-
公开(公告)号:US11620387B2
公开(公告)日:2023-04-04
申请号:US17321356
申请日:2021-05-14
发明人: Matthew John Campagna , Gregory Alan Rubin , Eric Jason Brandwine , Nicholas Alexander Allen , Andrew Kyle Driggs
摘要: A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“TPM”). The service provider, the host computer systems, and the virtual computing environments generate attestations that prove the integrity of the system. The attestations are signed with a one-time-use cryptographic key that is verifiable against the public keys of the service provider, a host computer system, and a virtual computing environment. The public key of the host computer system is integrated into a hash tree that links the public key of the host computer system to the public key of the service provider. The public key of the virtual computing environment is signed using a one-time-use graphic key issued to the host computer system that hosts the virtual computing environment.
-
公开(公告)号:US11516080B2
公开(公告)日:2022-11-29
申请号:US17119944
申请日:2020-12-11
IPC分类号: H04L41/0816 , H04L45/02 , H04L45/586 , H04L41/12
摘要: Techniques are described for providing managed virtual computer networks that have a configured logical network topology with virtual networking devices, such as by a network-accessible configurable network service, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the virtual networking devices if they were physically present. In some situations, the networking functionality provided for a managed computer network of a client includes receiving routing communications directed to the virtual networking devices and using included routing information to update the configuration of the managed computer network, such as to allow at least some computing nodes of a managed computer network to dynamically signal particular types of uses of one or more indicated target network addresses and/or to dynamically signal use of particular external public network addresses based on such routing information.
-
公开(公告)号:US11477076B2
公开(公告)日:2022-10-18
申请号:US17459955
申请日:2021-08-27
IPC分类号: G06F15/177 , H04L41/0803 , G06F9/455 , H04L67/10 , H04L45/02 , H04L12/46 , H04L41/0806 , H04L41/12 , H04L45/00 , G06F9/50 , H04L61/10 , H04L41/0893 , H04L41/0213
摘要: Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.
-
公开(公告)号:US11245701B1
公开(公告)日:2022-02-08
申请号:US15993455
申请日:2018-05-30
发明人: Eric Jason Brandwine , John Cook
摘要: At an authorization manager, an indication is obtained that a request pre-processing tool has been designated as a validator for a category of requests directed to a network-accessible service. The authorization manager determines, based at least in part on a validation result set indicated in a request of the category, that the request pre-processing tool has verified that the request meets an authorization requirement. The authorization manager approves one or more operations indicated in the request.
-
公开(公告)号:US20210337016A1
公开(公告)日:2021-10-28
申请号:US17371772
申请日:2021-07-09
摘要: A peripheral device includes one or more processors and a memory storing program instructions that when executed implement an extension manager of a virtualized computing service. The extension manager establishes a secure network channel for communications between the peripheral device, which is located at a premise external to a provider network, and a data center of the provider network. The extension manager assigns a network address of the substrate network of the service to a hardware server at the external premise. The substrate address is also assigned to an extension traffic intermediary at the data center. In response to a command directed to the virtualized computing service, one or more compute instance configuration operations are performed at the hardware server.
-
公开(公告)号:US11146627B1
公开(公告)日:2021-10-12
申请号:US16512208
申请日:2019-07-15
IPC分类号: H04L29/08 , H04L12/725
摘要: Systems and methods utilize network destination identifiers, such as IP addresses, that are simultaneously advertised from multiple locations. The network destination identifiers may be announced in multiple geographic regions. Network traffic routed to devices advertising the network destination identifiers may be routed to appropriate endpoints. When a device receives such traffic, it may send the traffic to an endpoint in a network served by the device. In some instances, such as when such an endpoint is not available, the network traffic may be sent to another network that is served by another device that advertises the network destination identifiers.
-
公开(公告)号:US11102189B2
公开(公告)日:2021-08-24
申请号:US14316675
申请日:2014-06-26
发明人: Kevin Ross O'Neill , Gregory B. Roth , Eric Jason Brandwine , Brian Irl Pratt , Bradley Jeffery Behm , Nathan R. Fitch
摘要: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.
-
8.发明授权公开(公告)号:US11063819B2
公开(公告)日:2021-07-13
申请号:US16517446
申请日:2019-07-19
IPC分类号: H04L12/24 , H04L12/46 , H04L12/715 , H04L12/18 , H04L12/761 , H04L12/707
摘要: Techniques are described for managing communications for a managed computer network by using a defined pool of alternative computing nodes of the managed computer network that are configured to operate as intermediate destinations to handle at least some communications that are sent by and/or directed to one or more other computing nodes of the managed computer network. For example, a manager module associated with a source computing node may select a particular alternative intermediate destination computing node from a defined pool to use for one or more particular communications from the source computing node to an indicated final destination, such as based on a configured logical network topology for the managed computer network and/or on one or more other selection criteria (e.g., to enable load balancing between the alternative computing nodes). The manager module then forwards those communications to the selected intermediate destination computing node for further handling.
-
公开(公告)号:US10951586B2
公开(公告)日:2021-03-16
申请号:US15382403
申请日:2016-12-16
摘要: Techniques are described for providing users with access to computer networks, such as to enable users to create and configure computer networks that are provided by a remote configurable network service for the users' use. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to automatically include access control information to limit access to particular resources to computing nodes at the location of that provided computer network.
-
公开(公告)号:US10924482B1
公开(公告)日:2021-02-16
申请号:US14576141
申请日:2014-12-18
摘要: A computing resource service provides flexible configuration of authorization rules. A set of authorization rules which define whether fulfillment of requests. The set of authorization rules are applied to a request of a first type which is mapped to a request of a second type. The request of the second type is used for fulfillment of the request of the first type when the authorization rules so allow.
-
-
-
-
-
-
-
-
-
搜索结果
467 条记录 (耗时 0.036 秒)