Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: A resource provisioning service allows users to provision multiple, different network resources in an atomic manner and with a single call to a resource provisioning service. In some instances, the multiple, different network resources comprise individual types of resources that form a portion of one or more cloud-computing platforms. For instance, one or more entities may host and operate a cloud-computing platform that includes different types of network resources, such a storage service, a load balancing service, a compute service, a security service, or any other similar or different type of network-accessible service.

Abstract: An access control determination service automatically determines and/or revises an access control policy using actions attempted by a client system. A client is observed during operation. A policy system analyzes the actions performed and/or results of the actions performed by a client system. Using the results of the analysis, the access control determination service determines the permissions needed in an access control policy that will be applied to the client.

Abstract: A resource provisioning service allows users to provision multiple, different network resources in an atomic manner and with a single call to a resource provisioning service. In some instances, the multiple, different network resources comprise individual types of resources that form a portion of one or more cloud-computing platforms. For instance, one or more entities may host and operate a cloud-computing platform that includes different types of network resources, such a storage service, a load balancing service, a compute service, a security service, or any other similar or different type of network-accessible service.

Abstract: A resource stack managed by a resource stack provider is created based on a resource stack template that integrates a custom resource from a second provider into the resource stack using a notification system with the second provider. For example, a customer may create a template that defines a resource stack that comprises resources available from the resource stack provider and one or more custom resources provided by a second provider. When a resource stack is created, resources available from the resource stack provider may be provisioned. Custom resources may be initialized by notifying the provider of the custom resource of the requested integration of the custom resource with the resource stack and requested configuration details. The custom resource provider may respond with an indication of successful integration when the custom resource has been successfully initialized. After initializing the resources, the resource stack may be enabled for use.

Abstract: A resource stack managed by a resource stack provider is created based on a resource stack template that integrates a custom resource from a second provider into the resource stack using a notification system with the second provider. For example, a customer may create a template that defines a resource stack that comprises resources available from the resource stack provider and one or more custom resources provided by a second provider. When a resource stack is created, resources available from the resource stack provider may be provisioned. Custom resources may be initialized by notifying the provider of the custom resource of the requested integration of the custom resource with the resource stack and requested configuration details. The custom resource provider may respond with an indication of successful integration when the custom resource has been successfully initialized. After initializing the resources, the resource stack may be enabled for use.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: Techniques are described that enable a user to upgrade a stack of resources by providing a template that reflects the desired end state of the stack. Upon receiving a new template, the system automatically detects changes that should be performed and determines the order in which the changes should be performed. The system can also detect if the desired changes to the stack are a result of direct modifications; because parameters to the resources have changed; or the changes are indirectly caused by other dependency/attribute changing. Additionally, the system determines whether the changes require creating new resources or if the changes can be made to the resources live. In case of replacement of resources, the system will first create the new resource, move that new resource into the stack and remove the old resource(s). In case of failures, the system ensures that the stack rolls back to the initial state.

Abstract: Techniques are described that enable a user to upgrade a stack of resources by providing a template that reflects the desired end state of the stack. Upon receiving a new template, the system automatically detects changes that should be performed and determines the order in which the changes should be performed. The system can also detect if the desired changes to the stack are a result of direct modifications; because parameters to the resources have changed; or the changes are indirectly caused by other dependency/attribute changing. Additionally, the system determines whether the changes require creating new resources or if the changes can be made to the resources live. In case of replacement of resources, the system will first create the new resource, move that new resource into the stack and remove the old resource(s). In case of failures, the system ensures that the stack rolls back to the initial state.

Abstract: A resource provisioning service allows users to provision multiple, different network resources in an atomic manner and with a single call to a resource provisioning service. In some instances, the multiple, different network resources comprise individual types of resources that form a portion of one or more cloud-computing platforms. For instance, one or more entities may host and operate a cloud-computing platform that includes different types of network resources, such a storage service, a load balancing service, a compute service, a security service, or any other similar or different type of network-accessible service.

Abstract: A SIP server can be deployed in a two-tier architecture, including an engine tier for processing of SIP communications and a state tier for maintaining the state associated with these communications. The state tier can include RAM-based replicas that provide data to the engines. Some of the SIP session state can be moved to the database in order to reduce the memory requirements of the state tier. Upon determining that a transaction boundary has been reached where the session state is steady, the state replica can save the data to the database. A hint can be received from the engine tier by the state replica indicating that the state data is ready to be saved. Subsequently, the data can be removed from the state tier by nulling out the bytes of actual data, while preserving the primary key, locking and timer information so as not to impact latency.

