公开(公告)号：US09705881B2

公开(公告)日：2017-07-11

申请号：US14098298

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Guruprakash Bangalore Rao ,  Thomas Christopher Rizzo ,  Gaurang Pankaj Mehta

IPC: H04L29/06

Abstract: A customer of a computing resource service provider may utilize a set of credentials to request creation of an identity pool within a managed directory service. Accordingly, the managed directory service may create the identity pool. Instead of having the customer create a separate account within this identity pool, the managed directory service may create a shadow administrator account within the identity pool, which may be used to manage other users and resources in the identity pool within the managed directory service. The managed directory service further exposes an application programming interface command that may be used to obtain a set of credentials for accessing the shadow administrator account. The customer may use this command to receive the set of credentials and access the shadow administrator account. Accordingly, the customer can manage users and resources in the identity pool within the managed directory service.

公开(公告)号：US09407615B2

公开(公告)日：2016-08-02

申请号：US14098341

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Gaurang Pankaj Mehta ,  Venakta N. S. S. Harsha Koonaparaju ,  Thomas Christopher Rizzo ,  Guruprakash Bangalore Rao

IPC: H04L29/06 ,  G06F21/00 ,  G06F15/16 ,  G06F7/04 ,  H04L9/32

CPC classification number: H04L63/08 ,  G06F9/45558 ,  G06F21/41 ,  G06F21/6218 ,  G06F2009/45587 ,  G06F2009/45595 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/10 ,  H04L63/102 ,  H04L63/104 ,  H04L63/105 ,  H04L63/20 ,  H04L67/02 ,  H04L67/10 ,  H04L67/306

Abstract: A user may utilize a set of credentials to access, through a managed directory service, one or more services provided by a computing resource service provider. The managed directory service may be configured to identify one or more policies applicable to the user. These policies may define the level of access to the one or more services provided by the computing resource service provider. Based at least in part on these policies, the managed directory service may transmit a request to an identity management system to obtain a set of temporary credentials that may be used to enable the user to access the one or more services. Accordingly, the managed directory service may be configured to enable the user, based at least in part on the policies and the set of temporary credentials, to access an interface, which can be used to access the one or more services.

Abstract translation: 用户可以利用一组凭证来通过托管目录服务访问由计算资源服务提供商提供的一个或多个服务。 托管目录服务可以被配置为识别适用于用户的一个或多个策略。 这些策略可以定义对由计算资源服务提供商提供的一个或多个服务的访问级别。 至少部分地基于这些策略，托管目录服务可以向身份管理系统发送请求以获得可以用于使得用户访问一个或多个服务的一组临时凭证。 因此，托管目录服务可以被配置为至少部分地基于策略和一组临时凭证来使用户能够访问可以用于访问一个或多个服务的接口。

公开(公告)号：US20160094584A1

公开(公告)日：2016-03-31

申请号：US14499714

申请日：2014-09-29

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Krithi Rai ,  Guruprakash Bangalore Rao

IPC: H04L29/06 ,  G06F21/44

CPC classification number: H04L63/205 ,  G06F21/44 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6209 ,  G06F21/6218 ,  H04L61/1505 ,  H04L63/10 ,  H04L63/20

Abstract: Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-premises or off-premises, and the applications can access the directories via the directory management system regardless of the physical location of the directories. Additionally, the applications may be hosted by a computing service provider that also hosts or otherwise manages the directory management service, or the applications can be hosted by third-party servers separate from the directory management system and the organizations.

