公开(公告)号：US10116592B2

公开(公告)日：2018-10-30

申请号：US15222487

申请日：2016-07-28

Applicant: Amazon Technologies, Inc.

Inventor： Jagwinder Singh Brar ,  Michael David Marr ,  Tyson J. Lamoreaux ,  Mark N. Kelly ,  Justin O. Pietsch

IPC: H04L12/933 ,  H04L12/931

Abstract: Efficient and highly-scalable network solutions are provided that each utilize deployment units based on Clos networks, but in an environment such as a data center of Internet Protocol-based network. Each of the deployment units can include multiple stages of devices, where connections between devices are only made between stages and the deployment units are highly connected. In some embodiments, the level of connectivity between two stages can be reduced, providing available connections to add edge switches and additional host connections while keeping the same number of between-tier connections. In some embodiments, where deployment units (or other network groups) can be used at different levels to connect other deployment units, the edges of the deployment units can be fused to reduce the number of devices per host connection.

公开(公告)号：US10019822B2

公开(公告)日：2018-07-10

申请号：US14530565

申请日：2014-10-31

Applicant: Amazon Technologies, Inc.

Inventor： Matthew D. Klein ,  Michael David Marr

IPC: G06T11/20 ,  H04L12/26 ,  H04L12/24 ,  H04L12/931 ,  H04L12/939 ,  G06F9/455 ,  G06F17/30

CPC classification number: G06T11/206 ,  G06F9/45558 ,  G06F16/9024 ,  G06F16/903 ,  G06F2009/4557 ,  H04L41/065 ,  H04L41/12 ,  H04L43/0811 ,  H04L49/356 ,  H04L49/555 ,  Y04S40/164 ,  Y04S40/166 ,  Y04S40/168

Abstract: Various features are described for generating and analyzing data center topology graphs. The graphs can represent physical placement and connectivity of data center components. In some cases the graphs may include hierarchical representations of data center components and systems, and may also include environmental and operational characteristics of the computing devices and supporting systems which may be included in a data center. In addition, the graphs may be linked to each other though common components, so that data center topology may be analyzed in two or more dimensions rather than a single dimension. The linked graphs may be analyzed to identify potential points of failure and also to identify which data center components may be affected by a failure.

公开(公告)号：US10003597B2

公开(公告)日：2018-06-19

申请号：US14457950

申请日：2014-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Matthew T. Corddry ,  Michael David Marr ,  James R. Hamilton ,  Peter N. DeSantis

IPC: H04L29/06 ,  H04L29/08 ,  G06F9/44

CPC classification number: H04L63/10 ,  G06F9/4401 ,  H04L67/125 ,  H04L67/22

Abstract: In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine.

公开(公告)号：US09686078B1

公开(公告)日：2017-06-20

申请号：US14635923

申请日：2015-03-02

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Pradeep Vincent ,  Matthew T. Corddry ,  James R. Hamilton

IPC: H04L29/06 ,  H04L9/32 ,  G06F9/445 ,  H04L29/08 ,  H04L9/30

CPC classification number: H04L9/3236 ,  G06F8/65 ,  G06F21/00 ,  H04L9/30 ,  H04L63/145 ,  H04L67/34

Abstract: The state of firmware for devices on a provisioned host machine can be validated independent of the host CPU(s) or other components exposed to the user. A port that is not fully exposed or accessible to the user can be used to perform a validation process on firmware without accessing a CPU of the host device. The firmware can be scanned and a hashing or similar algorithm can be used to determine validation information, such as hash values, for the firmware, which can be compared to validation information stored in a secure location. If the current and stored validation information do not match, one or more remedial actions can be taken to address the firmware being in an unknown or unintended state.

