Storage gateway activation process
    1.
    发明授权
    Storage gateway activation process 有权
    存储网关激活过程

    公开(公告)号:US08806588B2

    公开(公告)日:2014-08-12

    申请号:US13174513

    申请日:2011-06-30

    IPC分类号: H04L29/06

    摘要: Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider.

    摘要翻译: 用于激活到远程服务提供商的网关的方法,装置和计算机可访问的存储介质。 网关用作客户网络和提供商之间的进程之间的接口,例如将客户数据存储到远程数据存储。 网关向提供商发送描述网关的公开密钥和元数据。 网关从提供商接收激活密钥,并在客户网络上公开激活密钥。 客户获得密钥并使用密钥向提供商进行通信,以提供客户信息,包括网关的名称并授权网关的注册。 提供商向网关提供客户信息。 网关使用客户信息和密钥从提供商请求安全凭证。 提供商向网关发送安全凭证。 然后,网关可以经由提供商从客户获得配置信息。

    Storage Gateway Activation Process
    2.
    发明申请
    Storage Gateway Activation Process 有权
    存储网关激活过程

    公开(公告)号:US20130007854A1

    公开(公告)日:2013-01-03

    申请号:US13174513

    申请日:2011-06-30

    IPC分类号: H04L29/06

    摘要: Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider.

    摘要翻译: 用于激活到远程服务提供商的网关的方法,装置和计算机可访问的存储介质。 网关用作客户网络和提供商之间的进程之间的接口,例如将客户数据存储到远程数据存储。 网关向提供商发送描述网关的公开密钥和元数据。 网关从提供商接收激活密钥,并在客户网络上公开激活密钥。 客户获得密钥并使用密钥向提供商进行通信,以提供客户信息,包括网关的名称并授权网关的注册。 提供商向网关提供客户信息。 网关使用客户信息和密钥从提供商请求安全凭证。 提供商向网关发送安全凭证。 然后,网关可以经由提供商从客户获得配置信息。

    Remote storage gateway management using gateway-initiated connections
    3.
    发明授权
    Remote storage gateway management using gateway-initiated connections 有权
    使用网关发起的连接的远程存储网关管理

    公开(公告)号:US08601134B1

    公开(公告)日:2013-12-03

    申请号:US13174524

    申请日:2011-06-30

    IPC分类号: G06F15/16

    摘要: Methods, apparatus, and computer-accessible storage media for remotely managing a gateway that serves as an interface between processes on a customer network and a service provider, for example to store data to a remote data store. The gateway sends a connection request to a gateway control server. The server holds the connection until the server receives information (e.g., information from the customer sent via the service provider) for the gateway. The server sends the information as requests via the gateway-initiated connection, and continues to hold the connection. If a server receives information for a gateway to which it does not hold a connection, the server sends the information to the server that does hold the connection. The server may either discover the appropriate server via a registration service that registers connections to gateways or broadcast the information to peer servers identified through a registration service.

    摘要翻译: 用于远程管理网关的方法,装置和计算机可访问的存储介质,所述网关用作客户网络和服务提供商上的进程之间的接口,例如将数据存储到远程数据存储。 网关向网关控制服务器发送连接请求。 服务器保持连接,直到服务器接收到网关的信息(例如,经由服务提供商发送的客户的信息)。 服务器通过网关发起的连接发送请求的信息,并继续保持连接。 如果服务器接收到不具有连接的网关的信息,则服务器将信息发送到承载连接的服务器。 服务器可以通过注册服务发现适当的服务器,注册服务注册与网关的连接,或者通过注册服务将对该服务器的信息广播到对等服务器。

    Shadowing Storage Gateway
    4.
    发明申请
    Shadowing Storage Gateway 有权
    阴影存储网关

    公开(公告)号:US20130007219A1

    公开(公告)日:2013-01-03

    申请号:US13174505

    申请日:2011-06-30

    IPC分类号: G06F15/16

    摘要: Methods, apparatus, and computer-accessible storage media for shadowing data stored on a local store to a remote store provided by a service provider. A gateway may be configured as a shadowing gateway on a customer network in response to receiving configuration information. The shadowing gateway may receive reads and writes to the local store. The gateway passes the requests to the local store, and also uploads write data indicated by the writes to the service provider to update a snapshot of the local store maintained by the service provider on the remote store. The write data may be buffered to a write log for uploading, and may be uploaded as blocks according to a block storage format used by the service provider. The shadowing process may be transparent to processes on the customer network. The shadowed data may be used to recover data on the local store.

