Patent application number | Description | Published |
20080208957 | Quarantine Over Remote Desktop Protocol - Described are systems and methods for implementing quarantine over a remoting protocol. The systems and methods verify whether remotely connected computing devices or client devices comply with specified system health requirements. This includes determining whether the remotely connected computing devices have correct security software installed, current operating system updates, correct configuration, etc. | 08-28-2008 |
20080270612 | Enabling secure remote assistance using a terminal services gateway - A secure remote assistance session between computers that are behind firewalls and/or NAT devices is provided by an arrangement that uses a terminal services (“TS”) gateway to enable utilization of a remote desktop protocol (“RDP”) connection by a terminal services client in a reverse direction to that used in a conventional terminal services session. The connection is made via a regular TS gateway protocol mechanism by which the TS client behind a firewall establishes a connection to the remote server that is typically behind a firewall that protects a corporate network. The server then functions as the terminal services client to tunnel RDP data through the established TS gateway connection through the NAT firewall to a client. Thus, the server and client reverse roles after the TS gateway connection is made to thereby enable remote viewing of the graphical user interface that is displayed by the client in support of the remote assistance session. | 10-30-2008 |
20090328182 | ENABLING TWO-FACTOR AUTHENTICATION FOR TERMINAL SERVICES - Techniques for enabling two-factor authentication for terminal services are described. A client receives an authentication token from an authentication server. The authentication token is used as a factor for authenticating the client to a terminal services device. Native authentication of the client is also performed. | 12-31-2009 |
20100131654 | PLATFORM FOR ENABLING TERMINAL SERVICES VIRTUALIZATION - Disclosed are techniques for providing a platform and application program interface (API) that leverages a terminal services session broker infrastructure to support third party plug-in applications. In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may interact with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers. | 05-27-2010 |
Patent application number | Description | Published |
20080209538 | Strategies for Securely Applying Connection Policies via a Gateway - A strategy is described for securely applying connection policies in a system that includes a first entity (e.g., a TS client) connected to a second entity (e.g., a TS server) via a gateway using a remote-operating protocol (e.g., RDP). The strategy involves establishing a first secure channel between the gateway and the TS server and transmitting policy information from the gateway to the TS server. The strategy then involves deactivating the first secure channel and setting up a second secure channel between the TS client and the TS server. The strategy uses the second secure channel to transmit RDP data from the TS client to the TS server. The TS server uses the previously-transmitted policy information to determine whether to enable or disable a feature that affects the TS client, such as device redirection. | 08-28-2008 |
20090183225 | PLUGGABLE MODULES FOR TERMINAL SERVICES - Embodiments that facilitate the use of pluggable policy modules and authentication modules for access to a Terminal Services (TS) server are disclosed. In accordance with various embodiments, a method includes accessing one or more pluggable modules at a Terminal Services Gateway (TSG) server or a Terminal Services (TS) server. The method further includes processing a TS server access request from a TS client at the TSG server or the TS server. The TS server access request is processed in part based on the one or more pluggable modules. In one particular embodiment, the one or more pluggable modules include at least one of a connection authorization policy (CAP) module, a resource authorization policy (RAP) module, and an authentication module. | 07-16-2009 |
20090259757 | Securely Pushing Connection Settings to a Terminal Server Using Tickets - Systems and techniques for securely pushing connection settings to a terminal server using tickets are described. In one embodiment, a request is received at a first network component from a client for access to a second network component. A ticket associated with one or more connection settings is created and provided to the client. The ticket is provided by the client to the second network component. The ticket is provided from the second network component to the first network component, and the one or more connection settings associated with the ticket are received from the first network component back to the second network component. The one or more connection settings are enforced at the second network component. | 10-15-2009 |
20110153716 | ENABLING VIRTUAL DESKTOP CONNECTIONS TO REMOTE CLIENTS - Disclosed are techniques for providing a platform that allows a user to remotely establish a connection with a virtual machine operating on a server farm In a typical scenario, when a user requests for a connection to access third party plug-in applications, the application program interface may interact with the session broker process to identify sessions or suitable servers to which the user can be connected. The user may access the third party plug-in applications through the identified sessions or suitable servers. | 06-23-2011 |
20120075314 | Prevention of DOS Attack by a Rogue Graphics Application - A mechanism is described for mitigating the effects of such a DoS attack by detecting a multiple TDR situation within a short duration, identifying the errant virtual machines, and suspending all rendering ability for that virtual machine or set of virtual machines. While the disclosed embodiments are described in the context of virtual machines, the principles may be extended to the general problem of DoS attacks due to TDRs and bugchecks on any physical machine that includes a GPU. For example, DoS attacks can be generated from web sites directly using GPU rendering. | 03-29-2012 |
Patent application number | Description | Published |
20130181998 | PARA-VIRTUALIZED HIGH-PERFORMANCE COMPUTING AND GDI ACCELERATION - The present invention extends to methods, systems, and computer program products for para-virtualized GPGPU computation and GDI acceleration. Some embodiments provide a compute shader to a guest application within a para-virtualized environment. A vGPU in a child partition presents compute shader DDIs for performing GPGPU computations to a guest application. A render component in a root partition receives compute shader commands from the vGPU and schedules the commands for execution at the physical GPU. Other embodiments provide GPU-accelerated GDI rendering capabilities to a guest application within a para-virtualized environment. A vGPU in a child partition provides an API for receiving GDI commands, and sends GDI commands and data to a render component in a root partition. The render component schedules the GDI commands on a 3D rendering device. The 3D rendering device executes the GDI commands at the physical GPU using a sharable GDI surface. | 07-18-2013 |
20130181999 | PARA-VIRTUALIZED DOMAIN, HULL, AND GEOMETRY SHADERS - The present invention extends to methods, systems, and computer program products for providing domain, hull, and geometry shaders in a para-virtualized environment. As such, a guest application executing in a child partition is enabled use a programmable GPU pipeline of a physical GPU. A vGPU (executing in the child partition) is presented to the guest application. The vGPU exposes DDIs of a rendering framework. The DDIs enable the guest application to send graphics commands to the vGPU, including commands for utilizing a domain shader, a hull shader, and/or a geometric shader at a physical GPU. A render component (executing within the root partition) receives physical GPU-specific commands from the vGPU, including commands for using the domain shader, the hull shader, and/or the geometric shader. The render component schedules the physical GPU-specific command(s) for execution at the physical GPU. | 07-18-2013 |
20130187932 | PARA-VIRTUALIZED ASYMMETRIC GPU PROCESSORS - The present invention extends to methods, systems, and computer program products for providing asymmetric Graphical Processing Unit (“GPU”) processors in a para-virtualized environment. A virtual GPU (“vGPU”) within a child partition of the para-virtualized environment includes a kernel-mode driver (“KMD”) and a user-mode driver (“UMD”). The KMD includes a plurality of virtual nodes. Each virtual node performs a different type of operation in parallel with other types of operations. The KMD is declared as a multi-engine GPU. The UMD schedules operations for parallel execution on the virtual nodes. A render component within a root partition of the para-virtualized environment executes GPU commands received from the vGPU at the physical GPU. A plurality of memory access channels established between the KMD and the render component communicate GPU commands between a corresponding virtual node at the KMD and the render component. | 07-25-2013 |