公开(公告)号：US10216539B2

公开(公告)日：2019-02-26

申请号：US15699693

申请日：2017-09-08

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson ,  Ian Paul Nowland

IPC: G06F9/455 ,  G06F8/65 ,  G06F8/656 ,  G06F8/658

Abstract: Generally described, aspects of the present disclosure relate to a live update process of the virtual machine monitor during the operation of the virtual machine instances. An update to a virtual machine monitor can be a difficult process to execute because of the operation of the virtual machine instances. Generally, in order to update the virtual machine monitor, the physical computing device needs to be rebooted, which interrupts operation of the virtual machine instances. The live update process provides for a method of updating the virtual machine monitor without rebooting the physical computing device.

公开(公告)号：US10211985B1

公开(公告)日：2019-02-19

申请号：US14673663

申请日：2015-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  David R. Richardson ,  Matthew Shawn Wilson ,  Ian Paul Nowland ,  Anthony Nicholas Liguori ,  Brian William Barrett

IPC: H04L9/32

Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.

公开(公告)号：US09996484B1

公开(公告)日：2018-06-12

申请号：US14489453

申请日：2014-09-17

Applicant: Amazon Technologies, Inc.

Inventor： Mark Bradley Davis ,  Anthony Nicholas Liguori ,  Daniel Thomas Marquette ,  Asif Kahn

IPC: G06F9/455 ,  G06F13/10 ,  G06F13/38

CPC classification number: G06F13/105 ,  G06F13/385

Abstract: A system that provides virtualized computing resources may include an enhanced PCIe endpoint device on which an emulation processor emulates PCIe compliant hardware in software. The endpoint device may include host interface circuitry that implements pointer registers and control and status registers for each of multiple transaction ring buffers instantiated in memory on the device. In response to receiving a transaction layer packet that includes a transaction, packet steering circuitry may push the transaction into one of the buffers, dependent on the transaction type, a routing identifier for an emulated device to which it is directed, its traffic class or other criteria. The transaction may be processed in software, emulating the hardware device. The host interface circuitry may generate response completion packets for configuration requests and non-posted transactions, and may return them according to PCIe ordering rules, regardless of the order in which they were processed on the endpoint device.

公开(公告)号：US20180101494A1

公开(公告)日：2018-04-12

申请号：US15838303

申请日：2017-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Mark Bradley Davis ,  Anthony Nicholas Liguori

IPC: G06F13/38 ,  G06F13/10

CPC classification number: G06F13/385 ,  G06F13/105

Abstract: A system that provides virtualized computing resources to clients or subscribers may include an enhanced PCIe endpoint device on which an emulation processor emulates PCIe compliant hardware devices in software. In response to receiving a transaction layer packet that includes a transaction directed to an emulated device, the endpoint device may process the transaction, which may include emulating the target emulated device. The endpoint device may include multiple PCIe controllers and may expose multiple PCIe endpoints to a host computing system. For example, each PCIe controller may be physically coupled to one of multiple host processor sockets or host server SOCs on the host computing system, each of which exposes its own root complex. Traffic received by the PCIe controllers may be merged on the endpoint device for subsequent processing. Traffic originating at one host processor socket may be steered to the PCIe controller to which it is directly attached.

公开(公告)号：US20180013552A1

公开(公告)日：2018-01-11

申请号：US15603317

申请日：2017-05-23

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  David R. Richardson ,  Matthew Shawn Wilson ,  Ian Paul Nowland ,  Anthony Nicholas Liguori ,  Brian William Barrett

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0819 ,  H04L9/0861 ,  H04L9/32 ,  H04L9/3247

Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.

公开(公告)号：US09535798B1

公开(公告)日：2017-01-03

申请号：US14578121

申请日：2014-12-19

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori

IPC: G06F11/14 ,  G06F9/455

CPC classification number: G06F11/1469 ,  G06F9/45533 ,  G06F11/1417 ,  G06F11/1451 ,  G06F2009/45579 ,  G06F2201/805 ,  G06F2201/815 ,  G06F2201/82 ,  G06F2201/84

Abstract: Generally described, aspects of the present disclosure relate to offload device virtual component checkpointing for fast recovery from virtual component software crashes by storing virtual component state configuration information and input/output (I/O) request identification information in non-volatile memory of a physical computing device physically separate from the offload device. In the event of a software crash of a virtual component, the crashed virtual component may be rebooted and reconfigured in accordance with the virtual component state configuration information and I/O request identification information stored in the non-volatile memory of the physical computing device.

