公开(公告)号：US11671442B2

公开(公告)日：2023-06-06

申请号：US17459908

申请日：2021-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Catherine Dodge ,  Nikhil Reddy Cheruku ,  John Byron Cook ,  Temesghen Kahsai Azene ,  William Jo Kocik ,  Sean McLaughlin ,  Mark Edward Stalzer ,  Blake Whaley ,  Yiwen Wu

IPC: H04L9/40 ,  H04L41/0866 ,  H04L41/12 ,  H04L41/22 ,  H04L43/06

CPC classification number: H04L63/1433 ,  H04L41/0866 ,  H04L41/12 ,  H04L41/22 ,  H04L43/06 ,  H04L63/0272 ,  H04L63/1441

Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.

公开(公告)号：US20210392157A1

公开(公告)日：2021-12-16

申请号：US17459908

申请日：2021-08-27

Applicant: Amazon Technologies, Inc.

Inventor： Catherine Dodge ,  Nikhil Reddy Cheruku ,  John Byron Cook ,  Temesghen Kahsai Azene ,  William Jo Kocik ,  Sean McLaughlin ,  Mark Edward Stalzer ,  Blake Whaley ,  Yiwen Wu

IPC: H04L29/06 ,  G06F16/2455 ,  H04L12/24 ,  H04L12/26

Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.

公开(公告)号：US10326710B1

公开(公告)日：2019-06-18

申请号：US14843881

申请日：2015-09-02

Applicant: Amazon Technologies, Inc.

Inventor： Omer Hashmi ,  Mark Edward Stalzer

IPC: G06F15/173 ,  H04L12/911 ,  G06F9/455

Abstract: Methods and apparatus that automatically propagate access rules for access groups within clients' virtual networks on a provider network. A peering protocol may be used to advertise routes from a gateway of a client's external network to a virtual gateway of the client's virtual network via direct and/or virtual connections. The advertised routes may be automatically propagated into the virtual network so that traffic can flow between the source address ranges of the advertised routes and the virtual network. Access group information may be included as metadata with at least some route advertisements. Access rules for access groups on the virtual network may be automatically created or updated according to the metadata included with the advertised routes to allow access from network addresses on the client's external network to the client's resources in the access groups.

公开(公告)号：US10187289B1

公开(公告)日：2019-01-22

申请号：US14981677

申请日：2015-12-28

Applicant: Amazon Technologies, Inc.

Inventor： Po-Chun Chen ,  Mark Edward Stalzer ,  Marco Eulenfeld

IPC: H04L12/751 ,  H04L12/66

Abstract: A system includes a provider network and a client network connected via a dedicated physical connection. The client network and the provider network exchange routing information using routing protocol messages, such as border gateway protocol (BGP) update messages exchanged during a BGP session. A provider network includes tag field values in outgoing routing protocol messages that indicate a portion of the provider network wherein resources of the provider network associated with a corresponding route are located. The client network may use the tag field value to determine whether to add the route to a routing table of the client network. A client network may also include tag field values in outgoing routing protocol messages to a provider network. The tag field values may indicate what portions of the provider network are to receive the routes from the client network. For example a tag field value may indicate that a route is to be propagated within a limited portion of the provider network.

公开(公告)号：US20200007569A1

公开(公告)日：2020-01-02

申请号：US16020865

申请日：2018-06-27

Applicant: Amazon Technologies, Inc.

Inventor： Catherine Dodge ,  Nikhil Reddy Cheruku ,  John Byron Cook ,  Temesghen Kahsai Azene ,  William Jo Kocik ,  Sean McLaughlin ,  Mark Edward Stalzer ,  Blake Whaley ,  Yiwen Wu

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  G06F17/30

Abstract: Methods, systems, and computer-readable media for automated packetless network reachability analysis are disclosed. An analysis is performed of network configuration data for a network comprising a host computer. Based at least in part on the analysis, one or more ports at the host computer that are reachable from another computer are determined. Based at least in part on the analysis, one or more routes to the one or more ports are determined. A report is generated that is descriptive of the one or more ports and the one or more routes.

公开(公告)号：US09843470B1

公开(公告)日：2017-12-12

申请号：US14039589

申请日：2013-09-27

Applicant: Amazon Technologies, Inc.

