WO2016077483A1 - Plateforme de service de catalogues permettant de déployer des applications et des services - Google Patents

Plateforme de service de catalogues permettant de déployer des applications et des services Download PDF

Info

Publication number
WO2016077483A1
WO2016077483A1 PCT/US2015/060202 US2015060202W WO2016077483A1 WO 2016077483 A1 WO2016077483 A1 WO 2016077483A1 US 2015060202 W US2015060202 W US 2015060202W WO 2016077483 A1 WO2016077483 A1 WO 2016077483A1
Authority
WO
WIPO (PCT)
Prior art keywords
portfolio
products
service
product
administrator
Prior art date
Application number
PCT/US2015/060202
Other languages
English (en)
Inventor
Quan Binh To
Christopher Whitaker
Sheshadri Supreeth KOUSHIK
Benjamin David Newman
Julien Jacques Ellie
Zachary Thomas Crowell
Frederik Christophe Delacourt
Original Assignee
Amazon Technologies, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/538,719 external-priority patent/US20160132808A1/en
Priority claimed from US14/538,718 external-priority patent/US11244261B2/en
Application filed by Amazon Technologies, Inc. filed Critical Amazon Technologies, Inc.
Publication of WO2016077483A1 publication Critical patent/WO2016077483A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0603Catalogue ordering

