Patent Grant
8850550
Many web-based systems use security tokens, such as Security Assertion Markup Language (SAML) tokens, to verify and authenticate users of the system. To obtain a security token, a user provides a credential to a security token service (STS). The STS attempts to authenticate an identity of the user based on the credential. If the STS successfully authenticates the identity of the user, the STS gathers claims from one or more claim providers. The claims can comprise various types of data. For example, the claims can comprise assertions about the identity of the user. After gathering the claims from the claim providers, the STS generates a security token and provides the security token to the user. After receiving the security token, the user provides the security token to the web service for each request it makes to the service. When the web service receives the security token, the web service uses the claims in the security token to determine whether or not the user is authorized to access a resource provided by the web service. These security tokens are expensive to create and can become quite large during an interactive session with the web-based system.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
A security token service generates a security token for a user that is associated with a client and stores the full security token within a memory, such as a cache. The generated security token includes an identity claim that represents the identity of the generated security token. Instead of passing the entire security token back to the client, the identity claim is returned to the client. The client treats the identity claim as if it were the actual full security token. For each request the client makes to the service, the client passes the identity claim in the request instead of the full security token having all of the claims. The identity claim is much smaller then the full security token. When a computing device receives the identity claim within the request from the user, the identity claim is used to access the full security token that is stored in memory. The accessed security token may then be used within the rest of the service as if it were supplied directly from the client.
Referring now to the drawings, in which like numerals represent like elements, various embodiment will be described.
Generally, program modules include routines, programs, components, data structures, and other types of structures that perform particular tasks or implement particular abstract data types. Other computer system configurations may also be used, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like. Distributed computing environments may also be used where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
As illustrated, system 100 comprises server 120, network 107, clients 1-N, users 1-N, and identity claims for each of the users 1-N. Server 120 comprises Security Token Service (STS 145) and memory 165.
Security Token Service (STS) 145 is configured to provide a security token service for generating a security token for a user that is associated with a client. For example, STS is configured to generate a different security token for each of the users (User 1-N). After being generated, the entire generated security token is stored within memory 165, such as a cache. The generated security token created by STS 145 includes a special claim called an identity claim that represents the identity of the generated security token. Instead of the server 120 passing the entire security token back to a client, the identity claim is returned to the client. The client treats the identity claim as if it were the actual full security token. For each request the client makes to the service, the client passes the identity claim in the request instead of the full security token having all of the claims. The identity claim is much smaller then the full security token. For example, client 1 (101) passes back the Identity Claim for User 1 with each request, client 2 (102) passes back the Identity Claim for User 2 and client N (103) passes back the Identity Claim for User N, When server 120 receives the identity claim within the request from a user that has had an identity claim created (e.g. one of User 1-N), the identity claim is used by the server to access the full security token that is stored in memory 165. The accessed security token may then be used within the rest of the service as if it were supplied directly from the client. For example, more than one server 120 may be associated with a service. While STS 145 is shown within server 120, the functionality of STS 145 may also be provided on other computing devices within a network. For example, a network may have a one or more dedicated computing device that performs the services of STS 145.
Similarly, each network may store the full security tokens locally for a machine and/or in a global cache for access within the network. Generally, any application that passes a full security token to the client may instead use the functionality of STS 145 such that instead of passing an entire security token back and forth, the identity claim is passed in its place. More detail follows regarding the use of cached security tokens.
In some embodiments, client device 204 and client device 206 comprise one or more computing devices of the type described below with regard to the example of
Network 207 enables the client device 204 and the client device 206 to communicate with server system 210. In various embodiments, network 207 can comprise various types of communications networks. For example, network 207 can comprise a wide area network, such as the Internet. In another example, the network 207 can comprise another type of network, such as a local-area network, a public-switched telephone network, or a cellular telephone network. The network 207 can comprise wired and/or wireless communications links.
Server system 210 provides access via network 207 to resources, such as resource(s) 225. In various embodiments, resource(s) 225 can comprise various types of resources. For example, resource 225 can be a word processor document, a spreadsheet document, a slide presentation document, a desktop publishing document, a note-taking document, a web page document, a computer programming source code file, an executable file, an archive file, an email mailbox, or another type of resource.
The server system 210 controls access to resource 225 on the basis of a security token and claims generated by STS 220. For example, client 204 may want to review or edit the content of a resource. In another example, client 206 may want to delete or move a resource. In yet another example, a client may want to execute a resource.
Before a client is able to access a resource from resource(s) 225, the server system 210 authenticates an identity of a user that is associated with a client device. If the server system 210 successfully authenticates the identity of the user using a security token service, such as STS 220, the server system 210 using an STS service generates a security token. Generally, a security token is a data structure comprising one or more claims. For example, the security token can contain a claim indicating that user 205 works in the accounting department of a firm. In another example, the security token can contain a claim indicating that the user 205 is a client of a firm. More than one security token may be generated for a user. For example, a security token may be issued for a user that relates to their job and another security token may be issued for a user that relates to them individually.
According to an embodiment, STS 220 is configured to generate SAML tokens that comprise one or more claims. A claim comprises an assertion by an entity. The claim may relate to anything. For example, a claim may comprise an assertion of a name, a job title, a membership in a group, an age, an address, and the like. A claim may also comprise assertions of things that are not tied to users' identities. For instance, a claim can comprise an assertion regarding financial data (e.g., the current price of stock XYZ is $5.52).
