公开(公告)号：US20160216896A1

公开(公告)日：2016-07-28

申请号：US15090545

申请日：2016-04-04

Applicant: Amazon Technologies, Inc.

Inventor： Swaminathan Sivasubramanian ,  Bradley Eugene Marshall ,  Tate Andrew Certain ,  Nicholas J. Maniscalco

IPC: G06F3/06

CPC classification number: G06F3/065 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/0673 ,  G06F11/1456 ,  G06F2201/815 ,  G06F2201/84

Abstract: A group of computers is configured to implement a block storage service. The block storage service includes a block-level storage for storing data from a set of distinct computing instances for a set of distinct users. An interface is configured to allow the set of distinct users to specify respective destinations for storing backup copies of respective data stored in the block-level storage for the distinct users. At least some of the respective destinations are for different storage systems remote from one another. A backup copy function is provided for creating backup copies of data stored in the block-level storage by the set of distinct computing instances for the set of distinct users. The backup copies are stored in different destination locations specified by respective ones of the plurality of distinct users via the interface.

Abstract translation: 一组计算机被配置为实现块存储服务。 块存储服务包括用于存储来自一组不同用户的一组不同计算实例的数据的块级存储。 接口被配置为允许不同用户组指定用于存储在不同用户的块级存储器中的相应数据的备份副本的相应目的地。 至少一些相应的目的地是用于彼此远离的不同的存储系统。 提供备份复制功能，用于通过用于不同用户组的不同计算实例的集合来创建存储在块级存储器中的数据的备份副本。 备份副本通过接口存储在由多个不同用户中的相应用户指定的不同目的地位置中。

公开(公告)号：US09305164B1

公开(公告)日：2016-04-05

申请号：US13964506

申请日：2013-08-12

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Swaminathan Sivasubramanian ,  Bradley E. Marshall ,  Tate Andrew Certain

IPC: G06F15/16 ,  G06F9/00 ,  G06F21/55 ,  H04L29/06 ,  G06F15/173

CPC classification number: G06F21/552 ,  G06F11/3006 ,  G06F11/3072 ,  H04L63/1416 ,  H04L63/1441

Abstract: The effects on networking systems of attacks on vulnerabilities, such as vulnerable modules in a webserver, SYN flooding, etc, can be devastating to a network environment. In various embodiments, a first, quick, or inexpensive analysis is performed on incoming network flows. If an intrusion issue or other problem is suspected based on the first, rapid, or an inexpensive analysis, then the flow can be flagged for redirection to another process, virtual machine, or physical computer module that will perform a deeper, more expensive analysis on the network flow. If there are no issues detected in the second, deeper analysis, then the network flow can be forwarded to its intended recipient. If an issue is detected in the second, deeper analysis, then the network flow can be throttled, quarantined, ignored, sent to an un-trusted portion of the system, sent for more analysis, or otherwise handled or flagged.

公开(公告)号：US20140226492A1

公开(公告)日：2014-08-14

申请号：US14257312

申请日：2014-04-21

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Swaminathan Sivasubramanian ,  Bradley Eugene Marshall ,  Tate Andrew Certain

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/5019 ,  H04L12/1489 ,  H04L41/5006 ,  H04L41/5009 ,  H04L41/5029 ,  H04L43/04

Abstract: The behavior of multiple users with access to a multi-tenant resource can be monitored and compliance enforced by monitoring state information for each user. The state information can be captured across a level of a network environment, such that any activity across that layer can be monitored and the data aggregated to give a global view of user behavior. If user behavior is determined to fall outside an acceptable range of behavior, any of a number of remedial actions can be taken, which can include notifying the user, billing the user for the inappropriate behavior, or modifying that behavior outside of the control of the user.