Definitions

  • FIG. 1 is a block diagram illustrating one embodiment of a service provider system that is configured to implement an enterprise catalog service.
  • FIG. 2 is a block diagram illustrating an example provider network that provides a storage virtualization service and a hardware virtualization service to clients, according to at least some embodiments.
  • FIG. 3 illustrates tasks that may be performed by an IT administrator and other tasks that may be performed by an end user during different phases of product deployment through an enterprise catalog service, according to at least some embodiments.
  • FIG. 4 is a block diagram illustrating one embodiment of a service provider system that is configured to provide on-demand delivery of applications to computing resource instances of its customers' end users.
  • FIG. 5 illustrates the use of a resource stack template to build and deploy a server product, according to at least some embodiments.
  • FIGS. 6 A - 6 J illustrate examples of the information presented through a service provider console of an enterprise catalog service, according to at least some embodiments.
  • FIG. 7 is a flow diagram illustrating one embodiment of a method for managing desktop applications through an enterprise catalog service.
  • FIG. 8 is a flow diagram illustrating one embodiment of a method for managing server products through an enterprise catalog service.
  • FIGS. 9A and 9B illustrate examples of the information presented through a graphical user interface for a desktop application management module, according to at least some embodiments.
  • FIG. 10 is a flow diagram illustrating one embodiment of a method for requesting and receiving access to a desktop application that is managed through an enterprise catalog service implemented by a service provider.
  • FIG. 11 is a flow diagram illustrating one embodiment of a method for managing updates to desktop applications through an enterprise catalog service implemented by a service provider.
  • FIG. 12 illustrates an example of the information presented to an end user through a graphical user interface of a resource stack management service console, according to at least some embodiments.
  • FIG. 13 is a flow diagram illustrating one embodiment of a method for requesting and launching a server product that is managed through an enterprise catalog service implemented by a service provider.
  • FIG. 14 is a flow diagram illustrating one embodiment of a method for launching a server product through an enterprise catalog service that supports identity and access management role.
  • FIG. 15 is a flow diagram illustrating one embodiment of a method for creating and using a portfolio of software products.
  • FIG. 16 is a flow diagram illustrating one embodiment of a method for configuring a portfolio.
  • FIG. 17 is a flow diagram illustrating one embodiment of a method for managing changes to a portfolio.
  • FIG. 18 is a flow diagram illustrating one embodiment of a method for sharing portfolios.
  • FIG. 19 is a block diagram illustrating an example computer system that implements some or all of the techniques described herein, according to different embodiments.
  • the systems and methods described herein for implementing an enterprise catalog service may, in various embodiments, enable administrators within customer organizations to create catalogs and portfolios of software products (e.g., enterprise-wide catalogs, portfolios, and/or other catalogs containing desktop applications and/or server products) and to share them with specific sets of users.
  • software products e.g., enterprise-wide catalogs, portfolios, and/or other catalogs containing desktop applications and/or server products
  • administrators may be able to offer a standard set of products for common use cases to the end users in their organizations that meet their organizational goals and requirements.
  • the enterprise catalog service may allow administrators (e.g., IT administrators or buyers) to discover software products, provision service provider resources on which to deploy those software products, and manage those software products through a service provider management console.
  • the use of the enterprise catalog services described herein may benefit customer organizations by increasing standardization, enforcing compliance with organizational policies, reducing the costs of compliance, and improving agility.
  • administrators can track their usage and monitor health through the service, in order to provide the best possible experience for their users.
  • end users may access the enterprise catalog service through an end user console to discover software products and provision them for their common use cases.
  • an administrator may define a product once and enable self-service and repeated use by a group of end users. After provisioning the products, users may track their usage, monitor health, and manage the resources through the end user console or through the service provider management console.
  • a development manager might create a product for a standard development and test environment that will be used by the developers on his team. Each developer can provision and use the development and test environment in a self-service fashion, and then shut it down (de-provision it) when it is no longer needed.
  • administrators may access the enterprise catalog service through a service provider management console to create and manage catalogs or portfolios.
  • Each catalog e.g., a default or enterprise-wide catalog or one of multiple private catalogs or portfolios that are accessible only by a subset of the end users in the customer organization
  • portfolio may contains a set of products.
  • the products in any given catalog may all be of the same type or may include products of different types, in different embodiments.
  • a given catalog or portfolio may include one or more desktop applications (e.g., desktop applications packaged as machine images, application binaries or other executable objects), one or more virtualized application packages (e.g., applications packaged for delivery to desktops on physical computing devices and/or one or more virtual desktop instances, or resource stack templates, dependent on configuration settings selected for the catalog/portfolio by the administrator that created it.
  • desktop applications e.g., desktop applications packaged as machine images, application binaries or other executable objects
  • virtualized application packages e.g., applications packaged for delivery to desktops on physical computing devices and/or one or more virtual desktop instances, or resource stack templates, dependent on configuration settings selected for the catalog/portfolio by the administrator that created it.
  • the enterprise catalog service may, in some embodiments, provide access to product listings from third parties (i.e., entities other than the service provider customers and the service provider itself).
  • the enterprise catalog service may include (or provide an interface to) a product discovery service through which administrators and users can discover and/or obtain access to software products that were developed by (or are published and/or sourced by) two or more independent software vendors (ISVs).
  • ISVs independent software vendors
  • an administrator in an organization that is a customer of the enterprise catalog service may procure a product through the product discovery service, customize it, configure data protection settings appropriate for the customer organization, and publish it to end users in the customer organization through an enterprise-wide or private catalog that the administrator owns and/or controls.
  • administrators may be able to not only ingest their own company products but may also be able to find and subscribe to products from external sources.
  • the products ingested by the enterprise catalog service for inclusion in a customer organization's catalog may require paid subscriptions or licensing fees (e.g., fees charged hourly, monthly, annually, or using any other pricing schedule), or may be free for service provider customers and their end users to use.
  • desktop applications that are included in a private catalog or portfolio and managed by the enterprise catalog service on behalf of a service provider customer organization may be deployed to end users in the customer organization through an application fulfillment platform that interacts with the enterprise catalog service.
  • an application fulfillment platform may provide on-demand delivery and installation of applications to virtual desktop instances in a cloud computing environment for the benefit of end users (e.g., employees or members of a business, enterprise, or other organization that is a customer of the service provider).
  • the application fulfillment platform may employ a variety of services to manage collections of desktop applications that are maintained by the enterprise catalog service (e.g., catalogs or portfolios of desktop applications) and to deliver virtualized application packages to end user machines or virtual desktop instances.
  • end users may access the enterprise catalog service through an end user console of the application fulfillment platform.
  • customers of a service provider may be able to discover and subscribe to third party desktop applications (or desktop applications that have been purchased or licensed from a third party by the service provider) on-demand and make them available to their end users on virtual desktop instances.
  • third party desktop applications or desktop applications that have been purchased or licensed from a third party by the service provider
  • an IT administrator of a customer may be able to publish and manage the customer's own line-of-business desktop applications, which may be accessible only for their end users.
  • the application fulfillment platforms described herein may provide IT administrators full control over their virtual desktop instances with dynamic application management tools.
  • IT administrators in customer organizations may be able to build application catalogs or portfolios (e.g., using an enterprise catalog service such as those described herein) for their end users that are composed of applications from sourced through the platform and/or their own private applications, where a portfolio is a collection of applications and corresponding constraints (including maintenance schedules and license types), and that can be assigned to end users or groups of users.
  • references to "assigning" a product or portfolio to an end user or to a group of end users may describe actions or operations by which the end user or group of end users is granted permission to install, subscribe to, or launch the product (or the products in the portfolio). In some embodiments, these actions or operations to grant permissions to an end user or group of end users may also be described as "creating an entitlement" to a product or portfolio for an end user or group of end users. In some embodiments, customers may allow their end users to install applications on- demand.
  • IT administrators may interact with the application fulfillment platforms through a management console (sometimes referred to herein as a service provider system console or an administrator console) that offers IT administrators access to the tools for managing catalogs or portfolios (e.g., catalogs or portfolios of desktop applications that are maintained by the enterprise catalog service), application updates, constraints, constraint groups, application licenses and/or their own private applications.
  • a management console sometimes referred to herein as a service provider system console or an administrator console
  • the systems described herein may allow customers to efficiently manage their software application spending with detailed usage reports and monthly subscriptions.
  • the service provider may be able to negotiate bulk and/or wholesale prices from application vendors, the service provider may be able to offer them to customer (e.g., individually or in bundles containing groups of popular applications) with competitive pricing.
  • application fulfillment platforms may provide a self-service model to end users through an application on their virtual desktop instances.
  • this application which is referred to herein as a desktop application management module
  • end users can discover and manage an application portfolio that best fits their needs, with the ability to install applications marked as optional by their IT administrators.
  • IT administrators may also have the option to authorize their users to be able to request access to additional applications and/or to receive notifications of new applications or application updates as they become available.
  • the terms “customer” and “buyer” may refer to an enterprise, a business, or another organization that receives services (e.g., catalog services, application management services, and/or software product fulfillment services) from a service provider on behalf of their end users.
  • services e.g., catalog services, application management services, and/or software product fulfillment services
  • the term “sellers” may refer to software vendors that provide their applications for use within the application fulfillment platforms described herein
  • the terms “users” and “end users” may refer to employees or members of the enterprise, business, or other organization that receives services on their behalf from the service provider.
  • users may access software products that are fulfilled through the platforms and services described herein on their own computing resources instances (e.g., on end user machines and/or virtual desktop instances) or may invoke the execution of server products (e.g., services implemented by resource stacks of service provider resources) on their behalf.
  • an enterprise catalog service "user” may represent an identity and access management role (e.g., a child account of a root account for a service provider customer or service provider customer organization) or may be an end user in a customer organization (e.g., an active directory user), and the enterprise catalog service may support groups of both of these types of users (e.g., active directory groups or identity and access management groups).
  • active directory may more generally refer to an active directory, a cloud directory, or another technology for managing users and/or other resources through a directory.
  • applications may be delivered to various end users' virtual desktop instances using an application virtualization technology that encapsulates and isolates applications in dedicated containers.
  • a packaging service implemented on the application fulfillment platform may be configured to transform applications into virtualized application packages and to deliver them to virtual desktop instances or physical desktops running over an operating system on an end user's machine.
  • the virtualized application packages when executed, may perform and behave as if they are natively installed, without the need for actual installation.
  • an application fulfillment platform may offer customers (or more specifically, IT administrators of those customers) the ability to provision applications on- demand at scale while maintaining centralized control, security and compliance.
  • these platforms (and corresponding services thereof) may be integrated with a management console through which the IT administrators may discover and subscribe to a broad selection of applications from a variety of sources, build catalogs and/or portfolios of applications from a variety of sources and having a variety of subscription/licensing models, control access to applications with granular access policy enforcement on a per user basis, manage application updates, access detailed usage reports for their enterprise, application portfolios and end users, and/or monitor real-time installs as well as license activation on a per application basis.
  • the application fulfillment platforms described herein may be integrated with or may be configured to operate in conjunction with an enterprise catalog service, such as those described herein.
  • administrators may create catalogs or portfolios of products and resources from a variety of suppliers, and may share them with a specific set of users.
  • These products may include not only desktop applications to be delivered to virtual desktop instances as virtualized application packages, but may also include server products (e.g., server-side applications to be executed on a server on behalf of a customer or end user) and/or applications to be delivered as executable files (e.g., application binaries or machine images) to be installed on an end user's computing device or virtual desktop instance.
  • the enterprise catalog service may be used to create a catalog or portfolio of desktop applications, these applications may be installed as virtualized application packages by end user at a later time (e.g., on-demand).
  • a later time e.g., on-demand.
  • the enterprise catalog services described herein may be implemented in whole or in part on an enterprise catalog service platform that includes (or operates in conjunction with) various components and services in the service provider network that are used in managing collections of software products on behalf of service provider customer organizations and their end users.
  • the enterprise catalog service platform may include (or provide an interface to) a product discovery service, robust catalog management tools, tools for authoring and managing the lifecycles of products, product listings, and product offerings, a catalog store (e.g., an indexed, revision-controlled document store where all products and offers are mastered), a lifecycle system responsible for validation, approval, and promotion workflow steps, and a catalog publishing system.
  • the term "product" may refer to any resource (e.g., a machine image, resource stack template, desktop application binary or virtualized application package) that has been prepared for consumption by other users and that may be included in a catalog of such resources or listed in a portfolio of such resources. Products may be ingested by an enterprise catalog service through the IT administrator console and, once added to a catalog or portfolio, may be fulfilled which may also be referred to as being launched) by end users through an end user console.
  • actions that can be taken on a product may include one or more of the following:
  • Update e.g., change aspect metadata, add a version, or change accessibility
  • the term "offer” may refer to a contract that captures terms of use, which may include pricing information.
  • An Offer can reference multiple products (e.g., a bundle).
  • the phrase "pricing information" may refer to a collection of terms or a way of pricing.
  • changes to offers (which may include sunsetting an offer) may be tracked across multiple immutable revisions.
  • the actions that can be taken on an offer may include the following:
  • listing may refer to a human readable view of a combination of products and offers. There may be different ways to present a listing, in different embodiments, the goal of which is to allow administrators, buyers and/or end users to make informed purchase decisions from a specific business context. Ratings, and reviews, and recommendations may also be included in (or associated with) listings. Listings may be mutable and may be consolidated, in some embodiments. Various enterprise catalog service APIs associated with listings are shown below.
  • the term "subscription" may refer to a record of an agreement of an offer by a user. This agreement entitles a user to the products specified in the chosen terms of the offer. Additional parameters of the terms may also be collected in a subscription.
  • the actions that can be taken on a subscription may include the following:
  • an entitlement may be a collection of allowed product actions for each user.
  • the actions that can be taken on an entitlement may include the following:
  • an approval may be a workflow that must happen before one or more of the previously described actions on a product can be taken.
  • an approval workflow may be invoked in response to an end user request to subscribe to a product and/or for permission to consume the product.
  • the enterprise catalog service may expose a variety of APIs (some of which may not exposed to customers or end users).
  • the enterprise catalog service may expose any or all of the following APIs for use in managing catalogs and/or portfolios of software products on behalf of customer organizations and their end users.
  • a service provider platform that implements an enterprise catalog service such as those described herein may be comprised of the following components: a catalog service, a service catalog runtime, an inbox service, a resource stack management service, one or more administrator/management consoles, and one or more end user consoles, each of which may provide a portion of the functionality of the enterprise catalog service.
  • the catalog service may be the core storage and version control mechanism for the enterprise catalog service.
  • IT administrators may create and publish products and product versions that are stored in the catalog service, and IT administrators create portfolios and assign products to portfolios. Catalog information, portfolios and association between catalogs or portfolios and products may be stored in the catalog service.
  • the service catalog runtime may be responsible for fulfilling products (e.g., products defined using resource stack templates).
  • the service catalog runtime may also provide support for "managed services" whereby the end-user does not have access to the service provider resources that are created when deploying a product.
  • an inbox service may allow various service provider services to send targeted, actionable "messages" to users e.g., (administrators or end users).
  • the inbox service may define the notion of an InBox as a target for such messages.
  • the inbox service may allow administrators to define who has access to various messages and where notifications are sent when messages arrive in a particular InBox.
  • the enterprise catalog service may uses the resource stack management service as the underlying fulfillment engine for server products.
  • one or more administrator/management consoles may provide graphical user interfaces for creating and managing products and portfolios, and one or more end user consoles may provide graphical user interfaces for launching and managing products.
  • a workflow service may be used to run workflows to complete various tasks in conjunction with the enterprise catalog service, the application fulfillment platform, or the resource stack management service. For example, in some embodiments, there may be a separate workflow for each operation performed on a resource stack.
  • a "LaunchStack" workflow e.g., one that is specific to that combination of user and resource stack name
  • the workflow service may also provide a synchronization mechanism to ensure that only certain operations are being performed at the same time (for example, prevent an update operation from starting if the target resource stack is still in the process of being created).
  • FIG. 1 is a block diagram illustrating a portion of a service provider system that implements an enterprise catalog service, according to at least one embodiment.
  • the system includes an enterprise catalog service platform through which IT administrators within service provider customer organizations (e.g., enterprises that receive computing services from the service provider) can manage catalogs and/or portfolios of desktop applications and/or server products, as well as usage policies (e.g., constraints on the use of those desktop applications and/or server products) for their end users.
  • service provider customer organizations e.g., enterprises that receive computing services from the service provider
  • usage policies e.g., constraints on the use of those desktop applications and/or server products
  • system 100 may include an enterprise catalog service platform 108 (which may embody both a catalog service and a service catalog runtime, such as those described above) that is configured to create and manage one or more enterprise catalogs 118, private catalogs 122 and/or portfolios 120 on behalf of service provider customers and their end users.
  • enterprise catalog service platform 108 which may embody both a catalog service and a service catalog runtime, such as those described above
  • private catalogs 122 may represent logical collections of products to which a respective end user or other principal has access (each of which may include products that are included in one or more portfolios 120).
  • an IT administrator 102 may interact with the enterprise catalog service platform 108 through a service provider management console 106 to create a desktop application, resource stack template, or resource stack instance; to select, ingest, and/or package desktop applications and server products for subsequent use by some or all of their end users; create collections of products (e.g., desktop applications and/or server products), such as enterprise-wide catalogs, private catalogs, or portfolios); assign products or collections of products to end users and/or end user groups (e.g., end users or end user groups having particular user identities and/or permissions 124); apply various constraints 136 on the use of the products; and/or set other configuration parameter values for the products or collections of products.
  • a service provider management console 106 to create a desktop application, resource stack template, or resource stack instance; to select, ingest, and/or package desktop applications and server products for subsequent use by some or all of their end users; create collections of products (e.g., desktop applications and/or server products), such as enterprise-wide catalogs, private catalogs, or
  • system 100 may include a resource stack template editor 104.
  • IT administrators, end users, or third party software providers e.g., independent software vendors
  • system 100 may also include a desktop application authoring and ingestion tooling component 116.
  • IT administrators, end users, or third party software providers may create desktop applications using desktop application authoring and ingestion tooling component 116 that may (if subsequently published as a machine image, application binary, or other executable application package) be discovered and ingested by the enterprise catalog service through product discovery service 110.
  • desktop application authoring and ingestion tooling component 116 may (if subsequently published as a machine image, application binary, or other executable application package) be discovered and ingested by the enterprise catalog service through product discovery service 110.
  • IT administrators or end users in a service provider customer organization may create and upload customer-specific desktop applications (e.g., line-of-business applications) through desktop application authoring and ingestion tooling component 116.
  • product discovery service 110 may provide an interface through which third party products 112 (e.g., server products or desktop applications that have been published and/or packaged for potential ingestion by the enterprise catalog service) can be discovered.
  • Product discovery service 110 may include a product selection and ingestion tooling component 114, which may be configured to retrieve and/or package products that are discovered through the product discovery service interface or that are uploaded through the product selection and ingestion tooling component 114, in different embodiments.
  • the products ingested by the enterprise catalog service may be leased and/or licensed by the service provider and/or by service provider customers for the benefit (and use) of end users in the service provider customer organizations.
  • a product e.g., a desktop application or resource stack template for a server product
  • a default catalog for the customer organization (such as enterprise catalog 118).
  • the IT administrator 102 may then add it to one or more private catalogs 122 or portfolios 120, or may assign it directly to one or more user end users or end user groups having particular user identities and/or permissions 124.
  • a server product instance e.g., when a resource stack is constructed according to a resource stack template
  • it may be placed in the default catalog.
  • the IT administrator 102 may then add it to one or more private catalogs 122 or portfolios 120, or may assign it directly to one or more end users or end user groups having particular user identities and/or permissions 124.
  • any constraints 136, groups of constraints, or configuration parameters that are selected for various products by the IT administrator may be applied to the products when they are added to other catalogs and/or portfolios.
  • these constraints, groups of constraints, or configuration parameters may be modified when they are added to other catalogs and/or portfolios, and/or additional constraints, groups of constraints, or configuration parameters may be applied to the products when they are added to other catalogs and/or portfolios to further restrict access to those products by end users or to further restrict the use of those products by end users who are authorized to access them.
  • the products that are managed on behalf of service customer organizations by the enterprise catalog service implemented by system 100 may be deployed to end users through other components and services implemented by the service provider (e.g., on physical and virtual computing resources that are located and/or hosted on the service provider's network).
  • desktop applications may be deployed to desktops on various end users' physical devices and/or on virtual desktop instances (e.g., in response to requests from the end users to install, subscribe to or launch them) through desktop application fulfillment platform 126.
  • server product instances may be constructed from resource stack templates
  • resource stack management service 132 (e.g., in response to requests from end users or IT administrators to deploy the services provided by the resource stacks) by resource stack management service 132.
  • the end users of a service provider customer may access products (e.g., desktop applications and/or services) through various client applications (e.g., end user consoles).
  • products e.g., desktop applications and/or services
  • client applications e.g., end user consoles
  • FIG. 1 illustrates an embodiment in which enterprise end users 134 access desktop applications
  • end users 134 may log into desktop application management module 128 in order to request delivery of, to subscribe to, to unsubscribe from, to install, to uninstall, to launch, or to otherwise manage a particular desktop application (one that may or may not be included in a catalog to which the end user currently has access), or may log into resource stack management service console 130 in order to construct a resource stack instance from a resource stack template (on service provider resources), or request access to a service provided by a resource stack instance that has been constructed (on service provider resources) from a corresponding resource stack template (a service that the end user may or may not currently be authorized to launch).
  • desktop application management module 128 in order to request delivery of, to subscribe to, to unsubscribe from, to install, to uninstall, to launch, or to otherwise manage a particular desktop application (one that may or may not be included in a catalog to which the end user currently has access)
  • resource stack management service console 130 in order to construct a resource stack instance from a resource stack template (on service provider resources), or request access to a service provided
  • requests when requests are received from end users 134 for desktop applications or services that are managed by the enterprise catalog service, they may initiate various workflows of enterprise catalog service platform 108, desktop application fulfillment platform 126 and/or resource stack management service 132 that may or may not result in the end users 134 receiving the requested product access (e.g., depending on various access management policies, constraints, or permissions that apply to the product and/or the end users).
  • a system that implements an enterprise catalog service may include two different management consoles (e.g., one through which desktop applications are managed by IT administrators and another through which server products are managed by IT administrators), rather than a single management console.
  • the system may include a single end-user console through which end users manage both desktop applications and server products, rather than two different end-user consoles.
  • a system that includes an enterprise catalog service platform may be configured to manage and deploy software products other than resource-stack-based server products and desktop applications, and/or may deploy software products for consumption by end users through more, fewer, or different deployment platforms than those illustrated in FIG. 1 as desktop application fulfillment platform 126 and resource stack management service 132.
  • a system that includes an enterprise catalog service platform such as that described herein, may be configured to ingest software products of types other than resource-stack-based server products and/or desktop applications, and/or may include (or interact with) more, fewer, or different ingestion mechanisms than those illustrated in FIG. 1 as resource stack template editor 104, product discovery service 110, and desktop authoring and ingestion tooling 116.
  • the enterprise catalog service may include an interface to (or otherwise work in conjunction with) various data stores or data storage services (e.g., a data storage service implemented by the service provider or an external data storage service).
  • the documents associated with a product may be stored in an object storage service, and the console (or customer) may be responsible for uploading these documents to system-defined locations through various enterprise catalog service APIs.
  • the service catalog runtime may pass the location of the documents to the catalog service, and the identity and access management (IAM) role used to upload the documents may be stored by the catalog service.
  • IAM identity and access management
  • data about running stacks may be persisted in a database service.
  • application state data for virtualized desktop applications may be persisted in either an object storage service or a database service.