When user 205 connects to server system 210 the user may provide identifying information, such as submitting credentials, an identifier, a security token, and the like. STS 220 receives this identifying information and creates a security token, such as a SAML token that includes one or more claims. The security token may be generated according to different standards, such as SAML, SAML 1.0, 1.1, 2.0, or other similar standards. One of the claims that STS 220 creates is an identity claim that is used to represent the identity of the full security token that is generated by STS 220. The identity claim uniquely identifies the full security token and may be created cryptographically such that the identity claim may be verified. The identity claim is much smaller as compared to the full security token. For example, an identity claim may be 100-400 bytes whereas a full security token may be over 100K of data.
According to embodiments, the format of the identity claim follows the following formats: (1) UserIdentity+“,”+ExpirationTime+“,”+Base64(RSA-SHA2-256 signature of (UserIdentity+“,”+ExpirationTime)); or (2) UserIdentity+“,”+ExpirationTime+“,”+Base64(RSA-SHA2-256 signature of (UserIdentity+“,”+ExpirationTime)),AudienceURI. The UserIdentity identifies the user. The ExpirationTime identifies a time period the identity claim is valid. According to an embodiment, the expiration time is specified in. The AudienceURI is a Uniform Resource Identifier (URI) path that is used to establish the context of the tenancy for this value. Leaving the Audience URI out of the “identity claim” enables the same value to be used across multiple AudienceURIs. The key used for the RSA-SHA2-256 encryption is the private key of the token issuing authority, such as STS 220. It can be validated by itself as well as the service process (which has access to its public key but not its private key). Other formats may also be used.
The full security token that is generated by STS 220 is stored in a memory, such as 230. STS 220, or some other computing device within server system 210, may store the generated security token in memory 230. The memory may be configured in different manners. For example, the memory 230 may be a cache, a distributed caching service (e.g. MICROSOFT's Windows Server AppFabric Caching, Memcached, and the like), RAM, a data store and the like. According to an embodiment, the claims of the security token are stored in memory 230 in a binary format. Storing the claims in binary format saves the extra step of having to parse XML that is related to the token that would be performed if the full security token was passed in by the client.
After STS 220 generates the full security token including the identity claim, STS 220 returns the identity claim to the client device that is associated with the user (e.g. client 204 for user 205). The client device uses the identity claim just as they would use the full security token. The user may not even be aware that they did not receive the full security token. Since the identity claim is much smaller then the full security token, there is much less data to pass back and forth between server system 210 and the clients for each request.
After the client device 204 receives the identity claim that identifies the security token that is stored in memory 230, the client device 204 sends the identity claim back to the server system 210 along with every normal request to that server. The access request comprises a request to access the resource 225. When the server system 210 receives the identity claim and the access request, the server system 210 determines whether the user 205 is authorized to access the resource 225. The server accesses the received identify claim and looks up the full security token in memory 230. Additional context information, such as tenancy information, may be used in looking up the full security token such that the correct claims are returned. For instance, in a multi-tenancy server system, the same user might have access to multiple tenancies using the same identity, but has a different set of full-claims that represent their permissions to that specific tenancy.
If the full token is retrieved from the cache, the security token is used transparently by the rest of the system as if the full token were supplied directly from the client. According to another embodiment, the identity claim or the full token may be sent to the other servers in the system when they have access to memory 230.
If the full token is not found in the cache, the server process (e.g. server 215) makes a call to the security token service 220. Instead of passing a normal identity, the server process passes the special “identity claim” as if it were a password. STS 220 validates this “password” cryptographically as originating from itself and as not expired and if valid, does the normal process of issuing a new security token that is placed in memory 230 for future requests.
The claims in the full security token are used to determine if the user satisfies a security policy for the resource 112. For example, a security policy for the resource 225 can specify that only members of a certain group are allowed to access the resource 225. In this example, the server system 210 can determine that the user 205 is authorized to access the resource 225 when the security token includes a claim that indicates that the user 205 is a member of the certain group.
When an identity claim is no longer valid (e.g. timed out, user permissions changed, and the like), the associated security token may be removed from any memory in which it is stored. For example, when the security token is stored in a distributed cache, the security token may be removed from a single memory. When the security token is stored on many different machines, each machine may remove the security token that is associated with the security token. Since the token is no longer in the cache, the next time it is needed it will be reissued, causing the underlying values (such as user permissions) to be recalculated.
In example embodiments, clients 302 and 304 are computing devices, such as desktop computers, laptop computers, terminal computers, personal data assistants, or cellular telephone devices. Clients 302 and 304 can include input/output devices, a central processing unit (“CPU”), a data storage device, and a network device. In the present application, the terms client and client computer are used interchangeably.
WFEs 310, 312 and 314 are accessible to clients 302 and 304 via load balancer 308 and web request routers 309 through network 306. As discussed, the servers may be configured in farms. Back-end server 316 is accessible to WFEs 310, 312 and 314. Load balancer 308 is a dedicated network device and/or one or more server computers. Load balancer 308, web request routers 309, load balancer 320, WFEs 310, 312 and 314 and back-end server 316 can include input/output devices, a central processing unit (“CPU”), a data storage device, and a network device. In example embodiments, network 306 is the Internet and clients 302 and 304 can access WFEs 310, 312 and 314 and resources connected to WFEs 310, 312 and 314 remotely.
In an example embodiment, system 300 is an online, browser-based cloud system. An example of cloud based system is Microsoft Sharepoint® Online from Microsoft Corporation of Redmond, Wash. In system 300, one or more of the back-end servers 316-319 are SQL servers, for example SQL Server from Microsoft Corporation of Redmond, Wash.
