US20230080498A1

US20230080498A1 - Systems and methods for an enterprise computing platform

Info

Publication number: US20230080498A1
Application number: US17/932,643
Authority: US
Inventors: Sam Barhoumeh; Karthik Tangaraj; Nagesh Prabhuswamy
Original assignee: SixOne LLC
Current assignee: SixOne LLC
Priority date: 2021-09-15
Filing date: 2022-09-15
Publication date: 2023-03-16

Abstract

Systems and methods for an enterprise computing platform may include a server that may include a desktop-as-a-service module, a user behavior analytics module, a remote monitoring and management module, an analytics-as-a-service module, an insider threat prevention and monitoring module, and a project tracker module. The server or modules may provide remote desktop sessions in an efficient and convenient manner, may analyze user behavior and automatically execute corrective actions in response to rules violations, and may monitor and manage multiple computer systems and computing sessions as to their statuses, versions, authentication, or compliance.

Description

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. patent application Ser. No. 17/447,797, which was filed on Sep. 15, 2021, entitled “Systems and Methods for an Enterprise Computing Platform,” which is pending; which is a continuation of U.S. patent application Ser. No. 17/447,791, which was filed on Sep. 15, 2021, entitled “Systems and Methods for an Enterprise Computing Platform,” which is pending; all of which are hereby incorporated by reference in their entireties.
A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the reproduction of the patent document or the patent disclosure, as it appears in the U.S. Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.

BACKGROUND OF THE DISCLOSURE

The present disclosure generally relates to computing technology, and more particularly to systems and methods for an enterprise computing platform.
Maintaining and managing a computer hardware and software system is a complex task requiring provisioning hardware, operating systems, software applications, and other technology for users. Such provisioning includes devoting sufficient computing resources and maintaining such resource up-to-date. Furthermore, such computing resources are only available at the physical location where the hardware is located.
Additionally, tracking and monitoring users of a computer system is difficult due to the large number of users that are spread out over large distances. Furthermore, network administrators cannot monitor all users' systems at all times. Network administrators may want to determine whether users are working productively and efficiently. Network administrators also want to help users comply with rules and policies regarding data confidentiality and privacy.
Furthermore, network administrators need to track and monitor physical and logical assets to determine their status, condition, and compliance with policies. Administrators also need to protect their systems from threats within their networks. Finally, users need to be able to analyze work they do and track progress in a data-driven and real-time manner.
What is needed then are systems and methods for an enterprise computing platform.

BRIEF SUMMARY

This Brief Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
One aspect of the disclosure includes a computer-implemented method for cloud desktop-as-a-service administration. The method may include receiving, at a server, workspace-type selection data from a first user logged into the server on a first user device. The method may include receiving, at the server, workspace configuration selection data from the first user. The method may include generating, on the server, a remote desktop workspace. The remote desktop workspace may include a number of remote desktop sessions. The number of remote desktop sessions may be based on the workspace-type selection data. Each remote desktop session may include a virtualized hardware configuration based on the workspace configuration selection data. The method may include receiving, at the server, user data from a second user device. The user data may include a request for a second user to join a remote desktop session of the remote desktop workspace. The method may include permitting the second user to join the remote desktop session.
Another aspect of the disclosure includes a computer-implemented method for generating computer user behavior analytics. The method may include storing one or more user behavior rules. A user behavior rule may include a first user activity and a corrective action. The method may include receiving, from a first computing device, user behavior data. The user behavior data may include a second user activity from a computing session executing on the first computing device. The method may include determining that the first user activity satisfies the second user activity. The method may include sending a corrective action command to the first computing device. The corrective action command may be configured to cause the first computing device to execute the corresponding corrective action in the computing session.
Another aspect of the disclosure includes a system that includes a remote monitoring and management (RMM) module. The RMM module may provide real-time visibility to one or more physical or logical assets of a customer network. The RMM module may provide notifications or alerts to admin users to reduce and respond to downtime. The RMM module may keep computing devices secure, up-to-date, or optimized via administering proactive, centralized device management automation. The RMM module may provide secure and efficient access to computing devices with remote support and screen share tools.
Another aspect of the disclosure includes a system that includes an analytics-as-a-service (AaaS) module. The AaaS module may provide software to one or more users in a more efficient manner. The AaaS module may distribute or maintain software for multiple users at a single point of coordination.
Another aspect of the disclosure includes a system that includes an insider threat prevention and monitoring (ITPM) module. The ITPM module may monitor user behavior data and determine whether such data indicates a threat, security breach, or other harmful activity for a server, a customer network, or a cloud-computing environment. The ITPM module may prevent harmful activity or may alert an admin user of such detected user behavior data.
Another aspect of the disclosure includes a system that includes a project tracker module. The project tracker module may analyze project data. The project tracker module may perform said analysis on a project, team member, timeline, or other basis. The project tracker module may generate reports and billing data based on server usage or cloud-computing environment usage.
Numerous other objects, advantages and features of the present disclosure will be readily apparent to those of skill in the art upon a review of the following drawings and description of various embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating one embodiment of a system for an enterprise computing platform.

FIG. 2A is a block diagram illustrating one embodiment of an enterprise computing platform.

FIG. 2B is a block diagram illustrating one embodiment of an enterprise computing platform.

FIG. 3A is a block diagram illustrating one embodiment of an enterprise computing platform.

FIG. 3B is a block diagram illustrating one embodiment of an enterprise computing platform.

FIG. 4 is a block diagram illustrating one embodiment of an enterprise computing platform.

FIG. 5 is a flowchart diagram illustrating one embodiment of a method for cloud desktop-as-a-service administration.

FIG. 6A is a flowchart diagram illustrating one embodiment of a method for on-premises desktop-as-a-service administration.

FIG. 6B is a flowchart diagram illustrating a continuation of the method of FIG. 6A of one embodiment of a method for on-premises desktop-as-a-service administration.

FIG. 7 is a front view of a graphical user interface for a user behavior dashboard.

FIG. 8 is a front view of a graphical user interface for a user behavior dashboard.

FIG. 9 is a front view of a graphical user interface for a user behavior dashboard.

FIG. 10 is a flowchart diagram illustrating one embodiment of a method for generating computer user behavior analytics.

FIG. 11 is a flowchart diagram illustrating one embodiment of a method for generating computer user behavior analytics.

FIG. 12 is a block diagram illustrating one embodiment of an enterprise computing platform.

FIG. 13 is a flowchart diagram illustrating one embodiment of a method for remote monitoring and management.

FIG. 14A is a front view of a graphical user interface for a billing module.

FIG. 14B is a front view of a graphical user interface for a billing module.

FIG. 14C is a front view of a graphical user interface for a billing module.

FIG. 15 is a front view of a graphical user interface for a product marketplace.

DETAILED DESCRIPTION

While the making and using of various embodiments of the present disclosure are discussed in detail below, it should be appreciated that the present disclosure provides many applicable inventive concepts that are embodied in a wide variety of specific contexts. The specific embodiments discussed herein are merely illustrative of specific ways to make and use the disclosure and do not delimit the scope of the disclosure. Those of ordinary skill in the art will recognize numerous equivalents to the specific apparatus and methods described herein. Such equivalents are considered to be within the scope of this disclosure and are covered by the claims.
In the drawings, not all reference numbers are included in each drawing, for the sake of clarity. In addition, positional terms such as “upper,” “lower,” “side,” “top,” “bottom,” etc. refer to the apparatus when in the orientation shown in the drawing. A person of skill in the art will recognize that the apparatus can assume different orientations when in use.
Reference throughout this specification to “one embodiment,” “an embodiment,” “another embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. Thus, appearances of the phrases “in one embodiment,” “in an embodiment,” “in some embodiments,” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment, but mean “one or more but not necessarily all embodiments” unless expressly specified otherwise.
The terms “including,” “comprising,” “having,” and variations thereof mean “including but not limited to” unless expressly specified otherwise. An enumerated listing of items does not imply that any or all of the items are mutually exclusive and/or mutually inclusive, unless expressly specified otherwise. As used herein, the term “a,” “an,” or “the” means “one or more” unless otherwise specified. The term “or” means “and/or” unless otherwise specified.
Multiple elements of the same or a similar type may be referred to as “Elements 102(1)-(n)” where n may include a number. Referring to one of the elements as “Element 102” refers to any single element of the Elements 102(1)-(n). Additionally, referring to different elements “First Elements 102(1)-(n)” and “Second Elements 104(1)-(n)” does not necessarily mean that there must be the same number of First Elements as Second Elements and is equivalent to “First Elements 102(1)-(n)” and “Second Elements (1)-(m)” where m is a number that may be the same or may be a different number than n.
As used herein, the term “computing device” may include a desktop computer, a laptop computer, an application server, a database server, or some other type of computer or server. A computing device may include a mobile device such as a smart phone, a tablet, a smart watch, or other mobile device. A computing device may include an integrated circuit (IC) and may include an application-specific integrated circuit (ASIC) or some other type of IC. In some embodiments, a computing device may include one or more processors, volatile storage, non-volatile storage, a computer-readable storage medium (including a non-transitory medium) one or more input devices, or one or more output devices. In some embodiments, a computing device may include a physical computing device or a virtual machine (VM).