  • FIG. 19 An example computer system on which embodiments of the techniques described herein for managing and deploying desktop applications and services through an enterprise catalog service may be implemented is illustrated in FIG. 19.
  • Embodiments of various systems and methods for implementing these techniques are generally described herein in the context of a service provider that provides to clients, via an intermediate network such as the Internet, virtualized resources (e.g., virtualized computing and storage resources), software products, and computing services (including desktop applications and server products) implemented on a provider network of the service provider.
  • At least some of the resources provided to clients of the service provider via the provider network may be virtualized computing resources implemented on multi-tenant hardware that is shared with other client(s) and/or on hardware dedicated to the particular client.
  • Each virtualized computing resource may be referred to as a resource instance.
  • Resource instances may, for example, be rented or leased to clients of the service provider.
  • clients of the service provider may access one or more services of the provider network via application programming interfaces (APIs) to the services to obtain and configure resource instances and to establish and manage virtual network configurations that include the resource instances, for example virtualized private networks.
  • APIs application programming interfaces
  • the resource instances may, for example, be implemented according to hardware virtualization technology that enables multiple operating systems to run concurrently on a host computer, i.e. as virtual machines (VMs) on the hosts.
  • VMs virtual machines
  • a hypervisor, or virtual machine monitor (VMM), on a host may present the VMs on the host with a virtual platform and monitors the execution of the VMs.
  • Each VM may be provided with one or more private IP addresses; the VMM on a host may be aware of the private IP addresses of the VMs on the host.
  • a service provider may host virtualized resource instances on behalf of a customer that can be accessed by end users.
  • end users who are associated with the customer on whose behalf the virtualized resources instances are hosted (e.g., members of the same organization or enterprise) may be able to access the virtualized resources instances using client applications on client devices.
  • the virtualized resources instances may be configured to implement virtual desktop instances.
  • desktop applications that are included in catalogs managed by an enterprise catalog service such as those described herein may be delivered to and/or deployed, installed or executed on virtualized computing resources (e.g., virtual computing resource instances implemented on service provider hardware in a cloud computing environment), rather than on physical client computing devices.
  • virtualized computing resources e.g., virtual computing resource instances implemented on service provider hardware in a cloud computing environment
  • server products that are included in catalogs managed by an enterprise catalog service may be implemented as resource stacks (e.g., stacks of service provider resources) that collectively provide a service.
  • service provider resources may also include virtualized computing resources, such a virtual computing node instances implemented on service provider hardware in a cloud computing environment.
  • An example service provider network that provides virtualized computing resources for these and other uses is illustrated in FIG. 2 and described below.
  • FIG. 2 is a block diagram of an example provider network environment, one that provides a storage virtualization service and a hardware virtualization service to clients, according to at least some embodiments.
  • hardware virtualization service 220 provides multiple computation resources 224 (e.g., VMs) to clients.
  • the computation resources 224 may, for example, be rented or leased to clients of the provider network 200 (e.g., to a client that implements client network 250).
  • provider network 200 may also provide application virtualization for the benefit of its customers and their end users (e.g., through a packaging service), and may provide on-demand delivery of desktop applications to desktops on physical computing devices and/or virtual desktops through an application fulfillment platform implemented using various resources of service provider network 200.
  • each computation resource 224 may be provided with one or more private IP addresses.
  • Provider network 200 may be configured to route packets from the private IP addresses of the computation resources 224 to public Internet destinations, and from public Internet sources to the computation resources 224.
  • Provider network 200 may provide a client network 250, for example coupled to intermediate network 240 via local network 256, the ability to implement virtual computing systems 292 via hardware virtualization service 220 coupled to intermediate network 240 and to provider network 200.
  • hardware virtualization service 220 may provide one or more APIs 202, for example a web services interface, via which a client network 250 may access functionality provided by the hardware virtualization service 220, for example via a console 294.
  • each virtual computing system 292 at client network 250 may correspond to a computation resource 224 that is leased, rented, or otherwise provided to client network 250.
  • a virtualized data store gateway may be provided at the client network 250 that may locally cache at least some data, for example frequently accessed or critical data, and that may communicate with virtualized data store service 210 via one or more communications channels to upload new or modified data from a local cache so that the primary store of data (virtualized data store 216) is maintained.
  • a user via a virtual computing system 292 and/or on another client device 290, may mount and access one or more storage volumes 218 of virtual data store 216, each of which appears to the user as local virtualized storage 298.
  • the virtualization service(s) may also be accessed from resource instances within the provider network 200 via API(s) 202.
  • a client, appliance service provider, or other entity may access a virtualization service from within a respective private network on the provider network 200 via an API 202 to request allocation of one or more resource instances within the private network or within another private network.
  • the hardware virtualization service 220 may be configured to provide computation resources 224 that have been configured to implement a virtual desktop instance, which may appear to the user as a local desktop (implemented by a virtual computing system 292).
  • the computation resources 224 that are made available to the client via hardware virtualization service 220 may include multiple network interfaces. For example, some of them may include one network interface for communicating with various components of client network 250 and another network interface for communicating with computation resources or other network entities on another network that is external to provider network 200 (not shown).
  • a service provider network that implements VMs and VMMs may use Internet Protocol (IP) tunneling technology to encapsulate and route client data packets over a network substrate between client resource instances on different hosts within the provider network.
  • IP Internet Protocol
  • the provider network may include a physical network substrate that includes networking devices such as routers, switches, network address translators (NATs), and so on, as well as the physical connections among the devices.
  • the provider network may employ IP tunneling technology to provide an overlay network via which encapsulated packets (that is, client packets that have been tagged with overlay network metadata including but not limited to overlay network address information for routing over the overlay network) may be passed through the network substrate via tunnels or overlay network routes.
  • the IP tunneling technology may provide a mapping and encapsulating system for creating the overlay network on the network substrate, and may provide a separate namespace for the overlay network layer (public IP addresses) and the network substrate layer (private IP addresses).
  • encapsulated packets in the overlay network layer may be checked against a mapping directory to determine what their tunnel substrate target (private IP address) should be.
  • the IP tunneling technology may provide a virtual network topology overlaid on the physical network substrate; the interfaces (e.g., service APIs) that are presented to clients are attached to the overlay network so that when a client resource instance provides an IP address to which packets are to be sent, the IP address is run in virtual space by communicating with a mapping service that can determine where the IP overlay addresses are.
  • client resource instances on the hosts may communicate with other client resource instances on the same host or on different hosts according to stateful protocols such as Transmission Control Protocol (TCP) and/or according to stateless protocols such as User Datagram Protocol (UDP).
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the client packets are encapsulated according to an overlay network protocol by the sending VMM and unencapsulated by the receiving VMM.
  • a VMM on a host upon receiving a client packet (e.g., a TCP or UDP packet) from a client resource instance on the host and targeted at an IP address of another client resource instance, encapsulates or tags the client packet according to an overlay network (or IP tunneling) protocol and sends the encapsulated packet onto the overlay network for delivery.
  • a client packet e.g., a TCP or UDP packet
  • the encapsulated packet may then be routed to another VMM via the overlay network according to the IP tunneling technology.
  • the other VMM strips the overlay network encapsulation from the packet and delivers the client packet (e.g., a TCP or UDP packet) to the appropriate VM on the host that implements the target client resource instance.
  • client packet e.g., a TCP or UDP packet
  • the encapsulations described herein may allow it to appear as if each client application (or each client resource instance on which one or more client applications execute) is running on its own virtual network (e.g., data packets for multiple client applications may be traveling on the same physical network but it may appear as if the traffic directed to each of the client applications is traveling on a private network).
  • the overlay network may be a stateless network implemented according to a connectionless (or stateless) IP protocol.
  • the sending VMM sends the encapsulated packet onto the overlay network for routing and delivery, but does not receive an acknowledgement (ACK) or other response regarding delivery of the packet.
  • the VMM may receive an ACK or other response regarding delivery of an encapsulated packet.
  • the client applications may be running as virtual machines on the physical computers.
  • internal processes of the cloud computing environment that are configured to manage the creation of these virtual machines, to provision resources for these virtual machines, and/or to perform other administrative tasks on behalf of clients and/or their applications (e.g., monitoring resource usage, customer accounting, billing for services, etc.) may execute in a control plane layer (or hypervisor) in the cloud computing environment.
  • client applications e.g., each resource instance that implements an application component
  • each resource instance may execute as if it has its own network (e.g., a virtual network).
  • each resource instance may have its own data plane network connection(s), but may make local API calls (e.g., calls to a component on the same node) without needing to rely on these data plane network connections.
  • the cloud computing environment may be a multi-tenant environment in which each application (and/or each virtual private network) may have its own namespace.
  • each client may have its own allocation of network connectivity and/or throughput capacity (bandwidth).
  • the network connectivity and/or throughput capacity in the data plane network may be provisioned (e.g., designated or reserved) for the use of various clients.
  • a service provider may employ one of the example provider networks described above (or another suitable provider network environment) to implement a hosted desktop service in a cloud computing environment.
  • a customer may access the provider network in the cloud computing environment to request the instantiation and/or configuration of one or more virtual desktop instances in the cloud, and may then provide access to those virtual desktop instances to one or more end users (e.g., through a client application).
  • an administrator within an organization or enterprise may set up an account with a service provider, may contract with the service provider to set up some number of virtual desktop instances, and (once the virtual desktop instances are set up), may provide credentials for accessing these virtual desktop instances.
  • one or more end users may launch a client application on their a client device (e.g., a computer, tablet device, or other mobile device) and enter the credentials for the virtual desktop instance, after which they may be logged into a virtual desktop environment.
  • a client device e.g., a computer, tablet device, or other mobile device
  • the virtual desktop environment is implemented by virtualized resource instances in the cloud computing environment, it may appear to the end user as if it were a local desktop and it may operate as if it were an independent computer to which the user is connected.
  • the virtual desktop environment may provide access to productivity software and other software programs to which the user would typically have access if the user were logged onto a physical computer owned by the organization or enterprise.
  • an application fulfillment platform of the service provider may be configured to provide on-demand delivery of applications (e.g., as virtualized application packages) to virtual desktop instances, as described herein.
  • applications e.g., as virtualized application packages
  • these applications may or may not be stand-alone applications.
  • each of the virtual desktop instances (and/or the applications running thereon) may be part of the active directory framework of the organization or enterprise and may be able to access shared files or other resources on the existing network of the organization or enterprise once the credential presented by the user upon logging into the virtual desktop instance have been authenticated.
  • the types of interactions experienced by different users that access the enterprise catalog services (and enterprise catalog service platforms) described herein may be thought of as being divided into multiple phases, where each phase may include tasks that are performed by an IT administrator of a service provider customer organization and/or tasks that are performed by an end user in the customer organization.
  • FIG. 3 illustrates tasks that may be performed by an IT administrator (shown as IT administrator tasks 300) and other tasks that may be performed by an end user (shown as end user tasks 330), according to at least some embodiments. Note, however, that in some embodiments, an IT administrator may be able to perform some or all of the tasks shown as end user tasks 330.
  • the IT administrator may perform various ones of the end user tasks 330 on behalf of an end user, on their own behalf, or on behalf of the customer organization as a whole.
  • an IT administrator may create the artifacts for a product to be offered by the enterprise catalog service using appropriate product-specific tools (shown as task 312).
  • this task may include creating a machine image for a software product, creating a resource stack template for a server product, or packaging a desktop application for delivery to desktops on physical computing devices and/or virtual desktop instances.
  • the IT administrator may also discover one or more products that are available to be managed by the enterprise catalog service on behalf of the IT administrator's organization, and may subscribe to one or more of those products on behalf of the end users in the IT administrator's organization (shown as task 319).
  • an IT administrator may (through an administrator or management console of the enterprise catalog service) be able to add additional information for a product listing (e.g., a product listing for a newly authored product or for one that was discovered by the IT administrator), such as a detailed product description, a logo to brand the product, version information and/or tags (which may be used to identify and characterize the product, or may be used in identity and access management policies to allow or deny access to the product or to restrict the operations that can be performed by IAM users, groups, and roles).
  • a product listing e.g., a product listing for a newly authored product or for one that was discovered by the IT administrator
  • a product listing e.g., a product listing for a newly authored product or for one that was discovered by the IT administrator
  • a product listing e.g., a product listing for a newly authored product or for one that was discovered by the IT administrator
  • a product listing e.g., a product listing for a newly authored product or for
  • ingestion phase 304 may upload a product artifact that was created during authoring phase 302.
  • the IT administrator may upload a machine image for a software product, a resource stack template for a server product, or a packaged desktop application to the enterprise catalog service platform (shown as task 314) and publish the machine image, resource stack or packaged desktop application to one or more enterprise catalogs, private catalogs or portfolios (as in task 315).
  • the IT administrator may create one or more portfolios (shown as task 316) and may add one or more products that were authored, uploaded, and published by the IT administrator (as in tasks 312, 314, and 315) or that were discovered and subscribed to by the IT administrator (as in task 319) to those portfolios (shown as task 321).
  • the IT administrator may also define one or more access management policies and/or constraints to be applied to the product and/or to the portfolios to which the products have been added (as in task 317).
  • the constraints may include business level input parameters (such as an input parameter specifying the number of users to support or whether certain types of data need to be stored), or may include infrastructure-level input parameters (such as an input parameter specifying the type of virtualized computing resource instance should be used).
  • business level input parameters such as an input parameter specifying the number of users to support or whether certain types of data need to be stored
  • infrastructure-level input parameters such as an input parameter specifying the type of virtualized computing resource instance should be used.
  • an end user within the customer organization may discover one or more products by searching an enterprise-wide catalogs (if the end user has permission to view the enterprise-wide catalog) or their own private catalog (e.g., a logical collection of the products that the end user has permission to discover and/or launch, including any products that are included in portfolios to which the end user has been granted access), and viewing details pages that provide information about the products (as in task 332) and may request access to one or more products (as in task 334).
  • an enterprise-wide catalogs if the end user has permission to view the enterprise-wide catalog
  • their own private catalog e.g., a logical collection of the products that the end user has permission to discover and/or launch, including any products that are included in portfolios to which the end user has been granted access
  • viewing details pages that provide information about the products (as in task 332) and may request access to one or more products (as in task 334).
  • fulfillment phase 308 the end user may launch one or more of the products in their private catalog (as in task 336) and begin monitoring their state (which may include real-time monitoring of the health of the product and/or tracking costs associated with the provisioning and use of the product (as in task 340).
  • IT administrators and/or other decision makers may be required to approve a request to discover or launch a product prior to the end user being allowed to discover and/or launch the requested product.
  • the IT administrator may also begin monitoring the state of various products that have been provisioned by (or on behalf of) end users in the customer organization (which may include real-time monitoring the health of the products provided to the end users and/or tracking costs associated with the provisioning and use of the products provided to the end user), as in task 322.
  • an IT administrator and/or an end user may be able to view a list of products that are currently in use along with their health (e.g., through the administrator/management console or through an end user console).
  • the product health for a server products built using a resource stack template may be determined according to various alarms that are defined in the template.
  • both end users and IT administrators may continue to monitor the health of various products and to track costs associated with the provisioning and use of the products (as in tasks 322 and 340).
  • the IT administrators may also manage those products, as well as any portfolios in which they are contained and/or any constraints or users/permissions that are associated with those products (as in task 318).
  • managing the products may include enforcing any access management policies and/or constraints that were defined for the products and/or to the enterprise catalogs, private catalogs or portfolios to which the products were published.
  • end users may manage their own list of products (as in 338).
  • end users may add or remove products, but may not modify their configurations (e.g., any applicable constraints or permissions).
  • the IT administrator may continue to search for and discover new products, to subscribe to them, and to add them to new or existing portfolios and that the end user may continue to discover and request access to products and/or to launch products to which the end user has been granted access (e.g., by repeating various ones of the tasks illustrated in FIG. 3) during the ongoing management phase 310 (not shown).
  • a product (or a particular version of a product) may be deprecated by an IT administrator (e.g., through the administrator/management console of the enterprise catalog service).
  • a notification may be sent to all end users that have previously provisioned that version of the product.
  • end users who previously provisioned (and are currently using) a product version that has been (or is about to be) sunsetted may continue to use that product version unless, for example, an IT administrator determines that it is a security risk and revokes access to that product version for all end users.
  • a product version that has been (or is about to be) sunsetted may not be available to any other end users (e.g., end users who have not previously provisioned that product and/or are not currently using it).
  • new product versions may be created in the same way that new products are created (e.g., through the administrator/management console of the enterprise catalog service).
  • a notification may be sent to all users that have provisioned previous versions of the product. Creating a new version of a product may not affect any existing versions of the product that are currently in use.
  • FIG. 4 One embodiment of a service provider system that is configured to provide on- demand delivery of applications (e.g., desktop applications) to computing resource instances of its customers' end users is illustrated by the block diagram in FIG. 4.
  • the system implemented on service provider network 430, may include an application fulfillment platform (shown as desktop application fulfillment platform 420).
  • the application fulfillment platform may include an interface mechanism (shown as service provider system console 422) through which an IT administrator of a service provider customer (e.g., a business, enterprise, or organization that receives computing services, storage services, and/or access to second or third party applications from the service provider) can manage the fulfillment of various applications to their end users (e.g., employees or members of the same business, enterprise, or organization).
  • an IT administrator of a service provider customer e.g., a business, enterprise, or organization that receives computing services, storage services, and/or access to second or third party applications from the service provider
  • end users e.g., employees or members of the same business, enterprise, or organization.
  • the IT administrator may log into desktop application fulfillment platform 420 (e.g., through a browser or a dedicated client-side application) to access service provider system console 422.
  • the IT administrator may then provide input (e.g., requests for service entered in a graphical user interface of service provider system console 422) in order to create a catalog of applications to be provisioned for the use of their end users, to assign applications to particular end users or user groups, or to generate, obtain, or view usage reports for the applications in the catalog by their end users.
  • desktop application fulfillment platform 420 may include multiple fulfillment platform control plane services 426, various ones of which may be invoked in response to the inputs received from the IT administrator. For example, in response to inputs specifying the addition of an application to a catalog and the assigning of the application to one or more users, a "create fulfillment" workflow may be initiated, which may include operations performed by a fulfillment service, an entitlement service, a delivery service, a packaging service, a device identifier service, and/or a proxy service. As illustrated at 424, in this example, applications may be delivered to end users as application binaries (e.g., desktop applications that have been prepared for physical installation on an end user's computing resource instance) and/or as virtualized application packages.
  • application binaries e.g., desktop applications that have been prepared for physical installation on an end user's computing resource instance
  • the service provider may (e.g., when ingesting desktop applications for the benefit of its customers and their end users) transform desktop applications into virtualized application packages to be delivered to end users' computing resource instances, and those virtualized application packages may be executed on those computing resource instances without the end user having to install the desktop applications themselves on those computing resource instances.
  • an application delivery agent such as desktop application delivery agent 436 illustrated in FIG. 4
  • a desktop application management module such as desktop application management module 432
  • computing resource instance 438 may be a physical computing device (e.g., a desktop or laptop computer, a tablet computing device, or a smart phone) or may be a virtualized computing resource instance (e.g., one that implements a virtual desktop instance).
  • Desktop application delivery agent 436 (which may be a client component of desktop application fulfillment platform 420) may be configured to communicate with various fulfillment platform control place services 426 in order to fulfill requests to subscribe to, install, and/or execute applications selected through desktop application management module 432 or through another user interface mechanism (e.g., application icon 440 on desktop 434 or a start menu item).
  • desktop application management module 432 is an application that may be installed on the end user's computing resource instance 438 to allow the end user to interact with desktop application fulfillment platform 420 through desktop application delivery agent 436.
  • desktop application delivery agent 436 may include a runtime engine component that is configured to execute the instructions of a virtualized application package 424 that is delivered (e.g., using demand paging) for a selected application.
  • a runtime engine component that is configured to execute the instructions of a virtualized application package 424 that is delivered (e.g., using demand paging) for a selected application.
  • the functionality of an application delivery agent is described in more detail below, according to at least some embodiments.
  • the service provider network may include physical and/or virtualized computing resource instances (e.g., computation resource instances and/or storage resource instances) that may be provisioned on behalf of the business, enterprise, or organization (and its end users).
  • these computing resources instances may be configured to implement a remote computing application that allows end users to access applications executing on computing resource instances 428 as if they were installed and executing locally on their machine.
  • one or more of these computing resources instances 428 may be configured to implement a virtual desktop instance (which may serve as the end user's computing resource instance 438) on which a desktop application delivery agent 436 and a desktop application management module 432 are installed.
  • desktop 434 in FIG. 4 may represent a view presented by the virtual desktop instance and may appear to the end user as if it were a desktop on the end user's local (physical) computing device.
  • service provider network 430 may also include storage resources outside of desktop application fulfillment platform 420 (which may be managed by a storage service implemented within service provider network 430) that are configured to store data utilized by desktop application fulfillment platform 420 (not shown).
  • application binaries, virtualized application packages, various tables that store information about applications and collections thereof, application state data, or other information used to provide on-demand delivery of desktop applications to end users may be stored outside of desktop application fulfillment platform 420 instead of, or in addition to, within desktop application fulfillment platform 420.
  • desktop application management module 432 (through which the end user may select applications for installation or execution) may execute on the end user's computing resource instance 438, and a graphical user interface of desktop application management module 432 may be displayed on desktop 434.
  • this interface may present a list of applications for selection by the end user (e.g., in order to subscribe to, install, and/or execute an application).
  • a shortcut or icon for an application (shown as element 440 in FIG. 4) may be displayed on desktop 434 and may be selected in order to launch the corresponding application (e.g., desktop application management module 432, or one of the applications delivered for execution on computing resource instance 438 in response to its selection, by the end user, within desktop application management module 432).
  • an enterprise catalog service may operate in conjunction with (or may provide an interface to) a resource stack management service (such as resource stack management service 132 illustrated in FIG. 1).
  • This service may help service provider customers (e.g., administrators and/or end users) model and set up service provider resources on which server products may run within the service provider network.
  • service provider customers e.g., administrators and/or end users
  • a resource stack management service console such as resource stack management service console 130
  • administrators may create a resource stack template that describes all of the service provider resources required for a particular tasks or server product (such as virtualized computing resource instances and/or database instances). Once the resource stack template is created, the resource stack management service may take care of provisioning and configuring those resources for the customer.
  • resource stack template Other resources that may be defined in a resource stack template include an auto-scaling component, a load balancer, or an additional storage service instance. Once a resource stack is no longer needed, it may be deleted, which deletes all the resources in the stack.
  • a resource stack template may be modified by editing the definition or by creating a new version of the template that includes a different definition. For example, a resource stack template may be modified in order to include a higher performing computing resource instance type or to add additional storage resources.
  • an enterprise catalog service may operate in conjunction with (or provide an interface to) a resources stack template tool that may be accessed by an IT administrator or end user in a customer organization (e.g., through an administrator/management console or through an end user console such as resource stack management service console 130) to create a collection of interdependent resources that form a resource stack.
  • the resource stack management service, enterprise catalog service, or another service provider service or platform may maintain and manage a catalog of resources that can be included in a resource stack.
  • an IT administrator or end user in a customer organization may create, select or otherwise specify a template that defines a resource stack.
  • the resource stack may comprise resources available from the service provider.
  • the resource stack template may also include information about how the resources are to be linked together in the resource stack and how the resources are to be configured.
  • a resource stack it may be created in accordance with the information contained in the resource stack template. For example, creating a server product from a resource stack template may include determining the dependencies between the resources and an order in which the resources should be instantiated (e.g., provisioned using service provider resources), dependent on the resource stack template. After successful provisioning and integration of the resources, the resource stack may be enabled for use.
  • an IT administrator may make them all end users under the organization's service provider account.