公开(公告)号：US09684630B1

公开(公告)日：2017-06-20

申请号：US13706024

申请日：2012-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Nachiketh Rao Potlapally ,  Matthew David Klein

IPC: G06F13/00 ,  G06F15/177 ,  G06F9/455 ,  H04L29/06

CPC classification number: G06F15/177 ,  G06F9/45533 ,  G06F21/57 ,  G06F21/572 ,  H04L63/08

Abstract: Disclosed are various embodiments of a first computing device for obtaining an authentication credential for a cryptographic module of a second computing device. The authentication credential is obtained via a communication session with a module interface of the second computing device. Configuration data is determined for the cryptographic module based at least in part upon the authentication credential. The configuration data is transmitted to the second computing device via the communication session.

公开(公告)号：US09497139B2

公开(公告)日：2016-11-15

申请号：US14709274

申请日：2015-05-11

Applicant: Amazon Technologies, Inc.

Inventor： Matthew D. Klein ,  Michael David Marr

IPC: G06F15/173 ,  H04L12/911 ,  H04L29/08 ,  H04L12/26 ,  H04L12/825 ,  H04L12/70 ,  H04L12/927

CPC classification number: H04L47/783 ,  H04L29/08 ,  H04L43/0894 ,  H04L47/00 ,  H04L47/25 ,  H04L47/808 ,  H04L47/828

Abstract: Methods and apparatus for client-allocatable bandwidth pools are disclosed. A system includes a plurality of resources of a provider network and a resource manager. In response to a determination to accept a bandwidth pool creation request from a client for a resource group, where the resource group comprises a plurality of resources allocated to the client, the resource manager stores an indication of a total network traffic rate limit of the resource group. In response to a bandwidth allocation request from the client to allocate a specified portion of the total network traffic rate limit to a particular resource of the resource group, the resource manager initiates one or more configuration changes to allow network transmissions within one or more network links of the provider network accessible from the particular resource at a rate up to the specified portion.

公开(公告)号：US09471536B1

公开(公告)日：2016-10-18

申请号：US13706779

申请日：2012-12-06

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Anirudh Balachandra Aithal ,  Matthew David Klein

IPC: G06F15/177

CPC classification number: G06F15/177 ,  G06F8/654

Abstract: Systems and methods are described for managing computing resources. In one embodiment, groupings of computer resources having common firmware settings are maintained based on an abstraction firmware framework representing associations between vendor-specific firmware settings and abstracted firmware settings that provide a degree of independence from specific vendor-specific firmware settings. In response to a request for a computer resource with a specified abstracted firmware configuration, it is determined which of the groupings can support the specified abstracted firmware configuration based on at least one criterion for managing the computer resources in accordance with the abstraction firmware framework.

Abstract translation: 描述了管理计算资源的系统和方法。 在一个实施例中，具有公共固件设置的计算机资源的分组基于表示供应商特定固件设置和提供与特定供应商特定固件设置的独立性的抽象固件设置之间的关联的抽象固件框架来维护。 响应于对具有指定的抽象固件配置的计算机资源的请求，根据抽象固件框架，基于用于管理计算机资源的至少一个标准，确定哪个分组可以支持指定的抽象固件配置。

公开(公告)号：US09465652B1

公开(公告)日：2016-10-11

申请号：US14930497

申请日：2015-11-02

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Nachiketh Rao Potlapally

IPC: G06F9/24 ,  G06F15/177 ,  G06F9/48 ,  G06F9/44 ,  H04L9/08 ,  G06F9/445

CPC classification number: G06F9/4812 ,  G06F8/65 ,  G06F8/656 ,  G06F9/4411 ,  G06F9/4418 ,  G06F9/44505 ,  H04L9/0877

Abstract: Techniques for using hardware-based mechanisms for updating computing resources are described herein. At a time after receiving a code update request, one or more hardware-supported system management capabilities of processors within a computing system are invoked at least to interrupt execution of currently running instructions. While the system management capabilities are active and instruction execution is suspended, programmatic routines are updated. After the updates are complete, instruction execution is resumed.

