Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

Abstract: A method, system, and computer program product for bit flip aware latch placement in integrated circuit generation are provided. The method identifies a chip design for an integrated circuit. A set of chip design constraints, associated with the chip design, is identified. A set of checking groups, associated with a plurality of latches to be placed in the chip design, is determined. Based on the set of chip design constraints and the set of checking groups, a placement scheme for the plurality of latches is selected. The method places the plurality of latches within the chip design based on the placement scheme and the set of checking groups.

Abstract: Systems and techniques are described for virtual machine communication and migration. A described technique includes operating server systems that are configured to run virtual machines and providing a virtual network for Internet Protocol (IP) based communications to the virtual machines. The virtual machines can be assigned network addresses, such as IP addresses, on the virtual network. Providing the virtual network can include using separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines, respectively. The technique includes migrating a virtual machine running on a first server system to a second server system. The migrated virtual machine can maintain its assigned IP address. The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

Abstract: Systems and techniques are described for virtual machine communication and migration A described technique includes operating server systems that are configured to run virtual machines and providing a virtual network for Internet Protocol (IP) based communications to the virtual machines. The virtual machines can be assigned network addresses, such as IP addresses, on the virtual network. Providing the virtual network can include using separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines, respectively. The technique includes migrating a virtual machine running on a first server system to a second server system. The migrated virtual machine can maintain its assigned IP address. The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system.

Abstract: Systems and techniques are described for virtual machine communication and migration. A described technique includes operating server systems that are configured to run virtual machines and providing a virtual network for Internet Protocol (IP) based communications to the virtual machines. The virtual machines can be assigned network addresses, such as IP addresses, on the virtual network. Providing the virtual network can include using separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines, respectively. The technique includes migrating a virtual machine running on a first server system to a second server system. The migrated virtual machine can maintain its assigned IP address. The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

Abstract: Systems and techniques are described for virtual machine communication and migration. A described technique includes operating server systems that are configured to run virtual machines and providing a virtual network for Internet Protocol (IP) based communications to the virtual machines. The virtual machines can be assigned network addresses, such as IP addresses, on the virtual network. Providing the virtual network can include using separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines, respectively. The technique includes migrating a virtual machine running on a first server system to a second server system. The migrated virtual machine can maintain its assigned IP address. The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for associating one or more of a plurality of metadata collections with one or more respective identifiers, wherein each metadata collection includes one or more pairings of metadata attributes with metadata values, and wherein each identifier is one of a project identifier, a tag identifier or an instance identifier; identifying, based on identifier information associated with a virtual machine instance, one or more metadata values to be provided to the virtual machine instance, wherein the identifier information specifies one or more of a project identifier, a tag identifier and an instance identifier, and wherein each identified metadata value belongs to a metadata collection associated with an identifier that is specified in the identifier information; and providing, to the virtual machine instance, the identified one or more metadata values.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing virtual network pairs between virtual machines and other devices.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for service bridges. In one aspect, a method includes a host operating system performs operations comprising: receiving, using one or more service bridges that execute in the host operating system, a plurality of requests from the one or more virtual machines, wherein each service bridge is associated with a different virtual machine of the one or more virtual machines, and wherein each request is a request to interface with one or more external services; modifying, using a respective service bridge, each request to be processed by the one or more external services; and providing each modified request from the respective service bridge to the one or more external services, where the respective service bridge communicates with the one or more external services over a network.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an outbound packet from a virtual machine executing on the data processing apparatus, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the virtual machine; selecting a different port than the source port from a plurality of ports associated with the virtual machine; changing the source port in the header information to the selected port; and sending the modified packet to an external network by way of a gateway that is configured to change the source IP address of the packet to an IP address of the gateway before routing the packet to its destination.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for associating one or more of a plurality of metadata collections with one or more respective identifiers, wherein each metadata collection includes one or more pairings of metadata attributes with metadata values, and wherein each identifier is one of a project identifier, a tag identifier or an instance identifier; identifying, based on identifier information associated with a virtual machine instance, one or more metadata values to be provided to the virtual machine instance, wherein the identifier information specifies one or more of a project identifier, a tag identifier and an instance identifier, and wherein each identified metadata value belongs to a metadata collection associated with an identifier that is specified in the identifier information; and providing, to the virtual machine instance, the identified one or more metadata values.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a packet from a client, the packet having header information including a destination Internet Protocol (IP) address, a destination port, a source IP address, and a source port, and wherein the source IP address and source port are associated with the client; selecting a destination virtual machine based on the destination port; modifying the packet by replacing the destination IP address in the header information with an IP address of the selected destination virtual machine; and sending the modified packet to the destination virtual machine.

Abstract: In general, the subject matter described in this specification can be embodied in methods, systems, and program products for providing access to secured resources. A token providing system stores a primary authentication token that is used to obtain temporary authentication tokens. The token providing system provides, to application programs that are unable to access the primary authentication token, the temporary authentication tokens. The token providing system receives, from a first application program of the application programs, a first request to obtain a first temporary authentication token. The first request does not include the primary authentication token. The token providing system transmits a second request to obtain the first temporary authentication token. The second request includes the primary authentication token. The token providing system receives the first temporary authentication token.

Abstract: Methods, systems, and apparatus, including computer programs, for managing keys for virtual machines (VM). One method includes receiving a first public key associated with a first user from a first client machine (CM), receiving a second public key associated with a second user from a second CM, and updating metadata associated with a project that includes a first VM and a second VM to include the first and the second public keys. The first public key and a corresponding first private key were generated on the first CM in response to a determination that the first CM lacked a private key for communication with the first VM by the first user. The second public key and a corresponding second private key were generated on the second CM in response to a determination that the second CM lacked a private key for communication with the second VM by the second user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for associating one or more of a plurality of metadata collections with one or more respective identifiers, wherein each metadata collection includes one or more pairings of metadata attributes with metadata values, and wherein each identifier is one of a project identifier, a tag identifier or an instance identifier; identifying, based on identifier information associated with a virtual machine instance, one or more metadata values to be provided to the virtual machine instance, wherein the identifier information specifies one or more of a project identifier, a tag identifier and an instance identifier, and wherein each identified metadata value belongs to a metadata collection associated with an identifier that is specified in the identifier information; and providing, to the virtual machine instance, the identified one or more metadata values.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an outgoing packet from a source virtual machine; obtaining a secret key for the source virtual machine, the secret key not being known by a destination virtual machine; obtaining a unique token derived at least partly from the secret key and a network address of the destination virtual machine; encapsulating the outgoing packet in a second packet along with the token and a token expiration time; and sending the second packet to the destination virtual machine.