Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: Approaches are described for updating code and/or instructions in one or more computing devices. In particular, various embodiments provide approaches for updating the microcode of one or more processors of a computing device without requiring a restart of the computing device and without disrupting the various components (e.g., applications, virtual machines, etc.) executing on the computing device. The microcode updates can be performed on host computing devices deployed in a resource center of a service provider (e.g., cloud computing service provider), where each host computing device may be executing a hypervisor hosting multiple guest virtual machines (or other guest applications) for the customers of the service provider.

Abstract: Efficient and highly-scalable network solutions are provided that utilize incremental scaling of switches, and devices connected to those switches, in an environment such as a data center. Embodiments may utilize multiple tiers of switches. Sets of switches in two different tiers may be initially connected to each other utilizing multiple connections. As network capacity needs within the computing environment increase, additional switches may be added to tiers. To connect the added switches to the switch network, the redundant connections may be utilized. Moving connections from one switch to another switch can free up ports to connect added switches in one of the tiers of switches to the switch network. The tiers of switches can be based on Clos networks, where the tiers of switches are fully connected, or other high radix or fat tree topologies that include oversubscription between tiers.

Abstract: Approaches for automatically backing up data from volatile memory to persistent storage in the event of a power outage, blackout or other such failure are described. The approaches can be implemented on a computing device that includes a motherboard, central processing unit (CPU) a main power source, volatile memory (e.g., random access memory (RAM)), an alternate power source and circuitry (e.g., a specialized application-specific integrated circuit (ASIC)) for performing the backup of volatile memory to a persistent storage device. In the event of a power failure of the main power source, the alternate power source is configured to supply power to the specialized ASIC for backing up the data in the volatile memory. For example, when power failure is detected, the ASIC can read the data from the DIMM socket using power supplied from the alternate power source and write that data to a persistent storage device.

Abstract: A trusted peripheral device can be utilized with an electronic resource, such as a host machine, in order to enable the secured performance of security and remote management in the electronic environment, where various users might be provisioned on, or otherwise have access to, the electronic resource. The peripheral can have a secure channel for communicating with a centralized management system or service, whereby the management service can remotely connect to this trusted peripheral, using a secure and authenticated network connection, in order to run the above-described functionality on the host to which the peripheral is attached.

Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. For example, a clock or a timer mechanism can be used by a network interface card to define a mutability period. During the mutability period, firmware update to a peripheral device can be allowed. Once the mutability period has expired, firmware update to a peripheral device will no longer be allowed.

Abstract: A service provider can maintain one or more host computing devices that can be accessed as host computing device resources by customers. A hosting platform includes components arranged in a manner to limit modifications to software or firmware on hardware components. In some aspects, the hosting platform may include a master latch that indicates whether the components may be configured, and the master latch may be set once and only reset upon completion of a power cycle. In another aspect, the hosting platform can implement management functions for establishing control plane functions between the host computing device and the service provider that is independent of the customer. Additionally, the management functions can also be utilized to present different hardware or software attributes of the host computing device.

Abstract: A computing system includes a chassis, one or more backplanes coupled to the chassis. Computing devices are coupled to the one or more backplanes. The one or more backplanes include backplane openings that allow air to pass from one side of the backplane to the other side of the backplane. Air channels are formed by adjacent circuit board assemblies of the computing devices and the one or more backplanes. Channel capping elements at least partially close the air channels.

Abstract: A system includes a rack with shelves and one or more groups of shelf-mountable electrical systems. Each of at least two of the shelf-mountable electrical systems includes one or more chassis, shelf computing devices, a shelf power supply mechanism, and one or more power-pooling bus elements. For at least one of the groups, a power-pooling bus element of at least one shelf-mountable electrical systems is electrically coupled to a power pooling bus element of at least one other of the shelf-mountable electrical systems in the group such that the power-pooling bus elements form an inter-shelf power-pooling bus for one or more of the computing devices in the group.

