公开(公告)号：US12184504B1

公开(公告)日：2024-12-31

申请号：US17836795

申请日：2022-06-09

Applicant: Amazon Technologies, Inc.

Inventor： Didier Germain Durand ,  Ilia Gilderman

IPC: H04L41/14 ,  G06F8/76 ,  H04L41/12 ,  H04L43/08

Abstract: Remapping mainframe functional components from a mainframe computing environment onto a network of distinct but communicating accounts of a provider network. The mainframe computer (or network of such computers) is analyzed hierarchically through one or more of physical separation between logical partitions (LPARs), LPARs within the mainframe computer(s), separation of batch and transactional workloads, separation of batch and transactional accounts, or security of the mainframe architecture. Mainframe application artifacts obtained through the analyzing are used to generate a graph model representing relationships among the mainframe application artifacts. The graph model includes nodes representing the mainframe application artifacts and edges connecting pairs of the mainframe application artifacts, where the edges represent use relationships between the pairs of mainframe application artifacts. The nodes are then clustered, where the clusters represent sets of mainframe artifacts having high density of use relationships, and the clusters correspond to the distinct accounts in the provider network.

公开(公告)号：US10185727B1

公开(公告)日：2019-01-22

申请号：US14985132

申请日：2015-12-30

Applicant: Amazon Technologies, Inc.

Inventor： Jeremiah Wilton ,  Ilia Gilderman ,  John MacDonald Winford

IPC: G06F17/30

Abstract: Data is migrated between a source database and a target database. The source database management system (“DBMS”) remains operational during the migration. A user selects the source DBMS and target DBMS, provides connection information used to connect to the database management systems and selects a virtual machine instance to perform the migration in conjunction with a database migration service. After the setup is complete, the virtual machine instance in conjunction with the database migration service performs data type transformations, and other operations, without user intervention. The database migration service also converts, without user intervention, the source schema and code to a format compatible with the target DBMS. Any code that is not converted is marked to assist the user of the database migration service identify where manual re-coding is required. The database migration service can also provide recommendations as to a target DBMS that is a suitable target DBMS.

公开(公告)号：US12111940B1

公开(公告)日：2024-10-08

申请号：US17457640

申请日：2021-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Didier Germain Durand ,  Ilia Gilderman

IPC: G06F21/60 ,  G06F9/50

CPC classification number: G06F21/604 ,  G06F9/5027

Abstract: Systems, devices, and methods are provided for authorizing access to operating system resources using security policies managed by a service external to the operating system. An operating system may be provisioned with a kernel-mode component that intercepts system calls from applications, determines a request context for the system call, and sends a request to an external policy management service. The policy management service may be used to perform a policy evaluation to determine whether to grant access to operating system resources. In some cases, policies are cached by the operating system. In various examples, the operating system and policy management service are both hosted on resources managed by a computing resource service provider on behalf of a customer to run mainframe workloads.

公开(公告)号：US11943261B1

公开(公告)日：2024-03-26

申请号：US17457642

申请日：2021-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Didier Germain Durand ,  Ilia Gilderman

IPC: H04L41/0894 ,  G06F21/44 ,  H04L9/40 ,  G06F21/62

CPC classification number: H04L63/205

Abstract: Systems, devices, and methods are provided for determining whether security assurances are satisfied by security policies that are used to control access to resources used by a mainframe application. A system may use a database to store a plurality of security policies that may comprise security polices of various resources used by mainframes, including resources managed by operating systems and database systems. A reference policy that corresponds to the security assurance being sought may be determined. The security policies may be evaluated using a satisfiability modulo theories (SMT) solver to determine whether the security policies are equally or less permissive than the reference policy.

公开(公告)号：US12055999B2

公开(公告)日：2024-08-06

申请号：US17244404

申请日：2021-04-29

Applicant: Amazon Technologies, Inc.

Inventor： Ilia Gilderman ,  Eran Schitzer ,  Priyesh Ranjan Tiwari ,  Oded Sharon ,  Damodar Shetyo ,  Shruthi Ramakrishnan ,  Zachary Adam Bienenfeld ,  Ben Fedidat ,  Dmitrij Semionov ,  Haim Sharabani ,  Zhifeng Wang

IPC: G06F11/00 ,  G06F8/65 ,  G06F11/07 ,  G06F11/22 ,  G06Q10/0637 ,  G06Q10/0639 ,  G06Q30/018

CPC classification number: G06F11/079 ,  G06F8/65 ,  G06F11/076 ,  G06F11/0793 ,  G06F11/2289 ,  G06Q10/06375 ,  G06Q10/06393 ,  G06F11/00 ,  G06F2212/1032 ,  G06Q30/018

Abstract: The reliability of an application is improved by analyzing and implementing changes to application infrastructure that is represented, in some examples, as Infrastructure as Code (“IAC”). The system performs various tests on the infrastructure to determine how the infrastructure responds to failures and whether recovery procedures and monitoring services in place are effective and functioning properly. Various examples provide a measure of infrastructure resiliency that can be used to evaluate potential changes to application infrastructure.

