公开(公告)号：US08868710B2

公开(公告)日：2014-10-21

申请号：US13339985

申请日：2011-12-29

申请人： Eric W. Schultze ,  Aaron C. Thompson ,  Arijit Ganguly ,  Padmini C. Iyer ,  Tobias L. Holgers ,  Christopher J. Lefelhocz ,  Ian R. Searle

发明人： Eric W. Schultze ,  Aaron C. Thompson ,  Arijit Ganguly ,  Padmini C. Iyer ,  Tobias L. Holgers ,  Christopher J. Lefelhocz ,  Ian R. Searle

IPC分类号： G06F15/173

CPC分类号： H04L47/70 ,  H04L41/00 ,  H04L41/50 ,  H04L61/2007 ,  H04L61/304 ,  H04L61/6068 ,  H04L63/20

摘要： Methods and apparatus for interfaces to manage virtual network interface objects. A system may include resource instances and a network interface virtualization coordinator. Responsive to a record creation request, the coordinator creates an interface records that may include an IP address, subnet information and security properties. The coordinator may, in response to a request to attach the record to a resource instance, enable traffic directed to the IP address to flow to the resource instance. In response to a subsequent detach request, the traffic to the IP address may be disabled at the resource instance. The same interface record may be attached to another resource instance in response to another attach request, enabling traffic directed to the IP address to flow to the second resource instance.

摘要翻译： 用于管理虚拟网络接口对象的接口的方法和设备。 系统可以包括资源实例和网络接口虚拟化协调器。 响应于记录创建请求，协调器创建可以包括IP地址，子网信息和安全属性的接口记录。 协调器可以响应于将记录附加到资源实例的请求，使得指向IP地址的流量流向资源实例。 响应于后续的分离请求，可能在资源实例处禁用到IP地址的流量。 响应于另一附加请求，可以将相同的接口记录附加到另一资源实例，使得指向IP地址的流量能够流向第二资源实例。

公开(公告)号：US20130132545A1

公开(公告)日：2013-05-23

申请号：US13339985

申请日：2011-12-29

申请人： Eric W. Schultze ,  Aaron C. Thompson ,  Arijit Ganguly ,  Padmini C. Iyer ,  Tobias L. Holgers ,  Christopher J. Lefelhocz ,  Ian R. Searle

发明人： Eric W. Schultze ,  Aaron C. Thompson ,  Arijit Ganguly ,  Padmini C. Iyer ,  Tobias L. Holgers ,  Christopher J. Lefelhocz ,  Ian R. Searle

IPC分类号： G06F15/173

CPC分类号： H04L47/70 ,  H04L41/00 ,  H04L41/50 ,  H04L61/2007 ,  H04L61/304 ,  H04L61/6068 ,  H04L63/20

摘要： Methods and apparatus for interfaces to manage virtual network interface objects. A system may include resource instances and a network interface virtualization coordinator. Responsive to a record creation request, the coordinator creates an interface records that may include an IP address, subnet information and security properties. The coordinator may, in response to a request to attach the record to a resource instance, enable traffic directed to the IP address to flow to the resource instance. In response to a subsequent detach request, the traffic to the IP address may be disabled at the resource instance. The same interface record may be attached to another resource instance in response to another attach request, enabling traffic directed to the IP address to flow to the second resource instance.

摘要翻译： 用于管理虚拟网络接口对象的接口的方法和设备。 系统可以包括资源实例和网络接口虚拟化协调器。 响应于记录创建请求，协调器创建可以包括IP地址，子网信息和安全属性的接口记录。 协调器可以响应于将记录附加到资源实例的请求，使得指向IP地址的流量流向资源实例。 响应于后续的分离请求，可能在资源实例处禁用到IP地址的流量。 响应于另一附加请求，可以将相同的接口记录附加到另一资源实例，使得指向IP地址的流量能够流向第二资源实例。

公开(公告)号：US08813225B1

公开(公告)日：2014-08-19

申请号：US13525010

申请日：2012-06-15

申请人： Erik J. Fuller ,  Eric J. Brandwine ,  Christopher J. Lefelhocz ,  Arijit Ganguly ,  Eric W. Schultze

发明人： Erik J. Fuller ,  Eric J. Brandwine ,  Christopher J. Lefelhocz ,  Arijit Ganguly ,  Eric W. Schultze

IPC分类号： H04L29/06

CPC分类号： H04L63/10 ,  H04L63/20 ,  H04L67/16

摘要： Methods and apparatus for provider-arbitrated mandatory access control policies in cloud computing environments are disclosed. A system includes an access manager, and a plurality of resources configurable to provide a plurality of distributed, web-accessible services. Each service has a respective service manager. The access manager determines whether a mandatory access control policy document specified by a service manager of a particular service applies to an administration request, wherein the policy indicates that a permission setting for a resource being used to implement at least a portion of the particular service cannot be modified by a client with administrative rights on the resource. In response to determining that the policy document applies, and that an evaluation of the policy document indicates that an administrative operation specified in the administration request is prohibited by the policy, the access manager rejects the administration request.