Abstract: An energy storage device included in a data center environment can supply energy to a set of solid state drives in the data center environment when power failure or another power event has occurred. In some embodiments, there can be a controller for each solid state drive. The controller can be configured to detect or determine the occurrence of the power failure or other power event and, in response, transmit a command to a respective solid state drive instructing the solid state drive to perform a graceful and atomic shutdown operation, so that data stored on the drive is made durable and the drive enters a quiescent state (e.g., sleep mode, hibernate mode, power-off mode, etc.). As such, the energy storage device can provide protection against power events to solid state drives that lack native (e.g., built-in, inherent, etc.) power protection mechanisms.

Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.

Abstract: Host machines and other devices performing synchronized operations can be dispersed across multiple racks in a data center to provide additional buffer capacity and to reduce the likelihood of congestion. The level of dispersion can depend on factors such as the level of oversubscription, as it can be undesirable in a highly connected network to push excessive host traffic into the aggregation fabric. As oversubscription levels increase, the amount of dispersion can be reduced and two or more host machines can be clustered on a given rack, or otherwise connected through the same edge switch. By clustering a portion of the machines, some of the host traffic can be redirected by the respective edge switch without entering the aggregation fabric. When provisioning hosts for a customer, application, or synchronized operation, for example, the levels of clustering and dispersion can be balanced to minimize the likelihood for congestion throughout the network.

Abstract: Application program data stored in system memory may be selectively persisted. An indication may be provided to an application program that an application data object or a range of application data stored in system memory may be treated as persistent. Data backup may be enabled for the application data object or range of application data in the event of a system failure, copying the application data object or range of application data from system memory to non-volatile data storage. Upon recovery from a system failure, further data backup for the application data object or the range of application data may be disabled. In some embodiments, at least some of the application data object or range of application data may be recovered for the application program to access. Data backup for the application data object or the range of application data may also be re-enabled.

Abstract: A system and method for preventing dependency problems, such as deadlocks, within startup of computing service workflows, such as workflows that occur within computing assets that provide network-based computing services. The system and method creates a remedial workflow or action for the computing services to address deadlocks or other blocking conditions within the services which may occur should the underlying computing assets need to be restarted, rebooted or sequentially execute and reach a problematic operational state. The system and method will determine the reliance of each computing service upon the functionality of one or more other network-based computing services and structure the remedial workflow accordingly. Other aspects of the disclosure are described in the detailed description, figures, and claims.

Abstract: Techniques for using hardware-based mechanisms for updating computing resources are described herein. At a time after receiving a code update request, one or more hardware-supported system management capabilities of processors within a computing system are invoked at least to interrupt execution of currently running instructions. While the system management capabilities are active and instruction execution is suspended, programmatic routines are updated. After the updates are complete, instruction execution is resumed.

Abstract: A method of managing power to electrical systems in a rack includes pooling power from power supply mechanisms in two or more slots of a rack. Power is supplied from the pooled power to electrical systems in one or more slots in the rack. Power supply mechanisms are activated or deactivated from the pooled power based on conditions of the power supply mechanisms or the electrical systems receiving power from the pooled power supply system.

Abstract: A service provider can maintain one or more host computing devices that can be accessed as host computing device resources by customers. A hosting platform includes components arranged in a manner to limit modifications to software or firmware on hardware components. In some aspects, the hosting platform may include a master latch that indicates whether the components may be configured, and the master latch may be set once and only reset upon completion of a power cycle. In another aspect, the hosting platform can implement management functions for establishing control plane functions between the host computing device and the service provider that is independent of the customer. Additionally, the management functions can also be utilized to present different hardware or software attributes of the host computing device.

Abstract: Methods and apparatus for a bandwidth-optimized cloud resource placement service are disclosed. A system includes a plurality of resources of a provider network and a resource manager. The resource manager receives a placement request comprising resource pair specifications, where each specification indicates respective capabilities of a desired first and second resource, and a network traffic rate to be supported between the first and second resources. The resource manager identifies resources that match the desired capabilities and can be linked by network paths supporting the desired traffic rates. The resource manager provides an acquisition plan for the identified resources to the client. If the client requests an implementation of the plan, the resource manager acquires the resources on behalf of the client.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.