-
公开(公告)号:US09626512B1
公开(公告)日:2017-04-18
申请号:US14673713
申请日:2015-03-30
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , David R. Richardson , Matthew Shawn Wilson , Ian Paul Nowland , Anthony Nicholas Liguori , Brian William Barrett
CPC classification number: G06F21/57 , G06F9/45533 , G06F9/45541 , G06F9/45558 , G06F21/575 , G06F21/72 , G06F2009/45587 , G06F2221/034 , H04L9/0897 , H04L9/14 , H04L9/3247
Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.
-
72.发明申请公开(公告)号:US20170052808A1
公开(公告)日:2017-02-23
申请号:US15217910
申请日:2016-07-22
Applicant: Amazon Technologies, Inc.
Inventor: Anthony Nicholas Liguori , Matthew Shawn Wilson , Ian Paul Nowland
CPC classification number: G06F9/45558 , G06F9/5027 , G06F13/24 , G06F13/4282 , G06F2009/45579
Abstract: Generally described, the present application relates to systems and methods for the managing virtual machines instances using a physical computing device and an offload device. The offload device can be a separate computing device that includes computing resources (e.g., processor and memory) separate from the computing resources of the physical computing device. The offload device can be connected to the physical computing device via a bus interface. The bus interface can be a high speed, high throughput, low latency interface such as a Peripheral Component Interconnect Express (PCIe) interface. The offload device can be used to offload virtualization and processing of virtual components from the physical computing device, thereby increasing the computing resources available to the virtual machine instances.
Abstract translation: 通常描述,本申请涉及使用物理计算设备和卸载设备管理虚拟机实例的系统和方法。 卸载设备可以是单独的计算设备,其包括与物理计算设备的计算资源分离的计算资源(例如,处理器和存储器)。 卸载设备可以通过总线接口连接到物理计算设备。 总线接口可以是高速,高吞吐量,低延迟的接口,例如外围组件互连Express(PCIe)接口。 卸载设备可用于从物理计算设备卸载虚拟化和处理虚拟组件,从而增加虚拟机实例可用的计算资源。
-
公开(公告)号:US09503268B2
公开(公告)日:2016-11-22
申请号:US13746780
申请日:2013-01-22
Applicant: Amazon Technologies, Inc.
Inventor: Eric Jason Brandwine , Matthew Shawn Wilson
CPC classification number: H04L9/3263 , G06F9/45558 , G06F21/33 , G06F21/44 , G06F21/53 , G06F21/606 , G06F21/629 , G06F2221/2107
Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order to secure the results of privileged operations on systems such as the operating system (OS) kernel and/or the hypervisor. The interface allows a public key to be included into a request to perform a privileged operation on a hypervisor and/or kernel. The kernel and/or hypervisor use the key included in the request to encrypt the results of the privileged operation. In some embodiments, the request itself can also be encrypted, such that any intermediate parties are not able to read the parameters and other information of the request.
Abstract translation: 描述了一组形式化的接口(例如,应用程序编程接口(API)),其使用诸如不对称(或对称)密码学的安全方案,以便保护诸如操作系统的系统上的特权操作的结果 OS)内核和/或管理程序。 该接口允许将公钥包括在对管理程序和/或内核执行特权操作的请求中。 内核和/或管理程序使用请求中包含的密钥加密特权操作的结果。 在一些实施例中,请求本身也可被加密,使得任何中间方不能读取请求的参数和其他信息。
-
公开(公告)号:US09491098B1
公开(公告)日:2016-11-08
申请号:US14083005
申请日:2013-11-18
Applicant: Amazon Technologies, Inc.
Inventor: Matthew Shawn Wilson , Andrew Bruce Dickinson , Justin Oliver Pietsch , Aaron C. Thompson , Frederick David Sinn , Alan Michael Judge , Jagwinder Singh Brar
IPC: H04L12/741 , H04L12/803
CPC classification number: H04L47/125
Abstract: Methods and apparatus for transparent multipath utilization through encapsulation are disclosed. Respective encapsulation packets are generated for at least two different baseline packets transmitted between a source and destination linked by multiple network paths. Each encapsulation packet comprises contents of a corresponding baseline packet, and one or more data values selected in accordance with a path balancing policy. The data values added to one encapsulation packet may differ from those added to another. Different network paths to the destination may be selected for different encapsulation packets of a given transmission based at least in part on the added data values.