Overview

As a brief overview, the systems and methods of the disclosure may provide an entity with device access to software applications and data from several different devices and from several different locations. The systems and methods may provide computing access to a number of users, may provide automated functionality that promotes user productivity while safeguarding data, and may provide information technology services and tools remotely. The systems and methods of the disclosure may provide for efficient software access to a user, may detect, prevent, and monitor security threats from inside a customer system, or may track projects that users are collaborating on.
FIG. 1 depicts one embodiment of a system 100. The system 100 may include a system for an enterprise computing platform. The system 100 may include a server 110. The server 110 may include one or more modules. The one or more modules may include a desktop-as-a-service (DaaS) module 112, a user behavior analytics (UBA) module 114, a remote monitoring and management (RMM) module 116, an analytics-as-a-service (AaaS) module 118, an insider threat prevention and monitoring (ITPM) module 120, or a project tracker module 122.
The system 100 may include a customer network 130. The customer network 130 may include one or more computing devices 132(1)-(n). The server 110 and the customer network 130 may be in data communication over a data network 140. The system 100 may include a cloud-computing environment 150. The cloud-computing environment 150 may be in data communication with the server 110 or the customer network 130 over the data network 140.
In one embodiment, the server 110 may include a computing device. The server 110 may include at least one processor. The server 110 may include a non-transitory computer-readable storage medium. The computer-readable storage medium may include one or more executable instructions. One or more of the modules 112-122 may include the executable instructions. The at least one processor of the server 110 may, in response to executing the executable instructions, may carry out the various functions of one or more of the modules 112-122.
In one embodiment, the server 110 may include a platform. The platform may include one or more of the modules 112-122. The platform may include one or more user accounts. A user account of the platform may allow a user of the customer network 130 to log into the platform and perform functions on the platform using one or more of the modules 112-122. A user of the platform may include an administrative user (“admin user”) or a standard user. An admin user may have access to more or different functionality on the platform than a standard user. An admin user may be able to manage, modify, view, control, or otherwise affect one or more standard users or their accounts on the platform.
In one embodiment, the DaaS module 112 may provide a remote desktop session to a computing device 132 of the customer network 130. The remote desktop session may execute in the cloud-computing environment 150. The remote desktop session may allow a user of the computing device 132 to use software applications and other computer functionality from a variety of locations or devices. The DaaS module 112 may allow an admin user to configure a number of remote desktop sessions and configurations regarding those remote desktop sessions.
In some embodiments, the UBA module 114 may receive user behavior data from a remote desktop session, a computing device, a local desktop session, or other computing instance. The user behavior data may include data such as console commands, email activity, file transfer activity, or other user activity on the computing instance. The UBA module 114 may provide an admin user with a user behavior dashboard that may be displayable on the admin user's computing device. The user behavior dashboard may display behavior data or analytics data based on received user behavior data for one or more users. In one or more embodiments, the UBA module 114 may include a set of user behavior rules. In response to some of the user behavior data satisfying the conditions of a user behavior rule, the UBA module 114 may send data to the applicable computing instance to execute a corrective action on the computing instance.
In one embodiment, the RMM module 116 may provide real-time visibility to one or more physical or logical assets of the customer network 130. The RMM module 116 may provide notifications or alerts to admin users to reduce and respond to downtime. The RMM module 114 may keep computing devices secure, up-to-date, or optimized via administering proactive, centralized device management automation. The RMM module 116 may provide secure and efficient access to computing devices 132 with remote support and screen share tools.
In certain embodiments, the AaaS module 118 may provide software to one or more users in a more efficient manner. The AaaS module 118 may distribute or maintain software for multiple users at a single point of coordination.
In one embodiment, the ITPM module 120 may monitor user behavior data and determine whether such data indicates a threat, security breach, or other harmful activity for the server 110, the customer network 130, or the cloud-computing environment 150. The ITPM module 120 may prevent harmful activity or may alert an admin user of such detected user behavior data.
In some embodiments, the project tracker module 122 may analyze project data. The project tracker module 122 may perform said analysis on a project, team member, timeline, or other basis. The project tracker module 122 may generate reports and billing data based on server 110 usage or cloud-computing environment 150 usage.
In one embodiment, the customer network 130 may include a network of computing devices, data networks, and other computing functionality. The customer network 130 may include the network of an entity such as a corporation. The customer network 130 may use the services of the server 110 (such as the modules 112-122) to perform certain functions. The server 110 may provide module 112-122 functionality to multiple customer networks 130(1)-(n) and may keep such customer's functionality and data logically separate.
In one embodiment, the data network 140 may include a wired or wireless network. The data network 140 may include a local area network (LAN), wide area network (WAN), or another type of network. The data network 140 may include one or more switches, routers, or other network devices. The data network 140 may include an Internet service provider (ISP). The data network 140 may include the Internet.
In some embodiments, the cloud-computing environment 150 may include a cloud-computing provider or a web service provider. The cloud-computing environment 150 may include a distributed computing environment. The cloud-computing environment 150 may include one or more hyperscalers. Examples of a cloud-computing environment include AMAZON WEB SERVICES (AWS) provided by AMAZON WEB SERVICES, INC., AZURE provided by MICROSOFT, or GOOGLE CLOUD provided by GOOGLE. In some embodiments, the server 110 may include the cloud-computing environment 150. In other embodiments, the customer network 130 may include the cloud-computing environment.

