公开(公告)号：US12107763B2

公开(公告)日：2024-10-01

申请号：US17537232

申请日：2021-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Eric Samuel Stone ,  Anthony Nicholas Liguori ,  Jonathan Mullen ,  Matthew Browne Barr ,  Steven Anthony Kady ,  Steven Douglas Robinson ,  Tal Avraham ,  Tatiana Cooke ,  Clint Joseph Sbisa ,  Vitaly Ostrovsky ,  Jonathan Chocron ,  Avigdor Segal ,  Abhishek Katuluru

IPC: H04L45/00 ,  H04L12/46 ,  H04L45/745 ,  H04L61/5007

CPC classification number: H04L45/66 ,  H04L12/4641 ,  H04L45/745 ,  H04L61/5007

Abstract: A networking manager of an extension server of a virtualized computing service detects that a data link layer frame has been obtained at the extension server. The networking manager delivers at least a portion of contents of the frame to a compute instance running at the extension server in response to determining that a destination media access control (MAC) address of the frame matches a MAC address of a local-premise-access virtual network interface attached to the compute instance. The local-premise-access virtual network interface is not assigned an Internet Protocol (IP) address from a range of IP addresses managed by the virtualized computing service.

公开(公告)号：US20240073297A1

公开(公告)日：2024-02-29

申请号：US18462321

申请日：2023-09-06

Applicant: Amazon Technologies, Inc.

Inventor： Said Bshara ,  Alan Michael Judge ,  Erez Izenberg ,  Julien Ridoux ,  Joshua Benjamin Levinson ,  Anthony Nicholas Liguori ,  Nafea Bshara

IPC: H04L67/60 ,  G06F9/50 ,  H04L9/40 ,  H04L67/14

CPC classification number: H04L67/60 ,  G06F9/5038 ,  H04L63/0428 ,  H04L67/14

Abstract: Various embodiments of apparatuses and methods for multi-cast, multiple unicast, and unicast distribution of messages with time synchronized delivery are described. In some embodiments, the disclosed system and methods include a reference timekeeper providing a reference clock to one or more host computing devices. The one or more host computing devices host compute instances, and also contain respective isolated timing hardware outside the control of the compute instances. The isolated timing hardware of the one or more host computing devices then receive respective packets, and obtain the same time to deliver the respective packets. Each isolated timing hardware provides either the packet, or information to access the packet, to its respective destination compute instance subsequent to determining that the same specified time to deliver the packet has occurred. Thus, the respective packets are delivered near simultaneously to the one or more destination compute instances.

公开(公告)号：US11868617B2

公开(公告)日：2024-01-09

申请号：US17670342

申请日：2022-02-11

Applicant: Amazon Technologies, Inc.

Inventor： Raviprasad Venkatesha Murthy Mummidi ,  Matthew Shawn Wilson ,  Anthony Nicholas Liguori ,  Nafea Bshara ,  Saar Gross ,  Jaspal Kohli

IPC: G06F3/06 ,  G06F12/14 ,  G06F13/20 ,  G06F13/40

CPC classification number: G06F3/061 ,  G06F3/067 ,  G06F3/0623 ,  G06F3/0644 ,  G06F3/0655 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0688 ,  G06F12/1408 ,  G06F13/20 ,  G06F13/4004 ,  G06F2212/401 ,  G06F2212/402

Abstract: A peripheral device may implement storage virtualization for non-volatile storage devices connected to the peripheral device. A host system connected to the peripheral device may host one or multiple virtual machines. The peripheral device may implement different virtual interfaces for the virtual machines or the host system that present a storage partition at a non-volatile storage device to the virtual machine or host system for storage. Access requests from the virtual machines or host system are directed to the respective virtual interface at the peripheral device. The peripheral device may perform data encryption or decryption, or may perform throttling of access requests. The peripheral device may generate and send physical access requests to perform the access requests received via the virtual interfaces to the non-volatile storage devices. Completion of the access requests may be indicated to the virtual machines via the virtual interfaces.

公开(公告)号：US11659058B2

公开(公告)日：2023-05-23

申请号：US16457824

申请日：2019-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Eric Samuel Stone ,  Richard H. Galliher ,  David James Goodell ,  Patrick John Lawrence ,  Yang Lin ,  William Ashley ,  Steven Anthony Kady

IPC: H04L67/561 ,  H04L12/46 ,  H04L67/564

CPC classification number: H04L67/561 ,  H04L12/4633 ,  H04L12/4641 ,  H04L67/564

Abstract: A first service of a provider network obtains an identification of one or more substrate addressable devices included in an extension of the provider network. Based on the identification, a launch of one or more compute instances within the provider network is initiated. The one or more compute instances are to connect the provider network to the extension of the provider network across at least a third-party network by receiving a first control plane message directed to a first substrate addressable device of the one or more substrate addressable devices, by updating a message state data store based at least in part on the first control plane message, and by sending a second control plane message to the first substrate addressable device via a secure tunnel.