WFEs 310, 312 and 314 provide an interface between clients 302 and 304 and back-end servers 316-319. The load balancers 308, 320 direct requests from clients 302 and 304 to web request routers and from WFEs to back-end servers 316-319. Web request routers 309 direct requests to WFEs 310, 312 and 314 and use factors such as WFE utilization, the number of connections to a WFE and overall WFE performance to determine which WFE server receives a client request. Similarly, the load balancer 320 uses factors such as back-end server utilization, the number of connections to a server and overall performance to determine which back-end server receives a request. Web request routers 309 may be used to offload some of the processing from load balancer 308. For example, load balancer 308 may operate at a lower TCP/IP layer (e.g. layer 4) such that it may handle more requests. Web request routers 309 provide a scalable request router that may operate at a higher TCP/IP layer (e.g. layer 7). The web request routers may use application specific logic for routing the requests. For example, the requests may be routed based on a document identifier and/or user information that is included within the received request.
An example of a client request may be to access a document stored on one of the back-end servers, to edit a document stored on a back-end server (e.g. 316-319) or to store a document on back-end server. When load balancer 308 receives a client request over network 306, load balancer 308 directs the request to one of the available web request routers 309. The web request router 309 determines which one of WFE server 310, 312 and 314 receives the client request. Similarly, load balancer 320 determines which one of the back-end servers 316-319 receive a request from the WFE servers. The back-end servers may be configured to store data for one or more tenants (i.e. customer).
STS 305 is configured to generate identity claims and security tokens. Generally, STS 305 generates a full security token and an identity claim that is used to identify the full security token that is stored in a memory, such as caching service 306. When a user requests access to a resource, their identity may be verified before allowing access to the resource. Instead of passing the entire security token back and forth between users and the online system, the identity claim is passed back and forth in place of the full security token. While STS 305 is shown separate from the WFEs and the other servers, the functionality of STS 305 may be included in one or more of the servers. For example, each WFE may include an STS. Similarly, one or more servers may also store their own cache of full security tokens that relate to the users they provide services for. In the embodiment, illustrated, the servers providing the resources to clients 302 and 304 use a distributed caching service 306 that allows them to access the full security token using the provided identity claim. According to another embodiment, the full security token may be obtained when a request is initially received by load balancer 308 and then the full security token may be transferred to other servers in network 306.
When reading the discussion of the routines presented herein, it should be appreciated that the logical operations of various embodiments are implemented (1) as a sequence of computer implemented acts or program modules running on a computing system and/or (2) as interconnected machine logic circuits or circuit modules within the computing system. The implementation is a matter of choice dependent on the performance requirements of the computing system implementing the invention. Accordingly, the logical operations illustrated and making up the embodiments described herein are referred to variously as operations, structural devices, acts or modules. These operations, structural devices, acts and modules may be implemented in software, in firmware, in special purpose digital logic, and any combination thereof.
After a start operation, the process 400 flows to operation 410, where a user connects to a service, such an online cloud based service. The service authenticates an identity of a user by receiving identifying credentials such as an ID, password, security token and the like.
Moving to operation 420, a full security token is generated for the user that includes an identity claim that identifies the full security token. For example, the security token may be a SAML token. The identity claim uniquely identifies the full security token and may be created cryptographically such that the identity claim may be verified. The identity claim is much smaller as compared to the full security token. For example, an identity claim may be specified in bytes whereas a full security token and claims may be specified in hundreds of Kbytes.
Flowing to operation 430, the full security token is stored in a memory. The memory may be local to the computing device and/or globally stored such that the full security token is available to one or more computing devices providing the online service. For example, the memory may be a distributed caching service, such as MICROSOFT's Windows Server AppFabric Caching, Memcached, and the like. Each server handling resources may also include functionality for caching the full security token and/or generating the full security token and the identity claim.
Transitioning to operation 440, the identity claim is provided to the client instead of providing the full security token to the client. According to an embodiment, the identity claim is returned in a cookie in the same manner as a SAML token is provided to a client.
The process then moves to an end block and returns to processing other actions.
After a start operation, the process flows to operation 510 where a request is received. The request may be for a resource that are stored on one or more of the machines in the network. A computing device that receives the request may obtain the identity claim from the request. According to another embodiment, the request may be forwarded to another computing device that obtains the identity claim from the request.
Flowing to operation 520, the full security token is obtained from a memory using the received identity claim. Generally, the identity claim is used to look up the full security token in a memory that is associated with the computing device receiving the request. As discussed, the memory may be local to the computing device and/or at some other location within the network. For example, the full security token may be obtained from a distributed caching service that is utilized by an online service.
Flowing to operation 530, the full security token is used in determining the rights of the user with regard to the requested resource. The full security token may be passed to other computing devices to obtain one or more resources just as if the full token was passed from the client requesting the resource. According to another embodiment, the identity claim is passed to other computing devices that then use the identity claim to access the full security token. The process then moves to an end block and returns to processing other actions.
Referring now to
A basic input/output system containing the basic routines that help to transfer information between elements within the computer, such as during startup, is stored in the ROM 10. The computer 500 further includes a mass storage device 14 for storing an operating system 16, application programs 10, data store 24, files, and a service program 26 relating to execution of and interaction with the an online system.
The mass storage device 14 is connected to the CPU 5 through a mass storage controller (not shown) connected to the bus 12. The mass storage device 14 and its associated computer-readable media provide non-volatile storage for the computer 500. Although the description of computer-readable media contained herein refers to a mass storage device, such as a hard disk or CD-ROM drive, the computer-readable media can be any available media that can be accessed by the computer 100.
By way of example, and not limitation, computer-readable media may comprise computer storage media and communication media. Computer storage media includes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, Erasable Programmable Read Only Memory (“EPROM”), Electrically Erasable Programmable Read Only Memory (“EEPROM”), flash memory or other solid state memory technology, CD-ROM, digital versatile disks (“DVD”), or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computer 600.
