公开(公告)号：US20180152501A1

公开(公告)日：2018-05-31

申请号：US15864259

申请日：2018-01-08

Applicant: Amazon Technologies, Inc.

Inventor： James Christopher Sorenson, III ,  Yun Lin ,  David Carl Salyers ,  Ankur Khetrapal ,  Nishanth Alapati

IPC: H04L29/08

CPC classification number: H04L67/10 ,  H04L67/1097 ,  H04L67/2842

Abstract: Methods, apparatus, and computer-accessible storage media for remotely managing a gateway that serves as an interface between processes on a customer network and a service provider, for example to store data to a remote data store. The gateway sends a connection request to a gateway control server. The server holds the connection until the server receives information (e.g., information from the customer sent via the service provider) for the gateway. The server sends the information as requests via the gateway-initiated connection, and continues to hold the connection. If a server receives information for a gateway to which it does not hold a connection, the server sends the information to the server that does hold the connection. The server may either discover the appropriate server via a registration service that registers connections to gateways or broadcast the information to peer servers identified through a registration service.

公开(公告)号：US09882968B1

公开(公告)日：2018-01-30

申请号：US14565164

申请日：2014-12-09

Applicant: Amazon Technologies, Inc.

Inventor： Tobias Lars-Olov Holgers ,  Kevin Christopher Miller ,  Andrew Bruce Dickinson ,  David Carl Salyers ,  Xiao Zhang ,  Shane Ashley Hall ,  Christopher Ian Hendrie ,  Aniket Deepak Divecha ,  Ralph William Flora

IPC: G06F15/16 ,  H04L29/08 ,  H04L29/06 ,  G06F9/455

CPC classification number: H04L67/10 ,  G06F9/45533 ,  H04L67/42

Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.

公开(公告)号：US09697217B1

公开(公告)日：2017-07-04

申请号：US13665709

申请日：2012-10-31

Applicant: Amazon Technologies, Inc.

Inventor： David Carl Salyers ,  James Christopher Sorenson, III ,  Ankur Khetrapal

IPC: G06F17/30 ,  H04L9/06 ,  H04L9/32 ,  H04L12/743 ,  H04L29/08

CPC classification number: G06F17/30097 ,  G06F3/06 ,  G06F17/30109 ,  G06F17/3033 ,  G06F17/30949 ,  H04L9/06 ,  H04L9/0643 ,  H04L9/0891 ,  H04L9/3236 ,  H04L45/7453 ,  H04L67/1065 ,  H04L67/1097

Abstract: Methods and apparatus for secure data modification using segmented hashing are disclosed. An intermediate device on a data path between a storage service and a client receives a modification request for a data segment of a data chunk of a storage object. The device generates a new chunk hash value for the chunk based on an original chunk hash value of the chunk, an original segment hash value of the segment to be modified, and a new segment hash value computed based on the modification. The device generates a modified version of the chunk based on the modification request, and uploads the modified version and the new chunk hash value to the storage service.

公开(公告)号：US09225697B2

公开(公告)日：2015-12-29

申请号：US14455525

申请日：2014-08-08

Applicant: Amazon Technologies, Inc.

Inventor： James Christopher Sorenson, III ,  Yun Lin ,  David Carl Salyers ,  Ankur Khetrapal ,  Mark J. Cavage

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/061 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/20 ,  H04L67/1097 ,  H04L67/16 ,  H04L67/2842

Abstract: Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider.

Abstract translation: 用于激活到远程服务提供商的网关的方法，装置和计算机可访问的存储介质。 网关用作客户网络和提供商之间的进程之间的接口，例如将客户数据存储到远程数据存储。 网关向提供商发送描述网关的公开密钥和元数据。 网关从提供商接收激活密钥，并在客户网络上公开激活密钥。 客户获得密钥并使用密钥向提供商进行通信，以提供客户信息，包括网关的名称并授权网关的注册。 提供商向网关提供客户信息。 网关使用客户信息和密钥从提供商请求安全凭证。 提供商向网关发送安全凭证。 然后，网关可以经由提供商从客户获得配置信息。

公开(公告)号：US12038878B2

公开(公告)日：2024-07-16

申请号：US15917165

申请日：2018-03-09

Applicant: Amazon Technologies, Inc.

Inventor： Arun Sundaram ,  Yun Lin ,  David Carl Salyers

IPC: G06F21/00 ,  G06F3/06 ,  G06F16/11 ,  G06F16/178 ,  G06F16/27 ,  G06F21/62 ,  G06F21/78 ,  H04L9/40 ,  H04L67/1097

CPC classification number: G06F16/178 ,  G06F3/0604 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/065 ,  G06F3/067 ,  G06F16/128 ,  G06F16/27 ,  G06F21/6218 ,  G06F21/78 ,  H04L9/40 ,  H04L67/1097

Abstract: Methods, apparatus, and computer-accessible storage media for controlling export of snapshots to external networks in service provider environments. Methods are described that may be used to prevent customers of a service provider from downloading snapshots of volumes, such as boot images created by the service provider or provided by third parties, to which the customer does not have the appropriate rights. A request may be received from a user to access one or more snapshots, for example a request to export the snapshot or a request for a listing of snapshots. For each snapshot, the service provider may determine if the user has rights to the snapshot, for example by checking a manifest for the snapshot to see if entries in the snapshot manifest belong to an account other than the customer's. If the user has rights to the snapshot, the request is granted; otherwise, the request is not granted.

公开(公告)号：US10474632B2

公开(公告)日：2019-11-12

申请号：US15640890

申请日：2017-07-03

Applicant: Amazon Technologies, Inc.

