公开(公告)号：US11831496B2

公开(公告)日：2023-11-28

申请号：US17705188

申请日：2022-03-25

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Clarissa Loree Cook Brandwine ,  Daniel T. Cohn ,  Andrew J. Doane ,  Carl J. Moses ,  Stephen E. Schmidt

IPC: H04L41/0803 ,  H04L12/46 ,  H04L45/586 ,  H04L9/40

CPC classification number: H04L41/0803 ,  H04L12/4641 ,  H04L45/586 ,  H04L63/0272

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

公开(公告)号：US20230082172A1

公开(公告)日：2023-03-16

申请号：US18055317

申请日：2022-11-14

Applicant: Amazon Technologies, Inc.

Inventor： Daniel T. Cohn ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L41/0816 ,  H04L9/40 ,  H04L61/5007 ,  H04L67/51 ,  H04L41/0806 ,  H04L67/10 ,  H04L41/08

Abstract: Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

公开(公告)号：US11588886B2

公开(公告)日：2023-02-21

申请号：US17693186

申请日：2022-03-11

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: G06F15/173 ,  H04L67/1029 ,  G06F9/455 ,  G06F11/14 ,  H04L61/5007 ,  G06F11/20 ,  H04L61/2503 ,  H04L67/1097 ,  H04L101/668

Abstract: Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

公开(公告)号：US11463351B2

公开(公告)日：2022-10-04

申请号：US16723667

申请日：2019-12-20

Applicant: Amazon Technologies, Inc.

Inventor： Andrew J. Doane ,  Kevin Christopher Miller ,  David B. Lennon

IPC: H04L45/30 ,  H04L45/42 ,  H04L45/02 ,  H04L45/00 ,  H04L45/302

Abstract: Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link.

公开(公告)号：US20220278903A1

公开(公告)日：2022-09-01

申请号：US17663289

申请日：2022-05-13

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L41/12 ,  H04L45/64 ,  H04L45/586 ,  H04L41/0816 ,  G06F9/455 ,  H04L67/00 ,  H04L45/02

Abstract: Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.

公开(公告)号：US10728089B2

公开(公告)日：2020-07-28

申请号：US13829721

申请日：2013-03-14

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Clarissa Loree Cook Brandwine ,  Daniel T. Cohn ,  Andrew J. Doane ,  Carl J. Moses ,  Stephen E. Schmidt

IPC: H04L12/24 ,  H04L12/46 ,  H04L12/713 ,  H04L29/06

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

公开(公告)号：US10516603B2

公开(公告)日：2019-12-24

申请号：US16024549

申请日：2018-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Andrew J. Doane ,  Kevin Christopher Miller ,  David B. Lennon

IPC: H04L12/725 ,  H04L12/717 ,  H04L12/751 ,  H04L12/701

Abstract: Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link.

公开(公告)号：US20180351813A1

公开(公告)日：2018-12-06

申请号：US15996371

申请日：2018-06-01

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/715 ,  H04L12/713 ,  G06F9/455 ,  H04L12/751

CPC classification number: H04L41/12 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L41/0816 ,  H04L41/5096 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64 ,  H04L67/34

Abstract: Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.

公开(公告)号：US09998335B2

公开(公告)日：2018-06-12

申请号：US14952519

申请日：2015-11-25

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L12/28 ,  H04L12/24 ,  H04L12/715 ,  H04L12/713 ,  H04L12/751 ,  G06F9/455 ,  H04L29/08 ,  H04J1/16

CPC classification number: H04L41/12 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L41/0816 ,  H04L41/5096 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64 ,  H04L67/34

Abstract: Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.

公开(公告)号：US20180069844A1

公开(公告)日：2018-03-08

申请号：US15645936

申请日：2017-07-10

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Andrew J. Doane ,  Eric Jason Brandwine ,  Robert Eric Fitzgerald

IPC: H04L29/06 ,  G06F9/455 ,  H04L9/32

CPC classification number: H04L63/061 ,  G06F9/45533 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0876

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.