Inventor： John Ryan Gartrell ,  David Brian Lennon ,  Gregory David May ,  Mark Edward Stalzer

IPC: H04L29/08 ,  H05K7/14

CPC classification number: H04L29/08 ,  G06F1/16 ,  H04L67/1097 ,  H04Q1/02 ,  H05K7/1485 ,  H05K7/1497 ,  H05K7/20745

Abstract: A portable data center is configured to be supported by any suitable self-propelled motor vehicle, and transported to a client location, such that a large volume of data can be transmitted to, and stored on, computing devices of the portable data center via a hard wire communication link. The portable data center can then be transported to a data center building so as to store the data received at the client location on one or more computing devices housed in the data center building.

公开(公告)号：US09692732B2

公开(公告)日：2017-06-27

申请号：US14029496

申请日：2013-09-17

Applicant: Amazon Technologies, Inc.

Inventor： Mark Edward Stalzer ,  Christian Arthur Arllen

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/725 ,  H04L29/08 ,  H04L12/14 ,  H04L12/26

CPC classification number: H04L63/061 ,  H04L12/1435 ,  H04L29/06 ,  H04L41/046 ,  H04L41/0896 ,  H04L43/0811 ,  H04L45/306 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L67/14

Abstract: A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider.

公开(公告)号：US20150082039A1

公开(公告)日：2015-03-19

申请号：US14029496

申请日：2013-09-17

Applicant: Amazon Technologies, Inc.

Inventor： Mark Edward Stalzer ,  Christian Arthur Arllen

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L12/1435 ,  H04L29/06 ,  H04L41/046 ,  H04L41/0896 ,  H04L43/0811 ,  H04L45/306 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0853 ,  H04L63/10 ,  H04L67/14

Abstract: A computing resource service provider receives a request from a customer to establish a physical connection between a provider network device and a customer network device in a colocation center. Once the connection has been established, the customer may transmit cryptographic authentication information, through the physical connection, to the provider network device. The provider network device transmits this information to an authentication service operated by the computing resource service provider to verify the authenticity of the information. If the information is authentic, the authentication service may re-configure the provider network device to allow the customer to access one or more services provided by the computing resource service provider. The authentication service may transmit cryptographic authentication information to the customer to verify the identity of the computing resource service provider.

Abstract translation: 计算资源服务提供者接收来自客户的请求，以在托管中心内的提供商网络设备和客户网络设备之间建立物理连接。 一旦建立了连接，客户可以通过物理连接将加密认证信息传送到提供商网络设备。 提供商网络设备将该信息发送到由计算资源服务提供商操作的认证服务，以验证信息的真实性。 如果信息是真实的，认证服务可以重新配置提供商网络设备以允许客户访问计算资源服务提供商提供的一个或多个服务。 验证服务可以向客户发送加密认证信息，以验证计算资源服务提供商的身份。

公开(公告)号：US11803766B1

公开(公告)日：2023-10-31

申请号：US16712242

申请日：2019-12-12

Applicant: Amazon Technologies, Inc.

Inventor： Preethi Srinivasan ,  Sreekanth Reddy Polaka ,  Christopher Wooram Yi ,  John David Backes ,  Everett Richard Anthony ,  Aparna Nagargadde ,  Mark Edward Stalzer

IPC: G06N5/04 ,  H04L9/40 ,  G06F9/455

CPC classification number: G06N5/04 ,  G06F9/45558 ,  H04L63/1433 ,  H04L63/20 ,  G06F2009/45579

Abstract: An automated security assessment service of a service provider network may identify, and notify a customer of, misconfigured VM instances that can be access (e.g., via the Internet). A scanner tool may call an automated reasoning service to identify any VM instances of a customer that can be accessed, and may receive information from the automated reasoning service that is usable to exchange packets with those identified instances. The scanner tool can use the information to send requests to the identified instances. After receiving responses from the identified instances, the scanner tool can store, in storage of a network-based storage service, and in association with a customer account of the customer, encrypted data about the results of the scan (e.g., any VM instances that are vulnerable to attackers), and this encrypted data is thereby accessible to the customer with proper decrypt permissions.

公开(公告)号：US20210142374A1

公开(公告)日：2021-05-13

申请号：US17156363

申请日：2021-01-22

Applicant: Amazon Technologies, Inc.

Inventor： Shuai Ye ,  Mark Edward Stalzer ,  Patrick Brigham Cullen

IPC: G06Q30/04 ,  H04L12/26

Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.