Desktop-as-a-Service

In one embodiment, the DaaS module 112 may provide a remote desktop session to a computing device 132 of the customer network 130. The remote desktop session may execute in the cloud-computing environment 150. The remote desktop session may allow a user of the computing device 132 to use software applications and other computer functionality from a variety of locations or devices. In some embodiments, the DaaS module 112 may provide the remote desktop session in a server-based implementation or a hybrid implementation.
FIG. 2A depicts one embodiment of a system 200. The system 200 may include a system for a server-based implementation. The system 200 may include the server 110, the DaaS module 112, the customer network 130, the computing devices 132(1)-(n), or the cloud computing environment 150 of FIG. 1 . As can be seen in FIG. 2A, the DaaS module 112 may include a remote desktop workspace 202 executing on the server 110.
The remote desktop workspace 202 may include one or more remote desktop sessions that an admin user may manage. Managing the remote desktop workspace 202 may include the admin user configuring a number of remote desktop sessions for the remote desktop workspace. Managing the remote desktop workspace 202 may include the admin user configuring computing device configurations (e.g., a processor speed, memory size, storage size, etc.) for a remote desktop session. Managing the remote desktop workspace 202 may include the admin user selecting which users in the customer network 130 may join a remote desktop session. Managing the remote desktop workspace 202 may include the admin user configuring other aspects of the remote desktop workspace 202 or the one or more remote desktop sessions.
The remote desktop workspace 202 may include one or more remote desktop sessions. As used herein, a “remote desktop session” may include a login session that may include a client device that may capture inputs (e.g., from a mouse or keyboard). The login session may include a remote device that may receive the captured inputs from the client device, execute computing functionality on the remote device based on the captured inputs, and send display data to the client device so that the client device may display the display data. In the example of system 200 of the FIG. 2A, the client device may include the computing device 132(1) or 132(2) of the customer network 130, and the remote device may include the VM 204 executing on the cloud-computing environment 150. As can be seen in FIG. 2A, a remote desktop session may be represented in the Figures by a dotted line between a computing device 132 and the VM 204. In this manner, the DaaS module 112 may provide a user of a computing device 132 a desktop with which to execute applications via a remote desktop session. The user can access the remote desktop session from a variety of computing devices or a variety of locations as if the user were working on a computing device physically located on a premises of the entity that operates the customer network 130.
It should be noted that the computing device 132 may include a physical computing device or a VM. The computing device 132 may be physically connected to the customer network 132 or may be logically a part of the customer network 132 (e.g., via a virtual private network (VPN)). It should also be noted that the cloud-computing environment 150 may provide a different type of computing device to function as the remote device in the remote desktop session instead of a VM 204.
In some embodiments, the remote desktop workspace 202 may include a cloud account 206. The cloud account 206 may include data that may allow the DaaS module 112 to log into a cloud account of the cloud-computing environment 150. In some embodiments, the DaaS module 112 may not be able to use the cloud-computing environment 150 (and thus, may not be able to generate the VM 204) without a cloud account 206. As an example, the cloud-computing environment may include the cloud-computing environment of AWS, and the cloud account 206 may include an account that the server 110 or DaaS 112 has on AWS.
FIG. 2B depicts one embodiment of a system 250. The system 250 may include a system for a hybrid implementation. The system 250 may include the server 110, the DaaS module 112, the customer network 130, the computing devices 132(1)-(n), or the cloud computing environment 150 of FIG. 1 . As can be seen in FIG. 2B, customer network 130 may include the remote desktop workspace 202 or the cloud account 206 (instead of the DaaS module 112, as was the case in FIG. 2A). In this manner, the admin user may configure the remote desktop workspace on the customer network 130. The admin user may use the customer entity's cloud account 206 (instead of the server's 110 or the DaaS module's 112 cloud account 206) to provision the remote desktop sessions. However, the DaaS module 112 may still be in data communication with the remote desktop workspace 202 in order to configure the remote desktop workspace 202. To the user of the computing device 132 that may use the remote desktop session, there may be no difference in the functionality of the remote desktop session between the server-based implementation (FIG. 2A) and the hybrid implementation (FIG. 2B).
In one embodiment, an admin user may send the DaaS module 112 workspace-type selection data. The workspace-type selection data may include a personal workspace-type selection. In response to receiving the personal workspace-type selection, the DaaS module 112 may generate a single remote desktop session for the remote desktop workspace 202. For example, as seen in the system 300 of FIG. 3A, each remote desktop space 202 includes one remote desktop session that includes a single computing device 132 as the client device and a single VM 204 as the remote device. In some embodiments, the personal workspace type may be advantageous because it allows the user of the remote desktop session to use the VM 204 without having to share its virtual resources with other users.
In one embodiment, the workspace-type selection data may include a shared workspace-type selection. In response to receiving the shared workspace-type selection, the DaaS module 112 may generate a number of remote desktop sessions that may be divided up on a per resource basis. The resource may include a VM 204, a processor core, a memory size, a non-volatile storage size, or some other computing resource.
FIG. 3B depicts one example of a system 350 that includes the shared workspace type. The shared workspace-type selection data (or other data, such as the workspace configuration data) may include data indicating the resource type “processor core” and data indicating that two remote sessions should share a processor core. The DaaS module 112 may also receive data indicating that the remote desktop workspace will include six remote sessions. The DaaS module 112 may spin up three VMs 204(1)-(3), and each VM 204 may include one processor core. The DaaS module 112 may divide six users of six computing devices 132(1)-(6) between the three VMs 204(1)-(3).
In some embodiments, the shared workspace-type selection data may include data indicating that the remote desktop workspace 202 is to have one remote desktop session per processor core, two remote desktop sessions per processor core, four remote desktop sessions per processor core, or six remote desktop sessions per processor core. In one embodiment, more processor cores per remote desktop session may allow fewer VMs to be spun up while still providing computing resources to the remote desktop sessions.
In one embodiment, the workspace-type selection data may include a pooled workspace-type selection. In one embodiment, the admin user may provide a scaling policy to the DaaS module 112. The scaling policy may include data that may indicate to the DaaS module 112 one or more conditions under which the DaaS module 112 may automatically spin up one or more VMs 204 or may automatically wind down one or more VMs 204. This automatic spinning up or winding down of VMs 204 may be known as “autoscaling.” The DaaS module 112, when administering a remote desktop workspace 202 of the pooled workspace type, may autoscale the number of remote desktop sessions based on a virtualized hardware usage of the remote desktop sessions of the remote desktop workspace 202.
As an example, a scaling policy may include that no remote desktop session of the remote desktop workspace 202 may include fewer than 1.4 Ghz of processing power. In response to an attempt to generate a remote desktop session on a VM 204(1) that would cause the remote desktop sessions currently on the VM 204(1) to have fewer than 1.4 Ghz of processing power, the DaaS module 112 may cause the cloud-computing environment 150 to spin up an addition VM 204(2) and execute the additional remote desktop session on the VM 204(2). In some embodiments, in response to a VM 204 no longer executing a remote desktop session (e.g., due to all of the users of the remote desktop sessions logging off), the DaaS module 112 may spin down the VM 204. Other example conditions of a scaling policy may include that no remote desktop session may include less than a certain amount of memory, storage space, or other computing resource.
In one embodiment, the DaaS module 112 may receive workspace configuration selection data from the admin user that wishes to generate a remote desktop workspace 202. The workspace configuration selection data may indicate one or more virtualized hardware configurations of a VM 204 that will be used in association with the remote desktop workspace 202 or one more virtualized hardware configurations of a remote desktop session. A virtualized hardware configuration may include a number of virtualized processor cores, a size of virtualized random access memory (RAM) or other types of memory, a size of virtualized nonvolatile data storage, or a type of virtualized operating system (OS).
FIG. 4 depicts one embodiment of a system 400. The system 400 depicts one example where the remote desktop workspace 202 may include multiple cloud accounts 206(1)-(2). In one embodiment, the DaaS module 112 may attempt to spin up a VM 204. The DaaS module 112 may determine which cloud-computing environment 150(1)-(2) may charge the least amount to execute a VM 204. In response to making that determination, the DaaS module 112 may spin up the VM 204 on that determined cloud-computing environment 150. For example, as depicted in FIG. 4 , the first VM 204(1) may have been spun up on a first cloud-computing environment 150(1) using a first cloud account 206(1). The first VM 204(1) may include two remote desktop sessions executing on it. The DaaS module 112 may need to execute a third remote desktop session (for example, as part of an autoscaling process of a pooled workspace type of the remote desktop workspace 202). The DaaS module 112 may determine (e.g., using an application programming interface (API) of each of the cloud-computing environments 150(1)-(2)) which of the two cloud-computing environments 150(1)-(2) would cost the least to spin up the additional VM 204(2). In response to the DaaS Module 112 determining the more cost-efficient option is the second cloud-computing environment 150(2), the DaaS module 112 may use the second cloud account 206(2) to spin up the VM 204(2) and execute the third remote desktop session on the VM 204(2). The remote desktop workspace 202 using multiple cloud accounts 206(1)-(2) may be compatible with the server-based implementation (FIG. 2A) or the hybrid implementation (FIG. 2B). The remote desktop workspace 202 using multiple cloud accounts 206(1)-(2) may be compatible with the personal workspace type (FIG. 3A), the shared workspace type (FIG. 3B), or the pooled workspace type.
In one embodiment, an admin user may select one or more users to add to the remote desktop workspace 202. Adding a user to the remote desktop workspace 202 may include configuring the remote desktop workspace 202 such that the user may be able to log into or execute a remote desktop session in the remote desktop workspace 202. In one embodiment, the DaaS module 112 or the remote desktop workspace 202 may permit the user to join the remote desktop session. Permitting the user to join the remote desktop session may include the user logging into or executing the remote desktop session.
FIG. 5 depicts one embodiment of a method 500. The method 500 may include a computer-implemented method for cloud desktop-as-a-service administration. The method 500 may include receiving 502, at a server, workspace-type selection data from a first user logged into the server on a first user device. The method 500 may include receiving 504, at the server, workspace configuration selection data from the first user. The method 500 may include generating 506, on the server, a remote desktop workspace. The remote desktop workspace may include a number of remote desktop sessions. The number of remote desktop sessions may be based on the workspace-type selection data. Each remote desktop session may include a virtualized hardware configuration based on the workspace configuration selection data. The method 500 may include receiving 508, at the server, user data from a second user device. The user data may include a request for a second user to join a remote desktop session of the remote desktop workspace. The method 500 may include permitting 510 the second user to join the remote desktop session.
In one embodiment, the DaaS module 112 may perform one or more of the steps of the method 500. The server of the method 500 may include the server 110. The first user may include an admin user. The first user device may include a computing device, such as a computing device 132 of the customer network 130. The remote desktop workspace of the method 500 may include the remote desktop workspace 202. A remote desktop session of the method 500 may include a remote desktop session discussed above in relation to FIG. 2A, FIG. 2B, FIG. 3A, FIG. 3B, or FIG. 4 . The second user may include a standard user, and the second user device may include a computing device 132.
In one embodiment, generating 506 the remote desktop session of the remote desktop workspace may include generating the remote desktop session in the cloud-computing environment 150. The cloud-computing environment 150 may include a cloud-computing environment external to the server 110.
FIGS. 6A-B depict one embodiment of a method 600. The method 600 may include a computer-implemented method for on-premises desktop-as-a-service administration. The method 600 may include receiving 602, at a first server, cloud account data from a first user logged into the first server on a first user device. The method 600 may include receiving 604, at the first server, workspace-type selection data from the first user. The method 600 may include receiving 606, at the first server, workspace configuration selection data from the first user. The method 600 may include generating 608, on a second server, a remote desktop workspace. The remote desktop workspace may include a number of remote desktop sessions. The number of remote desktop sessions may be based on the workspace-type selection data. Each remote desktop session may include a virtualized hardware configuration based on the workspace configuration selection data. The method may include receiving 610, at the second server, user data from a second user device. The user data may include a request for a second user to join a remote desktop session of the remote desktop workspace. The method may include permitting 612 the second user to join the remote desktop session.
In one embodiment, the DaaS module 112 may perform one or more of the steps of the method 600. The first server of the method 600 may include the server 110. The second server may include a server of the customer network 130. The cloud account data may include data based on the cloud account 206. The first user may include an admin user. The first user device may include a computing device, such as a computing device 132 of the customer network 130. The remote desktop workspace of the method 600 may include the remote desktop workspace 202. The remote desktop workspace 202 may be located on the customer network 130 (for example, as depicted in FIG. 2B). A remote desktop session of the method 500 may include a remote desktop session discussed above in relation to FIG. 2A, FIG. 2B, FIG. 3A, FIG. 3B, or FIG. 4 . The second user may include a standard user, and the second user device may include a computing device 132.
In one embodiment, the method 600 may further include sending, to a cloud-computing environment 150, cloud account authentication data based on the cloud account 206 data. The method 600 may further include sending an instruction to execute a remote desktop session of the remote desktop workspace 202 in the cloud-computing environment 150. This may be similar to the hybrid implementation discussed above in relation to FIG. 2B. The cloud account authentication data may include a username, password, or other authentication data used to log into a cloud computing account on the cloud-computing environment 150.
In some embodiments, an admin user, while configuring a remote desktop workspace 202, may configure the remote desktop session(s) of the remote desktop workspace 202 to enable or disable UBA or RMM capabilities on the remote desktop sessions. This may introduce security during the generation or building of the remote desktop session(s). In one embodiment, the admin user may be able to save the configurations of the remote desktop workspace 202 such that the admin user can quickly replicate the remote desktop workspace 202 multiple times.
In one embodiment, the admin user or a user of a remote desktop session may generate a snapshot of the remote desktop session. A snapshot may include a state or the data of the remote desktop session or the applicable VM 204 at the time the snapshot was taken. The admin user or the remote user may be able to save multiple snapshots using the DaaS module 112. In some embodiments, a snapshot may be saved on the customer network 130, the server 110, or the cloud-computing environment 150.
In one embodiment, an admin user or a standard user may be able to save an image of the remote desktop session. An image of a remote desktop session may include the state and data of the session before a user has effected changes to the session by using the session. In this manner, new copies of the remote desktop session can be quickly replicated to other users. A user may be able to configure an image before executing the image. Configuring the image may include modifying OS or software or hardware configurations of the image.
In one embodiment, an admin user may use the DaaS module 112 to start, stop, restart, or delete a remote desktop workspace 202 or a remote desktop session within a remote desktop workspace 202. The admin user may use the DaaS module 112 to view data related to a remote desktop workspace 202. Such details may include a status of one or more of the remote desktop sessions. The admin user may send a notification to a remote desktop session.