Abstract translation: 公开了用于通过集中式目录管理系统来管理多个组织的网络目录的特征。 各种应用程序可以通过目录管理系统根据各个组织授予的应用程序的权限来访问组织的目录。 组织可以在内部或外部维护目录，并且应用程序可以通过目录管理系统访问目录，而不管目录的物理位置如何。 此外，应用程序可以由还承载或以其他方式管理目录管理服务的计算服务提供商托管，或者可以由与目录管理系统和组织分离的第三方服务器托管应用程序。

公开(公告)号：US20150160956A1

公开(公告)日：2015-06-11

申请号：US14098323

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Gaurang Pankaj Mehta ,  Thomas Christopher Rizzo ,  Guruprakash Bangalore Rao

IPC: G06F9/455

CPC classification number: G06F9/45533 ,  G06F2221/2113 ,  H04L41/5096 ,  H04L63/08 ,  H04L63/10

Abstract: A customer utilizes an interface provided by a virtual computer system service to provision a virtual machine instance and join this instance to a directory. The interface may have previously obtained the domain name and the Internet Protocol addresses for one or more directories available to the customer for joining the virtual machine instance. The virtual computer system service may communicate with a managed directory service to obtain a set of temporary credentials that may be used to transmit a request to the directory to allow joining of the virtual machine instance. Upon provisioning of the instance, an agent operating within the instance may be configured to obtain the domain name and Internet Protocol addresses for the directory to establish a connection with the directory. The agent may also be configured to obtain the set of temporary credentials to transmit a request to the directory for joining of the instance.

Abstract translation: 客户利用由虚拟计算机系统服务提供的接口来配置虚拟机实例并将此实例加入目录。 接口可能之前已经获得了用于加入虚拟机实例的客户可用的一个或多个目录的域名和互联网协议地址。 虚拟计算机系统服务可以与被管理的目录服务进行通信，以获得一组临时凭证，这些临时凭证可用于将请求发送到目录以允许加入虚拟机实例。 在提供实例之后，在实例中操作的代理可以被配置为获得用于建立与目录的连接的目录的域名和Internet协议地址。 代理还可以被配置为获得一组临时凭证以将请求发送到用于加入该实例的目录。

公开(公告)号：US10511566B2

公开(公告)日：2019-12-17

申请号：US14098454

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Thomas Christopher Rizzo ,  Gaurang Pankaj Mehta ,  Guruprakash Bangalore Rao ,  Sameer Palande ,  Krithi Rai

IPC: H04L29/12 ,  G06F9/455 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L12/24

Abstract: Techniques for connecting computer system entities to remotely extended local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service extends the local computer system resource to a corresponding extended remote computer system resource, receives commands to perform operations on the local or extended remote computer system resources and, if the computer system entity is authorized to perform the operations on the appropriate computer system resource, the managed directory service performs the operations on the appropriate computer system resource.

公开(公告)号：US10375013B2

公开(公告)日：2019-08-06

申请号：US14098450

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Krithi Rai ,  Guruprakash Bangalore Rao ,  Thomas Christopher Rizzo ,  Colin Harrison Brace ,  Gaurang Pankaj Mehta ,  Sameer Palande ,  Deepak Suryanarayanan

IPC: H04L29/12 ,  G06F9/455 ,  H04L29/06 ,  G06F21/60 ,  H04L29/08 ,  H04L12/24

Abstract: Techniques for connecting computer system entities to local computer system resources are described herein. A computer system entity that requests access to a local computer system resource has that request fulfilled by a managed directory service, which receives the request and connects the computer system entity to the local computer system resource. While connected, the managed directory service receives commands to perform operations on the local computer system resource and, if the computer system entity is authorized to perform the operations on the local computer system resource, the managed directory service performs the operations on the local computer system resource.

公开(公告)号：US20150135272A1

公开(公告)日：2015-05-14

申请号：US14098298

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Guruprakash Bangalore Rao ,  Thomas Christopher Rizzo ,  Gaurang Pankaj Mehta

IPC: H04L29/06

CPC classification number: H04L63/10 ,  G06F2221/2113 ,  H04L63/08 ,  H04L67/025

Abstract: A customer of a computing resource service provider may utilize a set of credentials to request creation of an identity pool within a managed directory service. Accordingly, the managed directory service may create the identity pool. Instead of having the customer create a separate account within this identity pool, the managed directory service may create a shadow administrator account within the identity pool, which may be used to manage other users and resources in the identity pool within the managed directory service. The managed directory service further exposes an application programming interface command that may be used to obtain a set of credentials for accessing the shadow administrator account. The customer may use this command to receive the set of credentials and access the shadow administrator account. Accordingly, the customer can manage users and resources in the identity pool within the managed directory service.

