公开(公告)号：US11868617B2

公开(公告)日：2024-01-09

申请号：US17670342

申请日：2022-02-11

Applicant: Amazon Technologies, Inc.

Inventor： Raviprasad Venkatesha Murthy Mummidi ,  Matthew Shawn Wilson ,  Anthony Nicholas Liguori ,  Nafea Bshara ,  Saar Gross ,  Jaspal Kohli

IPC: G06F3/06 ,  G06F12/14 ,  G06F13/20 ,  G06F13/40

CPC classification number: G06F3/061 ,  G06F3/067 ,  G06F3/0623 ,  G06F3/0644 ,  G06F3/0655 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/0665 ,  G06F3/0688 ,  G06F12/1408 ,  G06F13/20 ,  G06F13/4004 ,  G06F2212/401 ,  G06F2212/402

Abstract: A peripheral device may implement storage virtualization for non-volatile storage devices connected to the peripheral device. A host system connected to the peripheral device may host one or multiple virtual machines. The peripheral device may implement different virtual interfaces for the virtual machines or the host system that present a storage partition at a non-volatile storage device to the virtual machine or host system for storage. Access requests from the virtual machines or host system are directed to the respective virtual interface at the peripheral device. The peripheral device may perform data encryption or decryption, or may perform throttling of access requests. The peripheral device may generate and send physical access requests to perform the access requests received via the virtual interfaces to the non-volatile storage devices. Completion of the access requests may be indicated to the virtual machines via the virtual interfaces.

公开(公告)号：US20210399958A1

公开(公告)日：2021-12-23

申请号：US17466944

申请日：2021-09-03

Applicant: Amazon Technologies, Inc.

Inventor： Robert Michael Johnson ,  Nafea Bshara ,  Matthew Shawn Wilson

IPC: H04L12/24 ,  G06F9/50 ,  G06F15/78

Abstract: Methods and apparatus are disclosed for programming reconfigurable logic devices such as FPGAs in a networked server environment. In one example, a system hosting a network service providing field programmable gate array (FPGA) services includes a network service provider configured to receive a request to implement application logic in a plurality of FPGAs, allocate a computing instance comprising the FPGAs in responses to receiving the request, produce configuration information for programming the FPGAs, and send the configuration information to an allocated computing instance. The system further includes a computing host that is allocated by the network service provider as a computing instance which includes memory, processors configured to execute computer-executable instructions stored in the memory, and the programmed FPGAs.

公开(公告)号：US10585662B2

公开(公告)日：2020-03-10

申请号：US16280950

申请日：2019-02-20

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson ,  Ian Paul Nowland

IPC: G06F9/455 ,  G06F8/656 ,  G06F8/65 ,  H04L12/931 ,  G06F13/32 ,  G06F8/658

Abstract: Generally described, aspects of the present disclosure relate to a live update process of the virtual machine monitor during the operation of the virtual machine instances. An update to a virtual machine monitor can be a difficult process to execute because of the operation of the virtual machine instances. Generally, in order to update the virtual machine monitor, the physical computing device needs to be rebooted, which interrupts operation of the virtual machine instances. The live update process provides for a method of updating the virtual machine monitor without rebooting the physical computing device.

公开(公告)号：US20190235908A1

公开(公告)日：2019-08-01

申请号：US16280950

申请日：2019-02-20

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson ,  Ian Paul Nowland

IPC: G06F9/455 ,  G06F8/658 ,  G06F8/656 ,  G06F8/65

Abstract: Generally described, aspects of the present disclosure relate to a live update process of the virtual machine monitor during the operation of the virtual machine instances. An update to a virtual machine monitor can be a difficult process to execute because of the operation of the virtual machine instances. Generally, in order to update the virtual machine monitor, the physical computing device needs to be rebooted, which interrupts operation of the virtual machine instances. The live update process provides for a method of updating the virtual machine monitor without rebooting the physical computing device.

公开(公告)号：US10225193B2

公开(公告)日：2019-03-05

申请号：US15362803

申请日：2016-11-28

Applicant: Amazon Technologies, Inc.

Inventor： Alan Michael Judge ,  Matthew Shawn Wilson

IPC: H04L12/28 ,  H04L12/803 ,  H04L12/46 ,  H04L12/801 ,  H04L12/813

Abstract: Encapsulated packets may be generated for different packets transmitted between a source instance and destination instance in a computer system. The source instance and destination instance may be implemented by different physical hosts linked by multiple network paths. Congestion of the multiple network paths may be determined and path-balancing polices may be implemented in response to the determined congestion. Each encapsulation packet comprises contents of a corresponding packet, and one or more data values selected in accordance with a path-balancing policy. The data values added to one encapsulation packet may differ from those added to another. Different network paths to the destination may be selected for different encapsulation packets of a given transmission based at least in part on the added data values.