摘要翻译： 披露了云计算环境中提供者仲裁强制访问控制策略的方法和设备。 系统包括访问管理器和可配置为提供多个分布式的web访问服务的多个资源。 每个服务都有相应的服务经理。 访问管理器确定由特定服务的服务管理器指定的强制访问控制策略文档是否适用于管理请求，其中策略指示用于实现特定服务的至少一部分的资源的许可设置不能 由具有资源管理权限的客户端修改。 响应于确定策略文档的适用，并且对策略文档的评估表明该策略禁止在管理请求中指定的管理操作，则访问管理器拒绝管理请求。

公开(公告)号：US09438556B1

公开(公告)日：2016-09-06

申请号：US13461661

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/177 ,  H04L29/12

CPC分类号： H04L61/2007 ,  G06F9/45558 ,  G06F2009/4557 ,  H04L61/2514

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09450967B1

公开(公告)日：2016-09-20

申请号：US13461596

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/177 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L63/126 ,  H04L41/08 ,  H04L41/0823 ,  H04L41/5041 ,  H04L63/0218 ,  H04L63/1458 ,  H04L63/20

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09294437B1

公开(公告)日：2016-03-22

申请号：US13461478

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/173 ,  H04L29/06

CPC分类号： H04L63/00 ,  H04L63/0272 ,  H04L63/0281 ,  H04L63/1458 ,  H04L63/20

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09288182B1

公开(公告)日：2016-03-15

申请号：US13461566

申请日：2012-05-01

申请人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

发明人： Arijit Ganguly ,  Andrew B. Dickinson ,  Christopher J. Lefelhocz ,  Manish Agarwal ,  Ian R. Searle ,  Eric Jason Brandwine

IPC分类号： G06F15/173 ,  H04L29/06 ,  H04L12/24

CPC分类号： H04L63/00 ,  H04L41/022 ,  H04L63/0272 ,  H04L63/1441 ,  H04L63/1458 ,  H04L63/20

摘要： A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

摘要翻译： 代表客户实体实现网络网关。 网络网关可以使用分布式计算机系统来实现，并且网络网关可以将客户实体的网络连接到公共通信网络。 网络网关可以包括网络相关服务，而不需要添加专门的硬件。 响应于从客户实体接收到的指令，网络网关可以以编程方式提供。 网络网关可以通过几种不同类型的数据连接进行配置和访问。 网络网关凭借在分布式计算机系统上的实现，可根据需要进行扩展，而无需客户实体的额外输入。

公开(公告)号：US09055117B1

公开(公告)日：2015-06-09

申请号：US13246532

申请日：2011-09-27

申请人： Andrew B. Dickinson ,  Arijit Ganguly ,  Benjamin Tobler ,  Faisal M. Bhamani ,  Christopher J. Lefelhocz ,  Colin J. Whittaker

发明人： Andrew B. Dickinson ,  Arijit Ganguly ,  Benjamin Tobler ,  Faisal M. Bhamani ,  Christopher J. Lefelhocz ,  Colin J. Whittaker

IPC分类号： G06F15/16 ,  H04L29/12

CPC分类号： H04L61/2517 ,  G06F9/45558 ,  G06F2009/45595 ,  H04L61/2503 ,  H04L61/2514 ,  H04L61/2532 ,  H04L61/2557

摘要： Systems and methods are disclosed that facilitate the management of network address information utilized by hosted computing devices. Each host computing device includes a local network and port address management component that is configured with port address translation information for the specific host computing device. Additionally, one or more edge computing devices also include a local network and port address management component that is configured with network and port address translation information. The network and port address translation information facilitates the correlation of internal network address information associated with a virtual machine instance with a tuple of an externally accessible network address and port address information. The local network and port address translation management components utilize the network and port address translation information to translate communication requests to and from the virtual machine instances without requiring a centralized network and port address translation component.

摘要翻译： 公开了有助于托管计算设备使用的网络地址信息的管理的系统和方法。 每个主机计算设备包括配置有特定主机计算设备的端口地址转换信息的本地网络和端口地址管理组件。 此外，一个或多个边缘计算设备还包括配置有网络和端口地址转换信息的本地网络和端口地址管理组件。 网络和端口地址转换信息有助于将与虚拟机实例相关联的内部网络地址信息与外部可访问网络地址和端口地址信息的元组相关联。 本地网络和端口地址转换管理组件利用网络和端口地址转换信息来转换来自虚拟机实例的通信请求，而不需要集中的网络和端口地址转换组件。