公开(公告)号：US11496519B1

公开(公告)日：2022-11-08

申请号：US16699320

申请日：2019-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Diwakar Gupta ,  David Wachtfogel ,  Marc Stephen Olson ,  Anthony Nicholas Liguori ,  Stephen David Hildrey

IPC: H04L9/40 ,  H04L9/08

Abstract: Security can be provided for data stored using resources that are deployed in an environment managed by a third party. Physical and logical detection mechanisms can be used to monitor various security aspects, and the resulting security data can be used to identify potential threats to these resources. In some embodiments, suspicious activity can cause resources such as data servers to be automatically and remotely rebooted such that keys stored in volatile memory on those data servers will be lost from those servers, such that an attacker will be unable to decrypt data stored on those servers. Once a determination of safety is made, the keys can be provided to the respective data servers such that data operations can resume.

公开(公告)号：US11366681B2

公开(公告)日：2022-06-21

申请号：US16366998

申请日：2019-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Douglas Stewart Laurence

IPC: G06F9/455 ,  G06F9/54 ,  G06F11/14 ,  G06F11/34

Abstract: A request to perform a workflow is received. A first instance is caused to be instantiated to perform a first portion of the workflow. First information and a handle associated with a second snapshot is received from the first instance. The first information is processed to produce a first result. A second instance is caused to be instantiated based on the handle to perform a second portion of the workflow. Second information is received from the second instance. The second information is processed to produce a second result, and an operation is performed dependent at least on the first result or the second result.

公开(公告)号：US11088944B2

公开(公告)日：2021-08-10

申请号：US16450690

申请日：2019-06-24

Applicant: Amazon Technologies, Inc.

Inventor： Stewart Allen ,  Andrew Davenport ,  Ciprian Dan Cosma ,  Anthony Nicholas Liguori ,  Joseph Elmar Magerramov

IPC: H04L12/703 ,  H04L12/935 ,  H04L12/747 ,  H04L29/06 ,  H04L12/707

Abstract: A program to be executed to perform a packet processing operation on a packet associated with a resource group, as well as security settings of the resource group, are received. The program is transmitted to a set of fast path nodes which were assigned to the resource group based on the group's metadata. With respect to a particular packet, security operations based on the settings are performed and the program is executed at a fast path node. Based at least partly on the results of the program, a packet routing action corresponding to the received packet is performed.

公开(公告)号：US10963268B1

公开(公告)日：2021-03-30

申请号：US16539884

申请日：2019-08-13

Applicant: Amazon Technologies, Inc.

Inventor： Robert Michael Johnson ,  Islam Mohamed Hatem Abdulfattah Mohamed Atta ,  Asif Khan ,  Nafea Bshara ,  Anthony Nicholas Liguori

IPC: G06F9/4401 ,  G06F13/42 ,  G06F9/455

Abstract: Disclosed are techniques regarding aspects of implementing client configurable logic within a computer system. The computer system can be a cloud infrastructure. The techniques can include providing an identifier in response to configuring client configurable logic within the computer system.

公开(公告)号：US10921991B1

公开(公告)日：2021-02-16

申请号：US15385815

申请日：2016-12-20

Applicant: Amazon Technologies, Inc.

Inventor： Marc Stephen Olson ,  Christopher Magee Greenwood ,  Anthony Nicholas Liguori ,  James Michael Thompson ,  Surya Prakash Dhoolam ,  Marc John Brooker ,  Danny Wei

IPC: G06F3/06

Abstract: Notice of migration of a portion of a data volume from a first location to a second location is received by a first computer system from a second computer system, where the data volume is separated over a network from the first computer system. A third computer system, separated over a network from the first computer system, is caused to invalidate a mapping between the portion and the first location. An indication that the third computer system seeks access to the portion is identified. A third computer system is enabled, by providing a mapping between the portion and the second location, to access portion at the second location.

公开(公告)号：US20200310845A1

公开(公告)日：2020-10-01

申请号：US16366976

申请日：2019-03-27

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Douglas Stewart Laurence

IPC: G06F9/455 ,  G06F9/54

Abstract: A first instance is caused to execute software code to perform a first portion of a workflow in response to receipt of a workflow request, and performance of the first portion results in submission of an operation request to an entity. A resume workflow request is received from the entity, where the resume workflow request includes a handle to a snapshot that corresponds to a state of execution of the software code and a response to the operation request to the entity. Using the handle to the snapshot and the response to the operation request, a second instance is caused to execute the software code from the first state to perform a second portion of the workflow. A workflow result is received from an instance that executes a last portion of the workflow, and the workflow is provided result in response to the workflow request.