User Behavior Analytics

In one embodiment, the UBA module 114 may allow an admin user to monitor, track, or record data regarding another user's behavior or actions on a computing device. The other user may include a user of the platform provided by the server 110. The other user may include a user of the customer network 130. The other user may include a user of a computing device 132 of the customer network 130. The other user may include a user that has joined a remote desktop session as discussed herein. The UBA module 114 may provide a dashboard to the admin user on a graphical user interface (GUI) of a computing device that the admin is using so that the admin user can view information about the other user's behavior or actions. Such behavior or actions may include the other user's application usage, website usage, email usage, or other computer functionality usage.
The UBA module 114 may also monitor the user's behavior and activity and automatically execute a corrective action in response to the user's behavior or activity conforming to a user behavior rule administered by the UBA module 114. For example, in response to a user attempting to send an email including sensitive information outside of the customer network 130, the UBA module 114 may prevent the user from sending that email.
FIG. 7 depicts one embodiment of a user behavior dashboard 700. The user behavior dashboard may be displayed on a computing device. The computing device may include a computing device 132 of the customer network 130. The computing device 132 may include a computing device being used by an admin user. In one embodiment, the UBA module 114 of the server 110 may send data to the computing device 132, and the computing device 132 may process the received data in order to display the user behavior dashboard 700.
In one embodiment, the user behavior dashboard 700 may include one or more graphical control elements. A graphical control element may include a GUI widget. A GUI widget may include a button, a label, a checkbox, a scroll bar, a drop-down list, a text box, a text area, a container (such as a window, panel, or tab), slider, menu, toolbar, a link, a status bar, or other type of GUI widget. In some embodiments, a graphical control element of the user behavior dashboard 700 may correspond to a user.
One graphical control element of the user behavior dashboard 700 may include a user list 710. The user list 710 may include one or more user elements 712(1)-(4). A user element 712 may correspond to a user of the platform of the server 110. A user element 712 may include data regarding a user of the platform. For example, as depicted in FIG. 7 , a user element 712 may include a user ID 714, a current application 716, or a duration 718 corresponding to a user. The user behavior dashboard 700 may include a history area 720. The history area 720 may include one or more of text, images, graphics, charts, or other data. The user behavior dashboard 700 may include a productivity classification area 730. The productivity classification area 730 may include one or more status bars.
In one embodiment, the user list 710 may include a list of users of the platform. The user list 710 may include a list of users of the platform that belong to the entity that controls the customer network 130. In one embodiment, the user behavior dashboard 700 may include functionality to filter the user list. The user list 710 may filter users by displaying users that are currently logged in, users that a currently using a certain application, users that belong to a certain group of users, or some other filter criteria. In some embodiments, the user behavior dashboard 700 may include functionality to sort the user list (e.g., by user ID 714, an application, a duration 718, or other sorting criteria). In some embodiments, the user list 710 may include a list, a table, or some other manner of organizing one or more user elements 712.
In one embodiment, a user element 712 may include one or more pieces of data for a user. The user element 712 may include a table row, a list element, or some other manner of organizing user data. A user element 712 may correspond to a user. The user element 712 may include a user ID 714. A user ID 714 may include data that identifies a user. A user ID 714 may include a username, a first or last name of the user, or other identifying data.
In some embodiments, the user element 712 may include other data as applicable to the type of user behavior dashboard. For example, as depicted in FIG. 7 , the user behavior dashboard 700 may include a dashboard for displaying user behavior analytics regarding application usage of one or more users. In response, a user element 712 may include data regarding application usage of the corresponding user. For example, as depicted in FIG. 7 , a user element 712 may include a current application 716. The current application 716 may include text data indicating the software application currently being used by the corresponding user. The user element 712 may include a duration 718. The duration 718 may include text data indicating how long the corresponding user has been using the current application 716. In some embodiments, the user element 712 may include other data as applicable to the type of user behavior dashboard.
In one embodiment, the history area 720 may include data regarding past user behavior regarding one or more users. For example, as depicted in FIG. 7 , the history area may include data regarding past application usage for one or more users. The admin user may select one or more users from the user list 710, and the history area 720 may display data regarding the selected users. For example, as depicted in FIG. 7 , the admin user has selected the user element 712(2), and in response, the history area is displaying data regarding the past application usage of the user corresponding to the user element 712(2). In one embodiment, the history area 720 may include one or more charts (as depicted in FIG. 7 ) regarding a user's past user behavior. In some embodiments, the history area may include a list (e.g., a list of applications the corresponding one or more users have used in the past). In some embodiments, the history area 720 may display data regarding user behavior for the past day, the past week, the past month, or some other time period. The time period may be configurable by the admin user.
In some embodiments, the productivity classification area 730 may include one or more boxes that may indicate how much of a user's user behavior falls within a certain productivity classification. A productivity classification may include “productive,” “unproductive,” “unclassified,” or some other classification. The UBA module 114 may classify user behavior into one or more of the productivity classifications. The UBA module 114 may classify the user behavior based on one or more productivity rules. For example, a productivity rule may include that a user's use of a word processing application is classified as “productive.” Another productivity rule may include that a user's use of a game application is classified as “unproductive.” Another productivity rule may include that a user's use of a web browsing application may be classified based on the different websites the user visits (some being “productive,” some being “unproductive,” and others being “unclassified”).
FIG. 8 depicts one embodiment of another user behavior dashboard 800. The user behavior dashboard 800 may display user behavior analytics related to the website usage of one or more users. The user behavior dashboard 800 may include one or more elements included in the user behavior dashboard 700 of FIG. 7 , such as a user list 710 with user elements 712(1)-(n), a history area 720, and a productivity classification area 730. In one embodiment, a user element 712 may include a current website 802. The current website 802 may include text data indicating a website the user is currently using. The text data may include a uniform resource identifier (URI), a uniform resource locator (URL), a title of a webpage, or other data identifying the website. In one embodiment, the history area 720 of the user behavior dashboard 800 may include data associated with past website usage of one or more selected users, which may include one or more charts (as depicted in FIG. 8 ), a list of websites the user has visited in the past, or other website usage data.
FIG. 9 depicts one embodiment of another user behavior dashboard 900. The user behavior dashboard 900 may display user behavior analytics related to the email usage of one or more users. The user behavior dashboard 900 may include one or more elements included in the user behavior dashboard 700 of FIG. 7 or the user behavior dashboard 800 of FIG. 9 , such as a user list 710 with user elements 712(1)-(n), a history or area 720. In one embodiment, a user element 712 may include a recipient 902. The recipient 902 may include text data indicating a recipient of an email sent by the user corresponding to the user element 712. The user element 712 may include a subject 904. The subject 904 may include the subject line of an email sent by the user. The user element 712 may include an attachment(s) 906. The attachment(s) 906 may include data indicating one or more attachments to the email sent by the user. The attachment(s) 906 may include a link to the attachment such that the admin user interacting with the link may allow the admin user to view the relevant attachment. The user element 712 may include a date sent 908. The date sent 908 may include a timestamp of when the email was sent by the user. In one embodiment, the history area 720 may include one or more past emails sent by one or more selected users from the user list 710. A past email may be displayed in the history area as a row of a table (as is depicted in FIG. 9 ). The past email may include similar data to the user elements 712(1)-(n) of the user list 710, such as recipient 902, subject 904, attachment(s) 906, or date sent 908. In some embodiments, the user behavior dashboard 900 may display email usage data for emails sent by users, emails received by users, or other types of emails.
In one embodiment, the UBA module 114 may receive user behavior data. The UBA module 114 may receive the user behavior data from a computing device. The computing device may include a computing device 132 of the customer network 130, a VM 204, a remote desktop session (as discussed herein), or some other computing device. The user behavior data may include data generated by or otherwise associated with a user performing activity on the computing device. User behavior data may include network packet data, keystroke data, kernel monitoring data, data storage read-write data, recorded audio, screen capture images or video, log or audit data, remote desktop data (such as commands transmitted from a remote desktop client to a remote desktop server and vice versa), console commands, or other data. The user behavior data may include user activity from a computing session. The computing session may include a local desktop session, a remote desktop session, or some other type of computing session.
In some embodiments, the UBA module 114 may update a graphical control element of a user behavior dashboard 700, 800, 900. The graphical control element may correspond to a user to which the user behavior data corresponds. The UBA module 114 may update the graphical control element in real time. The UBA modules 114 may update the graphical control element based on the user behavior data. As an example, regarding FIG. 7 , the user corresponding to the user element 712(2) may launch a word processing application on the user's computing device 132(1). In response, the computing device 132(1) may send user behavior data to the UBA module 114 that indicates the user launched the word processing application. The UBA module 114 may receive the user behavior data and send data to the user behavior dashboard 700 of the admin user's computing device 132(2). The user behavior dashboard 700 may update its user element 712(2)'s current application 716 to indicate that the user is currently using a word processing application. The user behavior dashboard 700 may also update the duration 718 based on the data received from the UBA module 114.
In one embodiment, the user activity may include an email. The corresponding user behavior data generated by the email user activity may include email data such as email headers, an email body, or an email attachment. An email header may include a sender email address, a recipient email address, a sent time, a received time, a subject line, or other email header data. The email data may include other data included in an email.
In some embodiments, the user activity may include a file transfer. The corresponding user behavior data generated by the file transfer user activity may include file transfer data such as a source location, a destination location, the data of the transferred file, a size of the file transfer, or other data associated with a file transfer. In one or more embodiments, the user activity may include a video conferencing meeting. The corresponding user behavior data generate by the video conferencing meeting user activity may include video data, audio data, a list of one or more participants of the meeting, or other video conference meeting data.
