公开(公告)号：US20170177401A1

公开(公告)日：2017-06-22

申请号：US15455030

申请日：2017-03-09

Applicant: Amazon Technologies, Inc.

Inventor： Pieter Kristian Brouwer ,  Kristina Kraemer Brenneman ,  Marc John Brooker ,  Jerry Lin ,  Marc Stephen Olson

IPC: G06F9/455 ,  G06F9/50

CPC classification number: G06F9/45558 ,  G06F9/4856 ,  G06F9/5077 ,  G06F2009/4557 ,  G06F2009/45575 ,  G06F2009/45595

Abstract: Live migration may be performed for virtual computing resources utilizing network-based storage. A virtual compute instance operating at a source host may be moved to a destination host. The virtual compute instance may be a client of a network-based storage resource that stores data for the virtual compute instance. Access to the data stored for the virtual compute instance may be limited to the source host. When migration is performed, the destination host may be prepared to assume operation of the virtual compute instance. Operation of the virtual compute instance at the source host may be paused and the access to the data at the network-based storage resource may be modified to limit access to the destination host. Operation of the virtual compute instance may then resume at the destination host.

公开(公告)号：US09652306B1

公开(公告)日：2017-05-16

申请号：US14869879

申请日：2015-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Allen Wagner ,  Ajay Nair ,  Marc John Brooker ,  Scott Daniel Wisniewski

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F9/54 ,  G06F9/455

CPC classification number: G06F9/542 ,  G06F9/45508 ,  G06F9/45533 ,  G06F9/45558 ,  G06F9/547 ,  G06F11/3006 ,  G06F11/301 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2009/45575 ,  H04L41/06

Abstract: A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on various event sources and initiate execution of other control functions to improve the code execution environment in response to detecting errors or unexpected execution results. The service may maintain or communicate with a separate storage area for storing code execution requests that were not successfully processed by the service. Requests stored in such a storage area may subsequently be re-processed by the service.

公开(公告)号：US12216679B2

公开(公告)日：2025-02-04

申请号：US16403341

申请日：2019-05-03

Applicant: Amazon Technologies, Inc.

Inventor： Tao Chen ,  Divya Ashok Kumar Jain ,  Fan Ping ,  Marc John Brooker

IPC: G06F16/27

Abstract: Methods, systems, and computer-readable media for distributed transactions across multiple consensus groups are disclosed. A distributed transaction system comprises a proposer and a plurality of consensus groups, including a first consensus group comprising a first plurality of members and a second consensus group comprising a second plurality of members. The proposer proposes a transaction to at least a portion of the first consensus group and at least a portion of the second consensus group. A majority of the members in the first consensus group agree to perform the transaction, where the transaction is selected from a plurality of proposed transactions involving the first consensus group. A majority of the members in the second consensus group also agree to perform the transaction. The members of the first and second consensus groups perform the transaction to update a plurality of stored replicas.

公开(公告)号：US11836516B2

公开(公告)日：2023-12-05

申请号：US17445699

申请日：2021-08-23

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Mikhail Danilov ,  Douglas Stewart Laurence ,  Anthony Nicholas Liguori

IPC: G06F9/455 ,  G06F11/14

CPC classification number: G06F9/45558 ,  G06F11/1451 ,  G06F2009/45562 ,  G06F2009/45575 ,  G06F2201/84

Abstract: Systems and methods are described for reducing latency to service requests to execute code on an on-demand code execution system by maintaining snapshots of virtual machine instances in a ready state to execute such code. A user may submit code to the on-demand code execution system, which code depends on other software, such as an operating system or runtime. The on-demand code execution system can generate a virtual machine instance provisioned with the other software, and initialize the instance into a state at which it is ready to execute the code. The on-demand code execution system can then generate a snapshot of the state of the instance, and halt the instance. When a request to execute the code is received, the snapshot can be used to quickly restore the instance. The code can then be executed within the instance, reducing the need to initialize the instance or maintain the instance in an executing state.

公开(公告)号：US11537421B1

公开(公告)日：2022-12-27

申请号：US16435279

申请日：2019-06-07

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Ajay Nair

IPC: G06F9/455 ,  H04L9/08 ,  G06F21/60 ,  G06F13/42

Abstract: Computer systems and methods are disclosed to implement a virtual machine monitor (VMM) that stores cryptographic keys for guest virtual machines (VMs) and securely executes cryptographic operations on the VMs' behalf using the stored cryptographic keys. The cryptographic keys are maintained in a key store that is accessible to the VMM but not accessible to the guest VMs. The cryptographic operations are executed in a manner that does not reveal the cryptographic keys to the guest VMs. In embodiments, the guest VMs may invoke the cryptographic operations via a device driver, a memory access interface, or some other mechanism. Advantageously, the guest VMs cannot obtain the cryptographic keys in their own memory space, so that the keys cannot be exfiltrated from the guest VMs. Embodiments of the VMM may be used to implement cryptographic operations such as request signing and verification, data encryption and decryption, and others.

公开(公告)号：US11438411B2

公开(公告)日：2022-09-06

申请号：US17013430

申请日：2020-09-04

Applicant: Amazon Technologies, Inc.