公开(公告)号：US20180300166A1

公开(公告)日：2018-10-18

申请号：US15880390

申请日：2018-01-25

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson ,  Ian Paul Nowland

IPC: G06F9/455 ,  G06F8/65

CPC classification number: G06F9/45558 ,  G06F8/65 ,  G06F2009/45575

Abstract: Generally described, aspects of the present disclosure relate to loading an updated virtual machine monitor on the physical computing device during a boot process. The updated virtual machine monitor may be loaded from an update manager external to the virtual machine monitor, such as the offload device or a server connected with the physical computing device over a network. In certain embodiments, the updated virtual machine monitor may be loaded in a tiered process by first loading a startup virtual machine monitor, which automatically updates by loading the updated virtual machine monitor. The startup virtual machine monitor may be a virtual machine monitor with less functionality than the updated machine manager, such as where the startup virtual machine monitor may be a “lite” or simple virtual machine monitor while the updated virtual machine monitor may be a fully functional virtual machine monitor of the most recent update or version.

公开(公告)号：US10084784B1

公开(公告)日：2018-09-25

申请号：US14558281

申请日：2014-12-02

Applicant: Amazon Technologies, Inc.

Inventor： Eric J. Brandwine ,  Matthew Shawn Wilson

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/0442 ,  G06F9/45558 ,  G06F2009/45587 ,  H04L63/102 ,  H04L63/20

Abstract: Functionality is disclosed herein for providing a resource monitoring environment that restricts access to computing resource data in a service provider network. The resource monitoring environment processes requests to access computing resource data, and denies requests not signed or authorized by a customer of a service provider network or other entity. Access to the computing resource data includes access to non-obfuscated data and/or access to encrypted computing resource data encrypted by way of a public encryption key held by a customer of the service provider network or other entity instead of a requestor of the computing resource data.

公开(公告)号：US09886297B2

公开(公告)日：2018-02-06

申请号：US14567189

申请日：2014-12-11

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Matthew Shawn Wilson ,  Ian Paul Nowland

IPC: G06F9/455 ,  G06F9/46 ,  G06F9/445

CPC classification number: G06F9/45558 ,  G06F8/65 ,  G06F2009/45575

Abstract: Generally described, aspects of the present disclosure relate to loading an updated virtual machine monitor on the physical computing device during a boot process. The updated virtual machine monitor may be loaded from an update manager external to the virtual machine monitor, such as the offload device or a server connected with the physical computing device over a network. In certain embodiments, the updated virtual machine monitor may be loaded in a tiered process by first loading a startup virtual machine monitor, which automatically updates by loading the updated virtual machine monitor. The startup virtual machine monitor may be a virtual machine monitor with less functionality than the updated machine manager, such as where the startup virtual machine monitor may be a “lite” or simple virtual machine monitor while the updated virtual machine monitor may be a fully functional virtual machine monitor of the most recent update or version.

公开(公告)号：US09880866B2

公开(公告)日：2018-01-30

申请号：US15178016

申请日：2016-06-09

Applicant: Amazon Technologies, Inc.

Inventor： Nachiketh Rao Potlapally ,  Eric Jason Brandwine ,  Matthew Shawn Wilson

IPC: G06F9/455 ,  G06F9/50 ,  G06F12/14 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G06F21/57 ,  H04L9/06

CPC classification number: G06F9/455 ,  G06F9/45558 ,  G06F9/5077 ,  G06F12/14 ,  G06F12/145 ,  G06F21/53 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45587 ,  G06F2212/1052 ,  H04L9/0643 ,  H04L9/08 ,  H04L9/32 ,  H04L9/321 ,  H04L63/04

Abstract: Approaches to enable the configuration of computing resources for executing virtual machines on behalf of users to be cryptographically attested to or verified. When a user requests a virtual machine to be provisioned, an operator of the virtualized computing environment can initiate a two phase launch of the virtual machine. In the first phase, the operator provisions the virtual machine on a host computing device and obtains cryptographic measurements of the software and/or hardware resources on the host computing device. The operator may then provide those cryptographic measurements to the user that requested the virtual machine. If the user approves the cryptographic measurements, the operator may proceed with the second phase and actually launch the virtual machine on the host. In some cases, operator may compare the cryptographic measurements to a list of approved measurements to determine whether the host computing device is acceptable for hosting the virtual machine.

公开(公告)号：US09703951B2

公开(公告)日：2017-07-11

申请号：US14502891

申请日：2014-09-30

Applicant: Amazon Technologies, Inc.

Inventor： Rahul Gautam Patel ,  Nachiketh Rao Potlapally ,  William John Earl ,  Matthew Shawn Wilson

IPC: G06F21/44 ,  G06F21/55 ,  G06F9/455 ,  G06F9/50 ,  G06F9/46 ,  G06F21/53

CPC classification number: G06F21/55 ,  G06F9/45533 ,  G06F9/468 ,  G06F9/5077 ,  G06F21/53

Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.