公开(公告)号：US10079896B2

公开(公告)日：2018-09-18

申请号：US15353628

申请日：2016-11-16

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Eugene Michael Farrell ,  Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Deepak Suryanarayanan

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/26 ,  G06F9/451 ,  G06F9/48

CPC classification number: H04L67/148 ,  G06F9/452 ,  G06F9/4856 ,  H04L43/08 ,  H04L43/16 ,  H04L67/10 ,  H04L67/1095 ,  H04L67/18

Abstract: It may be determined that a cloud desktop should be migrated from a current region. A destination region to which the cloud desktop will be migrated can be identified. A data volume of the cloud desktop may be copied from the current region to the destination region. The data volume at the current region and the data volume at the destination region may be maintained in sync during the copying. Upon completion of the copying, a current user session associated with the cloud desktop at the current region may be frozen, a current memory and processor state of the current user session may be copied to the destination region, and a second cloud desktop instance at the destination region may be started using the copied data volume and current memory and processor state. The current user session may be connected to the second cloud desktop instance.

公开(公告)号：US20180232517A1

公开(公告)日：2018-08-16

申请号：US15953322

申请日：2018-04-13

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: G06F21/50 ,  G06F9/455 ,  H04L29/08 ,  H04L29/06

CPC classification number: G06F21/50 ,  G06F9/4401 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45591 ,  H04L63/10 ,  H04L63/12 ,  H04L67/10

Abstract: Systems and methods for providing computer system monitoring as a service of a computing resource service provider, monitoring capacity computer system of a customer of the computing resource service provider, and based on the request, launching a monitoring agent in a protected execution environment in which the monitoring agent is configured to generate an assessment of the computer system and provide the assessment of the computer system.

公开(公告)号：US09800559B2

公开(公告)日：2017-10-24

申请号：US15344391

申请日：2016-11-04

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: H04L29/06 ,  H04L12/911 ,  H04L12/24 ,  G06F21/53 ,  G06F21/62 ,  G06F21/64 ,  H04L29/08

CPC classification number: H04L63/0428 ,  G06F21/53 ,  G06F21/6281 ,  G06F21/645 ,  H04L41/50 ,  H04L41/5054 ,  H04L47/70 ,  H04L63/083 ,  H04L67/02

Abstract: Techniques for hosting components of provider services within secure execution environments are described herein. Information associated with a request received at a control plane of a service is received at a secure execution environment and, based at least in part on that information, one or more tasks is determined that may be performed to respond to the request. A task of the one or more tasks is performed within the secure execution environment to generate a response to the request, the response is encrypted within the secure execution environment using a key stored within the secure execution environment and available to a component of a computer system, and the encrypted response is made available.

公开(公告)号：US20170070581A1

公开(公告)日：2017-03-09

申请号：US15353628

申请日：2016-11-16

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Eugene Michael Farrell ,  Erik Jonathon Tellvik ,  Gaurang Pankaj Mehta ,  Deepak Suryanarayanan

IPC: H04L29/08 ,  H04L12/26

CPC classification number: H04L67/148 ,  G06F9/452 ,  G06F9/4856 ,  H04L43/08 ,  H04L43/16 ,  H04L67/10 ,  H04L67/1095 ,  H04L67/18

Abstract: It may be determined that a cloud desktop should be migrated from a current region. A destination region to which the cloud desktop will be migrated can be identified. A data volume of the cloud desktop may be copied from the current region to the destination region. The data volume at the current region and the data volume at the destination region may be maintained in sync during the copying. Upon completion of the copying, a current user session associated with the cloud desktop at the current region may be frozen, a current memory and processor state of the current user session may be copied to the destination region, and a second cloud desktop instance at the destination region may be started using the copied data volume and current memory and processor state. The current user session may be connected to the second cloud desktop instance.

