公开(公告)号：US20160006610A1

公开(公告)日：2016-01-07

申请号：US14853608

申请日：2015-09-14

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Daniel T. Cohn ,  Andrew J. Doane

IPC: H04L12/24 ,  H04L12/751 ,  H04L29/08 ,  H04L12/46 ,  H04L12/713

CPC classification number: H04L41/0806 ,  H04L12/4641 ,  H04L45/02 ,  H04L45/586 ,  H04L63/0272 ,  H04L67/02

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to create computer networks that are provided by a remote configurable network service for use by the users. Such provided computer networks may be configured to be private computer networks accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to include a local access mechanism as part of a provided computer network that is configured to forward communications sent to the access mechanism to a particular remote resource service.

Abstract translation: 描述了为用户提供对计算机网络的访问的技术，例如使得用户能够创建由远程可配置网络服务提供以供用户使用的计算机网络。 这样提供的计算机网络可以被配置为仅由创建它们的用户可访问的专用计算机网络，并且每个可以由可配置网络服务的客户端创建和配置为可扩展到客户端的现有计算机网络，例如 作为私人计算机网络扩展到客户端的现有专用计算机网络。 此外，可以以各种方式从这样的计算机网络配置和提供对远程资源服务的访问，例如包括作为所提供的计算机网络的一部分的本地访问机制，其被配置为将发送到访问机制的通信转发到特定的 远程资源服务。

公开(公告)号：US09231923B1

公开(公告)日：2016-01-05

申请号：US14078360

申请日：2013-11-12

Applicant: Amazon Technologies, Inc.

Inventor： Todd Lawrence Cignetti ,  Andrew J. Doane ,  Eric Jason Brandwine ,  Robert Eric Fitzgerald

IPC: H04L29/06

CPC classification number: H04L63/061 ,  G06F9/45533 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/0876

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

Abstract translation: 组织使用服务提供商的计算机硬件资源和服务维护和生成大量敏感信息。 此外，需要能够通过使用密钥加密数据并销毁密钥来安全而快速地删除大量的数据。 为确保远程存储的信息得到保护并能够进行安全删除，组织使用的加密密钥在串行化操作期间应防止持久存储。 如果用于加密数据的密钥在序列化操作期间未被暴露，则可能会删除或破坏数据，从而能够销毁使用密钥加密的数据。

公开(公告)号：US09137102B1

公开(公告)日：2015-09-15

申请号：US13734789

申请日：2013-01-04

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L41/0803 ,  H04L12/6418 ,  H04L29/06 ,  H04L29/08072 ,  H04L41/5054 ,  H04L67/141 ,  H04L67/16

Abstract: Techniques are described for providing managed virtual computer networks whose configured logical network topology may have one or more virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of a virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. The networking functionality provided for a managed computer network may include supporting a connection between that managed computer network and one or more other managed computer networks, such as via a provided virtual peering router to which each of the managed computer networks may connect, with the functionality of the virtual peering router being emulated by modules of the configurable network service without physically providing the virtual peering router, including to manage routing communications between the inter-connected managed computer networks in accordance with client-specified configuration information.

Abstract translation: 描述了用于提供被管理的虚拟计算机网络的技术，其被配置的逻辑网络拓扑可以具有一个或多个虚拟网络设备，诸如通过网络可访问的可配置网络服务，具有为虚拟计算机网络的多个计算节点之间的通信提供的相应的网络功能 通过模拟由网络设备提供的功能，如果它们是物理存在的。 为被管理的计算机网络提供的联网功能可以包括支持该被管理计算机网络与一个或多个其他被管理的计算机网络之间的连接，诸如经由所提供的虚拟对等路由器，每个被管理的计算机网络可以连接到该虚拟对等路由器与功能 虚拟对等路由器被可配置网络服务的模块仿真，而不物理地提供虚拟对等路由器，包括根据客户端指定的配置信息来管理连接在一起的被管理计算机网络之间的路由通信。

公开(公告)号：US20150180768A1

公开(公告)日：2015-06-25

申请号：US14637211

申请日：2015-03-03

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L12/707 ,  H04L12/721

CPC classification number: H04L41/0826 ,  H04L43/50 ,  H04L45/00 ,  H04L45/121 ,  H04L45/14 ,  H04L45/22

Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing cost information to update the configuration of the managed computer network, and/or includes determining actual cost information corresponding to use of an underlying substrate network and providing routing cost information to the client that reflects the determined actual cost information, so as to enable the client to modify the configuration of the managed computer network accordingly.

Abstract translation: 描述了用于提供具有配置的逻辑网络拓扑的管理虚拟计算机网络的技术，其中具有虚拟网络设备，例如通过网络可访问的可配置网络服务，具有为虚拟计算机网络的多个计算节点之间的通信提供的对应网络功能， 虚拟网络设备如果物理存在的话将提供的功能。 在某些情况下，为客户端的受管计算机网络提供的网络功能包括接收定向到虚拟网络设备的路由通信，并使用包括的路由成本信息来更新被管理计算机网络的配置，和/或包括确定实际成本信息 对应于底层基板网络的使用，并且向客户端提供反映所确定的实际成本信息的路由成本信息，以使得客户端能够相应地修改被管理的计算机网络的配置。