    摘要翻译: 方法,装置和计算机可访问的存储介质,用于将存储在本地存储器上的数据映射到由服务提供商提供的远程存储器。 响应于接收配置信息,网关可以被配置为客户网络上的遮蔽网关。 阴影网关可以接收对本地商店的读取和写入。 网关将请求传递到本地商店,并将写入指示的写入数据上传到服务提供商以更新由远程商店上的服务提供商维护的本地商店的快照。 写入数据可以被缓冲到用于上传的写入日志中,并且可以根据服务提供商使用的块存储格式作为块上传。 阴影过程对客户网络上的流程可能是透明的。 阴影数据可用于恢复本地存储上的数据。

    Shadowing storage gateway
    5.
    发明授权
    Shadowing storage gateway 有权
    阴影存储网关

    公开(公告)号:US09294564B2

    公开(公告)日:2016-03-22

    申请号:US13174505

    申请日:2011-06-30

    摘要: Methods, apparatus, and computer-accessible storage media for shadowing data stored on a local store to a remote store provided by a service provider. A gateway may be configured as a shadowing gateway on a customer network in response to receiving configuration information. The shadowing gateway may receive reads and writes to the local store. The gateway passes the requests to the local store, and also uploads write data indicated by the writes to the service provider to update a snapshot of the local store maintained by the service provider on the remote store. The write data may be buffered to a write log for uploading, and may be uploaded as blocks according to a block storage format used by the service provider. The shadowing process may be transparent to processes on the customer network. The shadowed data may be used to recover data on the local store.

    摘要翻译: 方法,装置和计算机可访问的存储介质,用于将存储在本地存储器上的数据映射到由服务提供商提供的远程存储器。 响应于接收配置信息,网关可以被配置为客户网络上的遮蔽网关。 阴影网关可以接收对本地商店的读取和写入。 网关将请求传递到本地商店,并将写入指示的写入数据上传到服务提供商以更新由远程商店上的服务提供商维护的本地商店的快照。 写入数据可以被缓冲到用于上传的写入日志中,并且可以根据服务提供商使用的块存储格式作为块上传。 阴影过程对客户网络上的流程可能是透明的。 阴影数据可用于恢复本地存储上的数据。

    Storage gateway security model
    6.
    发明授权
    Storage gateway security model 有权
    存储网关安全模型

    公开(公告)号:US08639921B1

    公开(公告)日:2014-01-28

    申请号:US13174489

    申请日:2011-06-30

    IPC分类号: H04L9/00

    摘要: Methods, apparatus, and computer-accessible storage media for implementing a gateway to a remote service provider according to a security model. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. The model may include an activation process initiated by the gateway to register with the provider and associate the gateway with a customer account; the gateway is provided with security credentials. The model may also include establishing secure connections to external processes, for example processes of the service provider. The gateway initiates connections; the external processes do not initiate connections. The model may also include the customer managing the gateway through the service provider. The model may also include encrypting communications between the gateway and the provider and the gateway including security credentials in communications to the provider.

    摘要翻译: 用于根据安全模型实现到远程服务提供商的网关的方法,装置和计算机可访问存储介质。 网关用作客户网络和提供商之间的进程之间的接口,例如将客户数据存储到远程数据存储。 该模型可以包括由网关发起的激活过程,以向该提供商注册,并将该网关与一个客户账户相关联; 网关提供安全凭证。 该模型还可以包括建立到外部进程的安全连接,例如服务提供商的进程。 网关启动连接; 外部进程不启动连接。 该模型还可以包括通过服务提供商管理网关的客户。 该模型还可以包括加密网关和提供商之间的通信,并且网关包括与提供商的通信中的安全凭证。

    Service and APIs for remote volume-based block storage

    公开(公告)号:US09635132B1

    公开(公告)日:2017-04-25

    申请号:US13327605

    申请日:2011-12-15

    IPC分类号: G06F15/16 H04L29/08 H04L29/06

    摘要: Methods, apparatus, and computer-accessible storage media for providing a volume-based block storage service and application programming interfaces (APIs) to the service. A block storage service and block storage service APIs may allow processes (applications or appliances) on the service client network to leverage remote, volume-based block storage provided by the service provider. The APIs may provide a standard interface to volume-based block storage operations on a remote data store. The service provider, the service clients, and/or third parties may develop various applications and/or appliances that may, for example, be instantiated in service clients' local networks and that leverage the block storage service via the APIs to create and manage volumes and snapshots on the remote data store and to upload and download data from the volumes and snapshots on the remote data store.