According to various embodiments, computer 600 may operate in a networked environment using logical connections to remote computers through a network 18, such as the Internet. The computer 600 may connect to the network 18 through a network interface unit 20 connected to the bus 12. The network connection may be wireless and/or wired. The network interface unit 20 may also be utilized to connect to other types of networks and remote computer systems. The computer 600 may also include an input/output controller 22 for receiving and processing input from a number of other devices, including a keyboard, mouse, or electronic stylus (not shown in
As mentioned briefly above, a number of program modules and data files may be stored in the mass storage device 14 and RAM 9 of the computer 600, including an operating system 16 suitable for controlling the operation of a networked computer, such as the WINDOWS® operating systems from MICROSOFT® CORPORATION of Redmond, Wash. The mass storage device 14 and RAM 9 may also store one or more program modules. In particular, the mass storage device 14 and the RAM 9 may store one or more application programs, such as services program 26, that perform tasks relating to a system.
The above specification, examples and data provide a complete description of the manufacture and use of the composition of the invention. Since many embodiments of the invention can be made without departing from the spirit and scope of the invention, the invention resides in the claims hereinafter appended.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5553215 | Kaethler | Sep 1996 | A |
| 5835910 | Kavanaugh et al. | Nov 1998 | A |
| 5857211 | Carper et al. | Jan 1999 | A |
| 5913032 | Schwartz et al. | Jun 1999 | A |
| 6157934 | Khan et al. | Dec 2000 | A |
| 6212382 | Watson et al. | Apr 2001 | B1 |
| 6243824 | Kakuta et al. | Jun 2001 | B1 |
| 6453325 | Cabrera et al. | Sep 2002 | B1 |
| 6571283 | Smorodinsky | May 2003 | B1 |
| 6578054 | Hopmann et al. | Jun 2003 | B1 |
| 6654746 | Wong et al. | Nov 2003 | B1 |
| 6675226 | Nair et al. | Jan 2004 | B1 |
| 6711593 | Gordon et al. | Mar 2004 | B1 |
| 6738799 | Dickenson | May 2004 | B2 |
| 6823384 | Wilson et al. | Nov 2004 | B1 |
| 6898727 | Wang et al. | May 2005 | B1 |
| 6912690 | Bauchot | Jun 2005 | B2 |
| 6934848 | King et al. | Aug 2005 | B1 |
| 6983311 | Haitsuka et al. | Jan 2006 | B1 |
| 6988241 | Guttman et al. | Jan 2006 | B1 |
| 7000228 | Mortazavi | Feb 2006 | B2 |
| 7047484 | Becker et al. | May 2006 | B1 |
| 7251776 | Handsaker et al. | Jul 2007 | B2 |
| 7325156 | Schloss et al. | Jan 2008 | B1 |
| 7360208 | Joshi et al. | Apr 2008 | B2 |
| 7454659 | Gaudette et al. | Nov 2008 | B1 |
| 7463648 | Eppstein et al. | Dec 2008 | B1 |
| 7516367 | Beltowski et al. | Apr 2009 | B1 |
| 7555751 | Abbavaram et al. | Jun 2009 | B1 |
| 7577661 | Bankston et al. | Aug 2009 | B2 |
| 7668961 | Lomet | Feb 2010 | B2 |
| 7680848 | Janeditakam | Mar 2010 | B2 |
| 7680933 | Fatula, Jr. | Mar 2010 | B2 |
| 7720820 | Lomet | May 2010 | B2 |
| 7823145 | Le et al. | Oct 2010 | B1 |
| 8103906 | Alibakhsh et al. | Jan 2012 | B1 |
| 8185897 | Kushwaha | May 2012 | B2 |
| 8190987 | Campbell et al. | May 2012 | B2 |
| 8296267 | Cahill et al. | Oct 2012 | B2 |
| 8307119 | Rochelle et al. | Nov 2012 | B2 |
| 8386501 | Cahill et al. | Feb 2013 | B2 |
| 8417737 | Hopmann et al. | Apr 2013 | B2 |
| 8578399 | Khen et al. | Nov 2013 | B2 |
| 8751656 | Cahill et al. | Jun 2014 | B2 |
| 20010056554 | Chrabaszcz | Dec 2001 | A1 |
| 20020010743 | Ryan et al. | Jan 2002 | A1 |
| 20020078074 | Cho et al. | Jun 2002 | A1 |
| 20020078233 | Biliris et al. | Jun 2002 | A1 |
| 20020129054 | Ferguson et al. | Sep 2002 | A1 |
| 20020161814 | Wical | Oct 2002 | A1 |
| 20020162049 | Takamoto et al. | Oct 2002 | A1 |
| 20020169799 | Voshell | Nov 2002 | A1 |
| 20030005133 | Banerjee et al. | Jan 2003 | A1 |
| 20030061365 | White et al. | Mar 2003 | A1 |
| 20030126229 | Kantor et al. | Jul 2003 | A1 |
| 20030154278 | Hirschman et al. | Aug 2003 | A1 |
| 20030193558 | Doss et al. | Oct 2003 | A1 |
| 20030204460 | Robinson et al. | Oct 2003 | A1 |
| 20030221190 | Deshpande et al. | Nov 2003 | A1 |
| 20040024881 | Elving et al. | Feb 2004 | A1 |
| 20040111636 | Baffes et al. | Jun 2004 | A1 |
