公开(公告)号：US09836327B1

公开(公告)日：2017-12-05

申请号：US14738432

申请日：2015-06-12

Applicant: Amazon Technologies, Inc.

Inventor： Pieter Kristian Brouwer ,  Kristina Kraemer Brenneman ,  Marc John Brooker ,  Jerry Lin ,  Marc Stephen Olson

IPC: G06F12/00 ,  G06F13/00 ,  G06F13/28 ,  G06F9/50 ,  G06F3/06

CPC classification number: G06F9/5088 ,  G06F9/5077

Abstract: A network-based storage resource may implement access control for virtual computing resources that utilize the storage resource during live migration of the virtual computing resources. A network-based storage resource may enforce an access control that limits access to a host of a virtual compute instance. Upon detecting migration of the virtual compute instance, the network-based storage resource may allow a connection to be established with a destination host for the virtual compute instance. The access control mechanism may be updated to limit access to the destination host for data stored for the virtual compute instance at the network-based storage resource.

公开(公告)号：US09830256B1

公开(公告)日：2017-11-28

申请号：US13866825

申请日：2013-04-19

Applicant: Amazon Technologies, Inc.

Inventor： Marc Stephen Olson ,  James Michael Thompson ,  Benjamin Arthur Hawks

IPC: G06F3/06 ,  G06F11/34 ,  G06F12/00 ,  G06F11/30

CPC classification number: G06F12/00 ,  G06F3/0611 ,  G06F3/0653 ,  G06F3/0659 ,  G06F3/067 ,  G06F3/0676 ,  G06F11/3034 ,  G06F11/3447 ,  G06F11/3452 ,  G06F11/3485

Abstract: Techniques are described for formally expressing whether sequences of operations performed on block storage devices are sequential or random. In embodiments, determinations of whether these sequences of operations are sequential or random may be used to predict latencies involved with running particular workloads, and to predict representative workloads for particular latencies.

公开(公告)号：US09811376B2

公开(公告)日：2017-11-07

申请号：US14754497

申请日：2015-06-29

Applicant: Amazon Technologies, Inc.

Inventor： Pieter Kristian Brouwer ,  Kristina Kraemer Brenneman ,  Marc John Brooker ,  Jerry Lin ,  Marc Stephen Olson

IPC: G06F9/455 ,  G06F9/48

CPC classification number: G06F9/4856 ,  G06F9/45558 ,  G06F9/46 ,  G06F2009/4557

Abstract: Techniques for preserving the state of virtual machine instances during a migration from a source location to a target location are described herein. A set of credentials configured to provide access to a storage device by a virtual machine instance at the source location is provided to the virtual machine instance. When the migration from the source location to the target location starts, a second set of credentials configured to provide access to a storage device by a virtual machine instance at the source location is provided to the virtual machine instance. During the migration, a response to an input-output request is provided to one or more of the locations using the set of credentials and based at least in part on the state of the migration.

公开(公告)号：US11662928B1

公开(公告)日：2023-05-30

申请号：US16698314

申请日：2019-11-27

Applicant: Amazon Technologies, Inc.

Inventor： Sandeep Kumar ,  Marc Stephen Olson

IPC: G06F3/06 ,  G06F11/14 ,  G06F8/658 ,  H04L9/08 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F3/064 ,  G06F3/067 ,  G06F3/0622 ,  G06F3/0656 ,  G06F8/658 ,  G06F11/1458 ,  G06F21/6218 ,  G06F21/6236 ,  H04L9/0819 ,  H04L63/0464

Abstract: Systems and methods for efficient and secure management of encrypted “snapshots” for a remote provider substrate extension (“PSE”) of a cloud provider network substrate are provided. The PSE may request and obtain a snapshot from the cloud provider network substrate, restore a volume from the snapshot, make changes to data in the restored volume, and/or initiate the creation and storage of a new snapshot that includes incremental updates to the original snapshot to reflect the changes made to data in the volume. An encrypted snapshot stored within the cloud provider network substrate may be decrypted using a cloud provider key designed for internal use only, and then re-encrypted using a PSE-specific key before providing the snapshot to the PSE, thereby avoiding the sharing of the cloud provider internal use only key outside the cloud provider network substrate.

公开(公告)号：US11620081B1

公开(公告)日：2023-04-04

申请号：US17199029

申请日：2021-03-11

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Marc Stephen Olson

IPC: G06F3/06 ,  G06F9/455 ,  H04L9/08 ,  G06F9/4401

Abstract: A first block storage server virtual machine to host a first volume using one or more storage devices of a computer system is executed by the computer system. A second virtual machine having access to a virtual block storage device is executed by the computer system. A block storage client is executed by the computer system. A first block storage operation is received by the block storage client from the second virtual machine, the first block storage operation to perform on the virtual block storage device. A message is sent by the block storage client to the first block storage server virtual machine to cause the first block storage server virtual machine to perform the block storage operation with the first volume.

