Abstract: Disclosed are various embodiments for allocating shared resources. A request to allocate a shared isolating resource is received. The shared isolating resource operates to isolate a plurality of customer resources in a multi-tenant environment. In response to the request to allocate, a least recently deallocated shared isolating resource is removed from a pool of available shared isolating resources. The least recently deallocated shared isolating resource is provided to at least one device using the shared isolating resource.

Abstract: Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user's organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.

Abstract: Systems and methods are provided for managing resources. In one implementation, a method is provided in which a management server determines whether a condition related to one or more resources has occurred. The management server further determines at least one program instance to terminate. The at least one program instance executes on one of a plurality of servers. The management server further terminates the determined at least one program instance, which was used by an excess program execution capacity user.

Abstract: Systems and methods provide logic for distributing cryptographic keys in a physical network comprising a plurality of physical nodes. In one implementation, a computer-implemented method is provided for distributing cryptographic keys in a physical network. The method includes receiving information mapping a virtual network address of a virtual node to a physical network address of a physical node. The virtual node may be associated with a virtual network hosted by the physical node, and the received mapping information identifies a virtual network address of the node and the physical network address of the node. The mapping service transmits a current version of a cryptographic key and an identifier of the current version to the physical node.

Abstract: A physical computer system includes a processor and a memory configured to store instructions executable by the processor to implement a virtualization module, which in turn implements virtual machine(s) that execute an operating system distinct from any underlying operating system executed by the physical computer system. In response to a client request to initially perform a repeatable computation, the virtualization module instructs that the virtual machine(s) archive an original initial state of the repeatable computation, initially perform the repeatable computation, and archive an original terminal state of the repeatable computation.

Abstract: Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user's organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.

Abstract: Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user's organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.

Abstract: Disclosed are various embodiments for disabling administrative access to computing resources. A customer request is obtained to disable administrative access of a provider to one or more computing devices. The provider supplies computing resources of the at least one computing device to the customer. The administrative access of the provider to the computing devices is disabled in response to the request. The administrative access of the provider remains disabled until a reset of the computing devices is performed.

Abstract: A system includes a memory and a processor. The memory is operable to store a credential verifier associated with a user account and a counter. The processor is coupled to the memory and the memory includes executable instructions that cause the system to receive a first authentication attempt and increment the counter if validation of the first authentication attempt against the credential verifier fails. The instructions also cause the system to receive a second authentication attempt and increment the counter only if validation of the second authentication attempt against the credential verifier fails and the second authentication attempt is distinct from the first authentication attempt.

Abstract: With the advent of virtualization technologies, networks and routing for those networks can now be simulated using commodity hardware. For example, virtualization technologies can be adapted to allow a single physical computing machine to be shared among multiple virtual networks by providing one or more virtual machines simulated in software by the single physical computing machine, with each virtual machine acting as a distinct logical computing system. In addition, as routing can be accomplished through software, additional network setup flexibility can be provided to the virtual network in comparison with hardware-based routing. In some implementations, virtual network setup can be abstracted through the use of resource placement templates, allowing users to create virtual networks compliant with a customer's networking policies without necessarily having knowledge of what those policies are.

Abstract: Embodiments of systems and methods are described for dynamically tagging metrics data by a provider of computing resources. In some implementations, a requesting user or application can request the provider of computing resources to tag the metrics based on configurations and/or settings specified by the requesting user or application. The tagged metrics data can then be processed by a processing user or application at a later time.

Abstract: Network computing systems may implement data loss prevention (DLP) techniques to reduce or prevent unauthorized use or transmission of confidential information or to implement information controls mandated by statute, regulation, or industry standard. Implementations of network data transmission analysis systems and methods are disclosed that can use contextual information in a DLP policy to monitor data transmitted via the network. The contextual information may include information based on a network user's organizational structure or services or network infrastructure. Some implementations may detect bank card information in network data transmissions. Some of the systems and methods may be implemented on a virtual network overlaid on one or more intermediate physical networks that are used as a substrate network.

Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.

Abstract: A physical computer system includes a processor and a memory configured to store instructions executable by the processor to implement a virtualization module, which in turn implements virtual machine(s) as a service on behalf of clients. Each virtual machine executes an operating system that is distinct from any underlying operating system executed by the physical computer system. The virtualization module instructs that the virtual machine(s) perform a computation that has been identified as a repeatable computation, to generate an original terminal state of the repeatable computation. In response to a request to repeat the repeatable computation, the virtualization module instructs that the virtual machine(s) perform the repeatable computation to generate a new terminal state of the repeatable computation, and, dependent upon a comparison of the original and new terminal states, to determine whether the repeatable computation has been successfully repeated according to a success criterion.

Abstract: Embodiments of systems and methods are described for dynamically tagging metrics data by a provider of computing resources. In some implementations, a requesting user or application can request the provider of computing resources to tag the metrics based on configurations and/or settings specified by the requesting user or application. The tagged metrics data can then be processed by a processing user or application at a later time.

Abstract: Systems and methods are provided for managing resources. In one implementation, a method is provided in which a management server determines whether a condition related to one or more resources has occurred. The management server further determines at least one program instance to terminate. The at least one program instance executes on one of a plurality of servers. The management server further terminates the determined at least one program instance, which was used by an excess program execution capacity user.

Abstract: Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise moving a particular computing node that is part of a virtual network to a new physical network location, or modifying other aspects of how the computing node participates in the virtual network (e.g., changing one or more virtual network addresses used by the computing node). In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users.

Abstract: The environmental impact of various transactions can be reduced or offset by determining the impact of various shipping and packaging options, and providing these options to customers. Customers then have the ability to select options that reduce the environmental impact of each transaction. A customer also can purchase environmental offsets to offset the determined impact. Customers can be provided with environmental impact information determined or tracked for each item viewed by the customer, such that each customer can be informed of the additional impact of each individual when making a selection. The selections and/or actions of a customer can be tracked such that environmentally friendly options and suggestions can be provided for subsequent transactions.