Abstract translation: 可以通过监视每个用户的状态信息来监控具有对多租户资源的访问权限的多个用户的行为，并执行合规性。 可以跨网络环境级别捕获状态信息，从而可以监控跨该层的任何活动，并且聚合数据以给出用户行为的全局视图。 如果确定用户行为超出了可接受的行为范围，则可以采取许多补救措施中的任何一种，其可以包括通知用户，为不适当的行为计费用户，或者将该行为修改为在 用户。

公开(公告)号：US20130346480A1

公开(公告)日：2013-12-26

申请号：US13860305

申请日：2013-04-10

Applicant: Amazon Technologies, Inc.

Inventor： Tate Andrew Certain ,  Sachin Jain ,  James R. Hamilton ,  Fiorenzo Cattaneo ,  Danny Wei ,  David Nolan Sunderland

IPC: G06F15/167

CPC classification number: G06F15/167 ,  G06F9/52 ,  G06F17/30171 ,  H04L67/1097

Abstract: Techniques, including systems and methods, for capturing data sets include performing a client-side two-phase commit to ensure one or more data consistency conditions. A logical volume may represent a data set that is distributed among a plurality of physical storage devices. One or more client devices are instructed to block at least acknowledgment of write operations. When the one or more client devices have blocked at least acknowledgment of write operations, one or more servers in communication with the physical storage devices are instructed to capture corresponding portions of the data set. When the servers have been instructed to capture corresponding portions of the data set, the client devices are instructed to resume at least acknowledgment of write operations.

Abstract translation: 用于捕获数据集的技术（包括系统和方法）包括执行客户端两阶段提交以确保一个或多个数据一致性条件。 逻辑卷可以表示分布在多个物理存储设备之间的数据集。 指示一个或多个客户端设备至少阻止写入操作的确认。 当一个或多个客户端设备至少阻止写操作的确认时，指示与物理存储设备通信的一个或多个服务器捕获数据集的相应部分。 当指示服务器捕获数据集的相应部分时，指示客户端设备至少恢复写入操作的确认。

公开(公告)号：US20230384948A1

公开(公告)日：2023-11-30

申请号：US18447235

申请日：2023-08-09

Applicant: Amazon Technologies, Inc.

Inventor： Roland Paterson-Jones ,  Peter N. DeSantis ,  Atle Normann Jorgensen ,  Matthew S. Garman ,  Tate Andrew Certain

IPC: G06F3/06 ,  G06F11/20 ,  G06F16/10

CPC classification number: G06F3/0619 ,  G06F11/2046 ,  G06F16/10 ,  G06F3/065 ,  G06F3/067 ,  G06F3/0665

Abstract: Techniques are described for managing access of executing programs to non-local block data storage. In some situations, a block data storage service uses multiple server storage systems to reliably store network-accessible block data storage volumes that may be used by programs executing on other physical computing systems. A group of multiple server block data storage systems that store block data volumes may in some situations be co-located at a data center, and programs that use volumes stored there may execute on other physical computing systems at that data center. If a program using a volume becomes unavailable, another program (e.g., another copy of the same program) may in some situations obtain access to and continue to use the same volume, such as in an automatic manner in some such situations.

公开(公告)号：US11748328B1

公开(公告)日：2023-09-05

申请号：US16714535

申请日：2019-12-13

Applicant: Amazon Technologies, Inc.

Inventor： Tate Andrew Certain

IPC: G06F17/00 ,  G06F16/23 ,  G06F16/22

CPC classification number: G06F16/2343 ,  G06F16/2255 ,  G06F16/2365

Abstract: A distributed database receives a first command and second command sent by a client for processing in the context of a transaction. The distributed database validates the transaction by computing a digest based on signatures of the first and second commands, and comparing the computed digest to a digest received from the client. The transaction is committed upon validation.