Abstract translation: 公开了通过封装实现透明多路径利用的方法和装置。 针对由多个网络路径链接的源和目的地之间传输的至少两个不同的基线分组生成相应的封装分组。 每个封装分组包括相应基线分组的内容,以及根据路径平衡策略选择的一个或多个数据值。 添加到一个封装数据包的数据值可能与添加到另一封装数据包的数据值不同。 至少部分地基于所添加的数据值,可以为给定传输的不同封装分组选择到目的地的不同网络路径。
-
公开(公告)号:US09424067B2
公开(公告)日:2016-08-23
申请号:US14567789
申请日:2014-12-11
Applicant: Amazon Technologies, Inc.
Inventor: Anthony Nicholas Liguori , Matthew Shawn Wilson , Ian Paul Nowland
CPC classification number: G06F9/45558 , G06F9/5016 , G06F9/5027 , G06F2009/4557 , G06F2009/45579
Abstract: Generally described, the present application relates to systems and methods for the managing virtual machines instances using a physical computing device and an offload device. The offload device can be a separate computing device that includes computing resources (e.g., processor and memory) separate from the computing resources of the physical computing device. The offload device can be connected to the physical computing device via a interconnect interface. The interconnect interface can be a high speed, high throughput, low latency interface such as a Peripheral Component Interconnect Express (PCIe) interface. The offload device can be used to offload virtualization and processing of virtual components from the physical computing device, thereby increasing the computing resources available to the virtual machine instances.
Abstract translation: 通常描述,本申请涉及使用物理计算设备和卸载设备管理虚拟机实例的系统和方法。 卸载设备可以是单独的计算设备,其包括与物理计算设备的计算资源分离的计算资源(例如,处理器和存储器)。 卸载设备可以经由互连接口连接到物理计算设备。 互连接口可以是高速,高吞吐量,低延迟接口,例如外围组件互连Express(PCIe)接口。 卸载设备可用于从物理计算设备卸载虚拟化和处理虚拟组件,从而增加虚拟机实例可用的计算资源。
-
Patent Agency Ranking
公开(公告)号:US09400674B2
公开(公告)日:2016-07-26
申请号:US14567157
申请日:2014-12-11
Applicant: Amazon Technologies, Inc.
Inventor: Anthony Nicholas Liguori , Matthew Shawn Wilson , Ian Paul Nowland
CPC classification number: G06F9/45558 , G06F9/5027 , G06F13/24 , G06F13/4282 , G06F2009/45579
Abstract: Generally described, the present application relates to systems and methods for the managing virtual machines instances using a physical computing device and an offload device. The offload device can be a separate computing device that includes computing resources (e.g., processor and memory) separate from the computing resources of the physical computing device. The offload device can be connected to the physical computing device via a bus interface. The bus interface can be a high speed, high throughput, low latency interface such as a Peripheral Component Interconnect Express (PCIe) interface. The offload device can be used to offload virtualization and processing of virtual components from the physical computing device, thereby increasing the computing resources available to the virtual machine instances.
Abstract translation: 通常描述,本申请涉及使用物理计算设备和卸载设备管理虚拟机实例的系统和方法。 卸载设备可以是单独的计算设备,其包括与物理计算设备的计算资源分离的计算资源(例如,处理器和存储器)。 卸载设备可以通过总线接口连接到物理计算设备。 总线接口可以是高速,高吞吐量,低延迟的接口,例如外围组件互连Express(PCIe)接口。 卸载设备可用于从物理计算设备卸载虚拟化和处理虚拟组件,从而增加虚拟机实例可用的计算资源。
-
公开(公告)号:US09361145B1
公开(公告)日:2016-06-07
申请号:US14317949
申请日:2014-06-27
Applicant: Amazon Technologies, Inc.