公开(公告)号：US11016954B1

公开(公告)日：2021-05-25

申请号：US15694624

申请日：2017-09-01

Applicant: Amazon Technologies, Inc.

Inventor： Rostislav Babocichin ,  Alexey Gershun ,  Ilia Gilderman ,  Parker J. Lord ,  John MacDonald Winford

IPC: G06F16/21 ,  G06F16/25

Abstract: Distributed extraction of data for migration may be implemented for migrating data sets from a first data store to a second data store. Assignments may be determined for different migration agents to obtain and store the data set in the second data store along with a format for storing the assigned data set portions. The migration agents may then be caused to obtain the assigned portions and store the assigned portions in the second data store according to the identified format. Further operations to request or direct the ingestion of the data set from the second data store may be performed by migration agents with respect to a third data store that performs data ingestion.

公开(公告)号：US10963435B1

公开(公告)日：2021-03-30

申请号：US15653871

申请日：2017-07-19

Applicant: Amazon Technologies, Inc.

Inventor： Grant Alexander Macdonald McAlister ,  Edward Paul Murray ,  Nicolas Anton Medhurst Hertl ,  Ilia Gilderman ,  Jeremiah C. Wilton ,  John MacDonald Winford ,  Satheesh Peringandookaran Subramanian

IPC: G06F16/21 ,  G06F11/07 ,  G06F11/16 ,  G06F16/11

Abstract: A method and system for validating data migrated from a source database to a target database and storing validation metrics resulting from validating the data are described. The system receives validation information to be used to validate data to be migrated from a source database to a target database. The system validates the data using the validation information and stores validation metrics resulting from validating the data.

公开(公告)号：US20230177201A1

公开(公告)日：2023-06-08

申请号：US17457635

申请日：2021-12-03

Applicant: Amazon Technologies, Inc.

Inventor： Didier Germain Durand ,  Ilia Gilderman

IPC: G06F21/62 ,  G06F16/2455

CPC classification number: G06F21/6227 ,  H04L63/205 ,  G06F16/24552 ,  G06F2221/2141

Abstract: Systems, devices, and methods are provided for authorizing access to database management system (DBMS) resources using security policies managed by a service external to the DBMS. A DBMS may be provisioned to obtain a database request, identify one or more securable resources that from applications, determines a request context for the system call, and sends a request to an external policy management service. The policy management service may be used to perform a policy evaluation to determine whether to grant access to the securable resources. In some cases, policies are cached by the DBMS. In various examples, the DBMS and policy management service are both hosted on resources managed by a computing resource service provider on behalf of a customer to run mainframe workloads.

公开(公告)号：US11615061B1

公开(公告)日：2023-03-28

申请号：US16054686

申请日：2018-08-03

Applicant: Amazon Technologies, Inc.

Inventor： Sameer Malik ,  Danial George Neault ,  Rostislav Babocichin ,  Harpreet Kaur Chawla ,  Knievel Co ,  Ilia Gilderman ,  Ramya Kaushik ,  Edward Paul Murray ,  Siva Raghupathy ,  Venu Reddy ,  Samujjwal Roy ,  Eran Schitzer ,  Michael D. Soo ,  Arun Kumar Thiagarajan ,  John Winford ,  Chen Zhang

IPC: G06F16/21 ,  G06F9/50 ,  G06F16/25

Abstract: A workload of a database may be evaluated to provide a database migration recommendation. A request for a recommendation to migrate a database to a new host may be received. An evaluation of the workload of a client application of the database at a current host may be performed. The migration recommendation may be returned based on the evaluation of the workload of the client application of the database. In some embodiments, the migration recommendation may trigger an automated migration of the database to the new host.

公开(公告)号：US20220171667A1

公开(公告)日：2022-06-02

申请号：US17244404

申请日：2021-04-29

Applicant: Amazon Technologies, Inc.

Inventor： Ilia Gilderman ,  Eran Schitzer ,  Priyesh Ranjan Tiwari ,  Oded Sharon ,  Damodar Shetyo ,  Shruthi Ramakrishnan ,  Zachary Adam Bienenfeld ,  Ben Fedidat ,  Dmitrij Semionov ,  Haim Sharabani ,  Zhifeng Wang

IPC: G06F11/07 ,  G06F8/65 ,  G06Q10/06

Abstract: The reliability of an application is improved by analyzing and implementing changes to application infrastructure that is represented, in some examples, as Infrastructure as Code (“IAC”). The system performs various tests on the infrastructure to determine how the infrastructure responds to failures and whether recovery procedures and monitoring services in place are effective and functioning properly. Various examples provide a measure of infrastructure resiliency that can be used to evaluate potential changes to application infrastructure.