公开(公告)号：US20180336059A1

公开(公告)日：2018-11-22

申请号：US16049508

申请日：2018-07-30

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Salman Aftab Paracha ,  Varun Verma

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/5061 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45595 ,  G06F2209/5011

Abstract: Methods, systems, and computer-readable media for management of virtual desktop instance pools are disclosed. A plurality of virtual desktop instances are provisioned in a pool for a client organization. The number of virtual desktop instances does not exceed a number of virtual desktop slots for the client organization. To a first client device associated with a first user, access is provided to a particular virtual desktop instance based (at least in part) on a determination that a current number of connected virtual desktop instances is less than the number. To a second client device associated with a second user, access is denied to the plurality of virtual desktop instances based (at least in part) on a determination that a current number of connected virtual desktop instances meets the number.

公开(公告)号：US10037221B2

公开(公告)日：2018-07-31

申请号：US14981587

申请日：2015-12-28

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Salman Aftab Paracha ,  Varun Verma

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/5061 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45595 ,  G06F2209/5011

Abstract: Methods, systems, and computer-readable media for management of virtual desktop instance pools are disclosed. A plurality of virtual desktop instances are provisioned in a pool for a client organization. The number of virtual desktop instances does not exceed a number of virtual desktop slots for the client organization. To a first client device associated with a first user, access is provided to a particular virtual desktop instance based (at least in part) on a determination that a current number of connected virtual desktop instances is less than the number. To a second client device associated with a second user, access is denied to the plurality of virtual desktop instances based (at least in part) on a determination that a current number of connected virtual desktop instances meets the number.

公开(公告)号：US09954933B2

公开(公告)日：2018-04-24

申请号：US14502041

申请日：2014-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Eugene Michael Farrell ,  Erik Jonathon Tellvik ,  Deepak Suryanarayanan

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/24 ,  G06F9/48 ,  G06F9/50

CPC classification number: H04L67/10 ,  G06F9/485 ,  G06F9/5077 ,  H04L41/22

Abstract: A schedule may be determined. The schedule may include a shutdown time and a startup time. At the shutdown time, user data for a first virtual desktop instance for a virtual desktop may be saved and the first virtual desktop instance may be shut down. At the startup time, a second virtual desktop instance for the virtual desktop may be started up with the saved user data. The shutdown and startup of a virtual desktop instance may be based on rules or logic for an individual or an organization.

公开(公告)号：US09584517B1

公开(公告)日：2017-02-28

申请号：US14476532

申请日：2014-09-03

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/60

CPC classification number: H04L63/10 ,  G06F21/53 ,  G06F21/602 ,  G06F21/6209 ,  H04L63/0442 ,  H04L67/34

Abstract: Methods and systems for instantiating an enclave according to a request, the enclave being instantiated at a determined location of a set of locations in a computing environment of a computing resource service provider hosting a set of computing resources. The enclave further being instantiated with executable code specified by a customer for processing network traffic in accordance with the executable code in a computing environment.

Abstract translation: 用于根据请求实例化飞地的方法和系统，该飞地在承载一组计算资源的计算资源服务提供商的计算环境中的一组位置的确定位置处被实例化。 该飞地还进一步用客户指定的可执行代码实例化，以便根据计算环境中的可执行代码处理网络流量。

公开(公告)号：US20170054696A1

公开(公告)日：2017-02-23

申请号：US15344391

申请日：2016-11-04

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: H04L29/06 ,  G06F21/62 ,  H04L29/08 ,  G06F21/64

CPC classification number: H04L63/0428 ,  G06F21/53 ,  G06F21/6281 ,  G06F21/645 ,  H04L41/50 ,  H04L41/5054 ,  H04L47/70 ,  H04L63/083 ,  H04L67/02

Abstract: Techniques for hosting components of provider services within secure execution environments are described herein. Information associated with a request received at a control plane of a service is received at a secure execution environment and, based at least in part on that information, one or more tasks is determined that may be performed to respond to the request. A task of the one or more tasks is performed within the secure execution environment to generate a response to the request, the response is encrypted within the secure execution environment using a key stored within the secure execution environment and available to a component of a computer system, and the encrypted response is made available.

Abstract translation: 本文描述了在安全执行环境中托管提供商服务的组件的技术。 在安全执行环境中接收与在服务的控制平面处接收到的请求相关联的信息，并且至少部分地基于该信息确定可以执行的一个或多个任务来响应该请求。 在安全执行环境中执行一个或多个任务的任务以产生对请求的响应，使用存储在安全执行环境内的密钥在安全执行环境内对响应进行加密，并且可用于计算机系统的组件 ，并且加密的响应是可用的。

公开(公告)号：US09491111B1

公开(公告)日：2016-11-08

申请号：US14476468

申请日：2014-09-03

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: H04L29/06 ,  H04L12/911 ,  H04L12/24

CPC classification number: H04L63/0428 ,  G06F21/53 ,  G06F21/6281 ,  G06F21/645 ,  H04L41/50 ,  H04L41/5054 ,  H04L47/70 ,  H04L63/083 ,  H04L67/02

Abstract: Techniques for securely instantiating control plane components of provider services, at least a portion of which are instantiated within secure execution environments, are described herein. A request to instantiate the control plane of a service provided by a computing resource service provider is fulfilled by selecting a target computer system. The target computer system is selected based at least in part on the hardware capabilities of the target computer system. The control plane is then instantiated within a secure execution environment operating on the target computer system.

