Abstract: Systems, methods, and computer-readable media for updating a component utilized by an application within a distributed computing environment. An inventory of components relied on by applications within a distributed computing environment is created and maintained to facilitate identifying applications utilizing a particular component. A determination is made from the inventory of applications that utilize the particular component. An indication is received that an update is available for the particular component. An application image for an application utilizing the particular component is booted in an isolated computing environment to allow the component to be updated. A new image of the application is created to reflect the updated component. A user, such as a developer, of the application may be notified that the new image is available for future instantiations of the application.

Abstract: Embodiments described herein are directed to updating the various software associated with a distributed application in a piecemeal fashion. All instances of the software are analyzed and separated into different portions, called “roles.” Each instance of a role is strategically assigned to an update domain based on the structural information included in the service model of the distributed application. The distributed application is upgraded one update at a time by selecting an update or host update domain, bringing the roles assigned thereto offline, updating the offline roles, bringing the roles back online, and repeating for other update or host update domains.

Abstract: A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system environment is divided into one or more side-by-side and/or nested spaces enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces via virtual hierarchies. A set of declarative rules specifying access capabilities may specify a set of filter drivers to be used to limit access to nodes in the hierarchical name space. The rules may be applied in sequence to construct a new name space from an existing one, or to add to an existing hierarchy. Filter drivers are used to limit access to nodes in the new name space or new portion of the name space. Access to nodes can be limited (read-only access instead of read/write) or nodes can be hidden altogether. Rules may be specified in a declarative language such as XML.

Abstract: Two or more separate physical file system directories are presented as one merged (virtual) file system directory to a process running in a silo. The operating system controls the level of access to the files in the merge directory. The operating system provides the merged view of the file system directories by monitoring file system requests made by processes in silos on a computer or computer system and in response to detecting certain types of file system access requests, provides the view of the seemingly merged directories by performing special processing. The types of requests which trigger the special processing include: enumeration, open, create, rename or close.

Abstract: Two or more separate physical Registry directories are presented as a single (virtual) Registry directory to an application running in a controlled execution environment called a silo. All of the operations normally available to be performed on the Registry directory can be performed on the merge directory, however, the operating system controls the level of access to the keys in the merge directory. The operating system provides the merged view of the Registry directories by a Registry filter driver. The Registry filter model provides a single callback with a notification code indicating the reason the callback was called. The types of notifications which trigger the special processing include: enumeration of a key, enumeration of the value of a key, query a key, close a key, delete a key, create or open a key or rename a key.

Abstract: Each virtualized environment on a computer has its own set of firewall rules. The virtualized environments share a single instance of the operating system image, a filter engine and a single network stack. A virtualized environment may be a compartment or a server silo. A virtualized environment is a network isolation mechanism and may be used to prevent use of a computer to traverse network boundaries by creating a separate virtualized environment for each network, enabling a separate set of rules to be applied to each virtualized environment and the network interfaces within it. Virtualized environments may also be used to assign different trust levels to the same physical network. Firewall rules are applied by virtualized environment identifier (ID), enabling separate filters to be applied to each virtualized environment on a computer. A virtualized environment may include or be associated with one or more network interfaces.

Abstract: Methods, systems, and computer-storage media having computer-executable instructions embodied thereon that, when executed, perform methods in accordance with embodiments hereof, for managing component programs within a service application according to a service model. Initially, configuration settings, which can be administered to the component programs, are extracted from the service model. An instantiation process is initiated to manage the service application in accordance with the changes to a level of load on the service application and/or to specifications within the service model. The instantiation process includes deploying, or identifying as available, the component programs within the data center, and automatically propagating formalized values derived from the configuration settings throughout the deployed component programs. These derived formalized values are installed into the component programs, thereby providing for functionality of the service application consistent with the service model.

Abstract: Systems, methods, and computer-readable media for updating a component utilized by an application within a distributed computing environment. An inventory of components relied on by applications within a distributed computing environment is created and maintained to facilitate identifying applications utilizing a particular component. A determination is made from the inventory of applications that utilize the particular component. An indication is received that an update is available for the particular component. An application image for an application utilizing the particular component is booted in an isolated computing environment to allow the component to be updated. A new image of the application is created to reflect the updated component. A user, such as a developer, of the application may be notified that the new image is available for future instantiations of the application.

Abstract: Methods, systems, and computer-readable media for expressing fault correlation constrains to a developer of a service application are provided. Initially, the fault correlation constraints are identified by inspecting an architecture of resources comprising a data center. Based on the resources, sets of nodes that become concurrently unavailable due to a failure mode or update scheme are aggregated. These fault correlation constraints, upon being communicated to the developer, then may be incorporated into a service model produced thereby. Accordingly, the service model is tailored to the specific characteristics of the data center and is provided with instructions as to how to partition instances of the service application throughout the distributed resources of the data center. Thus, the fault correlation constraints provide a developer with insight into rules and structures on which the data center is constructed and assurances of a certain level of fault tolerance upon deploying the service application.

Abstract: A containment mechanism provides for the grouping and isolation of multiple processes running on a single computer using a single instance of the operating system. A system is divided into one or more side-by-side and/or nested spaces enabling the partitioning and controlled sharing of resources by creating different views of hierarchical name spaces by creating a new branch of an existing global system name space or by linking the sub-root level nodes of a new hierarchy to a subset of nodes in an existing global system name space.