| 20040133619 | Zelig et al. | Jul 2004 | A1 |
| 20040143662 | Poyhonen | Jul 2004 | A1 |
| 20040205765 | Beringer et al. | Oct 2004 | A1 |
| 20040210623 | Hydrie et al. | Oct 2004 | A1 |
| 20040237045 | Meltzer | Nov 2004 | A1 |
| 20050044486 | Kotler et al. | Feb 2005 | A1 |
| 20050050076 | Tong et al. | Mar 2005 | A1 |
| 20050132382 | McGuire et al. | Jun 2005 | A1 |
| 20060015806 | Wallace | Jan 2006 | A1 |
| 20060015932 | Ballinger et al. | Jan 2006 | A1 |
| 20060015933 | Ballinger et al. | Jan 2006 | A1 |
| 20060031268 | Shutt et al. | Feb 2006 | A1 |
| 20060070020 | Puttaswamy et al. | Mar 2006 | A1 |
| 20060075076 | Sinha | Apr 2006 | A1 |
| 20060085785 | Garrett | Apr 2006 | A1 |
| 20060122469 | Martel | Jun 2006 | A1 |
| 20060123119 | Hill et al. | Jun 2006 | A1 |
| 20060168218 | Kashyap | Jul 2006 | A1 |
| 20060190698 | Mizuno et al. | Aug 2006 | A1 |
| 20060271395 | Harris et al. | Nov 2006 | A1 |
| 20060274695 | Krishnamurthi et al. | Dec 2006 | A1 |
| 20060277224 | Aftab et al. | Dec 2006 | A1 |
| 20070005769 | Ammerlaan et al. | Jan 2007 | A1 |
| 20070043860 | Pabari | Feb 2007 | A1 |
| 20070050415 | Armangau et al. | Mar 2007 | A1 |
| 20070086476 | Iglesias et al. | Apr 2007 | A1 |
| 20070130566 | van Rietschote et al. | Jun 2007 | A1 |
| 20070169189 | Crespo et al. | Jul 2007 | A1 |
| 20070198554 | Liu | Aug 2007 | A1 |
| 20070204325 | Cameron et al. | Aug 2007 | A1 |
| 20070219956 | Milton | Sep 2007 | A1 |
| 20070220415 | Cheng et al. | Sep 2007 | A1 |
| 20070260644 | Ljungqvist et al. | Nov 2007 | A1 |
| 20070261049 | Bankston et al. | Nov 2007 | A1 |
| 20070271560 | Wahlert et al. | Nov 2007 | A1 |
| 20070285501 | Yim | Dec 2007 | A1 |
| 20080077632 | Tysowski et al. | Mar 2008 | A1 |
| 20080082560 | Agrawal et al. | Apr 2008 | A1 |
| 20080098046 | Alpern et al. | Apr 2008 | A1 |
| 20080120351 | Khaladkar et al. | May 2008 | A1 |
| 20080126428 | Swamburg | May 2008 | A1 |
| 20080147753 | Chasman et al. | Jun 2008 | A1 |
| 20080154918 | Iwatsu et al. | Jun 2008 | A1 |
| 20080155023 | Kadashevich | Jun 2008 | A1 |
| 20080189468 | Schmidt et al. | Aug 2008 | A1 |
| 20080243763 | Bishop et al. | Oct 2008 | A1 |
| 20080243867 | Janedittakarn et al. | Oct 2008 | A1 |
| 20080244184 | Lewis et al. | Oct 2008 | A1 |
| 20080256607 | Janedittakarn | Oct 2008 | A1 |
| 20080263534 | Hirsave et al. | Oct 2008 | A1 |
| 20080270459 | Grewal et al. | Oct 2008 | A1 |
| 20080270564 | Rangegowda et al. | Oct 2008 | A1 |
| 20080289020 | Cameron et al. | Nov 2008 | A1 |
| 20090018999 | Petri | Jan 2009 | A1 |
| 20090083561 | Kaburlasos et al. | Mar 2009 | A1 |
| 20090100419 | Childress et al. | Apr 2009 | A1 |
| 20090164621 | Kothari et al. | Jun 2009 | A1 |
| 20090199177 | Edwards et al. | Aug 2009 | A1 |
| 20090216789 | Chowdhary et al. | Aug 2009 | A1 |
| 20090216855 | Lang et al. | Aug 2009 | A1 |
| 20090216975 | Halperin et al. | Aug 2009 | A1 |
| 20090228589 | Korupolu | Sep 2009 | A1 |
| 20090228950 | Reed et al. | Sep 2009 | A1 |
| 20090248756 | Akidau et al. | Oct 2009 | A1 |
| 20090293022 | Fries | Nov 2009 | A1 |
| 20090293056 | Ferris | Nov 2009 | A1 |
| 20090327139 | Shah et al. | Dec 2009 | A1 |
| 20100011409 | Hodgkinson et al. | Jan 2010 | A1 |
| 20100027552 | Hill | Feb 2010 | A1 |
| 20100070466 | Prahlad et al. | Mar 2010 | A1 |
| 20100077165 | Lu et al. | Mar 2010 | A1 |
| 20100082860 | Murthy | Apr 2010 | A1 |
| 20100083253 | Kushwaha | Apr 2010 | A1 |
| 20100095198 | Bultrowicz et al. | Apr 2010 | A1 |
| 20100106812 | Bernabeu-Auban et al. | Apr 2010 | A1 |
| 20100113159 | Chapman et al. | May 2010 | A1 |
| 20100121902 | Chandrasekhar et al. | May 2010 | A1 |
| 20100125612 | Amradkar et al. | May 2010 | A1 |
| 20100145861 | Law et al. | Jun 2010 | A1 |
| 20100146290 | Bachmann et al. | Jun 2010 | A1 |
| 20100162226 | Borissov | Jun 2010 | A1 |
| 20100192143 | Ingle et al. | Jul 2010 | A1 |
| 20100205227 | Weissman et al. | Aug 2010 | A1 |
| 20100211548 | Ott et al. | Aug 2010 | A1 |
| 20100211619 | Weissman et al. | Aug 2010 | A1 |
| 20100251242 | Sivasubramanian et al. | Sep 2010 | A1 |
| 20100251339 | McAlister | Sep 2010 | A1 |
| 20100262632 | Jain et al. | Oct 2010 | A1 |
| 20100275222 | Wallace | Oct 2010 | A1 |
| 20100287359 | Norden | Nov 2010 | A1 |
| 20100312810 | Horton et al. | Dec 2010 | A1 |