Abstract: Systems and methods are provided for improving latency during message processing in a network environment via the use of SIP server architecture. The SIP server can be comprised of an engine tier and a state tier distributed on a cluster network. The engine tier can send and receive messages and execute various processes. The state tier can maintain in-memory state data associated with various SIP sessions. The state tier can store various long lived data objects and the engine tier can contain short lived data objects. The state data can be maintained in partitions comprised of state replicas. When processing messages, the engine can pull state data objects from the state tier, use the objects and push them back to the state tier after processing is complete. If one state replica is unavailable, such as during garbage collection, the engine can retrieve the objects from another replica in the partition.

Abstract: In an embodiment, a system for managing communications sessions is provided. The system embodiment includes a connection to a packet network that receives incoming calls. A stateful tier manages communications sessions established for the at least one incoming call. A stateless tier comprising one or more applications provides service(s) to the communications sessions in the stateful tier. One or more servers allocate and/or manage resources corresponding to the communications sessions established for the incoming calls in the stateful tier. The servers maintain the applications in the stateless tier for providing services to the communications sessions in the stateful tier.

Abstract: The SIP server deployment can be comprised of an engine tier that provides high throughput processing and a state tier that maintains SIP state data in a set of partitions and replicas. Two sites of SIP server deployments can be configured, each being remotely located with respect to the other. A primary site can process various SIP transactions and communications and upon determining a transaction boundary, replicate the state data associated with the transaction being processed, to a secondary site. Engines in the primary site can generate hints for the state replicas which can be in turn responsible for replicating the SIP session state. The replicas can choose to follow or disregard the generated hints. Upon failure of the primary site, calls can be routed from the failed primary site to the secondary site for processing. Similarly, upon recovery, the calls can be re-routed back to the primary site.

Abstract: Systems and methods are provided for improving latency during message processing in a network environment via the use of SIP server architecture. The SIP server can be comprised of an engine tier and a state tier distributed on a cluster network. The engine tier can send and receive messages and execute various processes. The state tier can maintain in-memory state data associated with various SIP sessions. The state tier can store various long lived data objects and the engine tier can contain short lived data objects. The state data can be maintained in partitions comprised of state replicas. When processing messages, the engine can pull state data objects from the state tier, use the objects and push them back to the state tier after processing is complete. If one state replica is unavailable, such as during garbage collection, the engine can retrieve the objects from another replica in the partition.

Abstract: The SIP server can be comprised of an engine tier and a state tier distributed on a cluster network. Engine nodes in the engine tier can process SIP messages and can read/write state information from/to the state tier. State tier can maintain state information in a set of partitions of one or more replicas which contain duplicate information. The engine nodes can be adapted to detect and report replica failures and the replicas can in turn be adapted to detect and report engine node failures. Replicas can detect faults with an engine node if the engine node fails to poll the replica for a specified period of time and can then report the failure. The engine node can detect failures of a replica when reading or writing state information and can report the failure to another replica, which can be responsible for updating the partition view to exclude dead replicas.

Abstract: A mechanism for making changes consistently across an application server domain or a cluster. Server configuration consistency is absolutely necessary for cluster deployments. The invention allows changes to the configuration repository and to the application deployment process to be managed via a Data Replication Service (DRS). The former requires that the configuration repository be version aware, while the latter breaks down the application deployment process into two phases—one for data distribution and processing as far as possible, and the second to expose the changes through the Java Naming and Directory Interface (JNDI).

Abstract: Data can be replicated over a network using a one or two phase method. For the one phase method, a master server containing an original copy of the data sends a version number for the current state of the data to each slave on the network so that each slave can request a delta from the master. The delta that is requested contains the data necessary to update the slave to the appropriate version of the data. For the two phase method, the master server sends a packet of information to each slave. The packet of information can be committed by the slaves if each slave is able to process the commit.

Abstract: A SIP server can be deployed in a two-tier architecture, including an engine tier for processing of SIP communications and a state tier for maintaining the state associated with these communications. The state tier can include RAM-based replicas that provide data to the engines. Some of the SIP session state can be moved to the database in order to reduce the memory requirements of the state tier. Upon determining that a transaction boundary has been reached where the session state is steady, the state replica can save the data to the database. A hint can be received from the engine tier by the state replica indicating that the state data is ready to be saved. Subsequently, the data can be removed from the state tier by nulling out the bytes of actual data, while preserving the primary key, locking and timer information so as not to impact latency.