公开(公告)号：US20140208096A1

公开(公告)日：2014-07-24

申请号：US13746737

申请日：2013-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: H04L9/32

CPC classification number: H04L9/3263 ,  G06F9/45558 ,  G06F21/335 ,  G06F21/51 ,  G06F21/53 ,  G06F21/602 ,  G06F21/629 ,  G06F2009/45587 ,  G06F2221/033 ,  G06F2221/2107 ,  G06F2221/2115 ,  G06F2221/2141 ,  G06F2221/2149 ,  H04L63/0823

Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.

Abstract translation: 描述了形式化的一组接口（例如，应用程序编程接口（API）），其使用诸如不对称（或对称）密码学的安全方案，以便稍后授权和验证发送到虚拟化的请求。 可以调用这些接口，以便在运行时执行安全监控，法医捕获和/或补丁软件系统。 除了上述之外，其他方面在权利要求，详细描述和附图中描述。

公开(公告)号：US11561815B1

公开(公告)日：2023-01-24

申请号：US16799582

申请日：2020-02-24

Applicant: Amazon Technologies, Inc.

Inventor： Afshin Majd ,  Anoop G. Mavath ,  Diwakar Gupta ,  Matthew Shawn Wilson

IPC: G06F9/50 ,  G06F9/455

Abstract: Techniques are described for enabling a service provider to determine the power utilization of electrical lineups powering physical servers in a data center and place virtual machine instances into the physical servers based on the power utilization and a user-specified preference of a virtual machine instance type. In one embodiment, a computer-implemented method includes determining a power utilization for each lineup of a plurality of lineups that comprise a plurality of racks of physical servers, selecting a lineup of the plurality of lineups for the virtual machine instance based on the power utilizations for the plurality of lineups, selecting a virtual machine slot for the virtual machine instance from a plurality of candidate virtual machine slots of the physical servers of the lineup based on the user-specified preference, and causing the virtual machine slot of a physical server of the lineup to execute the virtual machine instance.

公开(公告)号：US11494214B2

公开(公告)日：2022-11-08

申请号：US16368747

申请日：2019-03-28

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: G06F9/455 ,  G06F21/53

Abstract: At a virtualization host, an isolated run-time environment is established within a compute instance. The configuration of the isolated run-time environment is analyzed by a security manager of the hypervisor of the host. After the analysis, computations are performed at the isolated run-time environment.

公开(公告)号：US11474827B1

公开(公告)日：2022-10-18

申请号：US16546191

申请日：2019-08-20

Applicant: Amazon Technologies, Inc.

Inventor： Ashu Razdan ,  Matthew Shawn Wilson

IPC: G06F9/4401 ,  G06F9/455 ,  G06F3/06

Abstract: This disclosure describes systems, devices, and methods for performing and facilitating tenant migration between multiple bare-metal servers. An example method includes receiving an indication of an impending reboot of a first bare-metal server. The first bare-metal server may be hosting a tenant. The method further includes identifying a second bare-metal server in a pre-initialized state. The method also includes causing the first bare-metal server to migrate data associated with the tenant to the second bare-metal server in advance of the reboot.

公开(公告)号：US20220164104A1

公开(公告)日：2022-05-26

申请号：US17670342

申请日：2022-02-11

Applicant: Amazon Technologies, Inc.

Inventor： Raviprasad Venkatesha Murthy Mummidi ,  Matthew Shawn Wilson ,  Anthony Nicholas Liguori ,  Nafea Bshara ,  Saar Gross ,  Jaspal Kohli

IPC: G06F3/06 ,  G06F12/14 ,  G06F13/20 ,  G06F13/40

Abstract: A peripheral device may implement storage virtualization for non-volatile storage devices connected to the peripheral device. A host system connected to the peripheral device may host one or multiple virtual machines. The peripheral device may implement different virtual interfaces for the virtual machines or the host system that present a storage partition at a non-volatile storage device to the virtual machine or host system for storage. Access requests from the virtual machines or host system are directed to the respective virtual interface at the peripheral device. The peripheral device may perform data encryption or decryption, or may perform throttling of access requests. The peripheral device may generate and send physical access requests to perform the access requests received via the virtual interfaces to the non-volatile storage devices. Completion of the access requests may be indicated to the virtual machines via the virtual interfaces.

