摘要:
A network appliance that runs both C and Java integrated software to provide a flexible architecture for rapid prototyping of XML security functionality, including SSL acceleration, XML encryption, XML decryption, XML signature, and XML verification, while the network appliance continues to provide high-speed performance.
摘要:
Methods and apparatus for providing out-of-band network traffic monitoring such as intrusion detection to clients on a provider network. A client can configure new or existing components and specify that traffic monitoring be added on or at the components in the client's configuration on the provider network. Traffic monitoring is provided for the client's configuration via replication technology on the provider network. In response to the client specifying that traffic monitoring is to be added on or at a component, traffic to the client's configuration is routed to replication technology, which may be implemented at a network substrate level, that passes one copy to the client's configuration and sends another copy to a destination that handles traffic monitoring such as an intrusion detection handler. The destination may be anywhere on the provider network or on an external network.
摘要:
A licensing service is disclosed that can be used in a virtual environment. A master license can be used by the licensing service to maintain a pool of licenses associated with a customer number. Multiple ephemeral licenses can be issued from the pool. The ephemeral licenses can have a short duration to ensure periodic renewal of the ephemeral licenses during the life of the master license. Tighter control of the licenses ensures that the ephemeral licenses are only used during the life of the master license. Additionally, autoscaling is promoted through the use of the license pool, which can adapt according to actual use.
摘要:
Methods and apparatus for providing inline network traffic monitoring such as intrusion detection to clients of a provider network. A client can configure new or existing components and specify that traffic monitoring be added on or at the components in the client's configuration on the provider network. Traffic monitoring is automatically and transparently added to the client's configuration on or at the components. Traffic to the client's configuration passes through the traffic monitoring technology. Traffic monitoring technology may be implemented on a resource in the client's configuration that implements other technology, such as a load balancer component. Alternatively, traffic monitoring technology may be implemented on separate components upstream or downstream of a resource that implements other technology. Traffic monitoring may be implemented at a network substrate level rather than at an overlay network level.
摘要:
Techniques are described for managing data storage using defined data storage management policies. In some situations, data storage may be managed using multiple supported storage mechanisms, such as different storage mechanisms of different types and/or in different locations. As one example, the described techniques may be performed to manage data that is available to a software program executing on a computer system, such as by caching a subset of the available data on one or more storage mechanisms to enhance later retrieval times of that data subset by the software program. In this example, the multiple supported storage mechanisms may include one or more storage mechanisms local to the computer system and one or more storage mechanisms remote from the computer system, and a defined data storage management policy for the software program may define particular types of data to store on particular storage mechanisms in particular manners.
摘要:
Methods and apparatus for providing network traffic monitoring such as intrusion detection to clients of a provider network. An interface and methods are provided via which a client can select traffic monitoring as a functionality to be added to their configuration on the provider network, for example as part of a load balancer layer. Via the interface, the client can configure new or existing components and specify that traffic monitoring be added on or at the components. Traffic monitoring technology is automatically and transparently added to the client's configuration on or at the components. By adding traffic monitoring functionality to an existing layer, the client does not have to separately manage traffic monitoring on the client's configuration. Traffic monitoring technology may be added at a network substrate level rather than at an overlay network level to insure that all traffic is available to the traffic monitoring technology.
摘要:
In a resource-on-demand environment, virtual machine images are validated before use. A provider or source of a virtual machine image may generate a manifest, indicating executable components of the machine image. Before use, a created virtual machine may compare its executable components with those specified by the manifest. To ensure authenticity, the manifest may be associated with a signature, and the virtual machine may use the signature to verify the manifest and the source of the machine image.