公开(公告)号：US20190196843A1

公开(公告)日：2019-06-27

申请号：US16289384

申请日：2019-02-28

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Rachit Chawla ,  Jeremy Ryan Volkman ,  Michael David Marr

IPC: G06F9/4401 ,  G06F11/14 ,  G06F21/57

CPC classification number: G06F9/4401 ,  G06F9/4406 ,  G06F11/1417 ,  G06F11/1446 ,  G06F21/575

Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.

公开(公告)号：US10243790B2

公开(公告)日：2019-03-26

申请号：US15235589

申请日：2016-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Richard H. Galliher, III ,  Justin O. Pietsch ,  Frederick David Sinn ,  Mark N. Kelly ,  Colin J. Whittaker ,  Rachit Chawla ,  Richendra Khanna

IPC: G06F15/177 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  H04L12/933

Abstract: A dynamic configuration system can manage and configure switches or other network devices that come online in a network. When the dynamic configuration system determines that a network device has come online, the dynamic configuration system can identify the network device (e.g., based on its network location, neighbors, fingerprint, identifier, address or the like), select the appropriate configuration data for the network based on the desired network topology, and transmit the configuration data to the network device. The network device can then load the configuration data and function as a component of the desired network topology.

公开(公告)号：US09992064B1

公开(公告)日：2018-06-05

申请号：US14683487

申请日：2015-04-10

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Chawla ,  Christopher John Rose ,  Jeremy Ryan Volkman ,  Mayilan Balachandran ,  Christopher Edward Folger ,  Kenneth Oliver Henderson, Jr. ,  Dmytro Taran ,  Abhoy Bhaktwatsalam ,  Justin Oliver Pietsch

IPC: G06F15/173 ,  H04L12/24

CPC classification number: H04L41/082 ,  H04L41/0816

Abstract: The following description is directed to configuring network devices. In one example, at a network device deployment pipeline, a request can be received from a non-integrated configuration tool to configure a network device of a network. The configuration of the network device can be scheduled so that both an integrated configuration tool of the network device deployment pipeline and the non-integrated configuration tool can configure the network.

公开(公告)号：US09893940B1

公开(公告)日：2018-02-13

申请号：US14721925

申请日：2015-05-26

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Chawla ,  Mayilan Balachandran ,  Jeremy Ryan Volkman ,  Christopher John Rose ,  Kenneth Oliver Henderson, Jr. ,  Muralidhar Koka ,  Abhoy Bhaktwatsalam

IPC: G06F15/177 ,  H04L12/24 ,  G06F17/30 ,  H04L12/911 ,  H04L12/703 ,  G06F9/445

CPC classification number: H04L41/082 ,  G06F9/445 ,  G06F17/30914 ,  H04L41/00 ,  H04L41/0816 ,  H04L45/28 ,  H04L47/822

Abstract: The following description is directed to topologically aware network device configuration. In one example, components to be configured within a network can be mapped to one or more redundancy groups within a network topology of the network. The components to be configured can be selectively configured within the network so that network traffic continues during the configuration. Selectively configuring the components can include choosing an order to configure the components based on configuration rules and the mapping of the components to the one or more redundancy groups.

公开(公告)号：US09619238B2

公开(公告)日：2017-04-11

申请号：US13863296

申请日：2013-04-15

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Rachit Chawla ,  Jeremy Ryan Volkman ,  Michael David Marr

IPC: G06F9/44 ,  G06F21/57 ,  G06F11/14

CPC classification number: G06F9/4401 ,  G06F9/4406 ,  G06F11/1417 ,  G06F11/1446 ,  G06F21/575

Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.

公开(公告)号：US09594638B2

公开(公告)日：2017-03-14

申请号：US13862923

申请日：2013-04-15

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Rachit Chawla ,  Jeremy Ryan Volkman ,  Michael David Marr

IPC: G06F11/00 ,  G06F11/14 ,  G06F21/57

CPC classification number: G06F11/1417 ,  G06F21/57

Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.

Abstract translation: 描述了使主计算设备能够存储用于在主计算设备上的安全存储（诸如可信平台模块（TPM））中恢复主计算设备的状态的凭证和其他安全信息的方法。 在主机计算设备发生故障（例如断电，网络故障等）时，主机计算设备可以从安全存储中获得必要的凭证，并使用这些凭据来启动各种服务，恢复状态 的主机，并执行各种其他功能。 此外，安全存储（例如，TPM）可以将主机计算设备的引导固件测量和远程认证提供给网络上的其他设备，例如当恢复的主机需要与网络上的其他设备进行通信时。

公开(公告)号：US20160352569A1

公开(公告)日：2016-12-01

申请号：US15235589

申请日：2016-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Richard H. Galliher, III ,  Justin O. Pietsch ,  Frederick David Sinn ,  Mark N. Kelly ,  Colin J. Whittaker ,  Rachit Chawla ,  Richendra Khanna

IPC: H04L12/24

CPC classification number: H04L41/0813 ,  H04L29/06 ,  H04L29/08072 ,  H04L41/0806 ,  H04L41/0886 ,  H04L41/0893 ,  H04L41/12 ,  H04L49/1515 ,  H04L67/34

Abstract: A dynamic configuration system can manage and configure switches or other network devices that come online in a network. When the dynamic configuration system determines that a network device has come online, the dynamic configuration system can identify the network device (e.g., based on its network location, neighbors, fingerprint, identifier, address or the like), select the appropriate configuration data for the network based on the desired network topology, and transmit the configuration data to the network device. The network device can then load the configuration data and function as a component of the desired network topology.

Abstract translation: 动态配置系统可以管理和配置网络中联机的交换机或其他网络设备。 当动态配置系统确定网络设备已经上线时，动态配置系统可以识别网络设备（例如，基于其网络位置，邻居，指纹，标识符，地址等），选择适当的配置数据 基于所需网络拓扑的网络，并将配置数据发送到网络设备。 网络设备然后可以加载配置数据并且作为所需网络拓扑的组成部分。

公开(公告)号：US09419856B1

公开(公告)日：2016-08-16

申请号：US14557165

申请日：2014-12-01

Applicant: Amazon Technologies, Inc.

Inventor： Rachit Chawla ,  Christopher John Rose ,  Jeremy Ryan Volkman ,  Mayilan Balachandran ,  Justin Oliver Pietsch ,  Abhoy Bhaktwatsalam

IPC: H04L12/28 ,  H04L12/24

CPC classification number: H04L41/0866 ,  H04L41/082

Abstract: The following description is directed to configuring network devices. In one example, a deployed configuration for a network device can be collected. The deployed configuration can be representative of a state of the network device at the time of collection. A difference can be detected between the deployed configuration and an authoritative configuration for the network device. In response to detecting the difference, an update of the network device according to the authoritative configuration for the network device can be scheduled.

Abstract translation: 以下描述涉及配置网络设备。 在一个示例中，可以收集网络设备的部署配置。 所部署的配置可以代表在收集时网络设备的状态。 在部署的配置和网络设备的权威配置之间可以检测到差异。 响应于检测到差异，可以调度根据网络设备的权威配置的网络设备的更新。