公开(公告)号：US11503081B1

公开(公告)日：2022-11-15

申请号：US16786868

申请日：2020-02-10

Applicant: Amazon Technologies, Inc.

Inventor： Sriram Venugopal ,  Gary Michael Herndon

IPC: H04L29/06 ,  G06F3/06 ,  G06F9/50 ,  H04L9/40

Abstract: Systems and methods are described for implementing load-dependent encryption mechanism selection in an elastic computing system. The elastic computing system can include a set of host devices configured to implement block storage volumes on behalf of users. Users may desire that such volumes be encrypted prior to storing data. It may be generally preferable for encryption to occur on the same host devices that host the volume, to reduce latency and bandwidth usage needed to encrypt the data. However, encryption of data can utilize significant computational resources, which may not be available on host devices that also have sufficient storage resources to host the volume. The present disclosure describes systems and methods that can account for computational resource availability on host devices, selecting “in-place” encryption only when available resources exist on host devices, and otherwise implementing remote encryption of volume data.

公开(公告)号：US10924275B1

公开(公告)日：2021-02-16

申请号：US16147000

申请日：2018-09-28

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Arvind Chandrasekar ,  Lalit Jain ,  James Pinkerton ,  Marc Stephen Olson ,  Danny Wei ,  Sriram Venugopal

IPC: H04L29/06 ,  H04L9/16 ,  H04L9/08

Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating multiple encrypted block store volumes of data from an unencrypted source. These encryption techniques can use a transform fleet as an intermediary use between the unencrypted source and the encrypted volumes. The transform fleet can obtain data of the volume from one or both of two sources—an object storage “snapshot” a block storage “source volume”—and can then apply the appropriate encryption key for performing the encryption of a particular volume.

公开(公告)号：US10728025B2

公开(公告)日：2020-07-28

申请号：US15952743

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Danny Wei ,  Lalit Jain ,  Varun Verma ,  Oscar Allen Grim Courchaine ,  Kristina Kraemer Brenneman ,  Sriram Venugopal ,  Arvind Chandrasekar

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/14

Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

公开(公告)号：US11861627B1

公开(公告)日：2024-01-02

申请号：US15967263

申请日：2018-04-30

Applicant: Amazon Technologies, Inc.

Inventor： Mitchell Gannon Flaherty ,  Christopher Magee Greenwood ,  Sriram Venugopal ,  Mark Robinson

IPC: G06Q30/0201 ,  G06F9/50

CPC classification number: G06Q30/0201 ,  G06F9/5027

Abstract: A block storage service analyzes customer behaviors as external signals to the health of the block storage service. In one example, using rules set by a customer for a health monitoring service, the block storage service can gain insights into what the customer cares about. The customer rules can then be used to setup internal monitors within the block storage service. If the internal monitors are triggered, the block storage service can proactively correct problems before the customer alarm thresholds are reached. For example, customer volumes can be moved to increase performance characteristics. In some cases, if the customer has too much performance capability, the customer volume can be moved to a less costly alternative.

公开(公告)号：US11502824B2

公开(公告)日：2022-11-15

申请号：US16909814

申请日：2020-06-23

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Danny Wei ,  Lalit Jain ,  Varun Verma ,  Oscar Allen Grim Courchaine ,  Kristina Kraemer Brenneman ,  Sriram Venugopal ,  Arvind Chandrasekar

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/14

Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

公开(公告)号：US20200322138A1

公开(公告)日：2020-10-08

申请号：US16909814

申请日：2020-06-23

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Danny Wei ,  Lalit Jain ,  Varun Verma ,  Oscar Allen Grim Courchaine ,  Kristina Kraemer Brenneman ,  Sriram Venugopal ,  Arvind Chandrasekar

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/14

Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

公开(公告)号：US11262918B1

公开(公告)日：2022-03-01

申请号：US17039872

申请日：2020-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Sriram Venugopal ,  Vivek Ramchandra Kumkar

IPC: G06F3/06 ,  G06F11/30 ,  G06F11/34

Abstract: A data storage system includes multiple data storage devices. A subset of the data storage devices are selected to implement log storages for the data storage system, wherein incoming read and write requests are serviced at the data storage devices implementing the log storages. Data written to a volume stored in the data storage system is initially written to the log storage and subsequently flushed to additional data storage implemented using remaining ones of the data storage devices of the data storage system. A controller monitors wear levels of the data storage devices and initiates a reorganization of which data storage devices implement the log storages and which data storage devices implement the additional storage such that discrepancies in wear between the data storage devices is reduced.

公开(公告)号：US11121981B1

公开(公告)日：2021-09-14

申请号：US16024026

申请日：2018-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Fan Ping ,  Sriram Venugopal ,  Avram Israel Blaszka ,  Divya Ashokkumar Jain ,  James Pinkerton ,  Jianhua Fan

IPC: G06F15/173 ,  H04L12/911 ,  H04L29/08 ,  G06F9/455 ,  G06F9/50 ,  H04L29/06

Abstract: A system that hosts computing resources may implement optimistically granting permission to host computing resources. A request for permission to host a computing resource may be received by a control plane. If the control plane determines that the resource host is the first to request permission to host the resource, then the control plane may store an indication of permission that blocks other resource hosts from obtaining permission to host the computing resource and sending an acknowledgement of permission to the resource host that requested permission.

公开(公告)号：US11048554B1

公开(公告)日：2021-06-29

申请号：US16366868

申请日：2019-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Patrick E. Brennan ,  Mitchell Flaherty ,  Christopher Magee Greenwood ,  Wells Lin ,  Sriram Venugopal ,  Linfeng Yu ,  Yilin Guo ,  Alexander R. Yee ,  Gary Michael Herndon

IPC: G06F9/38 ,  G06F9/54 ,  G06F17/15 ,  G06F9/50 ,  H04L29/08

Abstract: Systems and methods are disclosed for handling requests to create multiple volumes with an expected usage correlation on a block storage service. Rather than handling each request to create a volume independently, embodiments described herein can handle the request in bulk. In one embodiment, the service allows for oversubscription of use on hosts, as well as parallelization of placement decisions, by distributing requests among a set of parallelized placement engines. Each engine can distribute its subset of volumes at least partly randomly among a candidate set of volumes, with the size of the candidate set selected based on a total number of volumes. This distribution mechanism can ensure distribution of volumes without requiring centralized placement of the volumes.

公开(公告)号：US10656869B1

公开(公告)日：2020-05-19

申请号：US16022530

申请日：2018-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Christopher Magee Greenwood ,  Sriram Venugopal ,  Mitchell Gannon Flaherty

IPC: G06F11/30 ,  G06F3/06 ,  G06N20/00

Abstract: A movement system of a block-level data storage service obtains usage information for a data storage volume. The movement system processes the usage information to identify a placement strategy for the data storage volume that is associated with a second operational state for the data storage volume. Based on the placement strategy, the movement system causes a set of servers to perform an operation to implement the second operational state for the data storage volume. As a result of the operation being successfully performed, the movement system provides access to the data storage volume in accordance with the second operational state.