| 20110071856 | Nasenbenny et al. | Mar 2011 | A1 |
| 20110138391 | Cho et al. | Jun 2011 | A1 |
| 20110161964 | Piazza et al. | Jun 2011 | A1 |
| 20120101983 | Hopmann et al. | Apr 2012 | A1 |
| 20120101998 | Cahill et al. | Apr 2012 | A1 |
| 20120102067 | Cahill et al. | Apr 2012 | A1 |
| 20120102198 | Cahill et al. | Apr 2012 | A1 |
| 20120102199 | Hopmann et al. | Apr 2012 | A1 |
| 20120102480 | Hopmann et al. | Apr 2012 | A1 |
| 20120102506 | Hopmann et al. | Apr 2012 | A1 |
| 20120151378 | Parish et al. | Jun 2012 | A1 |
| 20130159344 | Cahill et al. | Jun 2013 | A1 |
| 20130226973 | Hopmann et al. | Aug 2013 | A1 |
| Number | Date | Country |
|---|---|---|
| 1989489 | Jun 2007 | CN |
| 101162988 | Apr 2008 | CN |
| 101657804 | Feb 2010 | CN |
| 10-0980599 | Sep 2010 | KR |
| 20111033894.3 | Jun 2014 | NZ |
| 189412 | Jun 2014 | SG |
| 189417 | Jun 2014 | SG |
| 2010-090899 | Aug 2010 | WO |
| Entry |
|---|
| U.S. Appl. No. 12/908,681, filed Oct. 20, 2010 entitled “Placing Objects on Hosts Using Hard and Soft Constraints”. |
| U.S. Appl. No. 12/908,639, filed Oct. 20, 2010 entitled “Dynamically Splitting Multi-Tenant Databases”. |
| U.S. Appl. No. 12/908,623, filed Oct. 20, 2010 entitled “High Availability of Machines During Patching”. |
| U.S. Appl. No. 12/908,653, filed Oct. 20, 2010 entitled “Web Service Patterns for Globally Distributed Service Fabric”. |
| U.S. Appl. No. 12/908,590, filed Oct. 20, 2010 entitled “Machine Manager Service Fabric”. |
| U.S. Appl. No. 12/908,703, filed Oct. 20, 2010 entitled “Online Database Availability During Upgrade”. |
| U.S. Appl. No. 12/908,694, filed Oct. 20, 2010 entitled “Managing Networks and Machines for an Online Service”. |
| U.S. Appl. No. 12/908,752, filed Oct. 20, 2010 entitled “Upgrade of Highly Available Farm Server Groups”. |
| U.S. Appl. No. 12/964,633, filed Dec. 9, 2010 entitled “Codeless Sharing of Spreadsheet Objects”. |
| Above the Cloud; “The Azure Fabric Controller”; Published Mar. 23, 2009; http://azure.snagy.name/blog/?p=89; 3 pgs. |
| “Adopting Server Virtualization for Business Continuity and Disaster Recovery”; CA ARCserve Backup and CA Xosoft Replication and High Availability Software with Hyper-V Technology—A Powerful Combination; Published 2009; 17 pgs. |
| Allamaraju; “Idempotency Explained”; Published Feb. 21, 2008; 5 pgs. |
| “BadBlue Excel Web Spreadsheet Collaboration Server 2.72b”; Published Apr. 20, 2010; http://badblue-excel-web-spreadsheet-collaboration-server.badblue.qarchive.org/; 2 pgs. |
| Chaisiri et al., “Optimal Virtual Machine Placement across Multiple Cloud Providers”; School of Computer Engineering, Nanyang Technological University, Singapore; 2009 IEEE; 8 pgs. |
| Chronic db; “Live Database Schema Updates—Zero Downtime”; Retrieved Sep. 20, 2010; http://chronicdb.com/benefits—of—chronicdb; 3 pgs. |
| Crets; “Idempotent Services”; Blog of Guy Crets; Jul. 9, 2008; 1 pg. |
| Das et al., “ElasTraS: An Elastic, Scalable, and Self Managing Transactional Database for the Cloud”; Department of Computer Science, University of California, Santa Barbara, CA; UCSB Computer Science Technical Report Apr. 2010; 14 pgs. |
| “Excel Services Overview (SharePoint Server 2010)”; Microsoft Corporation; Published May 12, 2010; http://technet.microsoft.com/en-us/library/ee424405.aspx; 3 pgs. |
| Exortech; “Zero-Downtime Database Deployment”; Published Feb. 1, 2009; http://exortech.com/blog/2009/02/01weekly-release-blog-11-zero-downtime-database-deployment; 3 pgs. |
| Forster et al.; “Using SAML Security Tokens with Microsoft Web Services Enhancements”; Published Apr. 29, 2008; http://www.ibm.com/ developerworks/tivoli/library/t-samlwse/index.html; 23 pgs. |
| “HP Serviceguard Cluster Configuration for HP-UX 11i or Linux Partitioned Systems”; Apr. 2009; 13 pgs. |
| Hyser et al., “Autonomic Virtual Machine Placement in the Data Center”; HP Laboratories; Feb. 26, 2008; 11 pgs. |
| “IBM Director v6.2.x”; Retrieved Sep. 20, 2010; http://publib.boulder.ibm.com/infocenter/director/v6r2x/index.jsp?topic=/com.ibm.director.updates.helps.doc/fqm0—t—um—updating—systems.html; 2 pgs. |
| KaChing Engineering; “No Downtime Database Schema Changes”; Published Aug. 15, 2010; http://eng.kaching.com/2010/08/no-downtime-database-schema-changes.html; 4 pgs. |
