-
公开(公告)号:US09369407B2
公开(公告)日:2016-06-14
申请号:US14701256
申请日:2015-04-30
Applicant: Amazon Technologies, Inc.
Inventor: Jagwinder Singh Brar , Michael David Marr , Tyson J. Lamoreaux , Mark N. Kelly , Justin O. Pietsch
IPC: H04L12/933 , H04L12/775
CPC classification number: H04L45/583 , H04L12/66 , H04L49/15 , H04L49/1515 , H04L49/1569 , H04L49/35
Abstract: Efficient and highly-scalable network solutions are provided that each utilize deployment units based on Clos networks, but in an environment such as a data center of Internet Protocol-based network. Each of the deployment units can include multiple stages of devices, where connections between devices are only made between stages and the deployment units are highly connected. In some embodiments, the level of connectivity between two stages can be reduced, providing available connections to add edge switches and additional host connections while keeping the same number of between-tier connections. In some embodiments, where deployment units (or other network groups) can be used at different levels to connect other deployment units, the edges of the deployment units can be fused to reduce the number of devices per host connection.
-
公开(公告)号:US20160070929A1
公开(公告)日:2016-03-10
申请号:US14868006
申请日:2015-09-28
Applicant: Amazon Technologies, Inc.
Inventor: Nachiketh Rao Potlapally , Michael David Marr , Eric Jason Brandwine , Donald Lee Bailey, JR.
IPC: G06F21/64
CPC classification number: G06F21/55 , G06F21/57 , G06F21/602 , G06F21/64 , H04L9/0861 , H04L9/30
Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.
Abstract translation: 描述了在分布式多租户和/或虚拟化计算环境中提供各种安全计算和其他功能的可信计算主机。 可信主机计算设备可以与主机虚拟机的一个或多个主机计算设备进行通信,以提供许多与安全相关的功能,包括但不限于启动固件测量,密码密钥管理,远程验证以及安全和取证 管理。 可信计算主机为环境中的每个主机计算设备维护隔离的分区,并与主机计算设备上的外围卡进行通信,以便提供一个或多个安全功能。
-
13.发明授权公开(公告)号:US09251384B1
公开(公告)日:2016-02-02
申请号:US13788306
申请日:2013-03-07
Applicant: Amazon Technologies, Inc.
Inventor: Nachiketh Rao Potlapally , Michael David Marr
Abstract: A trusted peripheral device can be utilized with an electronic resource, such as a host machine, in order to enable the secured performance of security and remote management in the electronic environment, where various users might be provisioned on, or otherwise have access to, the electronic resource. The peripheral can have a secure channel for communicating with a centralized management system or service, whereby the management service can remotely connect to this trusted peripheral, using a secure and authenticated network connection, in order to run the above-described functionality on the host to which the peripheral is attached.
Abstract translation: 可信赖的外围设备可以与电子资源(例如主机)一起使用,以便能够在电子环境中实现安全性和远程管理的安全性能,其中各种用户可以在其中被设置或以其他方式访问 电子资源 外围设备可以具有用于与集中式管理系统或服务通信的安全信道,由此管理服务可以使用安全且经过认证的网络连接来远程连接到该信任的外围设备,以便在主机上运行上述功能 外围设备连接。
-
公开(公告)号:US09223664B1
公开(公告)日:2015-12-29
申请号:US13867838
申请日:2013-04-22
Applicant: Amazon Technologies, Inc.
CPC classification number: G06F11/2015 , G06F1/30 , G06F11/1441
Abstract: An energy storage device included in a data center environment can supply energy to a set of solid state drives in the data center environment when power failure or another power event has occurred. In some embodiments, there can be a controller for each solid state drive. The controller can be configured to detect or determine the occurrence of the power failure or other power event and, in response, transmit a command to a respective solid state drive instructing the solid state drive to perform a graceful and atomic shutdown operation, so that data stored on the drive is made durable and the drive enters a quiescent state (e.g., sleep mode, hibernate mode, power-off mode, etc.). As such, the energy storage device can provide protection against power events to solid state drives that lack native (e.g., built-in, inherent, etc.) power protection mechanisms.
Abstract translation: 包括在数据中心环境中的能量存储装置可以在发生电源故障或另一个电力事件时向数据中心环境中的一组固态驱动器供电。 在一些实施例中,可以存在用于每个固态驱动器的控制器。 控制器可以被配置为检测或确定电力故障或其他电力事件的发生,并且作为响应,将命令发送到指示固态驱动器执行正常和原子关闭操作的相应固态驱动器,使得数据 存储在驱动器上的驱动器变得耐用,并且驱动器进入静止状态(例如,睡眠模式,休眠模式,关机模式等)。 因此,能量存储装置可以为缺少本机(例如,内置的,固有的等)功率保护机制的固态驱动器提供针对电力事件的保护。
-
公开(公告)号:US09043421B1
公开(公告)日:2015-05-26
申请号:US13839428
申请日:2013-03-15
Applicant: Amazon Technologies, Inc.
Inventor: Aaron Joseph Coon , Michael David Marr
CPC classification number: H04L43/16 , H04L43/0817 , H04L43/0823 , H04L67/10
Abstract: Each server in a server group of a data center can run a data collection agent. The agent can collect data from a respective server in the server group. The data can include a performance characteristic (i.e., performance data) associated with the respective server. If the performance characteristic falls outside an allowable range, the agent can broadcast this information to other agents at other servers in the server group. If the other agents at the other servers in the server group detect a similar performance characteristic outside the allowable range, they can broadcast as well. If there is a sufficiently high quantity of broadcasts, then that can indicate a high likelihood that there is a potential problem with respect to servers in the server group. The problem can be reported to the central controller, which can then handle the problem appropriately (e.g., issue an alarm, contact support technician, etc.).