  • the IT administrator may access the enterprise catalog service (e.g., through an administrator/management console), through which the IT administrator may subscribe to a blog publishing package (server product), create a catalog or portfolio, add the blog publishing package to the catalog/portfolio, and then grant access the blog publishing package to each of the end users (reporters).
  • the end users (reporters) access the catalog/portfolio (e.g., through the end user console), they would see the blog publishing package as an application that they can deploy.
  • an end user may select the blog publishing package (e.g., as an icon or shortcut), in response to which the resource stack management service may deploy the machine image for the blog publishing package (which may also include a database instance or other storage resource instance in addition to a computing resource instance).
  • the end user may begin using it to create their own blogs (blogs over which they have control).
  • the IT administrator may constrain the use of the blog publishing package, e.g., only allowing development on a computing resource instance of a certain size (e.g., a small instance with limited computing power), rather than on a larger computing resource instance (even if those are available to the newspaper company through their service agreement with the service provider).
  • the IT administrator may be able to limit the amount of storage that each end user can consume (e.g., 10 Gb per end user).
  • the enterprise catalog system may generate billing information for the IT administrator. For example, the IT administrator may be billed monthly for whatever number of blogs were launched during that month and for the use of the underlying service provider resources (e.g., computing resource instances and storage resource instances).
  • the service provider may collect usage fees from the customer organization and then pass along payments to any third party vendors from whom an application or server product was sourced.
  • the service provider may keep fees associated with the hardware resources and/or virtualized computing resource instances on which the server product (e.g., a resource stack application) runs (i.e., fees for the use of the service provider's infrastructure), and a percentage of the fees associate with the application, passing the bulk of the fees collected for use of the server product (e.g., by one or more organizations and their end users) to the appropriate third party vendor(s), e.g., monthly or on any other suitable billing schedule.
  • the server product e.g., a resource stack application
  • any applicable taxes on the software products or services are collected and paid (e.g., allowing collection by the service provider and/or payment to the appropriate taxing authority by the third party vendor, the IT administrator, or the service provider).
  • entity gets to set the prices charged to the customer for software products that are sourced by third party vendors (e.g., the service provider or third party vendor), with options for the service provider to bundle multiple software products together from different vendors and offer them to customers with discounted pricing.
  • the enterprise catalog service in order for the enterprise catalog service (or an underlying enterprise catalog service platform) to manage the ingestion, configuration, deployment, and ongoing management of different types of software products (which are sourced from different independent software vendors or other entities) for end users who consume them on a variety of deployment platforms, the enterprise catalog service may maintain metadata of several different types for each of the software products that are available for deployment through the service, and the types of metadata maintained for the software products may vary by product type, by target system, or by source (e.g., by vendor).
  • the enterprise catalog service may be configured to store (and subsequently use, e.g., for display purposes, for deployment purposes, or for determining pricing) the same combination of metadata elements or a different combination of metadata elements, which may include metadata elements reflecting any or all of the following types of information: offer information, a license type, subscription or licensing terms, a product format, resource requirements, an indication of the vendor or other sourcing entity, entitlement information, information indicating any constraints that are associated with a product, portfolio, or user, access management information, or information indicating one or more portfolios in which the product is included).
  • the metadata maintained for each of the software products may be dependent on the source of the product or on other characteristics of the product.
  • offer information (which may include a pricing type, a price, and/or taxing information for a specified product) may be maintained for products obtained from third party vendors, but not for the customer organization's own line-of-business products.
  • the metadata may include multiple offers for similar products from different sources, or one more than one offer for a single product, but not all of the offers may be discoverable by administrators or end users.
  • the metadata maintained for each of the software products may be filtered or sorted so that only products that an administrator or end user has permission to view/discover are presented and/or only a particular subset of the metadata maintained for those products is presented.
  • the enterprise catalog service may be configured to present only the technical details or business information that an administrator or end user needs to know and/or has permission to view.
  • the enterprise catalog service may be configured to filter or sort the metadata that is maintained for various software products in order to present similar information to an administrator or end user (e.g., for use in comparing the products), even if the metadata maintained for the products is not of exactly the same type or format.
  • the enterprise catalog service may be configured to take specific actions in response to changes to the specific metadata elements that are maintained for a particular software product. For example, if an offer for a software product changes, the service may be configured to apply the change immediately or after a delay, depending on the change. In this example, if the price goes down (e.g., if a new offer is available for the product that includes a lower price), the service may modify the offer that is received by an existing customer right away (or at the end of the next billing cycle).
  • the service may allow an existing customer to use the current offer for some period of time (e.g., 90 days) before notifying the customer of the change and/or modifying the offer through which the customer receives the product.
  • the enterprise catalog service may be configured to apply different packaging and/or software integration processes or mechanisms when ingesting or deploying products of different types or from different sources, which may include translating or otherwise transforming the products (or the product packages in which they are delivered) into a format that is suitable for ingestion by the enterprise catalog service from different vendors or for deployment to different or end user systems (e.g., systems that employ different hardware resources or operating systems).
  • FIG. 5 illustrates the use of a resource stack template to build and deploy a server product, according to at least some embodiments.
  • a client of a service provider system 530 may provide a resource stack template 510 that defines the resources 514 that will be used to execute a server application (e.g., a server product) on behalf of an end user of a service provider customer and a set of metadata 512 for the resource stack.
  • a server application e.g., a server product
  • the resources may include one or more compute node instance (or other modules) that will be used to execute the server application, a set of database instances that will store the data processed by the server, load balancers for distributing request traffic or other resources, and the metadata may include configuration files (which may contain the identities and/or setting for various resources of the resource stack), connectivity/dependencies, user identity and/or permissions information, alarms, tags, or other information.
  • the resource stack template may be received from an IT administrator of a service provider customer (e.g., through a service provider management console such as service provider management console 106 illustrated in FIG. 1) or from an end user (e.g., through a resource stack management service console such as resource stack management service console 130), either of which may expose a resource stack template authoring tool with which the resource stack template was created.
  • the service provider system 530 in response to receiving the resource stack template 510, may parse the template and build the stack of resources 514 that are defined in the template 510 and that will be used to execute the server application (shown as resource stack 540).
  • the resource stack management service 520 may include a resource provisioning system that is configured to instantiate the resources defined in the template 510 to create resource stack 540.
  • building the resource stack 540 may include instantiating at least one computing resource instance (e.g., compute node 542) that will execute the server application 544 and manage its runtime environment, and may include one or more other stack resources (shown as stack resources 546).
  • the compute node 542 may be a virtualized computing resource instance that has a predefined computing capacity and/or memory capacity.
  • the compute node 542 may be loaded with an operating system, configuration files, or other resources that are pre-installed on the compute node 542 when it is instantiated.
  • the computing resource instance may include an initialization script that will be used to apply the metadata 512 defined in the resource stack template 510 to the compute node 542 and/or application 544 when the application is launched on resource stack 540 by end user 550 (e.g., through its selection within a GUI of a resource stack management service console such as resource stack management service console 130 illustrated in FIG. 1).
  • service provider system 530 may also include other services that interact with the resource stack (e.g., an identity management service or other security/authorization services). Administrator tasks
  • an IT administrator of a business, enterprise, or other organization may be able to perform a variety of different actions through an administrator console of an application fulfillment platform (such as service provider management console 106 in FIG. 1 or service provider system console 422 in FIG. 4), many of which fall into one of the following three broad categories:
  • desktop applications or server products purchased or leased from the service provider e.g., products that were developed by the service provider or that were purchased or leased by the service provider for the benefit of its customers
  • the systems and methods described herein for implementing an application fulfillment platform may, in various embodiments, allow large enterprises to create and manage catalogs (or portfolios) of software applications and computation services, including server applications that execute in a cloud computing environment and desktop applications that execute on physical computing devices, virtualized computing resource instances, and virtual desktop instances.
  • These systems may allow service provider customers (e.g., enterprises) to ingest their own line-of-business applications (e.g., server applications and/or desktop applications) into the catalogs (or portfolios), through which they may be made available for use by their end users.
  • an IT administrator of a service provider customer may interact with the service provider system through an administrator console to assign and provision applications to various end users and/or to define constraints on the use of those applications. This may include invoking operations or workflows of a resource stack management service (in the case of server applications) or an application fulfillment platform (in the case of desktop applications to be executed on an end user's physical computing device or virtual desktop instance).
  • a resource stack management service in the case of server applications
  • an application fulfillment platform in the case of desktop applications to be executed on an end user's physical computing device or virtual desktop instance.
  • a company that wishes to use one or more applications for software trials, short-term needs or low-volume needs may obtain access to those applications through an "applications on-demand" model that is managed through the application fulfillment platform (thus, taking advantage of the more favorable terms that may be received by the service provider as a higher volume customer of the application vendor).
  • the company may obtain access to server products under a similar "services on-demand" model that is managed through the resource stack management service.
  • desktop applications e.g., individual applications and/or collections of applications
  • server products may be assigned by an IT administrator to individual users and/or user groups in an active directory to allow access to those applications.
  • an active directory of an enterprise e.g., a company that is a customer of a service provider
  • Resources e.g., users, computers, printers, or other corporate resources, each of which may have its own identifier
  • an IT administrator may create a cloud-based active directory for the enterprise.
  • connections may be made from a virtual desktop instance to an active directory on an enterprise computer system.
  • the IT administrator may, through an administrator console (e.g., a service provider system console) assign particular desktop applications and/or server products to specified users (and/or user groups) by selecting one or more users and/or user groups in its active directory from a display of the active directory (or through another interface into the active directory).
  • an administrator console e.g., a service provider system console
  • the IT administrator may be able to assign applications (e.g., one or more desktop applications, such as an office productivity suite, a data analysis application and/or a browser application) or server products (such as a website design package or blog publishing package) to the selected users and/or user groups (e.g., groups of users that are defined in the active directory, such as a "development team" or "legal team”).
  • an IT administrator may wish to provision a desktop application (e.g., a word processing application) to userl , user2, and group 1 in an active directory.
  • a desktop application e.g., a word processing application
  • the actions taken in order to carry out that fulfillment may depend on the type of application.
  • the IT administrator since the application is a desktop application that is available through an application fulfillment platform, the IT administrator may (e.g., through an administrator console) assign the desktop application to userl, user2, and group 1, and fulfilling the intended state for userl, user2, and group 1 may include invoking various workflows of the application fulfillment platform.
  • a server product e.g., a server-side application that executes on a predefined stack of a service provider resources on behalf of an end user and returns a response
  • fulfilling the server product may include invoking workflow of the resource stack management service.
  • the IT administrator may, through an administrator console (e.g., a service provider system console) also be able to apply various constraints on the use of selected desktop applications and/or server products by end users or user groups to which these products are assigned (either individually, or collectively).
  • an administrator console e.g., a service provider system console
  • the constraints that may be applied by the IT administrator may be broadly categorized as being one of the following four types: environmental constraints (which may restrict the region in which a product can be provisioned), input parameter constraints (which may restrict the set of valid values for input parameters that can be entered when a software product is provisioned or updated), quotas (which may allow the administrator to control the number of concurrent deployments of a given software product) and billing constraints (which may allow the administrator to control spending limits on an product by product basis).
  • constraints may applied at multiple levels (e.g., per product per user or user group, per product catalog or portfolio, or at one level for some catalogs/portfolios or users and at another level for other catalogs/portfolios or users.
  • constraints when constraints are applied to a catalog or portfolio, all users who have access to that portfolio will have same constraints and permissions on the products in the catalog or portfolio by default, but there may also be some specific constraints for particular product/user combinations. For example, one user may have to select a radio button element of a GUI presented by an end user console in order to install a particular product. For other users, the product may automatically appears on their system under an "autodeploy" setting selected for the user. In this example, required software products may be automatically installed by default, while optional products may be "user initiated". In another example, a product level constraint may specify that no one customer or user can install more than 10 copies of a particular product (e.g., because of the number of licenses the organization has purchased).
  • the collection of three applications described above may be assigned to three active directory users, one of which may represent a user group.
  • constraints may be set indicating that userl should use a particular version of applicationl (e.g., an office productivity suite) and should not have access to any updated versions of applicationl; that user2 should use a particular version of application! (e.g., a data analysis application) that is compatible with a particular operating system revision and should not have access to any updated versions of application2; and that user3 (which may represent a group of active directory users) may have access to application3 (e.g., a browser application) that should always be kept current (e.g., with updates applied automatically, when available).
  • application3 e.g., a browser application
  • an administrator may define rules that limit the parameter values that a user can enter when they use a product. These rules define input parameter constraints. Other constraints may be attached to a catalog or portfolio of software products, and may apply to all products in the catalog/portfolio or to individual products within the catalog/portfolio. In some embodiments, constraints may be associated with IAM users, groups or roles allowing an IT administrator to restrict the service provider resources that can be created by specific end users or groups of users. The constraints that are enforced when provisioning a product or updating a product that is being used may be evaluated by combining all of the constraints from the catalog/portfolio or product, and the intersection of all the constraints may be enforced when the user is provisioning the product.
  • the most restrictive set of constraints may be applied when different sets of constraints have been selected for a given user or software product. For example, if a product may allow all computing resource instances to be launched, and a catalog or portfolio that contains the software product may have a constraint that allows all non-GPU computing resource instances to be used, but the user has a constraint that only allows tiny and extra small computing resource instances to be launched, then the effective constraint used when that user provisions that product from that portfolio will be the constraint that only allows tiny and extra small computing resource instances to be launched.
  • the IT administrator may, through an administrator console (e.g., a service provider system console) be able to generate, obtain, and/or view reports indicating the usage of the desktop applications and/or server products that are provided through the service to their end users.
  • these reports may indicate how many (and/or which) users are using each software product, how many (and/or which) users are using each version (e.g., the latest version or an outdated version) of a particular software product, the duration for which each software product is used by one or more users, and/or other usage information.
  • the information in these reports may be used by the IT administrator to determine which of several available licensing models (e.g., on-demand subscriptions/leases using licenses obtained by the service provider, enterprise licenses obtained directly from the software vendors but managed by the service provider, etc.) may be most suitable for the software being used by their organization.
  • several available licensing models e.g., on-demand subscriptions/leases using licenses obtained by the service provider, enterprise licenses obtained directly from the software vendors but managed by the service provider, etc.
  • FIGS. 6 A - 6 J illustrate examples of the information presented through a service provider console of an enterprise catalog service, according to at least some embodiments.
  • FIG. 6A illustrates information presented by a graphical user interface (GUI) 600 for a service provider console of an enterprise catalog service to an IT administrator or buyer for a service provider customer.
  • GUI graphical user interface
  • the IT administrator or buyer may access the service provider console through a browser application (e.g., as a web page).
  • GUI graphical user interface
  • GUI 600 may present different views in order for the IT administrator or buyer to manage desktop application, server-side products, or product subscriptions (which may include product licenses), to generate and/or view reports (e.g., desktop application usage and/or server product deployment reports), to create portfolio, to add products to portfolios, to search for products, and to view (and, in some cases, take action in response to) notifications. More specifically, FIG. 6A illustrates information that may be presented to an IT administrator or buyer who wishes to discover and select desktop applications to be ingested by the enterprise catalog service (e.g., in response to selection of the "desktop applications" tab near the top of the display).
  • the enterprise catalog service e.g., in response to selection of the "desktop applications" tab near the top of the display.
  • the information presented in this example includes, in one portion of the display, a list of desktop applications, along with the vendors that developed or published the applications and/or from which they were obtained, and user interface elements that may be selected if the IT administrator or buyer would like to view more information about a particular one of the listed applications.
  • the IT administrator or buyer has indicated a desire for more information about database application F, version 2.3, from vendor ABC.
  • Another portion of the display includes information about options for filtering the list of applications that are presented.
  • the IT administrator or buyer has selected filtering options to limit the list of applications to productivity applications that are priced according to a monthly fee schedule, and that are compatible with an operation system A version 4.1 (i.e., the latest available version of OS A).
  • This portion of the display also includes an option to view line-of-business applications (e.g., desktop applications that were developed and/or published by the service provider customer itself), and an option to ingest an application (e.g., a line-of-business application).
  • FIG. 6B illustrates information that may be presented by GUI 600 to an IT administrator or buyer who wishes to discover and select server products (or resource stack templates thereof) to be ingested by the enterprise catalog service (e.g., in response to selection of the "server products" tab near the top of the display).
  • the information presented in this example includes, in one portion of the display, a list of server products, along with the vendors that developed or published the server products (or their resource stack templates) and/or from which they were obtained, and user interface elements that may be selected if the IT administrator or buyer would like to view more information about a particular one of the listed server products.
  • the IT administrator or buyer has indicated a desire for more information about website design package A, version 3, from vendor ABC.
  • another portion of the display includes information about options for filtering the list of server products that are presented.
  • the IT administrator or buyer has selected filtering options to limit the list of server products to web publishing products that are priced according to a monthly fee schedule, and that are compatible with an operation system A version 4.1 (i.e., the latest available version of OS A).
  • This portion of the display also includes an option to view line-of-business services (e.g., server products that were developed by the service provider customer itself), and an option to ingest a server product (e.g., a resource stack template for a line-of-business service).
  • line-of-business services e.g., server products that were developed by the service provider customer itself
  • an option to ingest a server product e.g., a resource stack template for a line-of-business service.
  • the IT administrator or buyer may opt to "Select and Continue", as shown near the bottom right corner of the display.
  • FIG. 6C illustrates information about website design package A, version 3 that is presented by GUI 600 in response to its selection on the previous display.
  • the information presented includes pricing information for website design package A, version 3, including software charges and service provider resource/infrastructure charges that are associated with the selected server product.
  • the IT administrator or buyer may be able to specify one of several available instance types for at least some of the resources associated with the selected server product (each combination of which may represent a different offer)
  • Other information that may be selected for viewing from this display includes an overview of the product, technical details, ratings and reviews.
  • the IT administrator or buyer has selected an option to accept the presented terms (e.g., the presented pricing) for the selected offer and continue, as shown near the bottom right corner of the display.
  • the IT administrator has selected an offer for a product to be ingested into a catalog of products that is owned by the IT administrator and from which individual products may subsequently be added to one or more portfolios (following their ingestion), which may include subscribing to the product on behalf of end users in the service provider customer organization.
  • accepting the presented pricing terms may trigger the invocation of a workflow to ingest and package the selected server product for inclusion in a default catalog for the service provider customer (or for the IT administrator) and/or for inclusion in one or more private catalogs or portfolios.
  • FIG. 6D illustrates information presented by GUI 600 on behalf of the enterprise catalog service.
  • the IT administrator or buyer has selected an option "create portfolio.”
  • Other options available from this display include "ingest products” and "assign products to users", each of which may present information that is different than the information depicted in FIG. 6D.
  • the IT administrator or buyer may enter a portfolio name, a description of the portfolio, and (optionally) one or more tags for the portfolio into text boxes of GUI 600, and may specify the portfolio type using a radio button user interface element.
  • the IT administrator or buyer may indicate whether the new portfolio will include a collection of desktop applications or a collection of server products. In some embodiments, both desktop applications and server products may be included in a single portfolio.
  • the IT administrator or buyer has indicated that the new portfolio, which has been named "Bob's team", will include only server products, and that it includes "analysis SW for project XYZ", which, apparently, will be used by end users in the customer organization that are members of Bob's team.
  • the IT administrator or buyer may also be able to use radio button user interface elements to select from among various portfolio-level configuration parameter settings and/or policy options for the new portfolio (which may include default polices that may be applied to the products included in the new portfolio), e.g., settings specifying that the prices of server products will be displayed (e.g., when the product names are displayed or in search results), that minor revisions to products in the portfolio (but not major revisions) should be applied automatically (with notifications received for major revisions), and that the default installation policy for the server products in the portfolio (which may be overridden on a product basis, in some embodiments) is that that the products are optional.
  • various portfolio-level configuration parameter settings and/or policy options for the new portfolio which may include default polices that may be applied to the products included in the new portfolio
  • settings specifying that the prices of server products will be displayed e.g., when the product names are displayed or in search results
  • minor revisions to products in the portfolio but not major revisions
  • the default installation policy for the server products in the portfolio (
  • the IT administrator or buyer has opted to "Continue" as shown near the bottom right corner of the display.
  • the IT administrator may not be able to select portfolio- level configuration parameter settings or policy options for the new portfolio (nor any default polices that will be applied to the products included in the new portfolio).
  • these types of selections may be made on a product basis, rather than on a portfolio basis.
  • these and/or other selections may be made through a separate operation, rather than as part of the operation to create the portfolio.
  • FIG. 6E also illustrates information presented by GUI 600 on behalf of the enterprise catalog service.
  • the IT administrator or buyer has selected an option to add products to a portfolio (more specifically, to add "server products" to the recently created portfolio that is named for "Bob's team", as indicated by the selection of the corresponding tab near the top of the display).
  • Other options available from this display include "desktop applications” and “subscriptions”, each of which may present information that is similar to, but not necessarily the same as, the information depicted in FIG. 6E for adding desktop applications and subscriptions to a portfolio, respectively.
  • the information presented in this example includes, in one portion of the display, a list of server products, along with the vendors that developed or published the server products (or their resource stack templates) and/or from which they were obtained, pricing information, and indications of the last time the products were updated.
  • the IT administrator or buyer has selected website design package A, version 3, from vendor ABC.
  • another portion of the display includes information about options for filtering the list of server products that are presented, and the IT administrator or buyer has selected filtering options to limit the list of server products to web publishing products that are priced according to a monthly fee schedule, and that are compatible with an operation system A version 4.1 (i.e., the latest available version of OS A).
  • an operation system A version 4.1 i.e., the latest available version of OS A
  • this portion of the display also includes an option to view line-of-business services (e.g., server products that were developed by the service provider customer itself).
  • line-of-business services e.g., server products that were developed by the service provider customer itself.
  • the IT administrator or buyer may opt to "Select and Continue", as shown near the bottom right corner of the display.
  • selecting this product and continuing may initiate the addition of the selected product to the portfolio (in this case, the recently created portfolio that is named for "Bob's team"), as described herein.
  • FIG. 6F illustrates information presented by GUI 600 on behalf of the enterprise catalog service after the IT administrator or buyer identified as "Central IT Admin" (as the owner of the portfolio "Bob's team") has selected an option to add constraints to the portfolio (e.g., through one of the portfolio detail screens available to the IT administrator or buyer).
  • the IT administrator or buyer has already added products and users to the portfolio, and is in the process of adding constraints to one or more products in the portfolio. More specifically, the IT administrator or buyer has selected an option for adding input parameter constraints to the portfolio.
  • FIG. 6F Other options available from this display include options for adding "environmental” constraints, “quotas”, or “billing” constraints, the selection of which may present information that is similar to, but not necessarily the same as, the information depicted in FIG. 6F for adding input parameter constraints to the portfolio.
  • the user interface illustrated in FIG. 6F may allow the IT administrator or buyer to control the conditions under which one or more of the products in the portfolio can be launched.
  • the constraints that are added to a product within a portfolio may restrict the region in which a server product can be launched or the size of the machine on which it can be launched even if the resource stack template for the product would have allowed other options.
  • input parameter constraints may (among other things) be used to restrict a resource type for a server product to a specific instance type or size, or to place an upper or lower limit on the instance size or capacity for a product.
  • website design package A e.g., the server product selected in FIG. 6B
  • input parameter constraints may (among other things) be used to restrict a resource type for a server product to a specific instance type or size, or to place an upper or lower limit on the instance size or capacity for a product.