Abstract translation: 计算资源服务提供商的客户可以使用一组凭证来请求在受管理目录服务内创建身份池。 因此，托管目录服务可以创建身份池。 托管目录服务可以在身份池内创建一个影子管理员帐户，而不是让客户在该身份池中创建一个单独的帐户，而这可以用于管理托管目录服务中的身份池中的其他用户和资源。 托管目录服务进一步公开一个应用程序编程接口命令，该命令可用于获取一组用于访问影子管理员帐户的凭据。 客户可以使用此命令来接收一组凭据并访问影子管理员帐户。 因此，客户可以管理托管目录服务内的身份池中的用户和资源。

公开(公告)号：US20150134800A1

公开(公告)日：2015-05-14

申请号：US14098445

申请日：2013-12-05

Applicant: Amazon Technologies, Inc.

Inventor： Shon Kiran Shah ,  Guruprakash Bangalore Rao ,  Gaurang Pankaj Mehta ,  Thomas Christopher Rizzo ,  Sameer Palande ,  Krithi Rai

IPC: H04L12/24

Abstract: Techniques for connecting computer system entities to remote computer system resources are described herein. A computer system entity that requests access to a remote computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the remote computer system resource. While connected, the managed directory service receives commands to perform operations on the remote computer system resource and, if the computer system entity is authorized to perform the operations on the remote computer system resource, the managed directory service performs the operation on the remote computer system resource.

Abstract translation: 本文描述了将计算机系统实体连接到远程计算机系统资源的技术。 请求访问远程计算机系统资源的计算机系统实体具有由接收请求并将计算机系统实体连接到远程计算机系统资源的受管目录服务实现的请求。 管理目录服务连接时，接收对远程计算机系统资源执行操作的命令，如果计算机系统实体被授权对远程计算机系统资源执行操作，则托管目录服务会在远程计算机系统上执行操作 资源。

公开(公告)号：US11310116B2

公开(公告)日：2022-04-19

申请号：US16512170

申请日：2019-07-15

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Sameer Palande

IPC: G06F15/173 ,  H04L41/14 ,  H04L43/08 ,  H04L47/70 ,  G06Q10/00 ,  H04L41/0816 ,  H04L41/08 ,  H04L41/0893 ,  H04L43/0876

Abstract: Features are disclosed for facilitating remote management of network directories of organizations by a directory management system. The network directories may change over time, experiencing growth in size and number of current connections, increased latency, reduced performance, and the like. The network directories may also shrink over time, experience fewer connections, etc. Organizations can define scaling policies by which the directory management system can automatically respond to the occurrence of various events, such as changes in the size or usage of the organizations' network directories, by scaling resources associated with the directories. The directory management system can perform various scaling actions on-demand or without requiring additional action by the organizations, thereby reducing the time and effort required by the organizations to monitor their own directories and implement (or request implementation of) changes.

公开(公告)号：US10652235B1

公开(公告)日：2020-05-12

申请号：US16291511

申请日：2019-03-04

Applicant: Amazon Technologies, Inc.

Inventor： Gaurang Pankaj Mehta ,  Shon Kiran Shah ,  Neelam Satish Agrawal ,  Lawrence Hun-Gi Aung

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08 ,  G06Q10/00

Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. An entity responsible for the administration of a directory made available through a managed directory service may specify one or more policies for users and/or groups of users that utilize the directory. For example, the managed directory service may include a policy management subsystem that manages a set of policies for users and/or groups of users that controls a level of access to applications and services. Administrators can assign one or more policies to a user or a group of users and users can select one or more policies provided to the user by the administrator when attempting to access an application or service.