Abstract: A computer implemented cache management system and method is provided for use with a service provider configured to communicate with one or more client devices and with a content provider. The system includes a cache hierarchy comprising multiple cache levels that maintain at least some resources for the content provider, and one or more request managers for processing client requests for resources and retrieving the resources from the cache hierarchy. In response to a resource request, the request manager selects a cache level from the cache hierarchy based on a popularity associated with the requested resource, and attempts to retrieve the resource from the selected cache level while bypassing cache level(s) inferior to the selected level.

Abstract: An edge location of a content delivery network may protect data that is stored and transmitted within the edge location while providing access to associated metadata. After an origin-facing server obtains a requested object, the server may encrypt the object using a client-specific encryption key. In some cases, the server may also separately encrypt the metadata. The encrypted object and metadata may be sent to an intermediate layer server. The intermediate server may decrypt the metadata (if it is encrypted) and determine, based on the metadata, routing for the object. The object remains encrypted at the intermediate server. In some cases, the metadata may be re-encrypted by the intermediate server. The encrypted object and metadata may be sent to a client-facing server, in accordance with the determined routing. The client-facing server may decrypt the encrypted object and send the encrypted object to the client.

Abstract: Systems and methods are provided for managing execution budgets for computing tasks in distributed computing systems. Execution budgets may include a budgeted number of operation retries that may be performed by the distributed computing system in response to failure of an operation. Execution budgets may also or alternatively include a budgeted amount of time in which the distributed computing system may perform the operations of a computing task. When a distributed computing system exhausts the execution budget allotted for a computing task, then further execution of the computing task or portions thereof may be terminated.

Abstract: Systems and methods are described to enable and manage the use of origin-facing points of presence (“POPs”) within a content delivery network (“CDN”). Origin-facing POPs can provide a second-tier caching mechanisms in a CDN, such that cache misses occurring at first-tier POPs may be processed by using information maintained at the origin-facing POPs, rather than requiring interaction with an origin server. Associations between origin-facing POPs and origin servers may be automatically created based on a distance between the respective origin-facing POPs and origin servers, such that an operator of the origin server is not required to specify a location of an origin facing POP. First-tier POPs may selectively retrieve content from origin-facing POPs in instances where the origin-facing POP is expected to provide the content more rapidly than the origin server.

Abstract: An origin server that is implemented within one or more devices within a third party virtual private cloud (VPC) is provided herein. Instead of communicating with various CDNs over a public network, the third party VPC may instead communicate with a managed VPC via a private network. Thus, no gateway, network address translation (NAT), or other such devices may be needed for the third party VPC and the managed VPC to communicate. Rather, a VPC identifier of the managed VPC and a VPC identifier of the third party VPC are used to pair the two VPCs. Once paired, a private route is set up such that points from the private address space of the third party VPC to the private address space of the managed VPC. The managed VPC then communicates directly with the various CDNs via a public network.

Abstract: An origin server that is implemented within one or more devices within a third party virtual private cloud (VPC) is provided herein. Instead of communicating with various CDNs over a public network, the third party VPC may instead communicate with a managed VPC via a private network. Thus, no gateway, network address translation (NAT), or other such devices may be needed for the third party VPC and the managed VPC to communicate. Rather, a VPC identifier of the managed VPC and a VPC identifier of the third party VPC are used to pair the two VPCs. Once paired, a private route is set up such that points from the private address space of the third party VPC to the private address space of the managed VPC. The managed VPC then communicates directly with the various CDNs via a public network.

Abstract: Methods, systems, and computer-readable media for real-time estimation of working sets are disclosed. A plurality of counters are initialized. The counters represent cardinality estimates of data elements accessed for respective time intervals. A request for data is received during the respective time intervals. One or more data elements are determined that are accessed in responding to the request. The counters are updated using the one or more data elements, such that one of the counters is increased by a quantity of the data elements that are accessed for the first time during the respective time interval. The working set estimates for the respective time intervals are determined using the counters.

Abstract: A computer implemented cache management system and method is provided for use with a service provider configured to communicate with one or more client devices and with a content provider. The system includes a cache hierarchy comprising multiple cache levels that maintain at least some resources for the content provider, and one or more request managers for processing client requests for resources and retrieving the resources from the cache hierarchy. In response to a resource request, the request manager selects a cache level from the cache hierarchy based on a popularity associated with the requested resource, and attempts to retrieve the resource from the selected cache level while bypassing cache level(s) inferior to the selected level.

Abstract: Various methods and apparatus for load balancing traffic via dynamic DNS record time-to-live values (“TTLs”) are described. In at least some embodiments, a DNS layer of a DNS load-balanced system receives performance metrics corresponding to a plurality of server instances. If the DNS layer detects a performance metric imbalance for a server instance, it adjusts the TTL value for the DNS records associated with that instance. For example, the DNS layer can lower the TTL value in the DNS records associated with the server instance. This means that clients that have DNS record associated with this server instance will make more frequent DNS queries, thus resulting in at least some of those clients receiving IP addresses for other server instances. In some embodiments, the DNS layer can implement a load balancing scheme that determines which network address(es) to include in a DNS response based on the received performance metrics.

