DESKTOP APPLICATION FULFILLMENT PLATFORM WITH MULTIPLE AUTHENTICATION MECHANISMS
First Claim
1. A system, comprising:
- a plurality of computing nodes that collectively provide virtual computing services to one or more clients of a service provider, each of the computing nodes comprising at least one processor and a memory; and
a virtualized computing resource instance executing on one of the computing nodes;
wherein the virtualized computing resource instance implements a virtual desktop instance on behalf of a given end user that receives services from the service provider, and wherein an application delivery agent is installed on the virtual desktop instance;
wherein one or more of the plurality of computing nodes implement an application fulfillment platform;
wherein the application fulfillment platform is configured to;
receive, from the application delivery agent, a request to register the virtual desktop instance with the application fulfillment platform as a device, wherein the request includes a device identity ticket;
in response to the request to register the virtual desktop instance;
validate the device identity ticket;
generate a security token for the device; and
return the security token for the device to the application delivery agent;
receive, from the application delivery agent, a request to register the given end user with the application fulfillment platform, wherein the request includes a user identity ticket received from an active directory service;
in response to the request to register the given end user;
validate the user identity ticket;
generate a security token for the given end user; and
return the security token for the given end user to the application delivery agent; and
receive, from the application delivery agent, a request for service, wherein the request for service includes the security token for the device or the security token for the given end user, and wherein the security token included in the request for service is dependent on the type of the service request or the entity on whose behalf the service request was submitted by the application delivery agent.
1 Assignment
0 Petitions
Accused Products
Abstract
A service provider system may include an application fulfillment platform that delivers desktop applications to desktops on physical computing devices or virtual desktop instances. A computing resource instance may be registered with the platform, which generates a unique identifier and a security token for the computing resource instance using multiple authentication mechanisms. An end user of a customer organization may be registered with the platform, which generates a unique identifier and a security token for the end user using multiple authentication mechanisms. An application delivery agent may submit service requests to the platform on behalf of itself or the given user. The identity and security credentials included in the requests may be dependent on the request type and the entities on whose behalf they are submitted. A proxy service on the platform may receive the requests and validate the credentials, then dispatch the requests to other services on the platform.
-
Citations
20 Claims
-
1. A system, comprising:
-
a plurality of computing nodes that collectively provide virtual computing services to one or more clients of a service provider, each of the computing nodes comprising at least one processor and a memory; and a virtualized computing resource instance executing on one of the computing nodes; wherein the virtualized computing resource instance implements a virtual desktop instance on behalf of a given end user that receives services from the service provider, and wherein an application delivery agent is installed on the virtual desktop instance; wherein one or more of the plurality of computing nodes implement an application fulfillment platform; wherein the application fulfillment platform is configured to; receive, from the application delivery agent, a request to register the virtual desktop instance with the application fulfillment platform as a device, wherein the request includes a device identity ticket; in response to the request to register the virtual desktop instance; validate the device identity ticket; generate a security token for the device; and return the security token for the device to the application delivery agent; receive, from the application delivery agent, a request to register the given end user with the application fulfillment platform, wherein the request includes a user identity ticket received from an active directory service; in response to the request to register the given end user; validate the user identity ticket; generate a security token for the given end user; and return the security token for the given end user to the application delivery agent; and receive, from the application delivery agent, a request for service, wherein the request for service includes the security token for the device or the security token for the given end user, and wherein the security token included in the request for service is dependent on the type of the service request or the entity on whose behalf the service request was submitted by the application delivery agent. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
performing, by one or more computers that implement an application fulfillment platform on resources of a service provider; receiving a service request from an application delivery agent that is installed on a computing resource instance of a given user in an organization that receives services from the service provider; and in response to receiving the service request; validating an identity of the computing resource instance and a security credential for the computing resource instance using two or more authentication mechanisms;
orvalidating an identity of the given user and a security credential for the given user using two or more authentication mechanisms; and in response to validating an identity and a security credential for the computing resource instance of the given user or for the given user, processing the service request. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
19. A non-transitory computer-readable storage medium storing program instructions that when executed on one or more computers cause the one or more computers to implement an application fulfillment platform, wherein the application fulfillment platform is configured to perform:
-
configuring a computing resource instance on behalf of a given user, wherein said configuring comprises; building a virtual desktop instance on the computing resource instance; and installing an application delivery agent on the virtual desktop instance; generating a unique identifier and a security token for the virtual desktop instance; generating a unique identifier and a security token for the given user; receiving one or more requests for service from the application delivery agent on behalf of the application delivery agent or the given user; and for each of the one or more requests for service, validating an identity resource included in the request, wherein the identity resource comprises one or more of;
the unique identifier for the virtual desktop instance, the security token for the virtual desktop instance, the unique identifier for the given user, or the security token for the given user. - View Dependent Claims (20)
-
Specification