公开(公告)号：US11411885B2

公开(公告)日：2022-08-09

申请号：US16660580

申请日：2019-10-22

Applicant: Amazon Technologies, Inc.

Inventor： Pieter Kristian Brouwer ,  Marc Stephen Olson ,  Nachiappan Arumugam ,  Michael Thacker ,  Vijay Prasanth Rajavenkateswaran ,  Arpit Tripathi ,  Danny Wei

IPC: H04L47/80

Abstract: A user can set or modify operational parameters of a data volume stored on a network-accessible storage device in a data center. For example, the user may be provided access to a data volume and may request a modification to the operational parameters of the data volume. Instead of modifying the existing data volume, the data center can provision a new data volume and migrate data stored on the existing data volume to the new data volume. While the data migration takes place, the existing data volume may block input/output (I/O) requests and the new data volume may handle such requests instead. Once the data migration is complete, the data center may deallocate the data blocks of the existing data volume such that the data blocks can be reused by other data volumes.

公开(公告)号：US11010266B1

公开(公告)日：2021-05-18

申请号：US16210428

申请日：2018-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Avram Israel Blaszka ,  Jianhua Fan ,  Danny Wei ,  Marc Stephen Olson ,  Pieter Kristian Brouwer ,  Shweta Joshi

IPC: G06F16/00 ,  G06F11/20 ,  G06F3/06 ,  G06F11/34 ,  G06F16/182

Abstract: Generally described, one or more aspects of the present application correspond to techniques for automatic recovery from dual isolation in which both the primary and secondary replicas of a volume are stored on isolating servers. The disclosed techniques use handshakes between the client and the replicas to determine which has a better health score. The replica with the better health score becomes the primary replica, and confirms that it and the secondary replica are both in an isolating state. In response, the primary replica seeks a solo blessing, undoes the isolating state at the volume level (the server host will still be in isolating state), and continues handling I/O and peer replication until its healthy peer is complete. These techniques can avoid availability drops when the servers hosting the primary and secondary replicas of a volume enter the isolating state at around the same time.

公开(公告)号：US10949124B2

公开(公告)日：2021-03-16

申请号：US16457850

申请日：2019-06-28

Applicant: Amazon Technologies, Inc.

Inventor： Anthony Nicholas Liguori ,  Marc Stephen Olson

IPC: G06F3/06 ,  G06F9/455 ,  H04L9/08 ,  G06F9/4401

Abstract: A first block storage server virtual machine to host a first volume using one or more storage devices of a computer system is executed by the computer system. A second virtual machine having access to a virtual block storage device is executed by the computer system. A block storage client is executed by the computer system. A first block storage operation is received by the block storage client from the second virtual machine, the first block storage operation to perform on the virtual block storage device. A message is sent by the block storage client to the first block storage server virtual machine to cause the first block storage server virtual machine to perform the block storage operation with the first volume.

公开(公告)号：US10521258B2

公开(公告)日：2019-12-31

申请号：US15449801

申请日：2017-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Brian Todd Burruss ,  John Luther Guthrie, II ,  Marc Stephen Olson ,  Madhuvanesh Parthasarathy

IPC: G06F9/455 ,  H04L29/08

Abstract: Systems and methods are described for a storage processing service that processes multiple storage commands. The storage processing service uses tags from test storage commands to determine whether a test storage service is to be instantiated that reflects a corresponding production service. Test storage commands with the same tag are tested on that test service. Additionally, the storage processing service determines a strategy for testing processes on production services when the storage system is overloaded. In one embodiment, the test service manager can determine to stop testing processes for a period of time, and issue a shed command that queues or sheds test storage commands. Advantageously, a shed command, while active at a storage processing service, may alleviate the overload on production services. The test service manager can continue to monitor the storage system to determine whether the overload continues to exist.

公开(公告)号：US10474372B1

公开(公告)日：2019-11-12

申请号：US14536458

申请日：2014-11-07

Applicant: Amazon Technologies, Inc.

Inventor： Marc Stephen Olson ,  Marc John Brooker ,  Tarun Goyal ,  Arpit Tripathi

IPC: G06F3/06

Abstract: A system and method for provisioning a volume and repartitioning a provisioned volume based at least in part on a workload. A request to provision a volume of a specified size is received, a first set of partition options is determined based at least in part on the specified size, and second set of partition options is determined based at least in part on one or more performance characteristics. A volume partitioning is determined based at least in part on an intersection of a number of partitions between the first set of partition options and the second set of partition options, and further based at least in part on a set of optimization criteria. Based at least in part on tracked usage of the volume or a repartition request, a determination is made to repartition the volume such that the partitioning scheme fulfills a set of optimization criteria.