In some embodiments, the user activity may include an instant message. The corresponding user behavior data generated by the instant message user behavior may include content of the instant message (which may include text, audio, image, or video data), a recipient, a sender, or other instant messaging data. In one embodiment, the user activity may include web browser activity. The corresponding user behavior data may include a URI or URL of a webpage, the content of the webpage (which may include text, audio, image, or video data or may include code executable in a web browser such as a script), an Internet Protocol (IP) address of a webpage, a webpage's header data (such as title of a webpage, mark-up language, a version, or other header data), or other web browser data.
In one embodiment, the user activity may include the user taking a screenshot. The corresponding user behavior data may include image data that may include the screenshot, a timestamp of when the user took the screenshot, one or more software applications displayed in the screenshot, text data indicating the content of the screenshot, or other screenshot data. In some embodiments, the user activity may include a console command. The console command may include a command entered into a system console, root console, or other console of a computing device. The corresponding user behavior data may include the console command, one or more flags, one or more arguments, the output of the execution of the console command, or other console command data. In one embodiment, the user behavior activity may include one or more keystrokes. The corresponding user behavior data may include one or keys, an order of the one or more keystrokes, a timestamp for a keystroke, an application that was in focus when the user performed the keystroke, or other keystroke data.
In some embodiments, the user activity may include a web search. A web search may include a search performed using a web browser, a software application that searches the Internet, or some other web search functionality. The corresponding user behavior data may include the search terms (which may include text, audio, image, or video data), the application used to perform the web search, one or more search results, or other web search data. In one embodiment, the user activity may include a print job. The corresponding user behavior data may include a printer used to perform the print job, the content of the print job (which may include text, image, or other data), or other print job data.
In one embodiment, the UBA module 114 may be configured to record the user activity in a file. For example, the UBA module 114 may record the user behavior data in a file. The file may be stored on the server 110 or in some other location. In some embodiments, the file may include an audit log file, an image file, a video file, or some other type of file. In one embodiment, the user behavior data may be anchored to a blockchain transaction. In this manner, the user behavior data may be immutably and securely stored.
In one embodiment, the UBA module 114 may allow the admin user to view a remote desktop session. In this manner, the display data sent by the VM 204 may be sent to both the admin user's computing device 132(1) and the user's computing device 132(2). The UBA module 114 may record audio, video, or display data to record the remote desktop session. The UBA module 114 may allow the admin user to take over the remote desktop session from the user. In this manner, the admin user may control the remote desktop session while the user may view the session. The admin user may lock the user out of the remote desktop session.
In some embodiments, the UBA module 114 recording video or audio of a user's computing session may include a Virtual Desktop Infrastructure (VDI) session screen recording. The screen recording may be stored as a file and may be playable on a web player. The server 110 may configure the screen recording file with permissions so that only certain users (e.g., admin users) can play or download the file. The video may include associated text, for example, text displayed in the video as part of the recorded computing session or an automatic transcript of audio from the recorded session. The text data may be saved in a separate file or as metadata to the screen recording file.
In one embodiment, the functionality of the UBA module 114 may allow an admin user to keep track of one or more tasks that a user is performing. The UBA 114 may assist in determining which users are being resourceful. The UBA 114 may allow the admin user to designate which users are productive or not. The UBA 114 modules may allow an admin user to determine the typical behavior of its users and determine whether variations from the typical behavior may be indicative of a threat or risky activity. The UBA module 114 may provide information on the applications and files users may access, which can be used to distribute responsibilities and provide bandwidth for future functionality. Additionally or alternatively, the UBA module 114 may track new applications to determine how well they are received and implemented. Users that are active on a regular basis might be targeted to evaluate their experience and provide methods to enhance it. The UBA module 114 may provide information into how well a customer network 130 functions for its users and can be used to measure success.
In one embodiment, the UBA module 114 may include one or more user behavior rules. A user behavior rule may include data that may assist in determining whether user activity conforms to certain criteria, and may include a corrective action to be taken if the user behavior conforms to the criteria.
In some embodiments, the UBA module 114 may receive user behavior data. The user behavior data may include user behavior data from a computing device 132 of a user. The user behavior data may correspond to a user. The user behavior data may include user activity from a computing session executing on the user's computing device 132. The UBA module 114 may determine that the received user activity satisfies the user activity of a user behavior rule. The received user activity satisfying the user activity of the user behavior rule may include the received data conforming to or matching the user activity of the rule. In response to the user behavior data satisfying the user activity of a user behavior rule, the UBA module 114 may send a corrective action command to the user's computing device 132. The correction action command may be configured to cause the user's computing device 132 to execute the corresponding corrective action in the computing session.
In one embodiment, a user behavior rule may include the user behavior activity of the user requesting a webpage from a predetermined website. The predetermined website may include a website that the UBA module 114 has included in a list of prohibited or limited websites. The corrective action corresponding to the user behavior rule may include the UBA 114 preventing delivery of the webpage to the user's computing session.
In one embodiment, a user behavior rule may include the user behavior of the user sending an email. The email may include data indicating that the email includes sensitive, private, or confidential information or attachments. The email may include data indicating that the email includes a large number of attachments or has an attachment with a large file size. The email may include data indicating that the email is destined for an email address outside of the sender's email domain. The corresponding corrective action may include preventing delivery of the email to an email server.
In one embodiment, a user behavior rule may include the user behavior of the user uploading a document that includes sensitive or confidential information to a personal cloud account, and the corrective action may include preventing the upload. A user behavior rule may include the user behavior of the user printing during a predetermined time period (e.g., outside of work hours), and the corresponding corrective action may include preventing the print job from executing. A user behavior rule may include the user behavior of the user printing a document that includes sensitive or confidential information, and the corrective action may include preventing the print job from executing.
A user behavior rule may include the user behavior of the user taking a screenshot or using a snipping tool, and the corrective action may include preventing the saving of the screenshot or closing the snipping tool. A user behavior rule may include the user behavior of the user copying sensitive or confidential data to a virtual clipboard and attempting to paste the copied data into an email or textbox of a website, and the corrective action may include preventing the copying or pasting of the data. A user behavior rule may include the user behavior of the user of transferring a file (e.g., by copying to a virtual clipboard, FTP, or other file transfer methods) to a predetermined location such as a removable data storage, and the corrective action may include preventing the file transfer. In one embodiment, the user behavior rule may include the user behavior of the user attempting to log in at a predetermined time (e.g., outside of working hours), and the corresponding corrective action may include preventing the user from logging in.
In some embodiments, a user behavior rule may include the user behavior of the user failing to comply with regulatory rules such as data privacy legislation or regulations. In some embodiments, the UBA 114 may determine whether certain data is sensitive, confidential, or otherwise private by determining whether the data or a file including the data includes a predetermined tag, flag, or attribute.
In one embodiment, the UBA module 114 may allow an admin user to generate additional user behavior rules to be administered by the UBA module 114.
In one embodiment, the UBA module 114 may monitor a remote desktop session. In some embodiments, the UBA module 114 may be in data communication with a local desktop session of a computing device 132. The computing device 132 may include an application installed on the computing device 132 that may monitor the user activity of the computing device 132 and send user behavior data to the UBA module 114. The installed application may receive the corrective action command from the UBA module 114 and may execute the corrective action command on the computing device 132.
In one embodiment, the UBA module 114 may generate a risk score for a user. The risk score may be based on a number of corrective actions executed on one or more computing sessions of the user. The risk score may be based on a frequency of corrective actions executed regarding the user. The UBA module 114 may alert an admin user (via an email, text message, or an alert on a user behavior dashboard 700, 800, 900) in response to a user trigging a corrective action of a user behavior rule. The user behavior dashboard 700, 800, 900 may display a risk score for a user on the dashboard.
In some embodiments, the UBA module 114 may perform optical character recognition (OCR) on a recorded screen of a user's computing session. The UBA module 114 may save the recognized text for later review or analysis. The UBA module 114 may include search functionality such that the admin user may search for user behavior data, user behavior rules violations, or other user behavior data-related information.
FIG. 10 depicts one embodiment of a method 1000. The method 1000 may include a computer-implemented method for generating computer user behavior analytics. The method 1000 may include storing 1002 one or more user behavior rules. A user behavior rule may include a first user activity and a corrective action. The method 1000 may include receiving 1004, from a first computing device, user behavior data. The user behavior data may include a second user activity from a computing session executing on the first computing device. The method 1000 may include determining 1006 that the first user activity satisfies the second user activity. The method 1000 may include sending 1008 a corrective action command to the first computing device. The corrective action command may be configured to cause the first computing device to execute the corresponding corrective action in the computing session.
In one embodiment, the UBA module 114 may perform one or more of the steps 1002-1008 of the method 1000. The first computing device may include a computing device 132 of a user. The computing session may include a remote desktop session, a local desktop session, or some other type of computing session.
FIG. 11 depicts one embodiment of a method 1100. The method 1100 may include a computer-implemented method for generating computer user behavior analytics. The method 1100 may include displaying 1102, on a first computing device, a user behavior dashboard. The user behavior dashboard may include one or more graphical control elements. A graphical control element may corresponds to a user. The method 1100 may include receiving 1104, from a second computing device, user behavior data. The user behavior data may include user activity from a computing session executing on the second computing device. The user behavior may corresponds to a user. The method 1100 may include updating, in real time and based on the user behavior data, a graphical control element.
In one embodiment, the UBA module 114 may perform one or more of the steps 1202-1106 of the method 1100. The first computing device may include a computing device 132 of an admin user. The user behavior dashboard may include the user behavior dashboard 700, 800, or 900. The graphical control element may include a graphical control element as discussed above. A user as discussed in the method 1100 may include a standard user of the platform. The second computing device may include a computing device 132 of a standard user. The user activity and user behavior data may be similar to the user activity and user behavior data discussed above.