  • the IT administrator or buyer has chosen to the restrict the front end resource instance type for this product to a specific instance type (e.g., "B-med"), to place an upper limit on the instance type for the middle tier resource instance for this product (e.g., "C-xlarge”), to require that the product support both HTML and XML data types (which may have been selected through text boxes or pull-down menus), and to place an upper limit on the number of users that the product needs to support (e.g., 100,000 users).
  • the IT administrator or buyer may choose "Select and Continue” to complete this task and move on to another.
  • the enforcement of these and other types of constraints that have been added to software products may be the responsibility of the fulfillment and/or deployment mechanisms through which they are delivered and launched (e.g., a desktop application fulfillment platform or resource stack management service).
  • FIG. 6G illustrates information presented by GUI 600 on behalf of the enterprise catalog service after the IT administrator or buyer identified as "Central IT Admin" (as the owner of the portfolio "Bob's team") has selected an option to add users and permissions to the portfolio (e.g., through one of the portfolio detail screens available to the IT administrator or buyer). More specifically, through this interface, the IT administrator or buyer may select one or more user identities (e.g., active directory users) to whom access to the portfolio should be allowed, and the IT administrator or buyer has chosen (using multiple check box elements) to add Charlie L., Gerry G., and Jenny B.
  • Central IT Admin the owner of the portfolio "Bob's team”
  • FIG. 6H illustrates information presented by GUI 600 on behalf of the enterprise catalog service after the IT administrator or buyer identified as "Central IT Admin" (as the owner of the portfolio "Bob's team”), has selected a portfolio sharing operation.
  • the IT administrator or buyer has selected an option to share the portfolio identified as "Bob's team” with another IT administrator in the same customer organization.
  • the IT administrator has chosen the portfolio to be shared ("Bob's team") and the recipient (identified as "East Region Admin") using text box elements or pull-down menu options.
  • the unique resource identifier e.g., the "portfolio key”
  • the unique resource identifier may be sent to the named recipient (e.g., a notification to that effect may be sent to the recipient by the enterprise catalog service).
  • the portfolio key may not be a security token, but may be a unique resource identifier (e.g., a unique string) that serves as a handle for the portfolio for searching, displaying, or providing access for modifying, sharing, or importing the portfolio.
  • the portfolio key may not be discoverable or even visible to end users and IT administrators, but may be an internal identifier that is created and used by various internal services within the enterprise service catalog platform. Other options for portfolio sharing that may be selected from the display shown in FIG.
  • 6H include a "publish portfolio” option, which may make the portfolio name and/or its contents discoverable by entitled users and user groups following its creation or configuration, an "import portfolio” option, which may be used to import a portfolio whose unique resource identifier (portfolio key) was shared with the IT administrator by another portfolio owner, or an "auto-replicate” option, which may be used to configure the portfolio for automatic replication across the customer organization (e.g., across regions or across IT administrators in the customer organization).
  • a "publish portfolio” option which may make the portfolio name and/or its contents discoverable by entitled users and user groups following its creation or configuration
  • an "import portfolio” option which may be used to import a portfolio whose unique resource identifier (portfolio key) was shared with the IT administrator by another portfolio owner
  • an “auto-replicate” option which may be used to configure the portfolio for automatic replication across the customer organization (e.g., across regions or across IT administrators in the customer organization).
  • FIG. 61 illustrates information presented by GUI 600 on behalf of the enterprise catalog service during an interaction in which an IT administrator or buyer imports a portfolio that has been shared by another portfolio owner.
  • the IT administrator or buyer identified as "East Region Admin” as the recipient of the unique resource identifier (portfolio key) for the portfolio "Bob's team”
  • the unique resource identifier (portfolio key) for the portfolio may be included in the notification instead of or in addition to the portfolio name, and the recipient may enter this information into a text box of the display illustrated in FIG. 61 instead of, or in addition to, entering the portfolio name.
  • by selecting an "import" action embedded within the notification some or all of the input fields illustrated in FIG. 61 may be automatically filled with the information needed to import the portfolio.
  • the IT administrator identified as "East Region Admin” may initiate the importing of the portfolio by selecting “Import and Continue” near the lower right corner of the display shown in FIG. 61.
  • this IT administrator may further constrain the use of the products in the portfolio and/or add users and permissions to the imported portfolio (e.g., through the user interfaces illustrated in FIGS. 6A - 6F and/or other interfaces described above), and the products in the portfolio may be discovered and launched by users who are added to the imported portfolio by "East Region Admin".
  • East Region Admin may not be able to modify the original portfolio or override the configuration of the portfolio that was defined by the portfolio owner (e.g., "Central IT admin”).
  • Central IT admin any changes made to the portfolio "Bob's team” by the portfolio owner (“Central IT admin") may automatically be pushed to all of the previous importers of this portfolio, including "East Region Admin”.
  • FIG. 6J illustrates information presented by GUI 600 on behalf of the enterprise catalog service during an interaction in which an IT administrator or buyer configures a portfolio for automatic replication across the customer organization (e.g., through the selection of the "auto-replicate” option on the main portfolio actions screen).
  • the IT administrator (as the owner of the portfolio "Bob's team") has elected to configure the portfolio identified as "Bob's team" (e.g., using a text box or pull-down menu) for automatic replication to all regions across the customer organization (using a radio button “Push to selected region(s)" and a check box “all regions” to select this configuration).
  • any changes made to the portfolio "Bob's team" will be replicated automatically in all regions.
  • the IT administrator may have chosen to configure this portfolio for automatic replication to a subset of the regions across the customer organization (e.g., only the regions selected using the check boxes on the left side of GUI 600).
  • the IT administrator may also have the option to configure this portfolio for automatic replication to selected administrators (or all administrators) within the customer organization (e.g., by selecting the "Push to selected admin(s)" radio button and selecting the administrators to whom changes to the portfolio should be pushed using a search function or another user interface mechanism) instead of, or in addition to, automatically replicating this portfolio to selected regions.
  • the IT administrator may also be able to configure this portfolio such that, rather than automatically pushing the portfolio to selected regions or administrators, the enterprise catalog service may automatically notify some or all of the regions/administrators that the portfolio has changed (shown as the radio buttons "Notify only (regions)” and “Notify only (admins)").
  • a portfolio may be configured such that it is automatically replicated in all regions and such that all IT administrators in the customer organization are notified of the change (and/or of the replication of the portfolio to all regions).
  • a portfolio that is configured for automatic replication may only be modified by its owner (e.g., the IT administrator that created and configured it) and not by the recipients of the automatically replicated portfolio.
  • the graphical user interface 600 for a service provider console of an enterprise catalog service may, in other embodiments, display more, fewer, or different elements than those illustrated in the examples shown in FIGS. 6A - 6 J.
  • the user interface elements included in a graphical user interface for a service provider console of an enterprise catalog service may, in other embodiments, take different forms (e.g., as menu items, icons, radio buttons, text boxes, check boxes, or other user interface element types) and/or may be arranged in a different order or in different positions within the GUI than the order or positions in which they are arranged in FIGS. 6A - 6J.
  • a portfolio acts as a container for software products.
  • a portfolio can have zero or more products in it, and a software product may be in multiple portfolios.
  • administrators may create portfolios, add products to them, and, using IAM permissions, publish portfolios to make them visible to users. Users may have access to any number of portfolios, as specified by their administrators. By default, a user with access to a portfolio may have access to all of the products that it contains.
  • portfolios can be shared across service provider accounts (e.g., exported and/or imported by their administrators, assuming they have approval and/or permissions to do so).
  • access management policies may be applied to an entire portfolio, or to an individual product or product type.
  • the portfolios (the grouping) and the access management policies and/or groups of constrains that are applied to the grouping may be mutable and may be shared between accounts, in some embodiments.
  • the smallest atomic unit of software resources may be an application, and a portfolio may represent a logical collection of applications.
  • actions that can be taken on a portfolio may include one or more of the following:
  • the IT administrator may (e.g., through a service provider console for IT administrators) assign resources (in this case, applications) directly to individual users or user groups.
  • resources in this case, applications
  • a collection of applications e.g., a logical collection of applications that are included in a defined portfolio
  • a portfolio may be created for the use of a legal team that includes a set of office productivity applications, legal software, and compliance management software, and the portfolio may (collectively) be assigned to the active directory user group "legal team".
  • the portfolio may be assigned to one or more other active directory users and/or user groups with similar software requirements, roles, and/or permissions to access the software included in the portfolio.
  • an IT administrator may select one of two or more options indicating when updates are applied to users of a particular portfolio.
  • the IT administrator may assign them to the portfolio, and the required software products may be automatically delivered to their physical computing device or virtual desktop instance. If an IT administrator adds a product to a portfolio or removes a product from a portfolio, the portfolio may be updated automatically.
  • the IT administrator may also be able to set the update window for minor updates, major updates, and hot fixes for the products in a portfolio at the portfolio level. This setting may apply to all products in the portfolio.
  • the IT administrator can also choose whether or not to make the entire third party product catalog available for a user to view, after which the end user may submit a request to access one or more of the software products discovered in this manner.
  • the IT administrator can designate a product as being required or optional, and can set a maximum number of installs (deployments) for a product.
  • the IT administrator can define the maximum number of times that a given product can be provisioned from a portfolio, and the enterprise catalog service may enforce this constraint, ensuring that the limit is not exceeded.
  • Required products are automatically installed, but end users may choose whether or not to install optional products.
  • the IT administrator may receive new product notifications as a weekly digest and may also see lists of new products from within the administrator/management console of the enterprise catalog services described herein. In some embodiments, all products that were recently released (e.g., released within the last seven days) may be highlighted a displayed list of products as being "New".
  • an IT administrator may be able to get detailed reports on two different levels.
  • the IT administrator may receive an enterprise report, which includes a list of all software products that includes, for each product, the product name, the vendor, license type (e.g., subscription), installs (e.g., the number of deployments), the number of out-of-date installs, a cost per install per month, the percentage of installations that are up-to- date, the total spend, the number of users, the top rated products, or the number of portfolios.
  • the second report may reflect usage at the portfolio level, and may include, for each product in the portfolio, information indicating the portfolio name, the number of products in the portfolio, the assigned users, the cost per user per month, and the total cost.
  • Some example portfolios may include an HR portfolio, an engineering portfolio, a finance portfolio, a shared services portfolio, or a customer service portfolio.
  • FIG. 710 One embodiment of a method for managing desktop applications through an enterprise catalog service (such a service implemented by the system illustrated in FIG. 1) is illustrated by the flow diagram in FIG. 7.
  • the method may include an IT administrator of a service customer organization selecting, through a product discovery service interface that presents information about desktop applications that are sourced by third parties through the product discovery service, one or more desktop applications to be purchased or licensed from a third party (e.g., a software vendor) on behalf of service provider customers.
  • a third party e.g., a software vendor
  • the selection may be dependent on technical features (e.g., capabilities of the application and/or resources required to execute the application), a pricing breakdown, the applicable terms of use (e.g., licensing or subscription terms), ratings and/or reviews, the availability of support from the vendor and/or other information.
  • the method may include ingesting and/or packaging the selected third party desktop application(s) into a product catalog owned by the IT administrator for management through the enterprise catalog service.
  • the IT administrator may discover and select one or more desktop applications (e.g., applications that were developed and/or published by the service provider and/or by third parties) to be offered to their customers and may package and/or publish the desktop applications as isolated virtualized applications (e.g., each packaged in its own container) for subsequent delivery to end users through an application fulfillment platform.
  • the method may include ingesting into the IT administrator's product catalog, one or more custom desktop applications (e.g., a line-of- business applications) that were developed by the customer organization, e.g., using a desktop application authoring and ingestion component (such as desktop application authoring and ingestion tooling 116 in FIG. 1) that is exposed to the IT administrator through the service provider management console.
  • the method may include receiving, through the service provider management console, input indicating the selection of one or more previously ingested and packaged desktop applications to be included in a portfolio for subsequent access by particular end users of a service provider customer (as in 730).
  • the desktop applications may be selected for inclusion in a private catalog or portfolio that may only be accessible to a subset of the end users of the service provider customer.
  • the input may be received from an IT administrator of a business, enterprise, or other organization that receives services through the enterprise catalog service platform and/or an application fulfillment platform (i.e., an organization that is a service provider customer).
  • the IT administrator may log into the system provider management console in order to create and/or manage one or more portfolios of applications for the use of some or all of the members of their organization.
  • the selection of desktop applications may be made by the IT administrator, and may be dependent on technical features (e.g., capabilities of the application and/or resources required to execute the application), a pricing breakdown, the applicable terms of use (e.g., licensing or subscription terms), ratings and/or reviews, the availability of support from the vendor and/or other information, including organizational needs, goals, or policies.
  • the method may also include receiving, through the service provider management console, input indicating the assignment of the selected application(s) to one or more end users and/or user groups, constraints on the use of the selected application(s), and/or configuration parameter setting(s) for the portfolio, as in 740.
  • constraints and/or configuration parameter settings may be specified as part of an operation to assign applications to particular users or user groups.
  • constraints and/or configuration parameters may be specified as part of a separate interaction between the IT administrator and the console (e.g., as part of a portfolio configuration operation), and information indicating the constraints and/or configuration parameter settings may be received as separate inputs through the service provider management console.
  • the constraints may indicate which (if any) of the applications in the portfolio are required to be installed by end users and which (if any) are optional.
  • the configuration parameter settings may indicate whether monitoring should be enabled for the portfolio (and/or particular applications in the portfolio) or may indicate whether end users have the option to view lists of applications that are not assigned to them and/or that are not currently available in the portfolio (e.g., third party applications that may be available through the application fulfillment platform).
  • the method may also include storing information representing the assignment of the selected applications to particular end users and/or user groups, the constraints, and configuration parameter settings for the selected applications, users, and portfolio, as in 750.
  • this information may be stored in any of a variety of data structures or database tables by a storage service implemented on the service provider network.
  • the method may also include making the selected applications available to the end user(s) through a desktop application management module interface, according to the constraints and configuration parameter settings for the selected applications and users, as in 760.
  • this may include installing any required applications and/or making certain applications (e.g., those applications that are assigned to a particular end user or those an end user is allowed to know about) visible and/or selectable through a desktop application management module interface or (once they are installed on an end user machine or in a virtual desktop instance) through an icon, shortcut, menu element, or other user interface mechanism or element thereof that was created on the desktop for the application and whose selection launches the application.
  • certain applications e.g., those applications that are assigned to a particular end user or those an end user is allowed to know about
  • "installing" the required and/or selected applications may not include installing the application itself (i.e., an unpackaged application binary) on an end user's physical computing device, virtualized computing resource instance or virtual desktop instance, but may involve delivering some or all of the pages of program instructions of a virtualized application (e.g., using demand paging) to the end user's computing resource instance for execution by a runtime engine that is installed in the end user's computing resource instance.
  • the method may also include tracking the usage of the desktop applications in the portfolio and passing information about the usage of the application by various end users to a service provider billing system for subsequent use in billing the service provider customer's IT administrator for the use of those applications (as in 770).
  • the method may include generating usage reports for the applications in the portfolio automatically (e.g., periodically or in response to changes in the catalog/portfolio or application usage) or upon request.
  • the reports may be delivered through the service provider management console or desktop application management module interface (e.g., to IT administrators and/or end users) in addition to being passed to a service provider billing system.
  • the reports may indicate how many (and/or which) users are using each application, how many (and/or which) users are using each version of a particular application, the duration for which each application is used by one or more users, and/or other usage information.
  • the enterprise catalog service platforms described herein may be used to manage server products on behalf of customers and their end users instead of, or in addition to, managing desktop applications.
  • One embodiment of a method for managing server products e.g., server-type applications that execute on a service provider system on behalf of an end user and return a response
  • an enterprise catalog service such a service implemented by the system illustrated in FIG. 1
  • the method may include an IT administrator of a service provider customer organization selecting, from a product discovery service, one or more resource stack templates that are sourced by third parties, and ingesting the resource stack templates into a product catalog owned by the IT administrator for subsequent deployment to end users in the customer organization..
  • the method may also include ingesting one or more line -of business resource stack templates (e.g., custom resource stack templates that were developed by the customer organization) into the IT administrator's product catalog, as in 820.
  • the method may include receiving (e.g., from an IT administrator of a service provider customer), through a service provider management console, input indicating the selection of one or more previously ingested resource stack templates to be included in a portfolio for subsequent access by end users (as in 830).
  • the resource stack templates may be selected for inclusion in a private catalog or portfolio that may only be accessible to a subset of the end users of the service provider customer.
  • the input may be received from an IT administrator of a business, enterprise, or other organization that receives services through the enterprise catalog service platform and/or from a resource stack management service (i.e., an organization that is a service provider customer).
  • a resource stack management service i.e., an organization that is a service provider customer.
  • the IT administrator may log into the system provider management console in order to create and/or manage one or more portfolios of server products (each of which may be constructed using a respective resource stack template) for the use of some or all of the members of their organization.
  • the selection of resource stack templates may be made by the IT administrator, and may be dependent on technical features (e.g., capabilities of the server product and/or resources required to create the corresponding resource stack), a pricing breakdown, the applicable terms of use (e.g., licensing or subscription terms), ratings and/or reviews, the availability of support from the vendor and/or other information, including organizational needs, goals, or policies.
  • technical features e.g., capabilities of the server product and/or resources required to create the corresponding resource stack
  • a pricing breakdown e.g., the applicable terms of use (e.g., licensing or subscription terms)
  • ratings and/or reviews e.g., ratings and/or reviews, the availability of support from the vendor and/or other information, including organizational needs, goals, or policies.
  • the method may include receiving (e.g., from an IT administrator of a service provider customer), through a service provider management console, input indicating the assignment of selected resource stack template(s) to one or more end users and/or user groups, constraints on use of the selected template(s) and/or configuration parameter setting(s) for the portfolio (as in 840).
  • constraints and/or configuration parameter settings may be specified as part of an operation to assign server products to particular users or user groups.
  • constraints and/or configuration parameters may be specified as part of a separate interaction between the IT administrator and the console (e.g., as part of a portfolio configuration operation), and information indicating the constraints and/or configuration parameter settings may be received as separate inputs through the service provider management console.
  • the constraints may indicate which (if any) of the server products in the portfolio are required to be installed by end users and which (if any) are optional.
  • the configuration parameter settings may indicate whether monitoring should be enabled for the portfolio (and/or particular server products in the portfolio) or may indicate whether end users have the option to view lists of server products that are not assigned to them and/or that are not currently available in the portfolio (e.g., third party products that have not yet been ingested into the enterprise catalog service platform).
  • the method may also include storing information representing the assignment of the selected resource stack templates to particular end users and/or user groups, the constraints, and configuration parameter settings for the selected resource stack templates, users, and portfolio, as in 850.
  • this information may be stored in any of a variety of data structures or database tables by a storage service implemented on the service provider network.
  • the method may also include making the selected resource stack templates available to the end user(s) through a resource stack management service console, according to the constraints and configuration parameter settings for the selected resource stack templates and users, as in 860.
  • this may include installing any required server products and/or making certain server products (e.g., those server products that are assigned to a particular end user or those an end user is allowed to know about) visible and/or selectable through a resource stack management service console (e.g., through icons, shortcuts, menu elements, or other user interface mechanisms or elements thereof that were created on the resource stack management service console for the server products and whose selection launches the server products).
  • server products e.g., those server products that are assigned to a particular end user or those an end user is allowed to know about
  • a resource stack management service console e.g., through icons, shortcuts, menu elements, or other user interface mechanisms or elements thereof that were created on the resource stack management service console for the server products and whose selection launches the server products.
  • the method may also include tracking the deployment of resource stack templates that are included in the portfolio and passing deployment information to a service provider billing system for subsequent use in billing the service provider customer's IT administrator for the use of those resource stack templates (as in 870).
  • the method may include generating reports indicating the number of resource stacks that are launched for each resource stack template in the portfolio automatically (e.g., periodically or in response to changes in the catalog/portfolio or resource stack template usage) or upon request.
  • the reports may be delivered through the service provider management console or resource stack management service console (e.g., to IT administrators and/or end users) in addition to being passed to a service provider billing system.
  • the reports may indicate how many (and/or which) users have deployed a resource stack for each resource stack template, the duration for which each resource stack instance is used by an end user, and/or other deployment/usage information.
  • an enterprise catalog service may be used to track and control costs.
  • portfolios, products, computing resource instances and resource stack template may support tagging.
  • the resultant computing resource instances or resource stacks may be tagged with the portfolio, the product, the product version and a unique identifier (i.e. instanceld or stack Id).
  • These tags may be used to filter spend data presented in a cost discovery tool, enabling the end users to track the spending for a portfolio, a product or for a single product deployment. End users may be able to view the costs on a daily, weekly or monthly basis.
  • the enterprise catalog service may begin billing the IT administrator for the application (or begin metering usage for subsequent billing).
  • the enterprise catalog service may begin billing the IT administrator for the product at a pre-determined rate for the product plus the cost of the underlying infrastructure (e.g., daily, hourly, monthly, annually, or as a one-time cost).
  • an application (which is sometimes referred to herein as desktop application management module) may be installed on an end user's machine or on a virtual desktop instance that provides an interface to virtualized desktop applications delivered from an application fulfillment platform.
  • this application may also provide an interface through which applications that are physically installed on the end user's machine may be launched.
  • an end user may, through a graphical user interface of the desktop application management module, log into the desktop application management module using their identity, view a list of applications that are available for their use (e.g., applications that they have permission to purchase, lease or subscribe to, install, and/or execute) or that may be made available for their use (e.g., applications for which they may be able to request permission to purchase, lease or subscribe to, install, and/or execute) and select on option to purchase, lease or subscribe to, install, and/or execute one of the listed applications.
  • applications that are available for their use (e.g., applications that they have permission to purchase, lease or subscribe to, install, and/or execute) or that may be made available for their use (e.g., applications for which they may be able to request permission to purchase, lease or subscribe to, install, and/or execute) and select on option to purchase, lease or subscribe to, install, and/or execute one of the listed applications.
  • GUI graphical user interface
  • FIG. 9A One embodiment of a graphical user interface (GUI) 900 for a desktop application management module that is installed on an end user's computing resource instance, such as desktop application management module 128 illustrated in FIG. 1, is illustrated by the block diagram in FIG. 9A.
  • an end user has chosen to view applications that are assigned to the end user or are part of a private catalog or portfolio of applications made available to the end user and/or one or more other end users by an IT administrator in the same business, enterprise, or organization ("my desktop applications").
  • the list of applications presented by the selection of "my desktop applications” may include the union of the set of applications that have been individually and directly assigned to the end user and any applications included in portfolios with which the end user is associated (e.g., a logical private catalog for the end user), even if the end user is not aware of these associations.
  • the end user may have no knowledge of (or visibility into) the concept of a portfolio, and may not know which, if any, of the applications in the end user's private catalog are included in a portfolio.
  • a list of applications is presented to the end user.
  • the list of applications indicates, for each application, an application name, the vendor from which the application is sourced, and an available action that can be taken for the application (e.g., "install”, for an application that is not currently installed on the end user's computing resource instance, or "uninstall", for some of the applications that are currently installed on the end user's computing resource instance).
  • an available action that can be taken for the application (e.g., "install”, for an application that is not currently installed on the end user's computing resource instance, or "uninstall”, for some of the applications that are currently installed on the end user's computing resource instance).
  • the action is shown as “required.” This may indicate that these applications must be installed on the end user's computing resource instance (e.g., they may have been installed automatically when the computing resource instance was configured or when the desktop application management module was launched) and cannot be uninstalled (until and unless this requirement changes).
  • GUI 900 includes a user interface element whose selection allows an end user to upload an application (e.g., an application developed by the end user or by other end users in the end user's company).
  • applications may be listed in any order, in different embodiments, e.g., in alphabetical order by name or vendor, by application type (e.g., productivity applications, data analysis applications, line-of-business applications, etc.), or by availability (e.g., required applications, optional applications that have been installed, optional applications that have not been installed, etc.).
  • application type e.g., productivity applications, data analysis applications, line-of-business applications, etc.
  • availability e.g., required applications, optional applications that have been installed, optional applications that have not been installed, etc.