Abstract translation: 数据中心服务器组中的每个服务器都可以运行数据采集代理。 代理可以从服务器组中的相应服务器收集数据。 数据可以包括与相应服务器相关联的性能特征(即性能数据)。 如果性能特征落在允许范围之外,代理可以将该信息广播到服务器组中其他服务器上的其他代理。 如果服务器组中其他服务器上的其他代理检测到超出允许范围的类似性能特征,则它们也可以广播。 如果存在足够高的广播数量,则可能表明服务器组中的服务器存在潜在的问题。 该问题可以报告给中央控制器,然后中央控制器可以适当地处理该问题(例如,发出报警,联系支持技术人员等)。
-
Patent Agency Ranking
公开(公告)号:US20140351893A1
公开(公告)日:2014-11-27
申请号:US14457950
申请日:2014-08-12
Applicant: Amazon Technologies, Inc.
Inventor: Matthew T. Corddry , Michael David Marr , James R. Hamilton , Peter N. De Santis
IPC: H04L29/06
CPC classification number: H04L63/10 , G06F9/4401 , H04L67/125 , H04L67/22
Abstract: In an environment such as a cloud computing environment where various guests can be provisioned on a host machine or other hardware device, it can be desirable to prevent those users from rebooting or otherwise restarting the machine or other resources using unauthorized information or images that can be obtained from across the network. A cloud manager can cause one or more network switches or other routing or communication processing components to deny communication access between user-accessible ports on a machine or device and the provisioning systems, or other specific network resources, such that the user cannot cause the host machine to pull information from those resources upon a restart or reboot of the machine. Further, various actions can be taken upon a reboot or attempted reboot, such as to isolate the host machine or even power off the specific machine.
Abstract translation: 在诸如云计算环境的环境中,可以在主机或其他硬件设备上配置各种客户端,可能希望防止这些用户重新启动或以其他方式重新启动机器或其他资源,使用未经授权的信息或图像可以 从网络获得。 云管理器可以使一个或多个网络交换机或其他路由或通信处理组件拒绝机器或设备上的用户可访问端口与供应系统或其他特定网络资源之间的通信接入,使得用户不能使主机 机器在重新启动或重新启动机器时从这些资源中提取信息。 此外,可以在重新启动或尝试重新启动时执行各种操作,例如隔离主机或甚至断开特定机器的电源。
-
公开(公告)号:US20140025843A1
公开(公告)日:2014-01-23
申请号:US13963965
申请日:2013-08-09
Applicant: Amazon Technologies, Inc.
Inventor: Michael David Marr , Alan M. Judge , Jagwinder Singh Brar , Tyson J. Lamoreaux , Mark N. Kelly , Daniel T. Cohn
IPC: G06F15/173
CPC classification number: G06F15/173 , H04L12/4625 , H04L49/45
Abstract: The deployment and scaling of a network of electronic devices can be improved by utilizing one or more network transpose boxes. Each transpose box can include a number of connectors and a meshing useful for implementing a specific network topology. When connecting devices of different tiers in the network, each device need only be connected to at least one of the connectors on the transpose box. The meshing of the transpose box can cause each device to be connected to any or all of the devices in the other tier as dictated by the network topology. When changing network topologies or scaling the network, additional devices can be added to available connectors on an existing transpose box, or new or additional transpose boxes can be deployed in order to handle the change with minimal cabling effort.
Abstract translation: 可以通过利用一个或多个网络转置盒来改进电子设备网络的部署和缩放。 每个转置盒可以包括多个连接器和用于实现特定网络拓扑的网格。 当连接网络中不同层的设备时,每个设备只需要连接到转置盒上的至少一个连接器。 转置框的网格划分可以使每个设备连接到由网络拓扑所指定的另一层中的任何或所有设备。 当更改网络拓扑或扩展网络时,可以将其他设备添加到现有转置盒上的可用连接器中,也可以部署新的或附加的转置盒,以便以最少的布线工作来处理更改。
-
公开(公告)号:US11422839B2
公开(公告)日:2022-08-23
申请号:US17303948
申请日:2021-06-10
Applicant: Amazon Technologies, Inc.
Inventor: Matthew D. Klein , Michael David Marr , Samuel J. McKelvie
IPC: G06F15/173 , G06F9/455
Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.
-
公开(公告)号:US11036529B2
公开(公告)日:2021-06-15
申请号:US16788879
申请日:2020-02-12
Applicant: Amazon Technologies, Inc.
Inventor: Matthew D. Klein , Michael David Marr , Samuel J. McKelvie
IPC: G06F15/173 , G06F9/455
Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.
-
公开(公告)号:US10579405B1
公开(公告)日:2020-03-03
申请号:US13799134
申请日:2013-03-13
Applicant: Amazon Technologies, Inc.
Inventor: Nachiketh Rao Potlapally , Michael David Marr
Abstract: A processor on a host machine can concurrently operate a standard virtual machine manager (VMM) and a security VMM (SVMM), where the SVMM has a higher privilege level and manages access to a hardware TPM or other trusted source on the host machine. Such a configuration prevents a compromised VMM from gaining access to secrets stored in the hardware TPM. The SVMM can create a virtual TPM (vTPM) for each guest VM, and can seal information in each vTPM to the hardware TPM. A guest VM or the standard VMM can access information in the corresponding vTPM only through the corresponding SVMM. Such an approach enables the host to securely implement critical security functionality that can be exposed to customers, and provides protection against leakage of customer secrets in case of a security compromise.
-
-
-
-
-
-
-
-
-
Search Results
125
records
(took 0.022 seconds)