Remote Monitoring and Management

In one embodiment, the RMM module 116 may provide real-time visibility to one or more physical or logical assets of the customer network 130. The RMM module 116 may provide notifications or alerts to admin users to reduce and respond to downtime. The RMM module 114 may keep computing devices secure, up-to-date, or optimized via administering proactive, centralized device management automation. The RMM module 116 may provide secure and efficient access to computing devices 132 with remote support and screen share tools.
In one embodiment, a computing device 132, a remote desktop session, a local desktop session, or some other computing session may include an RMM agent. The RMM agent may include software installed on the computing session. The RMM agent may include a deployable software agent. The RMM agent may act like a driver. The RMM agent may be in data communication with the RMM module 116. In one embodiment, the RMM agent may be installed on a mobile device. The RMM agent may act as a bridge or a bridge connector to the RMM module 116, the server 110, or the cloud-computing environment 150. The RMM agent may manage one or more actions on the computing session.
FIG. 11A depicts one embodiment of a system 1100. The system 1100 may include the server 110 with its RMM module 116, the cloud-computing environment 150 with a VM 204, a customer network 130 with a computing device 132, and a remote desktop workspace 202. The remote desktop workspace 202 may include a RMM agent 1202 installed on the workspace 202. The RMM agent 1202 may be in data communication with the RMM module 116. In other embodiments, the RMM agent 1202 may be installed on the computing device 132 or the VM 204.
In one embodiment, in response to a user logging into a computing session (such as a remote desktop workspace 202), the RMM agent 1202 of the computing session may attempt to authenticate with the RMM module 116. The RMM agent 1202 authenticating with the RMM module 116 may include the RMM agent 1202 sending the RMM module 116 an authentication token. In response to the authentication token data satisfying the authentication data of the RMM module 116, the RMM module 116 may authenticate the RMM agent 1202. In response to the RMM agent 1202 being authenticated, the computing session may have access to certain data. In response to the RMM agent 1202 not being authenticated, the computing session may not have access to that data. The data may include certain storage locations, software applications, websites, or other functionality. The authentication may help in enforcing compliance with data privacy laws or data protection policies, such as policies of the customer network 130. In one embodiment, authentication of the RMM agent 1202 may include an admin user approving the user of the computing session that includes the RMM agent 1202.
In one embodiment, the RMM agent 1202 authentication may include one or more layers. One layer may include a secure socket layer (SSL). Another layer may include a certificate layer. Another layer may include an application, protocol, or other authentication layer, for example, OAuth 2.0. The RMM agent may authenticate against one or more of these authentication layers or authentication models. In some embodiments, a RMM agent 1202 may use a separate and unique token that is unique among other users. A token may include an Advanced Encryption Standard (AES) 256 token. The token may include an SSL certificate. In some embodiments, the token may be changed periodically, rotated periodically, or may be modified periodically in some other way. As an example, a token may expire after 8 hours. In response to the token expiring, the RMM agent 1202 may re-authenticate with the RMM module 116 and acquire a new token.
In one embodiment, the RMM module 116 and the RMM agent 1202 may provide for separate encryption for each computing session. When the computing session accesses data or stores data, the RMM agent 1202 uses one or more keys to decrypt or encrypt the data, and the one or more keys may be different that the key(s) of one or more other RMM agents 1202 of other computing instances. In this manner, even if one computing session becomes comprised, that compromised session will not be able to impact or affect other RMM agents 1202 in the customer network 130 or in communication with the server 110.
In some embodiments, the RMM agent 1202 may manage one or more actions on the computing session. The RMM agent 1202 may receive instructions from the RMM module 116 and carry out the instructions on the computing session. The RMM agent 1202 may capture data or actions on the computing session. The RMM agent 1202 may capture data on the data level or the execution level of the computing session. The RMM agent 1202 may execute functionality on the computing session to enforce one or more policies. The executed functionality may be based on the instructions received from the RMM module 116, the captured data, or the captured actions.
In one embodiment, a policy may include a group of conditions that if satisfied by an applicable user, the RMM agent 1202, the RMM module 116, or some other computing resource of the server 110, cloud-compute environment 150, or the customer network 130 should take a certain action. In some embodiments, a policy may include (1) one or more categories, (2) one or more applicable users, (3) one or more trigger conditions, and (4) one or more actions.
In one embodiment, a category may include a label, and policies with similar trigger conditions may include the same label. For example, one category may include “content sharing.” The “content sharing” category may include trigger conditions where a user is attempting to send a certain type of data to a certain destination. Another category may include “activity.” The “activity” category may include trigger conditions where a user is attempting to perform a certain activity, such as opening a file from a certain location. Another category may include a “schedule” category, where a user may be attempting to perform a certain action during a certain time period. The category may include other types of categories.
The one or more applicable users of a policy may include one or more users of the customer network 130. The applicable users may include one or more users to whom the policy applies. The one or more applicable users may include one or more individual users, the users whose computing session executes on a certain computing device 132 or VM 204 or remote desktop workspace 202, a user group, a domain (e.g., an administrative or network domain), or all users of the customer network 130. In some embodiments, the one or more applicable users may include users from different customer networks. The one or more applicable users may include all users on all customer networks serviced by the server 110.
In certain embodiments, the one or more trigger conditions may include a condition detectable by the RMM agent 1202. A trigger condition may include detecting a certain piece of data. The piece of data may include data in a certain format. The format may include a payment card number, a medical classification code (e.g., an International Classification of Diseases (ICD) code), a government-issued number (e.g., a Social Security number, a driver's license number, a European Union Value Added Tax (EU VAT) number, etc.), an address, or any other type of data. In one embodiment, the RMM agent 1202 may detect the data by determining whether the data matches a regular expression. In some embodiments, the RMM agent 1202 may obtain the data from a data buffer (e.g., a keyboard buffer, a write buffer, a store buffer, or some other type of buffer). The RMM agent 1202 may obtain the data from a location in memory.
The following include data detectable as a trigger condition: an ICD code, a disease name, a drug name, a National Health Service (NHS) number, an EU VAT number, an physical address, a government-issued identifier, a name, a phone number, a payment card number, a DNA profile, or a predetermine text string format.
In one embodiment, the trigger condition may include an activity. An activity may include an action that a user may perform in the computing session. An activity may include a file operation (e.g., create a new file, open a file, read from a file, write to a file, close a file, delete a file, etc.). An activity may include a user using a computing resource (e.g., a local drive, an external drive, etc.). An activity may include a user using a software application. An activity may include a computing session operation (e.g., logging into the session, logging out, shutting down, unlocking the screen, being idle for a predetermined amount of time, connecting an external device, installing a software application, etc.). An activity may include sending data to or receiving data from a Uniform Resource Locator (URL). An activity may include accessing a predetermined website or Internet resource. An activity may include sending data to/receiving data from a certain Transmission Control Protocol (TCP) port.
In one embodiment, the trigger condition may include a time or date value falling within a predetermined time or date range. The time or date value may include the current time or date. For example, a trigger condition may include the user logging onto a computing session after work hours.
In one embodiment, a trigger condition may include a software application that contains certain detected data (as discussed above). The software application may include an email application, an instant messing application, a clipboard, a word processing application, or some other type of application. The trigger condition may relate to a certain portion of the application. For example, a trigger condition may include an outgoing email including a certain piece of text data (while, for example, the same text data in an incoming email would not trigger the condition). In another example, a trigger condition may include a payment card number being visible in a GUI of the application. The RMM agent 1202 may include optical character recognition capabilities that may detect the payment card number, or the RMM agent 1202 may have access to a location in memory where the application GUI data is stored.
In some embodiments, a policy may obtain data used to determine whether a trigger condition has been satisfied from a source external to the computing session of the user. The external source may include a configuration file or configuration database. The data in the external source may have been provided by an admin user. The external source may include information from a data packet sent by the computing device 132 that the user is using to access the computing session. As an example, a policy may include a trigger condition of a user logging into a computing session after working hours. The RMM agent 1202 may obtain the user's working hours from a configuration database, and the working hours may have been inputted by an administrative user (e.g., the user's manager). The RMM agent 1202 may obtain the current time where the user is located by determining the user's current location based on the IP address of the user's computing device 132). This way, even if the user logs onto a computing session from a location that he or she does not usually log in from, the RMM agent 1202 can determine if the user is logging onto the computing session after hours where the user is actually located.
The following include possible trigger conditions: a file access operation, a file open operation, a file read operation, a file write operation, a file close operation, a file delete operation, a file name containing a certain text string or matching a certain name format, a file extension matching a certain file extension, accessing local storage, accessing an external drive, accessing a network host, accessing a cloud provider, an incoming or outgoing email, an incoming email from a certain email address or domain, an outgoing email to a certain email address or domain, an outgoing email not going to a certain email address or domain, an incoming email not coming from a certain email address or domain, an incoming or outgoing instant messenger message, a file upload or download, adding data to the clipboard, a remote host's IP address matching or not containing a certain IP address, a TCP port matching or not matching a certain number, a write operation to a software application, a software application's GUI containing specific data, an executable file's name containing or matching a certain text string, a file including a certain hash, a computing session logon or screen unlock, a computing session logoff or screen lock, and a computing session operation occurring during a certain time period.
In some embodiments, the one or more actions of the policy may include an action that the RMM agent 1202, the computing session, or another resource should take in response to the trigger conditions of the policy being satisfied. An action may include blocking an attempted action by the user (e.g., preventing the user from opening a file). An action may include sending an email to a pre-specified email address (e.g., the email address of an admin user) notifying the recipient of the trigger activity. An action may include displaying a message to the user (e.g., displaying a pop-up message to the user notifying the user that the attempted action is prohibited).
The following include possible actions: displaying a message in a GUI of the computing session, blocking an operation or activity, sending an email to a certain email address.
In one embodiment, the RMM module 116 may provide a GUI for an admin user to create a policy. The GUI may include a location where the admin user can input a category to which the policy will belong. The GUI may include a location where the admin user can select which users the policy will apply to. The GUI may include a location where the admin user can input or select one or more trigger conditions. The GUI may include a location where the admin user can input or select one or more actions. The GUI may include a location where the admin user can input a message for an action or where the admin user can input one or more email addresses for notifications. In some embodiments, the RMM module 116 may provide a GUI where an admin user can activate in deactivate one or more policies.
In some embodiments, the RMM module 116 or RMM agent 1202 may detect one or more operations or activities in one or more computing sessions of one or more users and may automatically recommend using the one or more detected operations or activities as trigger conditions for a new policy. This may allow the system to automatically generate new policies for an organization. The information about the one or more detected operations or activities may be presented to an admin user in a GUI, and the admin user may use a policy generation user interface to generate one or more new policies, which may include selecting one or more actions to be performed in response to the detected operations or activities.
As an example, the RMM module 116 may detect that many users frequently open a web browser and navigate to a personal email webpage. The RMM module 116 may notify an admin user about this activity and may recommend creating a policy. The admin user may create a policy specifying that any user that uses a web browser to navigate to a personal email website is blocked from accessing the website and receives a GUI message stating that the use of personal email is prohibited.
In some embodiments, the RMM module 116 or RMM agent 1202 may include an artificial intelligence (AI) model or a machine learning (ML) model, and the models may performing at least some of the detecting of the operations or activities. The AI or ML models may perform at least some of the recommending. In some embodiments, the ML model may perform data-level inspection. In certain embodiments, the AI model may recommend to an admin user one or more pre-existing policies to activate.
In some embodiments, the RMM module 116 may include a policy configuration engine. The policy configuration engine may present one or more questions to an admin user, and the engine may select one or more pre-existing policies based on the admin user's responses to the questions. In this manner, the policy configuration engine may allow a non-technical admin user to be able to configure one or more policies quickly and efficiently.
The policies of the RMM functionality of the system allows the automation of enforced policies to a specific granularity, whether that granularity is a specific user, a specific computing device 132 or VM 204 or remote desktop workspace 202, a user group, a domain, or even organization-wide. This RMM functionality is unconventional and not well-known in the prior art.
In one embodiment, the RMM module 116 may communicate with the UBA module 114 or a UBA agent installed on a computing session. The UBA agent of the computing session may use the RMM agent 1202 to authenticate with the server 110. Once authenticated, the UBA agent may send user behavior analytics data, such as user behavior data, to the UBA module 114.
In some embodiments, certain users may be approved by an admin user and an additional user. The additional user may include a management user, an officer of an entity, or some other user. In some embodiments, the authentication or approval process may include two-factor authentication.
In one embodiment, the RMM agent 1202 may send data to the RMM module 116 regarding the status, condition, or compliance status of the computing session that the RMM agent 1202 is installed on. A status may include whether the computing session is active, shut down, in sleep mode, whether the screen is locked, or some other status. The status may include one or more applications executing on the computing session. The condition of the computing session may include a version of the OS or other software of the computing session, a computer resource usage, or other condition data. A compliance status may indicate whether the computing session is compliant with a data security policy, a data privacy policy, or some other standard.
In one embodiment, the RMM agent 1202 may send one or more alerts to the RMM module 116. An alert may include data indicating the associated computing session is out of date (e.g., regarding the OS or one or more software applications installed on the session), has experienced an error, is non-functional, or some other type of alert. In some embodiments, the RMM agent 1202 may receive updates from the RMM module 116 (e.g., systems updates, software updates, etc.) and may automatically install the updates. In some embodiments, the RMM agent 1202 may allow an admin user to remote into the associated computing session and allow the admin user to view or control the computing session.
In some embodiments, the RMM module 116 may display data received from the RMM agent 1202 in a dashboard. The dashboard may allow an admin user to view statuses, alerts, etc. associated with computing sessions and to take actions regarding a computing session (e.g., pushing updates to a computing session, restarting a session that has experienced an error, etc.). In one or more embodiments, the RMM agent 1202 may allow for screen session sharing of roles. The RMM agent 1202 may allow for permission-based screen session sharing.
In some embodiments, the system may use a centralized traffic controller so that computing activity or operation traffic (e.g., between the RMM module 116 and RMM agent 1202) stays associated with the customer of the customer network 130. In some embodiments, in a hybrid implementation system (such as the system 250 of FIG. 2B), the RMM agent 1202 may be packaged as an installer package (such as a Microsoft MSI package). The RMM agent 1202 may be installed on the customer network 130 (e.g., in the remote desktop workspace 202 or computing device 132). This may forgo the need to use a containerized architecture.
FIG. 13 depicts one embodiment of a method 1300. The method 1300 may include a computer-implemented method for remote monitoring and management. The method 1300 may include obtaining a monitoring policy (step 1302). The monitoring policy may include data indicating one or more applicable users, one or more trigger conditions, or one or more actions. The method 1300 may include detecting, by an RMM agent 1202 installed in the computing session, one or more conditions satisfying the one or more trigger conditions (step 1304). The method 1300 may include, in response to the detection of the one or more conditions, automatically performing, by the RMM agent 1202, the one or more actions (step 1306). One or more of the steps 1302-1306 of the method 1300 may be performed by components described herein and may include functionality of the components described herein, such as the UBA module 114 or the RMM module 116 or the RMM agent 1202.