| Kim, “Virtual Machine Placement Optimization”; Carnegie Mellon Engineering, Carnegie Institute of Technology; Retrieved Date—Aug. 26, 2010; 2 pgs. |
| Kumar; “Sharing and Previewing Google Docs in Socialwok: Google Data SPI”; Published Apr. 9, 2010; http://googleappsdeveloper.blogspot.com/2010/04/ sharing-and-previewing-google-docs-in.html; 6 pgs. |
| “LinkedCells 1.8 Description”; WareSeeker.com; Published Mar. 16, 2009; http://wareseeker.com/Business-Finance/linkedcells-1.8.zip/1f2ea4b9e; 3 pgs. |
| Meng et al., “Improving the Scalability of Data Center Networks with Traffic-aware Virtual Machine Placement”; IBM T.J. Watson Research Center; 9 pgs. |
| “Microsoft High Availability Overview White Paper”; Published Jan. 2008; 19 pgs. |
| Microsoft; “Virtual Machine Manager”; Retrieved Sep. 21, 2010; http://www.microsoft.com/systemcenter/en/us/virtual-machine-manager.aspx; 2 pgs. |
| Microsoft Corporation; “Scaling Out SQL Server 2005”; Published Date: Apr. 2006; http://msdn.microsoft.com/en-us/library/aa479364.aspx; 15 pgs. |
| Microsoft Corporation; “Messaging Patterns in Service-Oriented Architecture, Part 1”; Published Apr. 2004; 10 pgs. |
| Microsoft TechNet; “Placing Virtual Machines on Hosts”; 2010 Microsoft Corporation; 3 pgs. |
| Microsoft TechNet; “Configure a Server Farm for Minimal Downtime During Software Updates (Office SharePoint Server 2007)”; Published Sep. 17, 2009; http://technet.microsoft.com/en-us/library/ee514459(office.12).aspx; 26 pgs. |
| Microsoft TechNet; “Configure Claims-Based Authentication Using Windows Live ID (SharePoint Server 2010)”; Published Sep. 9, 2010; http://technet.microsoft.com/en-us/library/ff973117(printer).aspx; 17 pgs. |
| MSDN Magazine; “Designing Services for Windows Azure”; Published Jan. 2010; 11 pgs. |
| “MySQL Cluster Features”; Retrieved Sep. 20, 2010; http://www.mysql.com/products/database/cluster/features.html; 5 pgs. |
| “The NorduGrid Grid Manager and GridFTP Server”; Published Aug. 10, 2010; http://www.nordugrid.org/documents/GM-pdf; 37 pgs. |
| Oracle9i Database Migration; “Compatibility and Interoperability”; Retrieved Sep. 20, 2010; http://download.oracle.com/docs/cd/A97630—01/server.920/a96530/migcompa.htm; 42 pgs. |
| Ranganathan; “Idempotency in Services”; Published Dec. 1, 2009; 21 pgs. |
| “RightGrid Basic Example”; Retrieved Sep. 24, 2010; http://support.rightscale.com/03-Tutorials/02-AWS/03-Grid—Edition/Basic—RightGrid—Example; 16 pgs. |
| “SAS Grid Computing”; SAS Institute; Retrieved Sep. 24, 2010; http://www.sas.com/technologies/architecture/grid/index.html; 2 pgs. |
| “Small to Medium Sized Data Center with Applogic Cloud”; Migrate to Cloud; Published Jul. 22, 2010; http://www.migrate2cloud.com/blog/small-to-medium-sized-date-center-with-applogic-cloud; 4 pgs. |
| Tarighi et al., “A New Model for Virtual Machine Migration in Virtualized Cluster Server Based on Fuzzy Decision Making”; Journal of Telecommunications, vol. 1, Issue 1, Feb. 2010; 12 pgs. |
| “Understanding SharePoint 2010 Claims Authentication”; Published May 27, 2010; http://blogs.msdn.com/b/russmax/archive/2010/05/27/ understanding-sharepoint-2010-claims-authentication.aspx; 5 pgs. |
| “Using Vmware vCenter Update Manager to Keep your vSphere Hosts Up-to-Date with Patching”; Published Feb. 9, 2010; http://www.simple-talk.com/sysadmin/virtualization/using-vmware-vcenter-update-manager-to-keep-your-vsphere-hosts-up-to-date-with-patching/; 10 pgs. |
| Vmware; “Automating High Availability (HA) Services with Vmware HA”; Copyright 1998-2006; 15 pgs. |
| Vmware vSphere; “Vmware vCenter Update Manager”; Retrieved Sep. 14, 2010; 2 pgs. |
| “Vmware Virtual Appliances”; Published Jan. 8, 2009; http://www.petri.co.il/virtual—vmware—virtual—appliances.htm; 2 pgs. |
| Wang et al., “A Study and Performance Evaluation of the Multi-Tenant Data Tier Design Patterns for Service Oriented Computing”; IBM China Research Lab, Beijing, China; IEEE Computer Society, 2008 IEEE; 8 pgs. |
| “XLCubed Web Edition”; Published 2009; http://xlcubed.com/en/web.html; 2 pgs. |
| “Zones Parallel Patching Feature Now Available”; Published Date Jun. 17, 2009; 1 pg. |
| Meng et al., “Improving the Scalability of Data Center Networks with Traffic-aware Virtual Machine Placement”; IBM T. J. Watson Research Center; Published May 6, 2010; 9 pgs. |