Abstract: A computer implemented cache management system and method is provided for use with a service provider configured to communicate with one or more client devices and with a content provider. The system includes a cache hierarchy comprising multiple cache levels that maintain at least some resources for the content provider, and one or more request managers for processing client requests for resources and retrieving the resources from the cache hierarchy. In response to a resource request, the request manager selects a cache level from the cache hierarchy based on a popularity associated with the requested resource, and attempts to retrieve the resource from the selected cache level while bypassing cache level(s) inferior to the selected level.

Abstract: Systems and methods are described to enable and manage the use of origin-facing points of presence (“POPs”) within a content delivery network (“CDN”). Origin-facing POPs can provide a second-tier caching mechanisms in a CDN, such that cache misses occurring at first-tier POPs may be processed by using information maintained at the origin-facing POPs, rather than requiring interaction with an origin server. Associations between origin-facing POPs and origin servers may be automatically created based on a distance between the respective origin-facing POPs and origin servers, such that an operator of the origin server is not required to specify a location of an origin facing POP. First-tier POPs may selectively retrieve content from origin-facing POPs in instances where the origin-facing POP is expected to provide the content more rapidly than the origin server.

Abstract: Systems and methods are described to enable and manage the use of origin-facing points of presence (“POPs”) within a content delivery network (“CDN”). Origin-facing POPs can provide a second-tier caching mechanisms in a CDN, such that cache misses occurring at first-tier POPs may be processed by using information maintained at the origin-facing POPs, rather than requiring interaction with an origin server. Associations between origin-facing POPs and origin servers may be automatically created based on a distance between the respective origin-facing POPs and origin servers, such that an operator of the origin server is not required to specify a location of an origin facing POP. First-tier POPs may selectively retrieve content from origin-facing POPs in instances where the origin-facing POP is expected to provide the content more rapidly than the origin server.

Abstract: Systems and methods are described to reserve cache space of points of presence (“POPs”) within a content delivery network (“CDN”). A provider may submit a request to the CDN to reserve cache space on one or more POPs for data objects designated by that provider. Thereafter, the CDN may implement a provider-specific cache on the POPs of the CDN, which is distinct from a shared cache space on the POPs. The provider may further select a custom cache eviction policy for the provider-specific cache, which causes the POPs to manage data objects within the provider-specific cache according to the custom cache eviction policy, independently of a cache eviction policy applied to the shared cache.

Abstract: A computer implemented cache management system and method is provided for use with a service provider configured to communicate with one or more client devices and with a content provider. The system includes a cache hierarchy comprising multiple cache levels that maintain at least some resources for the content provider, and one or more request managers for processing client requests for resources and retrieving the resources from the cache hierarchy. In response to a resource request, the request manager selects a cache level from the cache hierarchy based on a popularity associated with the requested resource, and attempts to retrieve the resource from the selected cache level while bypassing cache level(s) inferior to the selected level.

Abstract: A computer implemented cache management system and method is provided for use with a service provider configured to communicate with one or more client devices and with a content provider. The system includes a cache hierarchy comprising multiple cache levels that maintain at least some resources for the content provider, and one or more request managers for processing client requests for resources and retrieving the resources from the cache hierarchy. In response to a resource request, the request manager selects a cache level from the cache hierarchy based on a popularity associated with the requested resource, and attempts to retrieve the resource from the selected cache level while bypassing cache level(s) inferior to the selected level.

Abstract: Systems and methods are described to reserve cache space of points of presence (“POPs”) within a content delivery network (“CDN”). A provider may submit a request to the CDN to reserve cache space on one or more POPs for data objects designated by that provider. Thereafter, the CDN may mark those designated data objects within its cache as protected from eviction. When the CDN implements a cache eviction policy on the cache, the protected objects may be ignored for purposes of eviction, or may be evicted only after non-protected data objects.

Abstract: A server computer provides centralized key management services to several computers having encrypted files or file systems. The server computer receives key requests from the computers. The server computer issues a key to a computer that passes an integrity check. The key is used to unlock an encrypted file or file system in the computer. When the computer fails another integrity check after receiving the key, indicating a change in the security posture of the computer, the server computer may revoke the key automatically or upon receipt of an instruction from a key administrator.

Abstract: The following description is directed to storing properties of requests to potentially block future requests having similar properties. In one example, a request can be received. A property of the request can be stored so that the property persists across an initialization sequence of a computer system. At least the property can be used to determine whether to block any future requests having similar properties.

Abstract: A server computer provides centralized key management services to several computers having encrypted files or file systems. The server computer receives key requests from the computers. The server computer issues a key to a computer that passes an integrity check. The key is used to unlock an encrypted file or file system in the computer. When the computer fails another integrity check after receiving the key, indicating a change in the security posture of the computer, the server computer may revoke the key automatically or upon receipt of an instruction from a key administrator.

Abstract: There is described a computer network system in which a computer is in network communication with a server. In order to install a software package on the computer, installation software forming part of the software package is executed which requests entry of an email address for the user of the software package on the computer. The entered email address is then transmitted to the server, which in response sends an email to the email address including a Uniform Resource Locator (URL) addressing a local web server forming part of the software package, with installation information being appended to the URL. When the user of the computer accesses the URL using a web browser, the local web server automatically sends the installation information to the installation software. In this way, it is established that the user of the software package has access to the entered email address.