  • the end user may have the option to search the list of applications in order to display specific ones of the applications in the user interface for the desktop application management module.
  • this catalog may include customer-specific line-of-business applications (such as the task tracking tool described above); applications that were developed and/published by the service provider; applications that were developed, published, and/or otherwise sourced by an entity other than the end user's company or the service provider and that were purchased or licensed by the service provider for the benefit of service provider customer and their end users; and/or applications that were developed, published, and/or otherwise sourced by an entity other than the end user's company or the service provider and that were purchased or licensed by the end user's company for the benefit of their end users.
  • customer-specific line-of-business applications such as the task tracking tool described above
  • an IT administrator may ingest line-of-business applications (e.g., line-of-business applications developed by their own organization) and may manage the life cycle of those applications just as they would manage the life cycle of applications sourced by other entities.
  • line-of-business applications e.g., line-of-business applications developed by their own organization
  • the IT administrator may (e.g., through an administrator/management console of the enterprise catalog service) provide application metadata for the new application that includes a name, title, and description.
  • An ingestion workflow may put the application through a series of automated validation steps to ensure that the software is compatible with virtual desktop instance on which it may be executed. Subsequently, once the service provider and the IT administrator approve the listing, the product may be published to the application fulfillment platform.
  • the line-of-business application may be added to an enterprise-wide or default catalog for the customer organization (e.g., one that is owned by the IT administrator and managed through the enterprise catalog service) upon ingestion, but it may be visible only within the context of the customer organization's service provider account for listing alongside other applications available to the IT administrator and end users in the customer organization in the GUI for the application fulfillment management module.
  • the customer organization e.g., one that is owned by the IT administrator and managed through the enterprise catalog service
  • FIG. 9B illustrates the graphical user interface 900 of FIG. 9A when the end user has chosen to view information about the full application catalog.
  • this catalog may include customer-specific line-of-business applications (such as the task tracking tool described above), applications developed and/or published by the service provider, and/or applications developed and/or published by someone other than the end user's company or the service provider.
  • the full application catalog displayed in FIG. 9A is unlike in the example illustrated in FIG. 9A, the full application catalog displayed in FIG.
  • 9B may include customer-specific line-of-business applications, applications developed and/or published by the service provider and/or third party applications that have not been assigned to the end user or that are included in a catalog that is made available to the end user by their IT administrator (including some for which the business, enterprise, or organization does not yet have a subscription or license) instead of, or in addition to, applications that are included in a catalog or portfolio of applications that have been made available to the end user and/or one or more other end users by an IT administrator (whether or not the applications are assigned to the end user).
  • IT administrator including some for which the business, enterprise, or organization does not yet have a subscription or license
  • the list of applications presented in the graphical user interface illustrated in FIG.9B includes a word processing application (word processing app C) and a spreadsheet application (spreadsheet app D) that are not currently assigned to the end user or included in the end user's private catalog that is presented in FIG. 9A.
  • the end user may select a "request" action in order to request access to (e.g., a subscription to) one of these applications. If the application has not yet been licensed by the service provider or the end user's company, selecting this action may, if the request is approved, initiate the acquisition and/or licensing of the application by the service provider or the end user's company and the ingestion of the application into the application fulfillment platform.
  • an application may be marked as having an installation type of "request access" for one or more end users, meaning that the application is discoverable by those end users, but cannot be installed or launched by those end users until or unless a request to access the application is approved (e.g., by the IT administrator).
  • the end user may also have the option to view "notifications" through the user interface of the desktop applications management module. For example, the end user may receive a notification when a new application is made available to the end user individually, is added to a catalog or portfolio of applications that are assigned or are otherwise available to the end user, or is added to the full application catalog, or when a new generation or version of an application to which the end user is currently subscribed is made available.
  • the end user may request one or more reports (e.g., through selection of the "Reports" item in the user interface of the desktop application management module).
  • these reports (which provide usage information for various applications, such as those applications that are assigned or are otherwise available to the end user) may be generated on demand (e.g., in response to requests from an IT administrator or end user) or periodically, and may be presented to an IT administrator or end user when they are generated or upon request, according to various embodiments.
  • the graphical user interface 900 may, in other embodiments, display more, fewer, or different elements than those illustrated in the examples shown in FIG. 9A and FIG. 9B.
  • an additional user interface element may display a list of top rated (or most heavily used) applications for this enterprise or for all customers, links to ratings or reviews of applications, or any other information about applications that are currently available to (or may be request by) the end user.
  • the user interface elements included in a graphical user interface for a desktop application management module may, in other embodiments, take different forms (e.g., as menu items, icons, radio buttons, text boxes, check boxes, or other user interface element types) and/or may be arranged in a different order or in different positions within the GUI than the order or positions in which they are arranged in FIGS. 9 A and 9B.
  • GUI 900 illustrated in FIGS. 9A and 9B may also include a user interface mechanism (not shown) that, when selected, allows the end user to view more information about an application (e.g., one that is assigned to them, one that is included in a catalog or portfolio of applications to which they have access, or one that they have discovered but do not currently have permission to install, subscribe to, or launch).
  • a user interface mechanism not shown
  • the information presented in response to selection of this option may include a description of the application, the status of the application (e.g., indicating whether it is required, is optional and assigned to the end user, is available from the enterprise catalog service but not currently assigned to the end user, or not currently available from the enterprise catalog service, in which case the end user may request a subscription), ratings for the product, reviews of the product, subscription or licensing terms, pricing information, and/or version and life cycle information, in some embodiments.
  • the desktop application management module may be available and ready to use.
  • the end user may access their application just like they access any other desktop applications (e.g., through a start menu or a desktop icon or shortcut).
  • the end user may be able to select one or more of the following options:
  • the IT administrator if the IT administrator has designated an application as "required” for a given end user, it will be installed on an end user's virtual desktop instance by default, and cannot be removed. However, if the IT administrator has designated an application as "optional", it may only be installed on the end user's virtual desktop instance if the end users choose to subscribe to the application. As noted above, if the IT administrator has enabled the full application catalog as viewable for a given end user, user group, catalog, or portfolio, the end user may be able to discover additional applications that are sourced by the service provider and/or third parties, and select a "request application” option, which may automatically submit a request to the IT administrator for the selected application.
  • the service provider may (e.g., through the application fulfillment platform) publish the update and make it available to end users (e.g., through the desktop application management module.
  • the IT administrator may be able to control the maintenance window in which application updates are applied to the computing resource instances of its end users. In such embodiments, if an end user is using an application that is targeted for an update during the maintenance window, the end user will not experience any interruption, because the update will occur in the background. However, the next time the end user launches the application, the update will be applied.
  • the desktop application management module there may be a notification engine within the desktop application management module that is configured to inform end users of upcoming application updates and newly available features.
  • the notification engine may be accessed through the desktop application management module graphical user interface (e.g., using the "notifications" tab shown in FIGS. 9A and 9B), or using other mechanisms, in different embodiments. For example, if the IT administrator has made new optional applications available for end users to subscribe to, they may be notified through the desktop application management module.
  • the application fulfillment platform may preserve application state by automatically backing up applications and application data for subsequent copy or restore operations. For example, if the virtual desktop instance is rebuilt, the applications and application data may be automatically restored on the virtual desktop instance.
  • an end user may (through the desktop application management module) select an option to subscribe to a particular listed application.
  • a subscribe request may be sent an application fulfillment service (e.g., a service implemented by an application fulfillment platform).
  • the subscription request may indicate that user X on machine Y connected to domain Z requests access to the selected application.
  • the fulfillment service may verify whether the end user is entitled to use the selected application and, if so, may initiate the execution of a "create fulfillment" workflow that delivers the requested application to the end user's physical computing device or virtual desktop instance, adds it to a default catalog for the end user's organization (e.g., a catalog owed by an IT administrator), and assigns it to the end user (or multiple end users).
  • the workflow may also include a sequence of steps to prepare the application for launching that include registering a virtual desktop session, virtualizing the selected application, generating an icon or shortcut for the virtualized application and placing it on the end user's machine (e.g., on the desktop or on the virtual desktop) and/or adding the virtualized application to a start menu or other interface mechanism, among other actions.
  • the method may include an end user (e.g., an end user in an organization that is a customer of the service provider) discovering, through a product discovery service interface at a service provider that is accessed from a local desktop application management module interface, a desktop product (e.g., a desktop application) that the end user wants to use.
  • the method may include the end user initiating, through the product discovery service interface, a service provider workflow to request approval for and/or access to the desired desktop application (as in 1020).
  • an IT administrator may use approval chains to require a manual approval prior to a product being used or a resource stack being updated or deleted.
  • an approval chain (which includes a set of steps) may be associated with a product by the IT administrator. Each step consists of a notification sent to a user, administrator or decision maker. The notification contains a link to approve or deny the request along with information about the user and the product to inform the decision to approve or deny the request.
  • approval chains may be applied to all products in a portfolio or to individual products.
  • the resource stack when an attempt is made to use a server product that has an associated approval chain or to update or delete of resource stack that has an approval chain, the resource stack may be put in an "approval pending" state until it has been fully approved through the approval chain. In some embodiments, while the resource stack is in this state, the IT administrator and/or end user who initiated the operation on the product may be able to view the current approval step through the administrator/management console or end user console to track the progress of the product through the approval process. In this example, once all approvals have been accepted, the operation will continue.
  • the method may include returning an indication that request is denied (as in 1035). However, if the request is approved or approval is not required (shown as the positive exit from 1030), the method may include the product discovery service receiving input initiating the selection and ingestion of the desired desktop application, including an agreement to the terms under which the desktop application is purchased or licensed by the service provider and/or the service provider customer (as in 1040).
  • an IT administrator of the service provider customer may select and accept an offer (which may be one of several available offers), and the selection may be dependent on technical features (e.g., capabilities of the application and/or resources required to execute the application), a pricing breakdown, the applicable terms of use (e.g., licensing or subscription terms), ratings and/or reviews, the availability of support from the vendor and/or other information.
  • technical features e.g., capabilities of the application and/or resources required to execute the application
  • a pricing breakdown e.g., the applicable terms of use (e.g., licensing or subscription terms)
  • ratings and/or reviews e.g., the availability of support from the vendor and/or other information.
  • the method may include the product discovery service packaging the selected desktop application and adding it to a default or enterprise-wide catalog for the end user's organization that is owned and/or managed by an IT administrator within the organization on behalf of the organization (through the enterprise catalog service provided by the service provider), as in 1050.
  • the method may include the enterprise catalog service receiving input indicating that the desktop application should be added to one or more catalogs or portfolios to which the end user has access (e.g., a logical private catalog or portfolio), or that the desktop application should be assigned to the end user (e.g., explicitly assigned to an individual end user), as in 1060.
  • the method may also include the end user initiating, through the local desktop application management module interface, a launch of the desired desktop application, which may include installing the application (as in 1070).
  • installing the desktop application may involve installing an executable (e.g., application binary) on the end user's machine, installing an application on a virtual desktop instance, or preparing a virtualized application for execution on a virtualized computing instance by a runtime engine installed on the end user's machine or virtual desktop instance, in different embodiments.
  • an executable e.g., application binary
  • FIG. 11 One embodiment of a method for managing updates to desktop applications through an enterprise catalog service implemented by a service provider is illustrated by the flow diagram in FIG. 11.
  • the method may include a service provider customer end user initiating a service provider workflow to request approval for and/or access to a desired desktop application.
  • the end user may request a one-time access to the desktop application or a subscription to the desktop application.
  • the method may include the request being approved and the desired application being made available to the end user in a catalog or portfolio, or by being assigned directly to the end user (as in 1120).
  • the method may include the end user launching and using the desired desktop application (which may include installing the desktop application, using any of the techniques described herein), as in 1130.
  • the method may include the end user receiving (e.g., from the enterprise catalog service through an application fulfillment platform interface) a notification that a new generation or version of the desktop application is available (as in 1140).
  • a notification that a new generation or version of the desktop application is available may be sent to end users of the service provider customer that are currently authorized to launch and use the desktop application.
  • the method may include the enterprise catalog service atomically adding the new generation/version of application to the catalog or portfolio and/or assigning the new generation/version of the application to the end user (according to the applicable update settings, constraints, and/or configuration parameters for the application and catalogs/portfolios), as in 1150.
  • the new generation/version of the application is a required application, or if a configuration setting for the application and/or catalog/portfolio specifies that updates should be applied automatically, the application may be updated in response to the notification of the new generation/version of the application.
  • the end user may be able to choose whether (and/or when) to update the application.
  • the method may include the end user initiating a service provider workflow to request the addition of the new generation/version of the application to the appropriate catalogs/portfolios and/or the assignment of the new generation/version to the end user, as in 1170.
  • the method may include end user continuing to use a previously discovered generation/version of the application, as in 1165.
  • a method similar to that illustrated in FIG. 11 may be used to manage updates to server products through an enterprise catalog service implemented by a service provider.
  • an IT administrator may (e.g., when a server product is ingested or added to a catalog or portfolio) configure the server product or catalog/portfolio for automatic updates or for manual updates (e.g., to receive notifications only) in response to a new version of the server product becoming available.
  • an IT administrator may in some cases retain full control of the service provider resources that are associated with a product that is provisioned for the benefit of their organization.
  • the IT administrator may have full control over the service provider accounts and roles used to provision products for their end users.
  • the service provider resources may be provisioned in either the end user's account or in the IT administrator's account (which may be the customer organization's root account).
  • the IT administrator may specify (e.g., at a catalog/portfolio level or a product level), that resources should be provisioned in the IT administrator's account or the organization's root account.
  • the IT administrator may specify that the underlying service provider resources should be provisioned in the IT administrator's account and may provide a link to the resulting service as an "output". For such a product, end users would be able to see that the service was created (and retrieve the corresponding URL for the service), but would not be able to view or access the service provider resources.
  • the IT administrator can view the products that have been provisioned from a catalog or portfolio that the IT administrator owns (e.g., by specifying an identity and access management role for products that are provisioned under the end user's account).
  • the IT administrator may also track product usage through the administrator/management console. For example, the IT administrator may be able view information about the products, the account(s) in which they have been provisioned, the health state, and the costs currently associated with the product.
  • FIG. 12 illustrates an example of the information presented to an end user through a graphical user interface (GUI 1200) of a resource stack management service console, according to at least some embodiments.
  • GUI 1200 graphical user interface
  • the information may be presented to an end user who wishes to search for, select, and launch a service (e.g., a server product) that is managed by an enterprise catalog service (e.g., in response to selection of the "my products" tab near the top of the display). More specifically, the end user has chosen to filter their search results by choosing "Computational services" from among multiple product type options.
  • a service e.g., a server product
  • enterprise catalog service e.g., in response to selection of the "my products" tab near the top of the display.
  • the end user has chosen to filter their search results by choosing "Computational services" from among multiple product type options.
  • GUI 1200 also presents options for the end user to upload a resource stack template ("upload template"), to generate and/or view reports (e.g., server product deployment reports), and to view (and, in some cases, take action in response to) notifications.
  • upload template a resource stack template
  • view reports e.g., server product deployment reports
  • view e.g., take action in response to
  • the end user may also be presented with an option to create a resource stack template, while in other embodiments, only an IT administrator or other privileged user may be allowed to create a resource stack template (e.g., through a management interface of the enterprise catalog service).
  • the information presented in this example includes, in one portion of the display, a list of server products (e.g., server-type applications that execute on a service provider system on behalf of an end user and return a response), each of which may be constructed using a respective resource stack template, along with the vendors that developed or published the server products (or corresponding resource stack templates) and/or from which they were obtained, and user interface elements that may be selected if the end user would like to launch or update a particular one of the listed server products.
  • server products e.g., server-type applications that execute on a service provider system on behalf of an end user and return a response
  • each of which may be constructed using a respective resource stack template, along with the vendors that developed or published the server products (or corresponding resource stack templates) and/or from which they were obtained, and user interface elements that may be selected if the end user would like to launch or update a particular one of the listed server products.
  • this portion of the display presents a list of computational services for selection by the end user, including a data analysis package A from vendor ABC, a graphics processing tool from vender LMN, and a statistical analysis package that was developed by the end user's organization (e.g., a customer-specific line-of- business service) and was previously uploaded to, and ingested by, the enterprise catalog service.
  • a data analysis package A from vendor ABC
  • a graphics processing tool from vender LMN e.g., a customer-specific line-of- business service
  • the enterprise catalog service e.g., a customer-specific line-of- business service
  • the method may include an end user selecting, from within a resource stack management service console, a server product to be launched from a set of products to which the end user has access (e.g., a private catalog or portfolio of server products).
  • the method may include sending (e.g., by the resource stack management service console to the resource stack management service) a request to launch the selected product, which indicates a resource stack template for the product (as in 1320).
  • the method may include the resource stack management service receiving the request to construct a resource stack from the resource stack template for the product, and beginning construction of a resource stack on behalf of the end user in the end user's account (e.g., based on metadata in the template and according to the end user's permissions), as in 1330.
  • the resources of the resource stack are provided by the service provider (e.g., they are implemented on service provider resources).
  • the method may include the resource stack management service determining the dependencies between the resources defined in the resource stack template and/or the order in which the defined resources should be added to the resource stack (as in 1340).
  • the resource stack template being used to construct the resource stack may define links between the resources that will be subsequently used in configuring resources of a resource stack to communicate with one another over a network, transmit requests, receive responses and otherwise interoperate.
  • the template may define connections of the resource stack, such as a network topology for use with the resource stack that defines connectivity and/or communication paths available to resources within the resource stack.
  • the method may include the resource stack management service accessing one of the resources indicated in the resource stack template, provisioning it, and integrating it into the resource stack that is under construction (e.g., in accordance with the determined order, specified dependencies, or other application constraints or configuration parameter values), as in 1350.
  • the method may include repeating the operations illustrated at 1350 for each of the resources indicated in the resource stack template. This is illustrated in FIG. 13 by the feedback from the negative exit of 1360 to 1350.
  • the method may include the resource stack management service enabling the resource stack for activation by the end user, after which the end user can terminate (delete) or update the running resource stack, as desired (as in 1370).
  • products selected from the enterprise catalog service and launched on behalf of end users may be provisioned and/or executed under the end user's account, roles, and permissions or using the account, roles, and permissions of another user (e.g., the IT administrator or another user with higher permission levels than the end user).
  • another user e.g., the IT administrator or another user with higher permission levels than the end user.
  • some or all of the following use cases may be supported:
  • An end user selects and launches a product from a catalog or portfolio and the resource stack (and resources) are created in the end user's account.
  • all operations of the resource stack management service, as well as operations of underlying services within resource stack management service and/or the enterprise catalog service, are performed as the end user (using forward access sessions).
  • An end user selects and launches a product from the catalog or portfolio that has an identity and access management (IAM) role associated with it.
  • IAM identity and access management
  • all operations of the resource stack management service, as well as operations of underlying services within resource stack management service and/or the enterprise catalog service, are performed using the IAM role specified by the product (e.g., by assuming that IAM role).
  • This may enable administrators to define products that contain an array of service provider resources without the end user having IAM permissions to the underlying services. In this case, the end user may only need access to the enterprise catalog service APIs.
  • the role associated with a product may be in a different account from the end-user. This may allow for "managed service” scenarios in which the end user controls the (create, update, delete) life cycle of the resource stack, but does not have access to, or even need to know about, the resources that are being used to implement the resource stack.
  • the service catalog runtime may act as a trusted entity allowing administrators to define IAM policies for the roles that only allow the service catalog runtime to assume them. This may allow administrators to lock down end user accounts so that they may only launch and manage services through the service catalog.
  • the catalog service may store metadata about the product (name, description, etc.), and the service catalog runtime may be responsible for defining and storing additional information about a product.
  • the service catalog runtime may be responsible for defining the raw resource stack template that defines the resources that must be created for the product (which may include any resource supported by the resource stack management service other than IAM resources), resource stack constraints, a parameter grouping document, and/or an IAM role that the service catalog runtime will assume when the product is acted upon.
  • constraints live inside the template constraints may also be added at several levels within the service catalog, and the constraints documents may be joined together as part of processing the inputs when a stack is launched or updated.
  • the constraints may define what values a user may pass into the parameters during construction.
  • the parameter grouping document may define the ordering/grouping of parameters for the console when rendering them to the end user. This feature may allow the creator of the product to have some control over how these options are presented in the console when a user is creating a resource stack.
  • the resource stack management service may expose any or all of the following APIs:
  • TerminateStack This API deletes a specified resource stack and all resources associated with it.
  • This API provides detailed information about a resource stack (e.g., input parameters, outputs, etc.).
  • This API provides a list of events for a resource stack (e.g., resource creation, updates, etc.). In some embodiments, this list may be filtered for certain users (e.g., they may not be able to see the service provider resources).
  • UpdateStack This API updates a product to a new version of the product.
  • UpdateStackConfiguration This API allows updates to the input parameters of a stack, giving IT administrators more control over what their end users can do.
  • the method may include an end user selecting, from within a resource stack management service console, a server product to be launched from a set of products to which the end user has access (e.g., a private catalog or portfolio of server products).
  • the method may include sending (e.g., from the resource stack management service console to the resource stack management service) a request to launch the selected product, where the request indicates a resource stack template for the product, as in 1420.
  • the underlying resources that will be used to implement the server product e.g., a service
  • the method may include the resource stack management service provisioning the required resources and constructing a resource stack for the product under the end user's account based on the resource stack template, where the resource stack management service performs these operations as the end user (as in 1450).
  • the method may include the resource stack management service provisioning the required resources and constructing a resource stack for the product under the end user's account based on the resource stack template, where the resource stack management service performs these operations as the end user (as in 1450).
  • the method used to launch the selected server product may be dependent on whether or not the role is associated with a different service provider account (i.e., an account that is different from the end user's service provider account), as in 1440.
  • the method may include the resource stack management service provisioning the required resources and constructing a resource stack for the product under the other account based on the resource stack template, where the resource stack management service performs these operations under an assumed role, as in 1470.
  • the method may include the resource stack management service provisioning the required resources and constructing a resource stack for the product under the end user's account based on the resource stack template, where the resource stack management service performs these operations under an assumed role, as in 1460.
  • the method may include the resource stack management service enabling the resource stack for activation by the end user, after which the end user can terminate (delete) or update the running stack as desired (as in 1480).
  • the end user may be able to use the product and control the lifetime of the constructed stack. However, in this case, the end user might not be able to directly access the underlying resources of the constructed stack.
  • an IT administrator who defines a portfolio can share their portfolio of products, permissions, and constraints with other users (e.g., with other customer accounts) and/or replicate them across regions (or across IT administrators) as an atomic unit.
  • the recipients of the shared or replicated portfolio may get access to the products, and inherit the permissions and constraints that were defined by the portfolio owner without having to build or configure such portfolios themselves from scratch.
  • the recipients may be able to further constrain the use of the products in the shared or replicated portfolio, add users to the shared or replicated portfolio, and/or add other types of permissions to the shared or replicated portfolio (e.g., further limiting access to the shared or replicated portfolio), but may be unable to modify the existing portfolio.