公开(公告)号：US11374873B2

公开(公告)日：2022-06-28

申请号：US17104295

申请日：2020-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Tate Andrew Certain ,  Roland Paterson-Jones ,  James R. Hamilton ,  Sachin Jain ,  Matthew S. Garman ,  David N. Sunderland ,  Danny Wei ,  Fiorenzo Cattaneo

IPC: G06F15/173 ,  H04L47/70 ,  G06Q30/02 ,  G06Q30/04 ,  G06Q10/00 ,  H04L67/02 ,  H04L67/10

Abstract: Commitments against various resources can be dynamically adjusted for customers in a shared-resource environment. A customer can provision a data volume with a committed rate of Input/Output Operations Per Second (IOPS) and pay only for that commitment (plus any overage), for example, as well as the amount of storage requested. The customer can subsequently adjust the committed rate of IOPS by submitting an appropriate request, or the rate can be adjusted automatically based on any of a number of criteria. Data volumes for the customer can be migrated, split, or combined in order to provide the adjusted rate. The interaction of the customer with the data volume does not need to change, independent of adjustments in rate or changes in the data volume, other than the rate at which requests are processed.

公开(公告)号：US11314444B1

公开(公告)日：2022-04-26

申请号：US14594965

申请日：2015-01-12

Applicant: Amazon Technologies, Inc.

Inventor： Marc J. Brooker ,  Madhuvanesh Parthasarathy ,  Tate Andrew Certain ,  Kerry Q. Lee

IPC: G06F16/11 ,  G06F16/182 ,  G06F16/176 ,  G06F16/185 ,  G06F16/188 ,  G06F16/21 ,  G06F3/06 ,  G06F21/62 ,  G06F16/13 ,  G06F16/27

Abstract: A storage controller is implemented for controlling a storage system. The storage controller may be implemented using a distributed computer system and may include components for servicing client data requests based on the characteristics of the distributed computer system, the client, or the data requests. The storage controller is scalable independently of the storage system it controls. All components of the storage controller, as well as the client, may be virtual or hardware-based instances of a distributed computer system.

公开(公告)号：US11042503B1

公开(公告)日：2021-06-22

申请号：US15920193

申请日：2018-03-13

Applicant: Amazon Technologies, Inc.

Inventor： Akshat Vig ,  Go Hori ,  Tate Andrew Certain

IPC: G06F16/11 ,  G06F11/14

Abstract: Changes made to a database table are accumulated, in durable storage, and snapshots of partitions of the table are obtained. For successive snapshots of a partition, the system accesses a previous snapshot, applies changes from the accumulated changes, and stores the updated snapshot to a durable data store. The accumulated changes and the successive partition snapshots are made available to restore the database to any point in time across a continuum between successive snapshots. Although each partition of the table may have a backup snapshot that was generated at a time different from when other partition snapshots were generated, changes from respective change logs may be selectively log-applied to distinct partitions of a table to generate an on-demand backup of the entire table at common point-in-time across partitions. Point-in-time restores of a table may rely upon a similar process to coalesce partition snapshots that are not aligned in time.

公开(公告)号：US10855614B2

公开(公告)日：2020-12-01

申请号：US16166929

申请日：2018-10-22

Applicant: Amazon Technologies, Inc.

Inventor： Tate Andrew Certain ,  Roland Paterson-Jones ,  James R Hamilton ,  Sachin Jain ,  Matthew S Garman ,  David N Sunderland ,  Danny Wei ,  Fiorenzo Cattaneo

IPC: G06F15/173 ,  H04L12/911 ,  G06Q30/02 ,  G06Q30/04 ,  G06Q10/00 ,  H04L29/08

Abstract: Commitments against various resources can be dynamically adjusted for customers in a shared-resource environment. A customer can provision a data volume with a committed rate of Input/Output Operations Per Second (IOPS) and pay only for that commitment (plus any overage), for example, as well as the amount of storage requested. The customer can subsequently adjust the committed rate of IOPS by submitting an appropriate request, or the rate can be adjusted automatically based on any of a number of criteria. Data volumes for the customer can be migrated, split, or combined in order to provide the adjusted rate. The interaction of the customer with the data volume does not need to change, independent of adjustments in rate or changes in the data volume, other than the rate at which requests are processed.