Inventor: Matthew Shawn Wilson , Anthony Nicholas Liguori , Shuvabrata Ganguly
CPC classification number: G06F13/28 , G06F9/45558 , G06F9/4881 , G06F2009/45562 , G06F2009/4557
Abstract: A DMA-capable device of a virtualization host stores a DMA write record, indicating a portion of host memory that is targeted by a DMA write operation, in a write buffer accessible from a virtualization management component of the host. The virtualization management component uses the DMA write record to identify a portion of memory to be copied to a target location to save a representation of a state of a particular virtual machine instantiated at the host.
Abstract translation: 虚拟化主机的具有DMA能力的设备将DMA写入记录存储在可由主机的虚拟化管理组件访问的写入缓冲器中,该DMA写入记录指示由DMA写入操作定向的主机存储器的一部分。 虚拟化管理组件使用DMA写入记录来标识要复制到目标位置的一部分存储器,以保存在主机上实例化的特定虚拟机的状态的表示。
-
公开(公告)号:US20160092677A1
公开(公告)日:2016-03-31
申请号:US14502891
申请日:2014-09-30
Applicant: Amazon Technologies, Inc.
CPC classification number: G06F21/55 , G06F9/45533 , G06F9/468 , G06F9/5077 , G06F21/53
Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.
Abstract translation: 描述了用于从共享硬件结构向任务分配资源的技术。 多个任务可以在处理器上执行,其中处理器可以包括一个或多个处理核,并且每个任务可以包括多个计算机可执行指令。 根据用于从多个任务之间的共享硬件结构向任务分配资源的一种技术,本公开的方面描述了从多个任务向第一任务分配第一标识符,将共享硬件资源的一部分与第一 标识符,并且将与从第一任务到任何其他任务执行的计算机可执行指令的访问和/或可观察性限制到与第一标识符相关联的硬件资源的部分。
-
公开(公告)号:US12106132B2
公开(公告)日:2024-10-01
申请号:US16196723
申请日:2018-11-20
Applicant: Amazon Technologies, Inc.
Inventor: Anthony Nicholas Liguori , Matthew Shawn Wilson
IPC: G06F9/455 , G06F9/50 , G06F12/109 , H04L12/46
CPC classification number: G06F9/45558 , G06F9/5077 , G06F12/109 , H04L12/4633 , H04L12/4641 , G06F2009/45575 , G06F2009/45587 , G06F2009/45595 , G06F2212/152 , G06F2212/657
Abstract: A request to launch a compute instance is received at a control plane of a provider network. At an outbound command communicator, an indication that a compute instance is to be established at a target host at a client premise is obtained. A first address is associated with the target host at the control plane and also assigned to the communicator. A message with a second address within a first network of the client premise as a destination is transmitted. The message comprises a command to establish the compute instance at the target host. The first address is assigned to the target host within a second network of the client premise. Processing of the command at the target host results in establishment of a compute instance.
-
公开(公告)号:US11924117B2
公开(公告)日:2024-03-05
申请号:US18154769
申请日:2023-01-13
Applicant: Amazon Technologies, Inc.
Inventor: Andra-Irina Paraschiv , Matthew Shawn Wilson
IPC: H04L47/78 , G06F9/38 , G06F9/455 , H04L47/70 , H04L47/762
CPC classification number: H04L47/782 , G06F9/3877 , G06F9/45558 , H04L47/762 , H04L47/828 , G06F2009/45562 , G06F2009/45566 , G06F2009/4557 , G06F2009/45595
Abstract: At a first compute instance run on a virtualization host, a local instance scaling manager is launched. The scaling manager determines, based on metrics collected at the host, that a triggering condition for redistributing one or more types of resources of the first compute instance has been met. The scaling manager causes virtualization management components to allocate a subset of the first compute instance's resources to a second compute instance at the host.
-
-
-
-
-
-
-
-
-
Search Results
106
records
(took 0.028 seconds)