Billing

In one embodiment, the sever 110 may include a billing module. The billing module may allow the server owner, which may include a cloud service provider, to manage one or more cloud tenants' business lifecycle. The cloud service provider may purchase one or more products or product licenses and may make those products available for purchase by the cloud service provider's users, customers, distributors, tenants, or another entity. The cloud service provider may have one or more tenants (which may correspond to a customer that operates a customer network 130) which may each resell certain products for use in remote desktop workspaces 202, computing sessions, or other work areas of the system. The products may include software applications (such as an office suite), file share access, cloud storage, infrastructure-as-a-service functionality, add-on licenses, database storage, or other computing products. The billing module may provide a GUI where the cloud service provider can manage such products, licenses, and invoices for the products.
FIG. 14A depicts one embodiment of a GUI 1400 for a billing module. The GUI 1400 may include a table 1402 of products. The table 1402 may display the products that the cloud service provider has purchased for its tenants to use or distribute to customers. The table 1402 may include one or more rows 1404(1)-(n), each corresponding to a purchased product. For each product 1404, the table 1402 may display the name 1406 of the product, its billing type 1408, its billing frequency 1410, and a quantity 1412. The billing type 1408 may include a license or some other billing arrangement. The billing frequency 1410 may include a period of time (e.g., daily, weekly, monthly, yearly), a data amount (e.g., an amount of data used, downloaded, consumed, etc.), or some other billing frequency. The quantity 1412 may include a number of the product purchased by the cloud service provider, a number of the product that the cloud service provider has available, the number of the product that the cloud service provider has sold, or some other quantity. The GUI 1400 may include one or more GUI widgets 1414 that may allow a user to purchase additional products or to export the table to a file.
In some embodiments, a product 1404 may include a description, purchase date, or status (e.g., active, inactive). In response to a user clicking on a product 1404, the GUI 1400 may display information about the product, including number of licenses purchased, number of licenses assigned, subscription ID, subscription status, whether the license autorenews, an initial purchase date, a unit price, an order number, a cloud service provider domain name, or other information.
FIG. 14B depicts one embodiment of a GUI 1430 for a billing module. The GUI 1430 may include an orders table 1432. The orders table 1432 may display orders the cloud service provider has created for its distributors or customers. The orders table 1432 may include one or more orders 1434. For each order 1434, the table 1432 may display information about the order 1434, including an order number 1436, a cloud service provider domain 1438, a quantity 1440, and a total amount 1442. The order number 1436 may include a text string that uniquely identifies the order 1434 from all other orders. The cloud service provider domain 1438 may identify the domain associated with the product. Different tenants of the cloud service provider may use different domains in the cloud service provider's system. The quantity 1440 may indicate how many of the product was purchased in the order 1434. The total amount 1442 may include the total amount paid or payable for the order 1434. In some embodiments, an order 1434 may include a purchase order number, and order date, and order type, the user that created the order, a status of the order, or other information.
FIG. 14C depicts one embodiment of a GUI 1460 for a billing module. The GUI 1460 may include an invoices table 1462. The invoices table 1462 may display invoices from the cloud service provider to its tenants, distributors, customers, etc. for use of the ordered products. The invoices table 1462 may include one or more invoices 1464. For each invoice 1464, the table 1462 may include the invoice number 1466, a billing period 1468, a billing date 1470, and a total amount 1472. The invoice number 1466 may include a text string that uniquely identifies the invoice 1464 among all other invoices. The billing period 1468 may include the time period applicable to the invoice 1464. The billing date 1470 may include the date the invoice was sent to the customer. The total amount 1472 may include the total amount payable for the invoice 1464. The GUI 1460 may include an invoice details section 1474. The GUI 1470 may display the invoice details section 1474 in response to the user clicking on an invoice 1464 of the table 1462. The invoice details section 1474 may display details about the selected invoice 1464, including a product breakdown that shows for which product(s) the customer was charged and the associated amount.
FIG. 15 depicts one embodiment of a GUI 1500. The GUI 1500 may include a GUI for a product marketplace. The GUI 1500 may allow a cloud service provider, tenant, distributor, or customer to purchase additional products to reseller or use. The GUI 1500 may include one or more categories 1502. In response to the user selecting one or more categories 1502, the GUI 1500 may display only products that fall within the selected categories 1502. For example, as depicted in FIG. 15 , the user has selected the “Microsoft” category, and the table 1504 of products is only displaying products whose publisher 1512 is Microsoft.
The product table 1504 may display one or more products 1506 available for purchase. For each product 1506, the table 1504 may display information about the product 1506. The table 1504 may include the product's name 1508, product ID 1510, and publisher 1512. The product ID 1510 may include a text string that identifies the product 1506. In some embodiments, a product 1506 may include multiple implementations 1516, which may be displayed in a sub-table 1516 in response to the user clicking on a product 1506 in the table 1504. A product implementation 1516 may include a specific implementation 1516 of a product 1506 that may be different than another implementations 1516 of the same product 1506. For example, as can be seen in FIG. 15 , the product “Office 365” 1506(2) from the table 1504, and the GUI 1500 may display the table 1516. Each implementation 1516(1)-(3) of the product “Office 365” may be slightly different (e.g., as shown in FIG. 15 , the term 1520 and billing frequency 1522 combinations differ between implementations 1516). For each implementation 1516, the table 1514 may display information about the implementation, including a stock keeping unit (SKU) 1518, a term 1520, a billing frequency 1522, or a price 1524. The SKU 1518 may identify the product 1506 or the implementation 1516. The term 1520 may include the term of the license associated with the product 1506. In some embodiments, a product 1506 may include a description or an item type. An implementation 1516 may include a segment or a quantity.
By using the GUIs 1400-1500 of FIGS. 14A-15 , a cloud service provider may purchase products for use or resale by its tenants, distributors, or customers. The tenants or distributors may use similar GUIs to resell the products to end users that use the tenants' tenancy cloud systems and manage those resold products. In this manner, end-users of the products can purchase such products and the product is automatically added to the seller's billing cycle functionality of the billing module. Thus, an end-user can purchase a product and immediately begin using it without the seller having to go back into a product management GUI and manually activating the product. In some embodiments, the cloud service provider can access a GUI from a distributor's perspective.
In one or more embodiments, the billing module may charge use of a product to a specific subsection of an end-user organization. The billing module may obtain data about users of the organization to determine which subsection to bill. For example, an organization's accounting department sales department may both use a cloud office suite product. The licenses for these products may have been purchased from a distributor of the cloud service provider. Data stored about the different users from the different departments may be stored by the billing module such that the billing module may calculate which licenses are used by which department. The billing module may then automatically generate different invoices for the different departments, even though the different departments' users are using the same product and belong to the same organization.
In some embodiments, the billing module may be logically located between the cloud service provider, tenants, distributors, customers, or end-users and a product's API. The product's API may conventionally be used to perform certain functionality regarding the product, such as managing the subscription to the product or other functionality. In this manner, the cloud service provider, tenants, distributors, customers, or end-users may use only the GUIs 1400-1500 of FIGS. 14A-15 to manage the products instead of using separate API calls to each product. The billing module or other module of the server 110 may convert programming calls from the GUIs to the respective products APIs.
While the making and using of various embodiments of the present disclosure are discussed in detail herein, it should be appreciated that the present disclosure provides many applicable inventive concepts that are embodied in a wide variety of specific contexts. The specific embodiments discussed herein are merely illustrative of specific ways to make and use the disclosure and do not delimit the scope of the disclosure. Those of ordinary skill in the art will recognize numerous equivalents to the specific apparatuses, systems, and methods described herein. Such equivalents are considered to be within the scope of this disclosure and may be covered by the claims.
Furthermore, the described features, structures, or characteristics of the disclosure may be combined in any suitable manner in one or more embodiments. In the description contained herein, numerous specific details are provided, such as examples of programming, software, user selections, hardware, hardware circuits, hardware chips, or the like, to provide understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the disclosure may be practiced without one or more of the specific details, or with other methods, components, materials, apparatuses, devices, systems, and so forth. In other instances, well-known structures, materials, or operations may not be shown or described in detail to avoid obscuring aspects of the disclosure.