Abstract: Methods, systems, and computer-readable media for automating the expression of functional aspects of a target service to a client service via a vehicle referred to herein as a contract are provided. Generally, the methods are performed in the context of a distributed computing environment configured to underlie operations of service application(s). In embodiments, the contract is implemented and bound upon ascertaining that the expressed functional aspects satisfy dependencies of the client service. Generally, the contract defines interfaces and maintains properties that configure the interfaces during installation. During the implementation, one of the interfaces is established and parameterized in accordance with the properties associated therewith. During the binding, the target service and the client service are linked via communication channels that are routed through the established interface.

Abstract: A silo-specific view of the file system is provided to processes running in the silo. Processes can access a file only by uttering the silo-relative name. To determine if access to a file identified by a file ID should be permitted, a list of physical names of the file identified by the file ID is constructed. If a silo-relative name that translates to a name in the list can be uttered, the file is opened and the file ID for the opened file is retrieved. If the file IDs match, the silo-relative name is used to open the file. If a process running within a silo requests a list of names for a file that has been opened using a file ID, results returned are filtered so that only names visible in the silo are returned, thus restricting the process' access to files to those files within its hierarchical namespace.

Abstract: An element of a file system is virtually deleted by creating a deletion marker for the element. Two or more separate physical file system directories are presented as one merged (virtual) file system directory to a process running in a silo. The operating system provides the merged view of the file system directories by monitoring file system requests made by processes in silos on a computer or computer system and filtering out those elements associated with deletion markers. Special processing is invoked in response to detecting certain types of file system access requests, including: enumeration, open, create, rename or delete.

Abstract: Methods, systems, and computer-readable media for automating deployment of service applications by exposing environmental constraints in a service model are provided. In general, the methods are performed in the context of a general purpose platform configured as a server cloud to run various service applications distributed thereon. Accordingly, the general purpose platform may be flexibly configured to manage varying degrees of characteristics associated with each of the various service applications. Typically, these characteristics are provided in the service model that governs the environmental constraints under which each component program of the service application operates. As such, hosting environments are selected and adapted to satisfy the environmental constraints associated with each component program.

Abstract: Methods, systems, and computer-readable media for expressing fault correlation constrains to a developer of a service application are provided. Initially, the fault correlation constraints are identified by inspecting an architecture of resources comprising a data center. Based on the resources, sets of nodes that become concurrently unavailable due to a failure mode or update scheme are aggregated. These fault correlation constraints, upon being communicated to the developer, then may be incorporated into a service model produced thereby. Accordingly, the service model is tailored to the specific characteristics of the data center and is provided with instructions as to how to partition instances of the service application throughout the distributed resources of the data center. Thus, the fault correlation constraints provide a developer with insight into rules and structures on which the data center is constructed and assurances of a certain level of fault tolerance upon deploying the service application.

Abstract: Methods, systems, and computer-readable media for automating the expression of functional aspects of a target service to a client service via a vehicle referred to herein as a contract are provided. Generally, the methods are performed in the context of a distributed computing environment configured to underlie operations of service application(s). In embodiments, the contract is implemented and bound upon ascertaining that the expressed functional aspects satisfy dependencies of the client service. Generally, the contract defines interfaces and maintains properties that configure the interfaces during installation. During the implementation, one of the interfaces is established and parameterized in accordance with the properties associated therewith. During the binding, the target service and the client service are linked via communication channels that are routed through the established interface.

Abstract: Embodiments described herein are directed to updating the various software associated with a distributed application in a piecemeal fashion. All instances of the software are analyzed and separated into different portions, called “roles.” Each instance of a role is strategically assigned to an update domain based on the structural information included in the service model of the distributed application. The distributed application is upgraded one update at a time by selecting an update or host update domain, bringing the roles assigned thereto offline, updating the offline roles, bringing the roles back online, and repeating for other update or host update domains.

Abstract: Object invocation may be carried out by one thread in a service which may include multiple executing threads. In a mechanism for implementing a cancellation operation in a cooperative system, a thread identifies an operation to be cancelled. A cancel function has an argument comprising the thread identifier in which the operation is to be cancelled. The cancel function is called by a client process thread to cancel a pending object invocation initiated by the client process. An immediate or hard cancel causes the targeted client and cancel thread to return immediately. A discretionary or soft cancel does not affect the targeted client thread. In either case the server process is notified via a maintenance notification. The target thread of the cancel cannot be reused for other work until the cancel request or notification has returned.

Abstract: Reference counting is shared between an in-process service runtime and a machine-wide service. The service maintains a global reference count, a global export count, and an exports before revoke count. When the global reference count for a resource or object drops to zero, the machine-wide service deletes the table entry for the object or resource and sends an unref message including the value of the global export count to the sharing process. If the local export count is greater than the global export count of the unref, there are committed exports which have not yet been unreferenced. If both counts are the same, the committed exports have been accounted for and a revoke operation can be issued.

Abstract: Systems, methods and computer storage media for operating a scalable computing platform are provided. A service description describing a requested service is received. Upon receiving the service description a determination of the required resources and the available resources is made. An instance description is produced. The resources required to sustain the deployment of the service are mapped to the available resources of the computing platform so the service may be deployed. The instance description is amended with each deployment of the service to allow for sustained deployment of the service.