Abstract translation: 这里描述了用于安全地实例化提供者服务的控制平面组件的技术，其至少一部分在安全执行环境中被实例化。 通过选择目标计算机系统来实现实例化由计算资源服务提供商提供的服务的控制平面的请求。 至少部分地基于目标计算机系统的硬件能力来选择目标计算机系统。 然后在运行在目标计算机系统上的安全执行环境中实例化控制平面。

公开(公告)号：US11190504B1

公开(公告)日：2021-11-30

申请号：US15598185

申请日：2017-05-17

Applicant: Amazon Technologies, Inc.

Inventor： Malcolm Russell Ah Kun ,  Uday Bheema ,  Ankur Goyal ,  Chao Li ,  Alexey A. Nikitin ,  Himesh Pandya ,  Prasanna Subash ,  Zhenghong Sun ,  Nathan Bartholomew Thomas ,  Harshit Kumar Tiwari ,  Venkatesh Velaga ,  Lihao Wang ,  Brian Scott Waters ,  Jeffery David Wells ,  Anand Krishnamoorthy

IPC: H04L29/06 ,  H04L9/32

Abstract: A computer server controls access to a hosted service using digital certificates that are requested from each client attempting to access the service. When a particular client accesses the hosted service, the host service requests a digital certificate from the particular client and issues a challenge message. The particular client signs the challenge message and provides a client digital certificate to the hosted service. The hosted service confirms that the signature on the challenge message matches the client digital certificate, and that the client digital certificate is signed by a trusted entity. Trusted entities are defined by an administrator by uploading, to the hosted service, one or more trusted digital certificates associated with a trusted entities. Using the trusted digital certificates, the hosted service confirms that the digital certificate provided by the particular client is signed by at least one of the trusted entities.

公开(公告)号：US20200186580A1

公开(公告)日：2020-06-11

申请号：US16791830

申请日：2020-02-14

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Eugene Michael Farrell ,  Erik Jonathon Tellvik ,  Deepak Suryanarayanan

IPC: H04L29/06 ,  H04L29/08

Abstract: A method and apparatus for dynamic rotation of streaming protocols are disclosed. In the method and apparatus, a first portion of content is streamed to a client device in accordance with a first content delivery protocol. Further, information indicating client device attributes, network conditions or usage conditions is received. A plurality of content delivery protocols including the first content delivery protocol are evaluated based at least in part on the received information to identify a content delivery protocol for streaming the a second portion of the content.

公开(公告)号：US10346618B1

公开(公告)日：2019-07-09

申请号：US15469367

申请日：2017-03-24

Applicant: Amazon Technologies, Inc.

Inventor： Malcolm Russell Ah Kun ,  Anshuk Chakraborty ,  Gopala Krishna Ambareesh ,  Nakul Namdeo Dhande ,  Nathan Bartholomew Thomas ,  Zhenghong Sun ,  Prasanna Subash ,  Salman Aftab Paracha

IPC: G06F21/62 ,  H04L29/06 ,  G06F21/60 ,  H04L9/08 ,  G06F3/06 ,  G06F12/14

Abstract: Virtual workspaces can be provided using shared resources and network-attached storage. A workspace accessed under a customer account has a unique key generated using a combination of a customer master key and an encryption context. The encryption context is specific to the workspace, such as may include a hash of specific values for the workspace. When a new instance is generated, a first data volume is generated using a machine image and data snapshot encrypted under a current encryption key. The snapshot is copied to a new snapshot, and a new encryption key obtained that is based on the customer master key and the current encryption context. The snapshot is used to create a new data volume encrypted under the new encryption key. The new volume is attached to the workspace instance such that data transmitted between the workspace and the new volume is encrypted under the volume-specific encryption key.

公开(公告)号：US10318336B2

公开(公告)日：2019-06-11

申请号：US15953322

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: G06F21/50 ,  H04L29/06 ,  G06F9/455 ,  H04L29/08 ,  G06F9/4401 ,  G06F21/53 ,  G06F21/57

Abstract: Systems and methods for providing computer system monitoring as a service of a computing resource service provider, monitoring capacity computer system of a customer of the computing resource service provider, and based on the request, launching a monitoring agent in a protected execution environment in which the monitoring agent is configured to generate an assessment of the computer system and provide the assessment of the computer system.