  • the sharer may specify an account with which the portfolio is to be shared.
  • a potential recipient of a shared portfolio may request that a particular portfolio be shared with them, as long as they know its portfolio key. In other words, a portfolio may not be discoverable except by those with whom the portfolio key has been shared.
  • a request to share the portfolio may need to be approved (e.g., by one or more managers within the customer organization of the sharer).
  • the method may include an IT administrator of a service provider customer organization initiating (e.g., through an interface of a service provider management console) the creation of a portfolio of software products in an enterprise catalog service.
  • the method may include, as part of creating the portfolio, the IT administrator providing input specifying a portfolio name, a portfolio type, a portfolio owner, a description of the portfolio, and/or one or more tags for the portfolio (as in 1520), after which the enterprise catalog service may create the portfolio, which is a container (as in 1530).
  • the method may include (as part of the creation process), the IT administrator providing input to configure the portfolio of software products for the benefit of end users in the customer organization to whom access is granted, as in 1540.
  • the IT administrator may configure (or reconfigure) the portfolio at another time, rather than as part of an interaction to create the portfolio.
  • One example of a method for configuring a portfolio is illustrated by the flow diagram in FIG. 16 and described in more detail below.
  • the method may include an end user to whom access to the portfolio has been granted discovering and launching one of the software products in the portfolio, according to applicable constraints, as in 1550.
  • the method may include an IT administrator of a service provider customer organization initiating (e.g., through an interface of a service provider management console) the configuration of a portfolio of software products in an enterprise catalog service.
  • this interaction may be part of an initial configuration of the portfolio that is performed when the portfolio is created or at another time subsequent to its creation, or it may be part of an interaction for modifying the configuration of a previously created and configured portfolio.
  • the method may include the IT administrator providing input indicating the selection of one or more software products to be included in the portfolio, as in 1620.
  • a portfolio type that was specified for the portfolio during its creation may indicate that only certain types of software products can be added to the portfolio (e.g., only server products or only desktop applications), or it may indicate that the software products added to the portfolio may be of a mix of product types.
  • the method may include the IT administrator providing input indicating the selection of one or more constraints to be applied to the portfolio and/or to one or more individual software products in the portfolio, as in 1630.
  • the IT administrator may specify one or more environmental constraints, input parameter constraints, quotas, or billing constraints to the portfolio and/or to one or more individual software products in the portfolio.
  • the method may also include the IT administrator providing input indicating the selection of one or more user identities and/or identity and access management roles for the portfolio, thus defining which users are to be granted access to the portfolio and its contents or the permissions that are required for users to be granted access to the portfolio and its contents (as in 1640).
  • the method may include repeating any or all of the operations depicted in elements 1620, 1630, or 1640 (e.g., any number of times, and in any order) until the IT administrator has finished configuring the portfolio. This is illustrated in FIG. 16 by the feedback (the dashed lines) from the negative exit of 1650 to elements 1620, 1630, and 1640. If (or once) the IT administrator has finished configuring the portfolio, shown as the positive exit from 1650, the method may include the IT administrator publishing the portfolio, or otherwise making it available to the user identities and/or identity and access management roles that were added to the portfolio, as in 1660.
  • the console component may notify other components of the system (e.g., various components within the enterprise catalog service platform, desktop application fulfillment platform, or resource stack management service), which may, in turn, initiate the provisioning of the software products or portfolios for deployment on behalf of various end users.
  • resources e.g., software products or portfolios of software products
  • the console component may notify other components of the system (e.g., various components within the enterprise catalog service platform, desktop application fulfillment platform, or resource stack management service), which may, in turn, initiate the provisioning of the software products or portfolios for deployment on behalf of various end users.
  • notifications may be sent out on a communication feed to the users in the portfolio and/or to other component and services within the enterprise catalog service platform, desktop application fulfillment platform, or resource stack management service (some of which may be responsible for taking appropriate action and/or enforcing the changes to the permissions and/or constraints, in response to the notification).
  • a control plane of an application fulfillment platform may provide a variety of portfolio management services, which may include a portfolio service, a portfolio user service, and/or a portfolio policy service.
  • the functionality of these services may be implemented by a single portfolio management service or by two or more portfolio management services in other combinations.
  • portfolio management services may (collectively) provide information to other components of the system through two or more communication channels (or communication feeds).
  • these services may provide information over a principal feed and a listing feed.
  • a listing feed may be used to communicate a notification to one or more other components in the system each time a software product (e.g., a desktop application or server product) is added (e.g., by an IT administrator) to a catalog of products that is managed through an enterprise catalog service, e.g., in response to the addition of a line-of-business product that was developed by (or on behalf of) the company or the acquisition (e.g., by subscription) and/or ingestion of a product from a third party vendor (e.g., an independent software provider).
  • a software product e.g., a desktop application or server product
  • a principal feed may be used to communicate a notification to one or more other components in the system when a user (which may be referred to as a "principal") is granted permissions for a resource (e.g., an individual software product or a portfolio), or when a constraint is modified on the arc between the resource and the principal to indicate how the principal is to use the resource.
  • the principal feed may indicate that something has changed for the principal, but it may or may not include detailed information about the specific change that was made.
  • portfolio management services may be queried for a description of the change for the principal, and/or may be relied on respond to the change appropriately.
  • the change may be that an entitlement to a new product was granted to a user, a constraint on a product was edited for the user, a product was deleted for a user, a product was deleted from the catalog altogether, a new user was added, a new resource (e.g., a software product) was added to a portfolio, or a resource (e.g., a software product) was removed from a portfolio.
  • any current operation or change of constraints on the arc between a principal and a user may trigger the communication of a notification via the principal feed.
  • any end users that are included in a portfolio may automatically (or inherently) be authorized to discover and launch the added product (e.g., they may immediately gain access to the added product).
  • the method may include an IT administrator creating a portfolio (as described herein) and configuring the portfolio (e.g., adding products, users/permissions, and constraints on the use of the products).
  • the method may also include an end user who is authorized to access the portfolio discovering and launching one of the products in the portfolio, according to the applicable constraints, as in 1720.
  • the constraints (which may include environmental constraints, input parameter constraints, quotas, and/or billing constraints) may be enforced by an enterprise catalog service client, such as a desktop application fulfillment platform, resource stack management service, or another deployment platform.
  • the method may include, in response to the change, sending a notification to the users in the portfolio, importers of the portfolio and/or other components or services in the system, as in 1740.
  • a notification of the specific change that was made may be sent to one or more components or internal services within the enterprise catalog service platform or within an enterprise catalog service client, such as a desktop application fulfillment platform, resource stack management service, or another deployment platform.
  • the method may also include one or more enterprise catalog service clients taking appropriate action to comply with the change (e.g., creating or deleting a product fulfillment, and/or enforcing any new permissions and/or constraints, as in 1750.
  • a portfolio may be published (e.g., to be made discoverable by other IT administrators in the organization and/or sub-accounts under same customer account), explicitly shared with another account (e.g., by adding an identity for the other account to the portfolio or by notifying the other account that the portfolio is being shared), or imported by another account (e.g., in response to a notification received from portfolio owner, if a request to import a portfolio that has been discovered is approved).
  • an importer of a portfolio may not be able to change the contents of the portfolio or the permissions and constraints that have already been defined by the portfolio owner, but may be able to further restrict the permissions/constraints on the products for their end users.
  • a large enterprise with a central IT organization may document and support the proliferation of best practices and/or may enforce required configurations that are compatible with those best practices.
  • a portfolio created under that central IT account e.g., a portfolio owned by the central IT account
  • subsidiary IT administrators and end user groups e.g., functional or regional teams within the organization.
  • a portfolio owner in the customer organization may retain control of their work product but may license the contractor to use the products in the portfolio in the ways in which the owner has constrained them to be used.
  • a portfolio owner can make portfolio available to contractors or customers outside of their own organization (instead of or in addition to making it available to end users in their own organization) through a licensing arrangement or other contractual agreement.
  • the method may include a first IT administrator creating a portfolio (as described herein) and configuring the portfolio (e.g., adding products, users/permissions, and constraints on the use of the products).
  • the method may also include the first IT administrator sharing the portfolio with a second IT administrator (e.g., with another customer account), as in 1820.
  • the first IT administrator may share the portfolio by publishing its name and description (so that it is discoverable) or by notifying the second IT administrator that the portfolio is being shared with the second IT administrator.
  • the method may include the second IT administrator discovering the shared portfolio and importing it, as in 1830.
  • the second IT administrator may discover the shared portfolio through a search of published portfolios or by receiving an explicit notification from the first IT administrator that the portfolio is being shared.
  • the method may (optionally) include the second IT administrator further constraining the imported portfolio (e.g., adding permission types and/or adding additional constraints), as in 1840.
  • the method may include the first IT administrator modifying the portfolio by adding or removing products or users/permissions, or modifying constraints on product(s), as in 1850.
  • the method may include the changes that were made by the first IT administrator being pushed to the importer (e.g., the other customer account) where they may be enforced by an enterprise catalog service client, such as a desktop application fulfillment platform, resource stack management service, or another deployment platform, as in 1860.
  • an enterprise catalog service client such as a desktop application fulfillment platform, resource stack management service, or another deployment platform, as in 1860.
  • changes made to users/permissions by the first IT administrator may or may not be applicable or relevant in the other customer account, and may or may not be pushed to the importer (or enforced by an enterprise catalog service client on behalf of the other customer account).
  • the enterprise catalog service platforms described herein may support a pay-as-you-go model in which, for example, customers are billed on a per user per month basis only for the products they use, and in which an unlimited number of a customer's own line-of-business applications may be deployed to its end users, along with any products for which the customer has procured licenses from the service provider or a software vendor.
  • the platforms may also allow customers to track and manage software spending with detailed product and license usage reporting on a per product basis. In addition, they may allow customers to minimize up-front capital investment by using on-demand subscriptions.
  • the enterprise catalog service platforms described herein may improve end user productivity by providing self-service access to curated software products on-demand.
  • a server that implements some or all of the techniques for managing and deploying desktop applications and services through an enterprise catalog service as described herein may include a general-purpose computer system that includes or is configured to access a non-transitory computer-accessible (e.g., computer-readable) media, such as computer system 3500 illustrated in FIG. 19.
  • a general-purpose computer system that includes or is configured to access a non-transitory computer-accessible (e.g., computer-readable) media, such as computer system 3500 illustrated in FIG. 19.
  • any or all of the computer system components described herein may be implemented using a computer system similar to computer system 3500 that has been configured to provide the functionality of those components.
  • computer system 3500 includes one or more processors 3510 coupled to a system memory 3520 via an input/output (I/O) interface 3530.
  • Computer system 3500 further includes one or more network interfaces 3540 coupled to I/O interface 3530.
  • network interfaces 3540 may include two or more network interfaces (including, e.g., one configured for communication between a virtualized computing resource hosted on the computer system 3500 and its clients, and one configured for communication between a virtualized computing resource and external resources, computing systems, data centers, or Internet destinations on networks other than the provider network and a client network on whose behalf the virtualized computing resources are hosted.
  • network interface(s) 3540 may be a single network interface.
  • computer system 3500 may be a uniprocessor system including one processor 3510, or a multiprocessor system including several processors 3510 (e.g., two, four, eight, or another suitable number).
  • processors 3510 may be any suitable processors capable of executing instructions.
  • processors 3510 may be general-purpose or embedded processors implementing any of a variety of instruction set architectures (ISAs), such as the x86, PowerPC, SPARC, or MIPS ISAs, or any other suitable ISA.
  • ISAs instruction set architectures
  • each of processors 3510 may commonly, but not necessarily, implement the same ISA.
  • System memory 3520 may be configured to store instructions and data accessible by processor(s) 3510.
  • system memory 3520 may be implemented using any suitable memory technology, such as static random access memory (SRAM), synchronous dynamic RAM (SDRAM), nonvolatile/Flash-type memory, or any other type of memory.
  • SRAM static random access memory
  • SDRAM synchronous dynamic RAM
  • program instructions and data implementing one or more desired functions are shown stored within system memory 3520 as code 3525 and data 3526.
  • data 3526 may include information representing software products, virtualized application packages, resource stack templates, the assignment of selected software products to particular end users and/or user groups, constraints and/or configuration parameter settings for the selected software products, users, and catalogs or portfolios, usage data, billing information, various types of metadata that is maintained for particular software products, and/or any other information usable in managing and deploying desktop applications and services, any of which may be stored in any of a variety of data structures or database tables within memory 3520 on one or more computing nodes of a service provider system and/or client computing device used in managing and deploying desktop applications and services through an enterprise catalog service, as described herein.
  • I/O interface 3530 may be configured to coordinate I/O traffic between processor 3510, system memory 3520, and any peripheral devices in the device, including any of network interface(s) 3540 or other peripheral interfaces.
  • I/O interface 3530 may perform any necessary protocol, timing or other data transformations to convert data signals from one component (e.g., system memory 3520) into a format suitable for use by another component (e.g., processor 3510).
  • I/O interface 3530 may include support for devices attached through various types of peripheral buses, such as a variant of the Peripheral Component Interconnect (PCI) bus standard or the Universal Serial Bus (USB) standard, for example.
  • PCI Peripheral Component Interconnect
  • USB Universal Serial Bus
  • I/O interface 3530 may be split into two or more separate components, such as a north bridge and a south bridge, for example. Also, in some embodiments some or all of the functionality of I/O interface 3530, such as an interface to system memory 3520, may be incorporated directly into processor 3510.
  • Network interface(s) 3540 may be configured to allow data to be exchanged between computer system 3500 and other devices 3560 attached to a network or networks 3550, such as other computer systems or devices as illustrated in the figures, for example.
  • network interface(s) 3540 may support communication via any suitable wired or wireless general data networks, such as types of Ethernet network, for example.
  • network interface(s) 3540 may support communication via telecommunications/telephony networks such as analog voice networks or digital fiber communications networks, via storage area networks such as Fibre Channel SANs, or via any other suitable type of network and/or protocol.
  • system memory 3520 may be one embodiment of a computer- accessible medium configured to store program instructions and data as described above for implementing various embodiments of the techniques for managing and deploying desktop applications and services through an enterprise catalog service described herein.
  • program instructions and/or data may be received, sent or stored upon different types of computer-accessible media.
  • a computer-accessible (e.g., computer-readable) medium may include non-transitory storage media or memory media such as magnetic or optical media, e.g., disk or DVD/CD coupled to computer system 3500 via I/O interface 3530.
  • a non-transitory computer-accessible (e.g., computer-readable) storage medium may also include any volatile or non-volatile media such as RAM (e.g. SDRAM, DDR SDRAM, RDRAM, SRAM, etc.), ROM, etc, that may be included in some embodiments of computer system 3500 as system memory 3520 or another type of memory.
  • a computer- accessible medium may include transmission media or signals such as electrical, electromagnetic, or digital signals, conveyed via a communication medium such as a network and/or a wireless link, such as may be implemented via network interface(s) 3540.
  • a system comprising:
  • each of the computing nodes comprising at least one processor and a memory, wherein one or more of the plurality of computing nodes implement an enterprise catalog service;
  • an administrator interface through which an administrator within the customer organization interacts with the enterprise catalog service to manage server products on behalf of end users in the customer organization;
  • enterprise catalog service is configured to:
  • a request to create a portfolio for server products that are to be made available to the customer organization create, in response to the request, a portfolio, wherein the portfolio comprises a container configured to store one or more server products;
  • the one or more server products are configured to execute on service provider resources to perform a service, and wherein the one or more server products comprise at least one server product that is sourced by an entity other than the customer organization or the service provider; add, in response to the input, the one or more server products to the portfolio; and make the portfolio available to one or more end users in the customer organization.
  • each of the one or more server products is a product that is implemented as a resource stack instance constructed in accordance with a respective resource stack template, wherein each of the resource stack templates defines a plurality of service provider resources that are required in order to implement the server product and at least one dependency between two or more of the plurality of service provider resources, and wherein the plurality of service provider resources comprises at least one computing resource instance.
  • system further comprises a product discovery service
  • enterprise catalog service is further configured to:
  • the list of server products comprises, for each of the listed server products, one or more of: a vendor of the server product, a pricing model, subscription terms, licensing terms, ratings, reviews, technical features, capabilities, or resource requirements for deploying the server product;
  • selection of the one or more server products is made in response to the presentation of the list of server products to the administrator through the administrator interface.
  • Clause 5 The system of clause 1, wherein at least one of the one or more server products is a server product that was created by the customer organization for use by one or more end users of the customer organization.
  • the portfolio comprises a container that is configured to store one or more software products
  • the plurality of software products from which the selected software product was selected comprises one or more software products sourced by each of two or more entities other than the service provider.
  • the method further comprises, prior to creating the portfolio, receiving a request to create the portfolio on behalf of the customer organization;
  • the request is received from a management console of the enterprise catalog service through which an administrator in the customer organization interacts with the enterprise catalog service to manage collections of software products on behalf of the customer organization;
  • the selected software product is a server product that is configured to execute on service provider resources to perform a service
  • adding the selected software product to the portfolio comprises adding a resource stack template for the selected software product to the portfolio, wherein the resource stack template defines the service provider resources required for execution of the server product, and wherein service provider resources defined in the resource stack template comprise at least one computing resource instance.
  • the selected software product is a desktop application that has been packaged for delivery as a virtualized application package.
  • the monitoring operation tracks one or more of: the number of times the selected software product is launched, the number of end users in the customer organization who launch the selected software product, the identity of the end users in the customer organization who launch the selected software product, or the duration of use of the selected software product by one or more end users in the customer organization.
  • Clause 15 The method of clause 6, wherein the selection of the one of the plurality of software products to add to the portfolio may be dependent on one or more of: the entity from which the selected software was sourced, a technical feature of the selected software product, a capability of the selected software product, resources required to deploy the selected software product, pricing information for the selected software product, licensing terms for the selected software product, subscription terms for the selected software product, ratings for the selected software product or reviews of the selected software product.
  • the method further comprises maintaining, for each of the plurality of software products, a plurality of metadata elements
  • the plurality of metadata elements comprises two or more of: offer information, a license type, subscription or licensing terms, a product format, resource requirements, an indication of the entity from which the product was sourced, entitlement information, access management information, or information indicating one or more portfolios in which the product is included;
  • the plurality of metadata elements that is maintained for each of the plurality of software products is dependent on one or more of: the product type or the entity from which the product was sourced.
  • the change comprises a change to the offer information that is maintained for the particular software product
  • a non-transitory computer-readable storage medium storing program instructions that when executed on one or more computers cause the one or more computers to implement an enterprise catalog service, wherein the enterprise catalog service is configured to: present an interface through which an administrator within a customer organization interacts with the enterprise catalog service to manage software products on behalf of end users in the customer organization;
  • the list of software products comprises at least one software product that is sourced by an entity other than the customer organization or the service provider;
  • the portfolio comprises a plurality of software products, wherein the plurality of software products comprises one or more software products that were sourced by each of two or more entities other than the service provider, and wherein the one or more software products selected from the list of software products include the at least one software product that is sourced by an entity other than the customer organization or the service provider;
  • Clause 20 The non-transitory computer-readable storage medium of clause 19, wherein the list of software products further comprises at least one software product that was developed or published by the customer organization.
  • Clause 21 The non-transitory computer-readable storage medium of clause 19, wherein the input selecting the one or more software products for inclusion in the portfolio comprises a request made on behalf of an end user in the customer organization to access the one or more software products.
  • Clause 22 The non-transitory computer-readable storage medium of clause 19, wherein the software products that are eligible for management by the enterprise catalog service comprise desktop applications and server products;
  • the enterprise catalog service is further configured to receive input specifying a type of software products to be displayed, wherein the input specifies that eligible desktop applications should be displayed or that eligible server products should be displayed;
  • the enterprise catalog service is configured to display the type of software products specified by the received input.
  • Clause 23 The non-transitory computer-readable storage medium of clause 19, wherein the portfolio comprises one or more desktop applications and one or more server products;
  • enterprise catalog service is further configured to:
  • the end user console through which the request was received or the workflow is dependent on whether the given software product is a desktop application or is a server product.
  • Clause 1 A system, comprising:
  • each of the computing nodes comprising at least one processor and a memory, wherein one or more of the plurality of computing nodes implement an enterprise catalog service;
  • an administrator interface through which an administrator within the customer organization interacts with the enterprise catalog service to manage software products on behalf of end users in the customer organization;
  • enterprise catalog service is configured to:
  • a request to create a portfolio for software products comprising one or more of: a portfolio name or a portfolio description;
  • the portfolio comprises a container configured to store one or more software products; receive, through the administrator interface, input indicating selection of one or more software products to be added to the portfolio, wherein the one or more software products comprise at least one software product that is sourced by an entity other than the customer organization or the service provider;
  • the request further comprises a product type
  • Clause 4 The system of clause 1, wherein the container comprises one or more constraints or constraint groups that govern how software products in the portfolio will be consumed.
  • enterprise catalog service is configured to:
  • a request to create the portfolio comprises one or more of: a portfolio name, a portfolio description, a portfolio owner, or a portfolio type;
  • Clause 8 The method of clause 6, wherein the plurality of software products from which the selected software product was selected comprises one or more software products sourced by each of two or more entities other than the service provider.
  • Clause 9 The method of clause 6, wherein the selected software product comprises a software product that is sourced by an entity other than the customer organization and the service provider.
  • Clause 10 The method of clause 6, wherein the one or more software products contained in the portfolio comprise one or more software products of each of two or more product types, and wherein the two or more product types comprise server products and desktop applications.
  • Clause 12 The method of clause 11, further comprising: receiving a request to launch the selected software product on behalf of an end user in the customer organization;
  • sharing the portfolio with a customer organization administrator comprising:
  • making the portfolio discoverable to the customer organization administrator comprises publishing one or more of: a name for the portfolio or a description of the portfolio; or sending, to the customer organization administrator, a notification that the portfolio is being shared with the customer organization administrator, wherein the notification comprises a unique resource identifier for the portfolio.
  • the method further comprises: modifying, by the administrator that created the portfolio and subsequent to sharing the portfolio with the customer organization administrator, the portfolio;
  • Clause 17 The method of clause 15, wherein the customer organization administrator with whom the portfolio is shared is a customer organization administrator in an organization other than an organization to which the administrator that created the portfolio belongs.
  • a non-transitory computer-readable storage medium storing program instructions that when executed on one or more computers cause the one or more computers to implement an enterprise catalog service, wherein the enterprise catalog service is configured to: present an interface through which an administrator within a customer organization interacts with the enterprise catalog service to manage software products on behalf of end users in the customer organization;
  • the one or more end users in the customer organization are authorized to access the selected software product.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Un système de fournisseur de services peut mettre en œuvre un service de catalogues d'entreprise qui gère des catalogues ou des portefeuilles de produits logiciels (par exemple, des applications de bureau et des produits de serveurs) pour le compte d'organisations clientes d'un fournisseur de services. Par le biais du service de catalogues de l'entreprise, un administrateur au sein d'une organisation cliente peut découvrir, sélectionner et consommer des produits (par exemple, en se basant sur leurs caractéristiques, leur tarification et leurs conditions), et peut les ajouter à des catalogues ou des portefeuilles à des fins d'utilisation ultérieure par des utilisateurs finaux dans l'organisation. L'administrateur peut appliquer des contraintes à l'utilisation des produits et limiter l'accès aux produits à des utilisateurs finaux spécifiques. Les produits peuvent comprendre des produits tiers qui sont mis à la disposition au moyen du service de catalogues de l'entreprise ainsi que des applications propres au client. Le catalogue de services de l'entreprise peut surveiller l'utilisation des produits tiers et facturer l'organisation cliente. Les produits gérés par le service de catalogues de l'entreprise peuvent être déployés au moyen d'une plateforme d'exécution d'application ou d'une plateforme de gestion de piles de ressources.
PCT/US2015/060202 2014-11-11 2015-11-11 Plateforme de service de catalogues permettant de déployer des applications et des services WO2016077483A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14/538,718 2014-11-11
US14/538,719 US20160132808A1 (en) 2014-11-11 2014-11-11 Portfolios and portfolio sharing in a catalog service platform
US14/538,718 US11244261B2 (en) 2014-11-11 2014-11-11 Catalog service platform for deploying applications and services
US14/538,719 2014-11-11