Inventor： David Carl Salyers ,  James Christopher Sorenson, III ,  Ankur Khetrapal

IPC: G06F16/13 ,  H04L9/06 ,  H04L29/08 ,  H04L12/743 ,  G06F16/14 ,  G06F16/22 ,  G06F16/901 ,  H04L9/08 ,  H04L9/32 ,  G06F3/06 ,  G06F11/14

Abstract: Methods and apparatus for secure data modification using segmented hashing are disclosed. An intermediate device on a data path between a storage service and a client receives a modification request for a data segment of a data chunk of a storage object. The device generates a new chunk hash value for the chunk based on an original chunk hash value of the chunk, an original segment hash value of the segment to be modified, and a new segment hash value computed based on the modification. The device generates a modified version of the chunk based on the modification request, and uploads the modified version and the new chunk hash value to the storage service.

公开(公告)号：US20190222636A1

公开(公告)日：2019-07-18

申请号：US16362192

申请日：2019-03-22

Applicant: Amazon Technologies, Inc.

Inventor： Tobias Lars-Olov Holgers ,  Kevin Christopher Miller ,  Andrew Bruce Dickinson ,  David Carl Salyers ,  Xiao Zhang ,  Shane Ashley Hall ,  Christopher Ian Hendrie ,  Aniket Deepak Divecha ,  Ralph William Flora

IPC: H04L29/08 ,  H04L29/06 ,  G06F9/455

CPC classification number: H04L67/10 ,  G06F9/45533 ,  H04L67/42

Abstract: A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.

公开(公告)号：US20180357167A1

公开(公告)日：2018-12-13

申请号：US16003956

申请日：2018-06-08

Applicant: Amazon Technologies, Inc.

Inventor： David Carl Salyers ,  Pradeep Vincent ,  Ankur Khetrapal ,  Kestutis Patiejunas

IPC: G06F12/0802 ,  G06F11/14 ,  G06F12/0813 ,  G06F12/0871 ,  G06F12/0868 ,  G06F12/0804 ,  G06F3/06 ,  G06F17/30 ,  G06F12/08 ,  G06F12/0893

CPC classification number: G06F12/0802 ,  G06F3/0619 ,  G06F3/0647 ,  G06F3/0685 ,  G06F11/1435 ,  G06F11/1438 ,  G06F11/1441 ,  G06F11/1464 ,  G06F12/08 ,  G06F12/0804 ,  G06F12/0813 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0893 ,  G06F17/30575 ,  G06F2212/1016 ,  G06F2212/154 ,  G06F2212/284 ,  G06F2212/452 ,  G06F2212/461 ,  G06F2212/466 ,  G06F2212/468 ,  G06F2212/60

Abstract: Methods and apparatus for supporting cached volumes at storage gateways are disclosed. A storage gateway appliance is configured to cache at least a portion of a storage object of a remote storage service at local storage devices. In response to a client's write request, directed to at least a portion of a data chunk of the storage object, the appliance stores a data modification indicated in the write request at a storage device, and asynchronously uploads the modification to the storage service. In response to a client's read request, directed to a different portion of the data chunk, the appliance downloads the requested data from the storage service to the storage device, and provides the requested data to the client.

公开(公告)号：US10027712B2

公开(公告)日：2018-07-17

申请号：US14462328

申请日：2014-08-18

Applicant: Amazon Technologies, Inc.

Inventor： James Christopher Sorenson, III ,  David Carl Salyers

IPC: H04L29/06 ,  H04L12/911 ,  H04L29/08 ,  H04L12/28 ,  H04L12/70 ,  H04L12/66 ,  H04L12/701

Abstract: Embodiments may include a load balancer that receives a request packet sent by a remote client to an original destination address of multiple network addresses serviced by the load balancer, and selects according to a load balancing protocol, a host computer of a plurality of host computers to process the request. The load balancer may, from among a plurality of ports on the selected host computer, select a particular port having a one-to-one association with the original destination address, the association specified by mapping information accessible to the load balancer, and send the request packet to the selected port on the selected host computer. The mapping information accessible to the selected host computer specifies a one-to-one association between the selected port and the original destination address. Sending the request packet to the selected port conveys that address to the selected server without that address being included in that packet.

公开(公告)号：US20180196827A1

公开(公告)日：2018-07-12

申请号：US15917165

申请日：2018-03-09

Applicant: Amazon Technologies, Inc.

Inventor： Arun Sundaram ,  Yun Lin ,  David Carl Salyers

IPC: G06F17/30 ,  H04L29/06 ,  G06F21/78 ,  G06F21/62 ,  G06F3/06 ,  H04L29/08

CPC classification number: G06F16/178 ,  G06F3/0604 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/065 ,  G06F3/067 ,  G06F16/128 ,  G06F16/27 ,  G06F21/6218 ,  G06F21/78 ,  H04L29/06 ,  H04L67/1097

Abstract: Methods, apparatus, and computer-accessible storage media for controlling export of snapshots to external networks in service provider environments. Methods are described that may be used to prevent customers of a service provider from downloading snapshots of volumes, such as boot images created by the service provider or provided by third parties, to which the customer does not have the appropriate rights. A request may be received from a user to access one or more snapshots, for example a request to export the snapshot or a request for a listing of snapshots. For each snapshot, the service provider may determine if the user has rights to the snapshot, for example by checking a manifest for the snapshot to see if entries in the snapshot manifest belong to an account other than the customer's. If the user has rights to the snapshot, the request is granted; otherwise, the request is not granted.