公开(公告)号：US09459805B2

公开(公告)日：2016-10-04

申请号：US15012608

申请日：2016-02-01

Applicant: Amazon Technologies, Inc.

Inventor： Samuel James McKelvie ,  Michael David Marr

IPC: G06F12/02 ,  G06F11/14 ,  G06F3/06 ,  G06F12/00 ,  G06F21/60 ,  G06F11/20 ,  G06F12/14 ,  G06F1/30

CPC classification number: G06F3/0619 ,  G06F1/30 ,  G06F3/0623 ,  G06F3/0646 ,  G06F3/065 ,  G06F3/067 ,  G06F3/0685 ,  G06F11/00 ,  G06F11/1441 ,  G06F11/2015 ,  G06F12/00 ,  G06F12/1408 ,  G06F21/575 ,  G06F21/602 ,  G06F21/79 ,  G06F21/85

Abstract: Approaches for automatically backing up data from volatile memory to persistent storage in the event of a power outage, blackout or other such failure are described. The approaches can be implemented on a computing device that includes a motherboard, central processing unit (CPU) a main power source, volatile memory (e.g., random access memory (RAM)), an alternate power source and circuitry (e.g., a specialized application-specific integrated circuit (ASIC)) for performing the backup of volatile memory to a persistent storage device. In the event of a power failure of the main power source, the alternate power source is configured to supply power to the specialized ASIC for backing up the data in the volatile memory. For example, when power failure is detected, the ASIC can read the data from the DIMM socket using power supplied from the alternate power source and write that data to a persistent storage device.

Abstract translation: 描述在断电，停电或其他此类故障的情况下自动将数据从易失性存储器备份到持久存储器的方法。 这些方法可以在包括主板，中央处理单元（CPU），主电源，易失性存储器（例如随机存取存储器（RAM）），备用电源和电路（例如，专用应用程序 专用集成电路（ASIC）），用于执行对永久存储设备的易失性存储器的备份。 在主电源发生电源故障的情况下，备用电源被配置为向专用ASIC供电以备份易失性存储器中的数据。 例如，当检测到电源故障时，ASIC可以使用从备用电源提供的电源从DIMM插槽读取数据，并将该数据写入持久存储设备。

公开(公告)号：US09456057B2

公开(公告)日：2016-09-27

申请号：US14292532

申请日：2014-05-30

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr

IPC: G06F15/16 ,  H04L29/06 ,  H04L29/08 ,  H04L12/803

CPC classification number: H04L67/1019 ,  H04L47/125 ,  H04L67/1095 ,  H04L67/42

Abstract: Host machines and other devices performing synchronized operations can be dispersed across multiple racks in a data center to provide additional buffer capacity and to reduce the likelihood of congestion. The level of dispersion can depend on factors such as the level of oversubscription, as it can be undesirable in a highly connected network to push excessive host traffic into the aggregation fabric. As oversubscription levels increase, the amount of dispersion can be reduced and two or more host machines can be clustered on a given rack, or otherwise connected through the same edge switch. By clustering a portion of the machines, some of the host traffic can be redirected by the respective edge switch without entering the aggregation fabric. When provisioning hosts for a customer, application, or synchronized operation, for example, the levels of clustering and dispersion can be balanced to minimize the likelihood for congestion throughout the network.

Abstract translation: 执行同步操作的主机和其他设备可以分散在数据中心中的多个机架上，以提供额外的缓冲器容量并减少拥塞的可能性。 分散级别可以取决于诸如超额预订级别的因素，因为在高度连接的网络中可能不希望将过多的主机业务推送到聚合结构中。 随着超额认购水平的增加，可以减少分散量，并且可以将两台或多台主机集群在给定的机架上，或者通过相同的边缘交换机连接。 通过对一部分机器进行聚类，一些主机流量可以由相应的边缘交换机重定向，而不进入聚合结构。 当为客户，应用程序或同步操作配置主机时，可以平衡集群和分散的级别，以最小化整个网络拥塞的可能性。