公开(公告)号：US20140047082A1

公开(公告)日：2014-02-13

申请号：US14059236

申请日：2013-10-21

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Clarissa Loree Cook Brandwine ,  Daniel T. Cohn ,  Andrew J. Doane ,  Carl J. Moses ,  Stephen E. Schmidt

IPC: H04L12/24

CPC classification number: H04L41/0803 ,  H04L12/4641 ,  H04L45/586 ,  H04L63/0272

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

Abstract translation: 描述了为用户提供对计算机网络的访问的技术，例如使用户能够与远程可配置网络服务进行交互，以便创建和配置由可配置网络服务提供以供用户使用的计算机网络。 由可配置网络服务提供的计算机网络可以被配置为只能由创建它们的用户访问的专用计算机网络，并且每个可以由可配置网络服务的客户端创建和配置成为现有计算机的扩展 客户端的网络，如私有计算机网络扩展到客户端的现有专用计算机网络。 如果是这样，可以使用一个或多个VPN连接或其他私人访问机制来启用现有计算机网络和正在提供的新的计算机网络分机之间的安全私人访问。

公开(公告)号：US20130204971A1

公开(公告)日：2013-08-08

申请号：US13829721

申请日：2013-03-14

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Clarissa Loree Cook Brandwine ,  Daniel T. Cohn ,  Andrew J. Doane ,  Carl J. Moses ,  Stephen E. Schmidt

IPC: H04L12/24

Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

Abstract translation: 描述了为用户提供对计算机网络的访问的技术，例如使用户能够与远程可配置网络服务进行交互，以便创建和配置由可配置网络服务提供以供用户使用的计算机网络。 由可配置网络服务提供的计算机网络可以被配置为只能由创建它们的用户访问的专用计算机网络，并且每个可以由可配置网络服务的客户端创建和配置成为现有计算机的扩展 客户端的网络，如私有计算机网络扩展到客户端的现有专用计算机网络。 如果是这样，可以使用一个或多个VPN连接或其他私人访问机制来启用现有计算机网络和正在提供的新的计算机网络分机之间的安全私人访问。

公开(公告)号：US20240275689A1

公开(公告)日：2024-08-15

申请号：US18647664

申请日：2024-04-26

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L41/12 ,  G06F9/455 ,  H04L41/0816 ,  H04L41/50 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64 ,  H04L67/00

CPC classification number: H04L41/12 ,  G06F9/45558 ,  H04L41/0816 ,  H04L45/02 ,  H04L45/586 ,  H04L45/64 ,  H04L67/34 ,  G06F2009/45595 ,  H04L41/5096

Abstract: Techniques are described for providing virtual networking functionality for managed computer networks. In some situations, a user may configure or otherwise specify a logical network topology for a managed computer network with multiple computing nodes that includes one or more virtual networking devices each associated with a specified group of the multiple computing nodes. Corresponding networking functionality may be provided for communications between the multiple computing nodes by emulating functionality that would be provided by the networking devices if they were physically present and configured to support the specified network topology. In some situations, the managed computer network is a virtual computer network overlaid on a substrate network, and the networking device functionality emulating includes receiving routing communications directed to the networking devices and using included routing information to update the specified network topology for the managed computer network.

公开(公告)号：US20240236179A1

公开(公告)日：2024-07-11

申请号：US18403626

申请日：2024-01-03

Applicant: Amazon Technologies, Inc.

Inventor： Eric Jason Brandwine ,  Kevin Christopher Miller ,  Andrew J. Doane

IPC: H04L67/1029 ,  G06F9/455 ,  G06F11/14 ,  G06F11/20 ,  H04L61/2503 ,  H04L61/5007 ,  H04L67/1097 ,  H04L101/668

CPC classification number: H04L67/1029 ,  G06F9/45533 ,  G06F9/45558 ,  G06F11/1484 ,  G06F11/2007 ,  H04L61/2503 ,  H04L61/5007 ,  H04L67/1097 ,  G06F2009/45562 ,  G06F11/2038 ,  G06F11/2048 ,  G06F11/2097 ,  G06F2201/85 ,  H04L2101/668

Abstract: Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable.

公开(公告)号：US20240187306A1

公开(公告)日：2024-06-06

申请号：US18440849

申请日：2024-02-13

Applicant: Amazon Technologies, Inc.

Inventor： Daniel T. Cohn ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L41/0816 ,  H04L9/40 ,  H04L41/08 ,  H04L41/0806 ,  H04L61/103 ,  H04L61/251 ,  H04L61/5007 ,  H04L67/10 ,  H04L67/51 ,  H04L101/604 ,  H04L101/659

CPC classification number: H04L41/0816 ,  H04L41/08 ,  H04L41/0806 ,  H04L61/5007 ,  H04L63/0272 ,  H04L67/10 ,  H04L67/51 ,  H04L61/103 ,  H04L61/251 ,  H04L2101/604 ,  H04L2101/659

Abstract: Techniques are described for managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

公开(公告)号：US20240163165A1

公开(公告)日：2024-05-16

申请号：US18523406

申请日：2023-11-29

Applicant: Amazon Technologies, Inc.

Inventor： Kevin Christopher Miller ,  Eric Jason Brandwine ,  Andrew J. Doane

IPC: H04L41/0816 ,  H04L45/02 ,  H04L45/586

CPC classification number: H04L41/0816 ,  H04L45/02 ,  H04L45/04 ,  H04L45/586 ,  H04L41/12

Abstract: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.