These features and advantages of the embodiments will become more fully apparent from the description and appended claims, or may be learned by the practice of embodiments as set forth herein. As will be appreciated by one skilled in the art, aspects of the present disclosure may be embodied as an apparatus, system, method, computer program product, or the like. Accordingly, aspects of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module,” or “system.” Furthermore, aspects of the present disclosure may take the form of a computer program product embodied in one or more computer-readable media having program code embodied thereon.
In some embodiments, a module may be implemented as a hardware circuit comprising custom (very large-scale integration) VLSI circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
Modules may also be implemented in software for execution by various types of processors. An identified module of program code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of program code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network. Where a module or portions of a module are implemented in software, the program code may be stored and/or propagated on in one or more computer-readable media.
In some embodiments, a module may include a smart contract hosted on a blockchain. The functionality of the smart contract may be executed by a node (or peer) of the blockchain network. One or more inputs to the smart contract may be read or detected from one or more transactions stored on or referenced by the blockchain. The smart contract may output data based on the execution of the smart contract as one or more transactions to the blockchain. A smart contract may implement one or more methods or algorithms described herein.
The computer program product may include a computer-readable storage medium (or media) having computer-readable program instructions thereon for causing a processor to carry out aspects of the present disclosure. The computer-readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device. The computer-readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer-readable storage medium may include a portable computer diskette, a random access memory (“RAM”), a read-only memory (“ROM”), an erasable programmable read-only memory (“EPROM” or Flash memory), a static random access memory (“SRAM”), a hard disk drive (“HDD”), a solid state drive, a portable compact disc read-only memory (“CD-ROM”), a digital versatile disk (“DVD”), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing. A computer-readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
Computer-readable program instructions described herein can be downloaded to respective computing/processing devices from a computer-readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network. The network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium within the respective computing/processing device.
Computer-readable program instructions for carrying out operations of the present disclosure may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider). In some embodiments, electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer-readable program instructions by utilizing state information of the computer-readable program instructions to personalize the electronic circuitry, in order to perform aspects of the present disclosure.
Aspects of the present disclosure are described herein with reference to flowchart illustrations or block diagrams of methods, apparatuses, systems, algorithms, or computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, a programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
The computer-readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other device to cause a series of operational steps to be performed on the computer, other programmable apparatus or other device to produce a computer implemented process, such that the instructions which execute on the computer, other programmable apparatus, or other device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The schematic flow chart diagrams included herein are generally set forth as logical flow chart diagrams. As such, the depicted order and labeled steps are indicative of one embodiment of the presented method. Other steps and methods may be conceived that may be equivalent in function, logic, or effect to one or more steps, or portions thereof, of the illustrated method. Additionally, the format and symbols employed are provided to explain the logical steps of the method and are understood not to limit the scope of the method. Although various arrow types and line types may be employed in the flow chart diagrams, they are understood not to limit the scope of the corresponding method. Indeed, some arrows or other connectors may be used to indicate only the logical flow of the method. For instance, an arrow may indicate a waiting or monitoring period of unspecified duration between enumerated steps of the depicted method. Additionally, the order in which a particular method occurs may or may not strictly adhere to the order of the corresponding steps shown.
The schematic flowchart diagrams and/or schematic block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of apparatuses, systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the schematic flowchart diagrams and/or schematic block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions of the program code for implementing the specified logical function(s).
It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the Figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. Other steps and methods may be conceived that are equivalent in function, logic, or effect to one or more blocks, or portions thereof, of the illustrated Figures.
Although various arrow types and line types may be employed in the flowchart and/or block diagrams, they are understood not to limit the scope of the corresponding embodiments. Indeed, some arrows or other connectors may be used to indicate only the logical flow of the depicted embodiment. For instance, an arrow may indicate a waiting or monitoring period of unspecified duration between enumerated steps of the depicted embodiment. It will also be noted that each block of the block diagrams and/or flowchart diagrams, and combinations of blocks in the block diagrams and/or flowchart diagrams, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and program code.
Thus, although there have been described particular embodiments of the present disclosure of a new and useful systems and methods for an enterprise computing platform, it is not intended that such references be construed as limitations upon the scope of this disclosure.

Claims

What is claimed is:

1. A system for remotely monitoring and managing a computing session, comprising:

at least one processor; and

a non-transitory computer-readable storage medium storing executable instructions thereon, wherein the at least one processor, in response to executing the executable instructions, is configured to:

obtain a monitoring policy, wherein the monitoring policy includes

data indicating one or more applicable users,

one or more trigger conditions, and

one or more actions,

detect, by a remote monitoring and management (RMM) agent installed in the computing session, one or more conditions satisfying the one or more trigger conditions, and

in response to the detection of the one or more conditions, automatically perform, by the RMM agent, the one or more actions.

2. The system of claim 1, wherein the computing session is a remote desktop session.

3. The system of claim 1, wherein the RMM agent comprises a software application installed on a virtual machine of a cloud-computing environment.

4. The system of claim 1, wherein the RMM agent comprises a software application installed on a computing device of a customer network.

5. The system of claim 1, wherein the data indicating the one or more applicable users includes data indicating at least one of:

an individual user,

one or more users of the computing session, wherein the computing session is executing in a remote desktop workspace,

a user group,

an administrative domain, or

users of a customer network.

6. The system of claim 1, wherein the one or more trigger conditions comprises detecting data in a predetermined data format, wherein the predetermined data format includes at least one of:

a predetermine text string format;

a government-issued identifier; or

a payment card number.

7. The system of claim 1, wherein the one or more trigger conditions comprises a file operation.

8. The system of claim 1, wherein the one or more trigger conditions comprises a user of the computing session using a predetermined software application.

9. The system of claim 1, wherein the one or more trigger conditions comprises a computing session operation.

10. The system of claim 1, wherein the one or more trigger conditions comprises a time or date value falling within a predetermined time or date range.

11. The system of claim 1, wherein the one or more trigger conditions comprises at least one of:

an outgoing email including a predetermined string of text;

an incoming email including the predetermined string of text;

an outgoing instant messenger message including a predetermined string of text; or

an instant messenger message including the predetermined string of text.

12. The system of claim 1, wherein the one or more actions comprises at least one of:

displaying a message in a graphical user interface of the computing session;

blocking an operation or activity; or

sending an email to a predetermined email address.

13. The system of claim 1, wherein the monitoring policy comprises a monitoring policy generated by at least one of:

an artificial intelligence model; or

a machine learning model.

14. A computer-implemented method for remotely monitoring and managing a computing session, comprising:

obtaining a monitoring policy, wherein the monitoring policy includes

data indicating one or more applicable users,

one or more trigger conditions, and

one or more actions,

detecting, by a remote monitoring and management (RMM) agent installed in the computing session, one or more conditions satisfying the one or more trigger conditions, and

in response to the detection of the one or more conditions, automatically performing, by the RMM agent, the one or more actions.

15. The method of claim 14, wherein the one or more trigger conditions comprises a computing session operation.

16. The method of claim 15, wherein the computing session operation includes at least one of:

a logon operation;

a logout operation; or

the computing session idling for a predetermined amount of time.

17. The method of claim 14, wherein the one or more trigger conditions comprises a user of the computing session accessing remote storage.

18. The method of claim 14, wherein the one or more trigger conditions comprises a web browser of the remote computing session navigating to a predetermined website.

19. The method of claim 18, wherein the predetermined website includes an email website.

20. The method of claim 14, wherein obtaining the monitoring policy comprises obtaining the monitoring policy from at least one of:

an artificial intelligence model; or

a machine learning model.