Inventor： Norbert P. Kusters ,  Nachiappan Arumugam ,  Christopher Nathan Watson ,  Marc John Brooker ,  David R. Richardson ,  Danny Wei ,  John Luther Guthrie, II

IPC: H04L67/1095 ,  H04L67/1097 ,  H04L61/2503 ,  G06F11/20 ,  G06F3/06 ,  H04L67/568 ,  H04L67/2885 ,  G06F15/16 ,  G06F11/10 ,  H03M13/15 ,  H04L67/01 ,  G06F11/16 ,  G06F11/34

Abstract: A data storage system includes a rack, multiple head nodes, multiple data storage sleds, and at least two networking devices. The at least two network devices are configured to implement at least two redundant networks within the data storage system. Also, each of the head nodes is assigned at least two network addresses for communication with the data storage sleds of the data storage system via the at least two networking devices. The data storage sleds each include multiple mass storage devices and a sled controller that is configured to couple with the at least two network switches. IO In some embodiments, the data storage system further includes redundant power systems within a rack in which the head nodes, the data storage sleds, and the at least two networking devices are mounted.

公开(公告)号：US11381468B1

公开(公告)日：2022-07-05

申请号：US14658941

申请日：2015-03-16

Applicant: Amazon Technologies, Inc.

Inventor： James Michael Thompson ,  Marc Stephen Olson ,  Marc John Brooker

IPC: H04L41/147 ,  H04L67/101 ,  H04L67/1021

Abstract: A distributed system may implement identifying correlated workloads for resource allocation. Resource data for resources hosted at resource hosts in a distributed system may be analyzed to determine behavioral similarities. Historical behavior data or resource configuration data, for instance, may be compared between resources. Behaviors between resources may be identified as correlated according to the determined behavioral similarities. An allocation of one or more resource hosts in the distributed system may be made for a resource based on the behaviors identified as correlated. For instance, resources may be migrated from a current resource host to another resource host, new resources may be placed at a resource host, or resources may be reconfigured into different resources. Machine learning techniques may be implemented to refine techniques for identifying correlated behaviors.

公开(公告)号：US11243953B2

公开(公告)日：2022-02-08

申请号：US16144997

申请日：2018-09-27

Applicant: Amazon Technologies, Inc.

Inventor： Timothy Allen Wagner ,  Hans-Philipp Anton Hussels ,  Marc John Brooker

IPC: G06F16/24 ,  G06F16/2455 ,  G06F16/951

Abstract: Systems and methods are described for providing an implementation of the MapReduce programming model utilizing tasks executing on an on-demand code execution system, utilizing a stream data processing system as an intermediary between map and reduce function. A map task implementing a map function can process portions of a data set, to generate outputs associated with different values for a measured attribute of the data set. Executions of the map task can publish outputs to a data stream on the stream data processing system, which stream is configured to utilize the measured attribute as a partition key for the stream. Based on the partition key, the stream data processing system can divide the stream into sub-streams, each containing a relevant subset of the outputs. The on-demand code execution system can execute a reduce task to apply the reduce function to the outputs of each sub-stream, thereby completing the MapReduce process.

公开(公告)号：US11159528B2

公开(公告)日：2021-10-26

申请号：US16457504

申请日：2019-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Adam Charles Siefker ,  Sean Oczkowski ,  David Richardson ,  Samvid H. Dwarakanath ,  Marc John Brooker ,  Orr Weinstein

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems and methods are described for facilitating authentication of hosted network services to other services. A target service, such as a database, may require specific authentication information, such as a username and password, to access the target service. While this information could be manually specified in the hosted network service, de-centralized storage of authentication information is generally discouraged by security best practices. This disclosure provides an authentication proxy system that reduces or eliminates a need for hosted network services to store authentication information for target services. Rather, the authentication proxy system can obtain authentication information for the hosted network service that is provided by a hosting system, and authenticate the hosted network service using that authentication information. If authenticated, the proxy system can retrieve authentication information for the target service, and pass operations from the hosted network service to the target service using the authentication information for the target service.

公开(公告)号：US11144359B1

公开(公告)日：2021-10-12

申请号：US16447725

申请日：2019-06-20

Applicant: Amazon Technologies, Inc.

Inventor： Marc John Brooker ,  Dylan Owen Marriner

IPC: G06F9/50 ,  G06F9/455

Abstract: Systems and methods are described for managing reuse of sandboxed computing environments in a network-based on-demand code execution system. Users may generate tasks on the system by submitting code to a frontend, which may interact with multiple worker managers that manage task execution in sandboxed computing environments such as containers or virtual machine instances. A sandbox may be reusable once provisioned, but the resources required to definitively locate an idle sandbox may be significant relative to the cost of provisioning a new sandbox. The system may therefore manage reuse by randomly or semi-randomly selecting a worker manager and requesting that it provide an existing sandbox if one is available. If not, then the system may select a different worker manager and repeat the request, or after consuming a threshold amount of resources may request that the next worker manager provision a new sandbox if an existing one is not available.