Publications (1)

Publication Number Publication Date
WO2016077483A1 true WO2016077483A1 (fr) 2016-05-19

Family

ID=54704105

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/060202 WO2016077483A1 (fr) 2014-11-11 2015-11-11 Plateforme de service de catalogues permettant de déployer des applications et des services

Country Status (1)

Country Link
WO (1) WO2016077483A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111782197A (zh) * 2020-08-03 2020-10-16 网易(杭州)网络有限公司 一种资源发布的方法及装置
US20220343385A1 (en) * 2021-04-27 2022-10-27 Ebay Inc. Systems and methods for automatically customizing resources for third parties
EP4196887A4 (fr) * 2020-08-14 2023-11-29 Snowflake Inc. Disponibilité d'échange de données, visibilité de listage et exécution de listage
US20240020741A1 (en) * 2022-07-18 2024-01-18 Rockwell Automation Technologies, Inc. Catalog service replication

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148232A1 (en) * 2001-01-22 2004-07-29 Osamu Fushimi Electronic catalog aggregation apparatus for realizing fast and efficient electronic catalog system
US20080052193A1 (en) * 2006-08-25 2008-02-28 Alexander Katzner Integrated Communication Systems and Methods for Purpose of Product Presentation and Direct Sales
US20140074973A1 (en) * 2012-09-07 2014-03-13 Oracle International Corporation System and method for orchestration of services for use with a cloud computing environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148232A1 (en) * 2001-01-22 2004-07-29 Osamu Fushimi Electronic catalog aggregation apparatus for realizing fast and efficient electronic catalog system
US20080052193A1 (en) * 2006-08-25 2008-02-28 Alexander Katzner Integrated Communication Systems and Methods for Purpose of Product Presentation and Direct Sales
US20140074973A1 (en) * 2012-09-07 2014-03-13 Oracle International Corporation System and method for orchestration of services for use with a cloud computing environment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111782197A (zh) * 2020-08-03 2020-10-16 网易(杭州)网络有限公司 一种资源发布的方法及装置
CN111782197B (zh) * 2020-08-03 2023-12-29 网易(杭州)网络有限公司 一种资源发布的方法及装置
EP4196887A4 (fr) * 2020-08-14 2023-11-29 Snowflake Inc. Disponibilité d'échange de données, visibilité de listage et exécution de listage
US20220343385A1 (en) * 2021-04-27 2022-10-27 Ebay Inc. Systems and methods for automatically customizing resources for third parties
US20240020741A1 (en) * 2022-07-18 2024-01-18 Rockwell Automation Technologies, Inc. Catalog service replication

Similar Documents

Publication Publication Date Title
US20200184394A1 (en) Constraints and constraint sharing in a catalog service platform
US11803893B2 (en) Graph processing service component in a catalog service platform
US11244261B2 (en) Catalog service platform for deploying applications and services
US10318265B1 (en) Template generation for deployable units
US20160132808A1 (en) Portfolios and portfolio sharing in a catalog service platform
US10761826B2 (en) Dynamic reconstruction of application state upon application re-launch
US20230333906A1 (en) Discovering and publishing api information
US10182103B2 (en) On-demand delivery of applications to virtual desktops
US10152211B2 (en) Application delivery agents on virtual desktop instances
US11126481B2 (en) Fulfilling a request based on catalog aggregation and orchestrated execution of an end-to-end process
US8612976B2 (en) Virtual parts having configuration points and virtual ports for virtual solution composition and deployment
US10127059B2 (en) Multitenant hosted virtual machine infrastructure
Mietzner et al. Horizontal and vertical combination of multi-tenancy patterns in service-oriented applications
US11068136B1 (en) Application fulfillment platform with automated license management mechanisms
US20140136712A1 (en) Cloud resources as a service multi-tenant data model
Munteanu et al. Multi-cloud resource management: cloud service interfacing
AU2015404396B2 (en) Federated marketplace portal
WO2016077483A1 (fr) Plateforme de service de catalogues permettant de déployer des applications et des services
Sadtler et al. IBM Workload Deployer: Pattern-based Application and Middleware Deployments in a Private Cloud
Ifrah et al. Getting Started with Containers on Amazon AWS
Freato et al. Mastering Cloud Development using Microsoft Azure
Polze A comparative analysis of cloud computing environments
Rath Hybrid Cloud Management with Red Hat CloudForms
Instances Getting Started with Cloud Computing: Amazon EC2 on Red Hat Enterprise Linux
Meyler et al. System Center Configuration Manager (SCCM) 2007 Unleashed

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15801045

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15801045

Country of ref document: EP

Kind code of ref document: A1