-
公开(公告)号:US20190303190A1
公开(公告)日:2019-10-03
申请号:US16382664
申请日:2019-04-12
Applicant: Amazon Technologies, Inc.
Inventor: Anthony Nicholas Liguori , Matthew Shawn Wilson , Ian Paul Nowland
Abstract: Generally described, the present application relates to systems and methods for the managing virtual machines instances using a physical computing device and an offload device. The offload device can be a separate computing device that includes computing resources (e.g., processor and memory) separate from the computing resources of the physical computing device. The offload device can be connected to the physical computing device via a bus interface. The bus interface can be a high speed, high throughput, low latency interface such as a Peripheral Component Interconnect Express (PCIe) interface. The offload device can be used to offload virtualization and processing of virtual components from the physical computing device, thereby increasing the computing resources available to the virtual machine instances.
-
公开(公告)号:US10382408B1
公开(公告)日:2019-08-13
申请号:US15652864
申请日:2017-07-18
Applicant: Amazon Technologies, Inc.
Inventor: Khaja Ehteshamuddin Ahmed , Diwakar Gupta , Matthew Shawn Wilson
Abstract: Technology for migration of a computing instance is provided. In one example, a method may include receiving instructions to initiate migration of the computing instance from a first host to a second host. A first message for sending to the first host may be generated which includes instructions to send data representing the computing instance to the second host. The first message may further include encryption information for use in deriving at least one key for encrypting communications to the second host from the first host. A second message for sending to the second host may be generated which includes instructions to receive the data representing the computing instance from the first host. The second message may further include information for use in deriving at least one key for decrypting communications from the first host. The first and second messages may be sent to the respective first and second hosts.
-
公开(公告)号:US10282192B1
公开(公告)日:2019-05-07
申请号:US15946566
申请日:2018-04-05
Applicant: Amazon Technologies, Inc.
Inventor: Hani Ayoub , Nafea Bshara , Matthew Shawn Wilson , Clint Joseph Sbisa , Barak Wasserstrom , Brian William Barrett , Ronen Shitrit , Anthony Nicholas Liguori
Abstract: Techniques for updating code of a device may be described. In an example, bus may connect the device to a management entity. The device may run a first version of the code. A second version of the code may be available from memory. The device may access the second version from the memory, stop running the first version of the code, and start running the second version of the code without restarting the management entity or the device.
-
公开(公告)号:US10243739B1
公开(公告)日:2019-03-26
申请号:US14673754
申请日:2015-03-30
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , David R. Richardson , Matthew Shawn Wilson , Ian Paul Nowland , Anthony Nicholas Liguori , Brian William Barrett
IPC: H04L29/06 , H04L9/32 , G06F21/70 , G06F9/4401
Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.
-
公开(公告)号:US20190068379A1
公开(公告)日:2019-02-28
申请号:US16113471
申请日:2018-08-27
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , Matthew Shawn Wilson
Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.
-
Patent Agency Ranking
公开(公告)号:US10216539B2
公开(公告)日:2019-02-26
申请号:US15699693
申请日:2017-09-08
Applicant: Amazon Technologies, Inc.
Inventor: Anthony Nicholas Liguori , Matthew Shawn Wilson , Ian Paul Nowland
Abstract: Generally described, aspects of the present disclosure relate to a live update process of the virtual machine monitor during the operation of the virtual machine instances. An update to a virtual machine monitor can be a difficult process to execute because of the operation of the virtual machine instances. Generally, in order to update the virtual machine monitor, the physical computing device needs to be rebooted, which interrupts operation of the virtual machine instances. The live update process provides for a method of updating the virtual machine monitor without rebooting the physical computing device.
-
公开(公告)号:US10211985B1
公开(公告)日:2019-02-19
申请号:US14673663
申请日:2015-03-30
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , David R. Richardson , Matthew Shawn Wilson , Ian Paul Nowland , Anthony Nicholas Liguori , Brian William Barrett
IPC: H04L9/32
Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.
-
公开(公告)号:US20180013552A1
公开(公告)日:2018-01-11
申请号:US15603317
申请日:2017-05-23
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , David R. Richardson , Matthew Shawn Wilson , Ian Paul Nowland , Anthony Nicholas Liguori , Brian William Barrett
CPC classification number: H04L9/0819 , H04L9/0861 , H04L9/32 , H04L9/3247
Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.
-
公开(公告)号:US20170078204A1
公开(公告)日:2017-03-16
申请号:US15362803
申请日:2016-11-28
Applicant: Amazon Technologies, Inc.
Inventor: Alan Michael Judge , Matthew Shawn Wilson
IPC: H04L12/803 , H04L12/801 , H04L12/813 , H04L12/46
CPC classification number: H04L47/125 , H04L12/4633 , H04L47/11 , H04L47/20
Abstract: Encapsulated packets may be generated for different packets transmitted between a source instance and destination instance in a computer system. The source instance and destination instance may be implemented by different physical hosts linked by multiple network paths. Congestion of the multiple network paths may be determined and path-balancing polices may be implemented in response to the determined congestion. Each encapsulation packet comprises contents of a corresponding packet, and one or more data values selected in accordance with a path-balancing policy. The data values added to one encapsulation packet may differ from those added to another. Different network paths to the destination may be selected for different encapsulation packets of a given transmission based at least in part on the added data values.
Abstract translation: 可以为在计算机系统中的源实例和目的地实例之间传输的不同数据包生成封装的数据包。 源实例和目的实例可以由通过多个网络路径链接的不同物理主机来实现。 可以确定多个网络路径的拥塞,并且可以响应于所确定的拥塞来实现路径平衡策略。 每个封装分组包括相应分组的内容,以及根据路径平衡策略选择的一个或多个数据值。 添加到一个封装数据包的数据值可能与添加到另一封装数据包的数据值不同。 至少部分地基于所添加的数据值,可以为给定传输的不同封装分组选择到目的地的不同网络路径。
-
公开(公告)号:US20170078203A1
公开(公告)日:2017-03-16
申请号:US15362742
申请日:2016-11-28
Applicant: Amazon Technologies, Inc.
Inventor: Alan Michael Judge , Matthew Shawn Wilson
IPC: H04L12/803 , H04L12/813 , H04L12/46 , H04L12/801
CPC classification number: H04L47/125 , H04L12/4633 , H04L47/11 , H04L47/20
Abstract: Encapsulated packets may be generated for different packets transmitted between a source instance and destination instance in a computer system. The source instance and destination instance may be implemented by different physical hosts linked by multiple network paths. Congestion of the multiple network paths may be determined and path-balancing polices may be implemented in response to the determined congestion. Each encapsulation packet comprises contents of a corresponding packet, and one or more data values selected in accordance with a path-balancing policy. The data values added to one encapsulation packet may differ from those added to another. Different network paths to the destination may be selected for different encapsulation packets of a given transmission based at least in part on the added data values.
-
-
-
-
-
-
-
-
-
Search Results
106
records
(took 0.031 seconds)