| International Search Report dated Mar. 6, 2012 cited in Appln No. PCT/US2011/054566. |
| International Search Report dated Mar. 6, 2012 cited in Appln No. PCT/US2011/055412. |
| International Search Report dated Mar. 26, 2012 cited in Appln No. PCT/US2011/053296. |
| U.S. Office Action dated Apr. 16, 2012 cited in U.S. Appl. No. 12/908,639. |
| U.S. Office Action dated Apr. 27, 2012 cited in U.S. Appl. No. 12/908,703. |
| International Search Report dated Apr. 25, 2012 cited in Appln No. PCT/US2011/054516. |
| International Search Report dated May 1, 2012 cited in Appln No. PCT/US2011/052175. |
| International Search Report dated May 3, 2012 cited in Appln No. PCT/US2011/053370. |
| International Search Report dated May 4, 2012 cited in Appln No. PCT/US2011/056594. |
| International Search Report dated May 17, 2012 cited in Appln No. PCT/US2011/054642. |
| International Search Report dated Jun. 15, 2012 cited in Appln No. PCT/US2011/062170. |
| U.S. Office Action dated Nov. 6, 2012 cited in U.S. Appl. No. 12/908,694. |
| U.S. Office Action dated Nov. 30, 2012 cited in U.S. Appl. No. 12/908,653. |
| U.S. Appl. No. 13/858,630, filed Apr. 8, 2013 entitled “Online Database Availability During Upgrade”. |
| U.S. Appl. No. 13/657,561, filed Oct. 22, 2012 entitled “Upgrade of Highly Available Farm Server Groups”. |
| Google et al., “Google Docs & Spreadsheet Tour”, Feb. 2007, pp. 1-14. |
| U.S. Office Action dated Mar. 20, 2013 cited in U.S. Appl. No. 12/908,590. |
| U.S. Office Action dated Mar. 27, 2013 cited in U.S. Appl. No. 12/908,623. |
| U.S. Office Action dated Mar. 28, 2013 cited in U.S. Appl. No. 12/964,633. |
| U.S. Office Action dated May 14, 2013 cited in U.S. Appl. No. 12/908,694. |
| U.S. Office Action dated Aug. 16, 2013 cited in U.S. Appl. No. 12/908,681. |
| Chinese Office Action dated Jan. 24, 2014 cited in Appln No. 201110340105.8. |
| U.S. Office Action dated Mar. 12, 2014 cited in U.S. Appl. No. 12/908,653, 19 pgs. |
| U.S. Office Action dated Mar. 18, 2014 cited in U.S. Appl. No. 12/908,681, 26 pgs. |
| Chinese Office Action dated Aug. 28, 2013 cited in Appln No. 201110340491.0. |
| Chinese Office Action dated Oct. 14, 2013 cited in Appln No. 201110339864.2. |
| Chinese Office Action dated Oct. 31, 2013 cited in Appln No. 201110340455.4. |
| U.S. Office Action dated Sep. 16, 2013 cited in U.S. Appl. No. 12/908,653. |
| U.S. Office Action dated Oct. 22, 2013 cited in U.S. Appl. No. 12/908,623. |
| Google et. al. “What is the correct syntax for import range function for the key attribute?”; http://productforums.google.com/forum/#!topic/docs/aqJAApdcr88; published Jan. 18, 2009; 3 pgs. |
| Stackexchange.com et. al., “How do I link a cell in Google Spreadsheets to a cell in another document?” See Google Spreadsheets function list“ImportRange” http://webapps.stackexchange.com/questions/786/how-do-i-link-a-cell-in-google-spreadsheets-to-a-cell-in-anotehr-document; published Jul. 1, 2010; 6 pgs. |
| Chinese Office Action dated Nov. 22, 2013 cited in Appln No. 201110339894.3. |
| Chinese Office Action dated Dec. 17, 2013 cited in Appln No. 201110430658.2. |
| Chinese Office Action dated Dec. 19, 2013 cited in Appln No. 201110339912.8. |
| Chinese Office Action dated Dec. 30, 2013 cited in Appln No. 201110339964.5. |
| Chinese Office Action dated Jan. 16, 2014 cited in Appln No. 201110339862.3. |
| U.S. Office Action dated Nov. 7, 2013 cited in U.S. Appl. No. 12/964,633. |
| U.S. Office Action dated May 7, 2014 in U.S. Appl. No. 12/964,633, 11 pgs. |
| U.S. Office Action dated May 19, 2014 in U.S. Appl. No. 13/657,561, 59 pgs. |
| U.S. Office Action dated May 21, 2014 in U.S. Appl. No. 12/908,623, 20 pgs. |
| Chinese Notice on Grant dated May 26, 2014 in 20111033912.8, 3 pgs. |
| Chinese Second Office Action dated May 26, 2014 in Appln No, 201110339964.5, 6 pgs. |
| Chinese Second Office Action dated Jun. 3, 2014 in Appln No. 201110339864.2, 11 pgs. |
| Chinese Second Office Action dated Jun. 11, 2014 in Appln No. 201110340455.4, 6 pgs. |
| Chinese Third Office Action dated Jun. 25, 2014 in Appln No. 201110340491.0, 12 pgs. |
| Chinese Notice on Grant dated Jul. 3, 2014 in 201110340105.8, 4 pgs. |
| Chinese Second Office Action dated Jul. 11, 2014 in 201110430658.2, 10 pgs. |
| Number | Date | Country | |
|---|---|---|---|
| 20120131660 A1 | May 2012 | US |