Abstract translation: 可能会确定云桌面应该从当前区域迁移。 可以识别云桌面将迁移到的目的地区域。 可以将云桌面的数据卷从当前区域复制到目的地区域。 在复制期间，当前区域的数据量和目的地区域的数据量可以保持同步。 在完成复制时，与当前区域的云桌面相关联的当前用户会话可能被冻结，当前用户会话的当前存储器和处理器状态可以被复制到目的地区域，并且第二云桌面实例在 可以使用复制的数据量和当前存储器和处理器状态来启动目的地区域。 当前用户会话可能连接到第二个云桌面实例。

公开(公告)号：US09460099B2

公开(公告)日：2016-10-04

申请号：US13675718

申请日：2012-11-13

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas

IPC: G06F12/08 ,  G06F17/30 ,  G06F3/06

CPC classification number: G06F17/30115 ,  G06F3/0605 ,  G06F3/0631 ,  G06F3/0667 ,  G06F3/0685

Abstract: An operating system is configured to receive a request to store an object that does not specify the location at which the object should be stored. The request might also include an optimization factor and one or more object location factors. The operating system might also generate object location factors or retrieve object location factors from one or more external locations. Object location factors might also be utilized that are based upon properties of the object to be stored. Utilizing the object location factors, and the optimization factor if provided, the operating system dynamically selects an appropriate storage tier for storing the object. The tiers might include a local storage tier, a local network storage tier, a remote network storage tier, and other types of storage tiers. The object is then stored on the selected storage tier. The object may be retrieved from the storage tier at a later time.

Abstract translation: 操作系统被配置为接收存储不存储对象的位置的对象的请求。 请求还可以包括优化因素和一个或多个对象位置因素。 操作系统还可以从一个或多个外部位置生成对象位置因子或检索对象位置因子。 还可以使用基于要存储的对象的属性的对象位置因子。 利用对象位置因子和优化因子（如果提供），操作系统动态选择适当的存储层来存储对象。 层可以包括本地存储层，本地网络存储层，远程网络存储层和其他类型的存储层。 然后将对象存储在所选择的存储层上。 可以在稍后的时间从存储层检索对象。

公开(公告)号：US20160286003A1

公开(公告)日：2016-09-29

申请号：US14668543

申请日：2015-03-25

Applicant: Amazon Technologies, Inc.

Inventor： David Pessis ,  Nelamangal Krishnaswamy Srinivas ,  Hakimuddin Hanif ,  Eugene Michael Farrell ,  Deepak Suryanarayanan ,  Varun Verma ,  Erik Jonathon Tellvik ,  Nathan Bartholomew Thomas

IPC: H04L29/06

CPC classification number: H04L67/42 ,  G06F9/45558 ,  G06F9/541 ,  G06F2009/4557 ,  H04L67/08 ,  H04L69/18

Abstract: A method for selecting a communication protocol for a virtual desktop instance in a service provider environment may include providing to a client computing device, access to a virtual desktop instance running on a server computer using a first communication channel associated with a first communication protocol. A request for functionality from a user of the device is detected, the requested functionality being unsupported by the first communication protocol. A second communication protocol from a plurality of available communication protocols may be selecting based on the requested functionality. The second communication protocol may support the requested functionality. A user authorization for using the second communication protocol can be verified. Upon successful verification, a second communication channel is established between the server computer and the device using the second communication protocol for performing the functionality, while maintaining access to the virtual desktop instance using the first communication channel.

Abstract translation: 用于在服务提供商环境中为虚拟桌面实例选择通信协议的方法可以包括向客户端计算设备提供对使用与第一通信协议相关联的第一通信信道在服务器计算机上运行的虚拟桌面实例的访问。 检测到来自设备的用户的功能请求，所请求的功能被第一通信协议不支持。 来自多个可用通信协议的第二通信协议可以基于所请求的功能进行选择。 第二通信协议可以支持所请求的功能。 可以验证用于使用第二通信协议的用户授权。 在成功验证之后，使用第二通信协议在服务器计算机和设备之间建立第二通信信道来执行功能，同时使用第一通信信道保持对虚拟桌面实例的访问。

公开(公告)号：US20160134623A1

公开(公告)日：2016-05-12

申请号：US15001175

申请日：2016-01-19

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/53 ,  G06F21/56 ,  G06F21/575 ,  H04L9/3268 ,  H04L63/062 ,  H04L63/123

Abstract: Techniques for managing secure execution environments provided as a service to computing resource service provider customers are described herein. A request to launch a secure execution environment is received from a customer and fulfilled by launching a secure execution environment on a selected computer system. The secure execution environment is then validated and upon a successful validation, one or more applications are provided to the secure execution environment to be executed within the secure execution environment. As additional requests relating to managing the secure execution environment are received, operations are performed based on the requests.