公开(公告)号：US20210211391A1

公开(公告)日：2021-07-08

申请号：US16737780

申请日：2020-01-08

Applicant: Amazon Technologies, Inc.

Inventor： Andra-Irina Paraschiv ,  Matthew Shawn Wilson

IPC: H04L12/911 ,  H04L12/923 ,  G06F9/455 ,  G06F9/38

Abstract: At a first compute instance run on a virtualization host, a local instance scaling manager is launched. The scaling manager determines, based on metrics collected at the host, that a triggering condition for redistributing one or more types of resources of the first compute instance has been met. The scaling manager causes virtualization management components to allocate a subset of the first compute instance's resources to a second compute instance at the host.

公开(公告)号：US10833949B2

公开(公告)日：2020-11-10

申请号：US16196736

申请日：2018-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson

IPC: H04L12/24 ,  G06F9/455 ,  G06F9/4401

Abstract: At a network manager of an extension resource group of a provider network, a message comprising a command to launch a compute instance is received at an address which is part of a first network configured at a premise external to the provider network. The extension resource group includes a first host at the external premise. Within a second network configured at the external premise, the first host is assigned an address within a second address range. Addresses within the second range are also assigned to hosts within the provider network. The command is transmitted to the first host, and a compute instance is instantiated.

公开(公告)号：US20200310855A1

公开(公告)日：2020-10-01

申请号：US16368747

申请日：2019-03-28

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: G06F9/455

Abstract: At a virtualization host, an isolated run-time environment is established within a compute instance. The configuration of the isolated run-time environment is analyzed by a security manager of the hypervisor of the host. After the analysis, computations are performed at the isolated run-time environment.

公开(公告)号：US10768972B2

公开(公告)日：2020-09-08

申请号：US16382664

申请日：2019-04-12

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson ,  Ian Paul Nowland

IPC: G06F9/455 ,  G06F9/50 ,  G06F13/24 ,  G06F13/42

Abstract: Generally described, the present application relates to systems and methods for the managing virtual machines instances using a physical computing device and an offload device. The offload device can be a separate computing device that includes computing resources (e.g., processor and memory) separate from the computing resources of the physical computing device. The offload device can be connected to the physical computing device via a bus interface. The bus interface can be a high speed, high throughput, low latency interface such as a Peripheral Component Interconnect Express (PCIe) interface. The offload device can be used to offload virtualization and processing of virtual components from the physical computing device, thereby increasing the computing resources available to the virtual machine instances.

公开(公告)号：US20190294328A1

公开(公告)日：2019-09-26

申请号：US16435372

申请日：2019-06-07

Applicant: Amazon Technologies, Inc.

Inventor： Raviprasad Venkatesha Murthy Mummidi ,  Matthew Shawn Wilson ,  Anthony Nicholas Liguori ,  Nafea Bshara ,  Saar Gross ,  Jaspal Kohli

IPC: G06F3/06 ,  G06F12/14 ,  G06F13/40 ,  G06F13/20

Abstract: A peripheral device may implement storage virtualization for non-volatile storage devices connected to the peripheral device. A host system connected to the peripheral device may host one or multiple virtual machines. The peripheral device may implement different virtual interfaces for the virtual machines or the host system that present a storage partition at a non-volatile storage device to the virtual machine or host system for storage. Access requests from the virtual machines or host system are directed to the respective virtual interface at the peripheral device. The peripheral device may perform data encryption or decryption, or may perform throttling of access requests. The peripheral device may generate and send physical access requests to perform the access requests received via the virtual interfaces to the non-volatile storage devices. Completion of the access requests may be indicated to the virtual machines via the virtual interfaces.