Abstract translation: 通常描述，本公开的方面涉及通过将虚拟组件状态配置信息和输入/输出（I / O）请求标识信息存储在物理的非易失性存储器中的虚拟组件状态配置信息和I / O（I / O）请求标识信息） 计算设备与卸载设备物理分离。 在虚拟组件的软件崩溃的情况下，可以根据存储在物理计算设备的非易失性存储器中的虚拟组件状态配置信息和I / O请求标识信息重新启动并重新配置崩溃的虚拟组件。

公开(公告)号：US12135669B1

公开(公告)日：2024-11-05

申请号：US17709199

申请日：2022-03-30

Applicant: Amazon Technologies, Inc.

Inventor： Michael Moen ,  Darin Lee Frink ,  Ravi Akundi Murty ,  Robert Charles Swanson ,  Anthony Nicholas Liguori

IPC: G06F13/40 ,  H04L41/40

Abstract: An interposer card and a virtualization offloading card are provided for installation in a third-party server to integrate the third-party server into a cloud service provider network. The interposer card includes a baseboard management controller that interfaces with a management console of the cloud service provider network. This allows the third-party server to be converted into a server controlled by the cloud service provider network. Additionally, the baseboard management controller of the interposer card acts as a firewall between the third-party server and a management control network of the cloud service provider network. The interposer card and the virtualization offloading card are installed in a chassis of the third-party server via an expansion slot without requiring modification of the hardware or firmware of the third-party server.

公开(公告)号：US12106132B2

公开(公告)日：2024-10-01

申请号：US16196723

申请日：2018-11-20

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson

IPC: G06F9/455 ,  G06F9/50 ,  G06F12/109 ,  H04L12/46

CPC classification number: G06F9/45558 ,  G06F9/5077 ,  G06F12/109 ,  H04L12/4633 ,  H04L12/4641 ,  G06F2009/45575 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F2212/152 ,  G06F2212/657

Abstract: A request to launch a compute instance is received at a control plane of a provider network. At an outbound command communicator, an indication that a compute instance is to be established at a target host at a client premise is obtained. A first address is associated with the target host at the control plane and also assigned to the communicator. A message with a second address within a first network of the client premise as a destination is transmitted. The message comprises a command to establish the compute instance at the target host. The first address is assigned to the target host within a second network of the client premise. Processing of the command at the target host results in establishment of a compute instance.

公开(公告)号：US11792299B1

公开(公告)日：2023-10-17

申请号：US17806231

申请日：2022-06-09

Applicant: Amazon Technologies, Inc.

Inventor： Said Bshara ,  Alan Michael Judge ,  Erez Izenberg ,  Julien Ridoux ,  Joshua Benjamin Levinson ,  Anthony Nicholas Liguori ,  Nafea Bshara

IPC: H04L9/40 ,  H04L67/60 ,  H04L67/14 ,  G06F9/50

CPC classification number: H04L67/60 ,  G06F9/5038 ,  H04L63/0428 ,  H04L67/14

Abstract: Various embodiments of apparatuses and methods for multi-cast, multiple unicast, and unicast distribution of messages with time synchronized delivery are described. In some embodiments, the disclosed system and methods include a reference timekeeper providing a reference clock to one or more host computing devices. The one or more host computing devices host compute instances, and also contain respective isolated timing hardware outside the control of the compute instances. The isolated timing hardware of the one or more host computing devices then receive respective packets, and obtain the same time to deliver the respective packets. Each isolated timing hardware provides either the packet, or information to access the packet, to its respective destination compute instance subsequent to determining that the same specified time to deliver the packet has occurred. Thus, the respective packets are delivered near simultaneously to the one or more destination compute instances.

公开(公告)号：US20230308378A1

公开(公告)日：2023-09-28

申请号：US17705157

申请日：2022-03-25

Applicant: Amazon Technologies, Inc.

Inventor： Alan Michael Judge ,  Said Bshara ,  Julien Ridoux ,  Joshua Benjamin Levinson ,  David James Goodell ,  Erez Izenberg ,  Anthony Nicholas Liguori

IPC: H04L43/106 ,  H04L43/0852

CPC classification number: H04L43/106 ,  H04L43/0852 ,  H04L2212/00

Abstract: Various embodiments of apparatuses and methods for trusted and/or attested packet timestamping are described. In some embodiments, the disclosed system and methods include a reference timekeeper providing a reference clock to host computing devices. The host computing devices host compute instances using a first set of computing resources, and also contain isolated timing hardware utilizing a different set of computing resources. The isolated timing hardware sets a hardware clock based on a signal corresponding to the reference clock from the reference timekeeper. The isolated timing hardware then receives a packet from a particular compute instance, creates a timestamp for the packet based at least in part on the hardware clock, where the timestamp is outside the control of the compute instances, and sends the packet and the timestamp through a data network to transmit to a packet destination.