Abstract translation: 本文描述了用于管理作为服务提供给计算资源服务提供商客户的安全执行环境的技术。 从客户接收到启动安全执行环境的请求，并通过在选定的计算机系统上启动安全执行环境来实现。 然后验证安全执行环境，并且在成功验证之后，将一个或多个应用程序提供给要在安全执行环境中执行的安全执行环境。 当接收到与管理安全执行环境有关的附加请求时，根据请求执行操作。

公开(公告)号：US09246690B1

公开(公告)日：2016-01-26

申请号：US14476569

申请日：2014-09-03

Applicant: Amazon Technologies, Inc.

Inventor： Gregory Branchek Roth ,  Aaron Douglas Dokey ,  Eric Jason Brandwine ,  Nathan Bartholomew Thomas

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0823 ,  G06F21/53 ,  G06F21/56 ,  G06F21/575 ,  H04L9/3268 ,  H04L63/062 ,  H04L63/123

Abstract: Techniques for managing secure execution environments provided as a service to computing resource service provider customers are described herein. A request to launch a secure execution environment is received from a customer and fulfilled by launching a secure execution environment on a selected computer system. The secure execution environment is then validated and upon a successful validation, one or more applications are provided to the secure execution environment to be executed within the secure execution environment. As additional requests relating to managing the secure execution environment are received, operations are performed based on the requests.

Abstract translation: 本文描述了用于管理作为服务提供给计算资源服务提供商客户的安全执行环境的技术。 从客户接收到启动安全执行环境的请求，并通过在选定的计算机系统上启动安全执行环境来实现。 然后验证安全执行环境，并且在成功验证之后，将一个或多个应用程序提供给要在安全执行环境中执行的安全执行环境。 当接收到与管理安全执行环境有关的附加请求时，根据请求执行操作。

公开(公告)号：US20210318895A1

公开(公告)日：2021-10-14

申请号：US17358625

申请日：2021-06-25

Applicant: Amazon Technologies, Inc.

Inventor： Nathan Bartholomew Thomas ,  Varun Verma ,  Deepak Suryanarayanan ,  Ajit Nagendra Padukone ,  Nakul Namdeo Dhande

IPC: G06F9/455 ,  H04L29/08 ,  G06F9/451 ,  G06F9/48 ,  G06F9/50

Abstract: A computing system that provides virtual computing services may generate and manage remote computing sessions between client computing devices and virtual desktop instances hosted on the service provider's network. A computing resource instance manager may monitor connections to and disconnections from a virtual desktop instance during particular time periods, and may apply a resource management policy to determine whether and when to shut down an underlying virtualized computing resource instance following a disconnection (e.g., immediately, after some period of time, or only between certain hours). A storage volume for the virtual desktop instance may be detached during a shutdown. In response to a reconnection request, the virtualized computing resource instance (or another such instance) may be restarted and the storage volume may be reattached. The computing resource instance manager may develop a model for predicting when to shut down or restart an instance based on historical data or machine learning.

公开(公告)号：US10911574B2

公开(公告)日：2021-02-02

申请号：US14668543

申请日：2015-03-25

Applicant: Amazon Technologies, Inc.

Inventor： David Pessis ,  Nelamangal Krishnaswamy Srinivas ,  Hakimuddin Hanif ,  Eugene Michael Farrell ,  Deepak Suryanarayanan ,  Varun Verma ,  Erik Jonathon Tellvik ,  Nathan Bartholomew Thomas

IPC: H04L29/06 ,  G06F9/54 ,  G06F9/455 ,  H04L29/08

Abstract: A method for selecting a communication protocol for a virtual desktop instance in a service provider environment may include providing to a client computing device, access to a virtual desktop instance running on a server computer using a first communication channel associated with a first communication protocol. A request for functionality from a user of the device is detected, the requested functionality being unsupported by the first communication protocol. A second communication protocol from a plurality of available communication protocols may be selecting based on the requested functionality. The second communication protocol may support the requested functionality. A user authorization for using the second communication protocol can be verified. Upon successful verification, a second communication channel is established between the server computer and the device using the second communication protocol for performing the functionality, while maintaining access to the virtual desktop instance using the first communication channel.