    System and method for distributed load balancing with load balancer clients for hosts
    8.
    发明授权
    System and method for distributed load balancing with load balancer clients for hosts 有权
    用于主机负载平衡器客户端的分布式负载平衡的系统和方法

    公开(公告)号:US09055076B1

    公开(公告)日:2015-06-09

    申请号:US13167557

    申请日:2011-06-23

    IPC分类号: G06F15/173 H04L29/08

    摘要: Embodiments may include a load balancer configured to, for a given packet received from a remote client, select a host computer of a plurality of host computers according to a load balancing protocol, the selection based on load information updates received from the plurality of host computers. Each load information update may indicate a measure of the respective host computer's capacity to service additional connections with remote clients. The load balancer may provide the given packet to the selected host computer for processing by an application component on the selected host computer, and subsequent to determining that a specific application component on one of the plurality of host computers does not have capacity for additional connections based on the load information updates, continue to send packets for existing connections serviced by the specific application component to the respective host computer without sending packets for new connections to that host computer.

    摘要翻译: 实施例可以包括:负载平衡器,被配置为,对于从远程客户端接收的给定分组,根据负载平衡协议选择多个主机计算机的主计算机,所述选择基于从所述多个主机计算机接收的负载信息更新 。 每个负载信息更新可以指示相应主计算机服务于与远程客户端的附加连接的能力的度量。 负载平衡器可以向所选择的主计算机提供给定的分组以供所选择的主计算机上的应用组件处理,然后在确定多个主计算机之一上的特定应用组件不具有用于附加连接的能力的基础上 在负载信息更新中,继续向特定应用程序组件发送的现有连接的数据包发送到相应的主机,而不会向该主机发送新连接的数据包。

    System and method for distributed load balancing with distributed direct server return
    9.
    发明授权
    System and method for distributed load balancing with distributed direct server return 有权
    使用分布式直接服务器返回进行分布式负载平衡的系统和方法

    公开(公告)号:US08812727B1

    公开(公告)日:2014-08-19

    申请号:US13167555

    申请日:2011-06-23

    IPC分类号: G06F15/173 G06F15/16

    摘要: Embodiments may include a load balancer that receives a request packet sent by a remote client to an original destination address of multiple network addresses serviced by the load balancer, and selects according to a load balancing protocol, a host computer of a plurality of host computers to process the request. The load balancer may, from among a plurality of ports on the selected host computer, select a particular port having a one-to-one association with the original destination address, the association specified by mapping information accessible to the load balancer, and send the request packet to the selected port on the selected host computer. The mapping information accessible to the selected host computer specifies a one-to-one association between the selected port and the original destination address. Sending the request packet to the selected port conveys that address to the selected server without that address being included in that packet.

    摘要翻译: 实施例可以包括:负载平衡器,其接收由远程客户端发送到由负载平衡器服务的多个网络地址的原始目的地地址的请求分组,并且根据负载平衡协议选择多个主机的主计算机, 处理请求。 负载平衡器可以在所选择的主计算机上的多个端口中选择与原始目的地地址具有一对一关联的特定端口,该关联由负载平衡器可访问的映射信息指定,并发送 请求数据包到所选主机上的所选端口。 所选主机可访问的映射信息指定所选端口与原始目的地址之间的一对一关联。 将请求分组发送到所选择的端口将该地址传送到所选择的服务器,而不包括在该分组中的那个地址。

    Methods and apparatus for controlling snapshot exports
    10.
    发明授权
    Methods and apparatus for controlling snapshot exports 有权
    用于控制快照导出的方法和设备

    公开(公告)号:US08789208B1

    公开(公告)日:2014-07-22

    申请号:US13324907

    申请日:2011-12-13

    IPC分类号: H04L29/06

    摘要: Methods, apparatus, and computer-accessible storage media for controlling export of snapshots to external networks in service provider environments. Methods are described that may be used to prevent customers of a service provider from downloading snapshots of volumes, such as boot images created by the service provider or provided by third parties, to which the customer does not have the appropriate rights. A request may be received from a user to access one or more snapshots, for example a request to export the snapshot or a request for a listing of snapshots. For each snapshot, the service provider may determine if the user has rights to the snapshot, for example by checking a manifest for the snapshot to see if entries in the snapshot manifest belong to an account other than the customer's. If the user has rights to the snapshot, the request is granted; otherwise, the request is not granted.

    摘要翻译: 方法,设备和计算机可访问的存储介质,用于控制服务提供商环境中的快照到外部网络的导出。 描述了可以用于防止服务提供商的客户下载卷的快照,诸如由服务提供商创建或由第三方提供的引导映像,客户不具有适当权限。 可以从用户接收到访问一个或多个快照的请求,例如导出快照的请求或快照列表的请求。 对于每个快照,服务提供商可以确定用户是否拥有快照的权限,例如通过检查快照的清单来查看快照清单中的条目是否属于除客户之外的其他帐户。 如果用户拥有快照权限,则授予该请求; 否则,请求不被授予。