公开(公告)号：US10810015B2

公开(公告)日：2020-10-20

申请号：US16289384

申请日：2019-02-28

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Rachit Chawla ,  Jeremy Ryan Volkman ,  Michael David Marr

IPC: G06F11/14 ,  G06F9/4401 ,  G06F21/57

Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.

公开(公告)号：US10564994B2

公开(公告)日：2020-02-18

申请号：US16228223

申请日：2018-12-20

Applicant: Amazon Technologies, Inc.

Inventor： Matthew D. Klein ,  Michael David Marr ,  Samuel J. McKelvie

IPC: G06F15/173 ,  G06F9/455

Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.

公开(公告)号：US20190121655A1

公开(公告)日：2019-04-25

申请号：US16228223

申请日：2018-12-20

Applicant: Amazon Technologies, Inc.

Inventor： Matthew D. Klein ,  Michael David Marr ,  Samuel J. McKelvie

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F9/45558 ,  G06F2009/45575 ,  G06F2009/45595

Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.

公开(公告)号：US10089191B2

公开(公告)日：2018-10-02

申请号：US14949644

申请日：2015-11-23

Applicant: Amazon Technologies, Inc.

Inventor： Samuel James McKelvie ,  Yan Valerie Leshinsky ,  Ian P. Nowland ,  Darin Lee Frink ,  Anurag Windlass Gupta ,  Adam Douglas Morley ,  Christopher Nathan Watson ,  Michael David Marr

IPC: G06F11/14 ,  G06F12/00 ,  G06F12/02 ,  G06F3/06

Abstract: Application program data stored in system memory may be selectively persisted. An indication may be provided to an application program that an application data object or a range of application data stored in system memory may be treated as persistent. Data backup may be enabled for the application data object or range of application data in the event of a system failure, copying the application data object or range of application data from system memory to non-volatile data storage. Upon recovery from a system failure, further data backup for the application data object or the range of application data may be disabled. In some embodiments, at least some of the application data object or range of application data may be recovered for the application program to access. Data backup for the application data object or the range of application data may also be re-enabled.

公开(公告)号：US10055319B2

公开(公告)日：2018-08-21

申请号：US14713554

申请日：2015-05-15

Applicant: Amazon Technologies, Inc.

Inventor： Matthew D. Klein ,  Michael David Marr

IPC: G06F11/36 ,  G06F11/263 ,  G06Q10/08 ,  G06F11/22 ,  G06F9/455

CPC classification number: G06F11/263 ,  G06F11/2205 ,  G06F11/3664 ,  G06F11/3688 ,  G06F2009/45562 ,  G06Q10/087

Abstract: Disclosed are various embodiments of a computing device for validating the configuration of components of a component assembly. The computing device serves a boot image executable by a component of the component assembly. Expected configuration data associated with the component is identified by the computing device, and actual configuration data associated with the component is obtained by the computing device. The computing device determines a validation response for the component assembly based at least in part upon a comparison of the expected configuration data and the actual configuration data.

公开(公告)号：US10015241B2

公开(公告)日：2018-07-03

申请号：US15138071

申请日：2016-04-25

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Matthew D. Klein

IPC: H04L12/24 ,  H04L29/08 ,  G06F9/50

CPC classification number: H04L67/1008 ,  G06F9/5044 ,  H04L41/0806

Abstract: Operating profiles for consumers of computing resources may be automatically determined based on an analysis of actual resource usage measurements and other operating metrics. Measurements may be taken while a consumer, such as a virtual machine instance, uses computing resources, such as those provided by a host. A profile may be dynamically determined based on those measurements. Profiles may be generalized such that groups of consumers with similar usage profiles are associated with a single profile. Assignment decisions may be made based on the profiles, and computing resources may be reallocated or oversubscribed if the profiles indicate that the consumers are unlikely to fully utilize the resources reserved for them. Oversubscribed resources may be monitored, and consumers may be transferred to different resource providers if contention for resources is too high.

公开(公告)号：US10015107B2

公开(公告)日：2018-07-03

申请号：US15357480

申请日：2016-11-21

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Tyson J. Lamoreaux

IPC: H04L12/911 ,  H04L12/24 ,  H04L12/26 ,  H04L12/931 ,  H04L29/08

CPC classification number: H04L47/70 ,  H04L41/145 ,  H04L43/0882 ,  H04L47/827 ,  H04L49/20 ,  H04L67/10

Abstract: Host machines and other devices performing synchronized operations can be dispersed across multiple racks in a data center to provide additional buffer capacity and to reduce the likelihood of congestion. The level of dispersion can depend on factors such as the level of oversubscription, as it can be undesirable in a highly connected network to push excessive host traffic into the aggregation fabric. As oversubscription levels increase, the amount of dispersion can be reduced and two or more host machines can be clustered on a given rack, or otherwise connected through the same edge switch. By clustering a portion of the machines, some of the host traffic can be redirected by the respective edge switch without entering the aggregation fabric. When provisioning hosts for a customer, application, or synchronized operation, for example, the levels of clustering and dispersion can be balanced to minimize the likelihood for congestion throughout the network.

公开(公告)号：US20180131634A1

公开(公告)日：2018-05-10

申请号：US15804866

申请日：2017-11-06

Applicant: Amazon Technologies, Inc.

Inventor： Alan M. Judge ,  Mark N. Kelly ,  Jagwinder Singh Brar ,  Michael David Marr ,  Daniel T. Cohn

IPC: H04L12/933 ,  H04L12/931 ,  H04L12/46 ,  H04L12/775

CPC classification number: H04L49/15 ,  H04L12/46 ,  H04L12/4625 ,  H04L45/58 ,  H04L49/356 ,  H04L49/40 ,  H04L49/45 ,  H04L49/70

Abstract: The deployment and scaling of a network of electronic devices can be improved by utilizing one or more network transpose boxes. Each transpose box can include a number of connectors and a meshing useful for implementing a specific network topology. Different tiers of a network can be connected to one or more of the network transpose boxes, and operated as a logical switch. A control server can be used to manage the control plane operations of the logical switch.

公开(公告)号：US09886677B1

公开(公告)日：2018-02-06

申请号：US13683106

申请日：2012-11-21

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Matthew D. Klein

IPC: G06Q10/08 ,  G06Q50/22 ,  G06F19/00 ,  G06K7/10

CPC classification number: G06Q10/087 ,  G06F19/00 ,  G06K7/10366 ,  G06Q10/08 ,  G06Q50/22 ,  G16H40/20

Abstract: Disclosed are various embodiments for monitoring, maintaining, tracking, and/or integrating inventory items in one or more systems. An inventory integration system may monitor the states, dependencies, and/or locations of inventory items across one or more data centers and/or similar structures. Issues detected may be escalated and remedial actions to the issues may be generated. The inventory integration system may communicate with various external resources in order to convey various information associated with the items of inventory and/or the data centers.

公开(公告)号：US09823934B2

公开(公告)日：2017-11-21

申请号：US14537786

申请日：2014-11-10

Applicant: Amazon Technologies, Inc.

Inventor： Michael David Marr ,  Matthew R. Corddry ,  James R. Hamilton

IPC: G06F9/44 ,  H04L29/08 ,  G06F9/445 ,  H04L12/24 ,  H04L29/06 ,  G06F21/57

CPC classification number: G06F9/4416 ,  G06F8/65 ,  G06F21/572 ,  H04L41/082 ,  H04L63/126 ,  H04L67/34

Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.