remote applications are obtained from each of the rendering systems. Each of the video streams is provided for presentation on the user device. While the video streams are provided, data identifying a user event is received from the user device. The user event is determined to be intended for a first rendering system. The user event is provided to the first rendering system.

Abstract: Multiple TCP/IP stack processors on a host. The multiple TCP/IP stack processors are provided independently of TCP/IP stack processors implemented by virtual machines on the host. The TCP/IP stack processors provide multiple different default gateway addresses for use with multiple processes. The default gateway addresses allow a service to communicate across an L3 network. Processes outside of virtual machines that utilize the TCP/IP stack processor on a first host can benefit from using their own gateway, and communicate with their peer process on a second host, regardless of whether the second host is located within the same subnet or a different subnet. The multiple TCP/IP stack processors can use separately allocated resources. Separate TCP/IP stack processors can be provided for each of multiple tenants on the host. Separate loopback interfaces of multiple TCP/IP stack processors can be used to create separate containment for separate sets of processes on a host.