Abstract: A DMA-capable device of a virtualization host stores a DMA write record, indicating a portion of host memory that is targeted by a DMA write operation, in a write buffer accessible from a virtualization management component of the host. The virtualization management component uses the DMA write record to identify a portion of memory to be copied to a target location to save a representation of a state of a particular virtual machine instantiated at the host.

Abstract: A tiered credentialing approach provides assurance to customers having virtual machines running in a remote environment that the virtual images for these machines are in a pristine state and running in a trusted execution environment. The environment can be divided into multiple subsystems, each having its own cryptographic boundary, secure storage, and trusted computing capabilities. A trusted, limited subsystem can handle the administrative tasks for virtual machines running on the main system of a host computing device. The limited system can receive a certificate from a certificate authority, and can act as a certificate authority to provide credentials to the main system. Upon an attestation request, the subsystems can provide attestation information using the respective credentials as well as the certificate chain. An entity having the appropriate credentials can determine the state of the system from the response and verify the state is as expected.

Abstract: Generally described, aspects of the present disclosure relate to loading an updated virtual machine monitor on the physical computing device during a boot process. The updated virtual machine monitor may be loaded from an update manager external to the virtual machine monitor, such as the offload device or a server connected with the physical computing device over a network. In certain embodiments, the updated virtual machine monitor may be loaded in a tiered process by first loading a startup virtual machine monitor, which automatically updates by loading the updated virtual machine monitor. The startup virtual machine monitor may be a virtual machine monitor with less functionality than the updated machine manager, such as where the startup virtual machine monitor may be a “lite” or simple virtual machine monitor while the updated virtual machine monitor may be a fully functional virtual machine monitor of the most recent update or version.

Abstract: Functionality is disclosed herein for providing a resource monitoring environment that restricts access to computing resource data in a service provider network. The resource monitoring environment processes requests to access computing resource data, and denies requests not signed or authorized by a customer of a service provider network or other entity. Access to the computing resource data includes access to non-obfuscated data and/or access to encrypted computing resource data encrypted by way of a public encryption key held by a customer of the service provider network or other entity instead of a requestor of the computing resource data.

Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order authorize and authenticate requests sent to a virtualization later. The interfaces can be invoked to perform security monitoring, forensic capture, and/or patch software systems at runtime. In addition to the foregoing, other aspects are described in the claims, detailed description, and figures.

Abstract: Disclosed herein are techniques for maintaining a secure execution environment on a server. In one embodiment, the server includes a non-volatile memory storing firmware, a programmable security logic coupled to the non-volatile memory, an adapter device coupled to the programmable security logic, and a processor communicatively coupled to the non-volatile memory via the programmable security logic. The adapter device and/or the programmable security logic can verify the firmware in the non-volatile memory while holding the processor and/or a baseboard management controller (BMC) in power reset, release the processor and the BMC from reset to boot the processor and the BMC after the firmware is verified, and then disable communications between the processor and the BMC and deny at least some requests to write to the non-volatile memory by the processor or the BMC.

Abstract: Methods and apparatus are disclosed for programming reconfigurable logic devices such as FPGAs in a networked server environment. In one example, a system hosting a network service providing field programmable gate array (FPGA) services includes a network service provider configured to receive a request to implement application logic in a plurality of FPGAs, allocate a computing instance comprising the FPGAs in responses to receiving the request, produce configuration information for programming the FPGAs, and send the configuration information to an allocated computing instance. The system further includes a computing host that is allocated by the network service provider as a computing instance which includes memory, processors configured to execute computer-executable instructions stored in the memory, and the programmed FPGAs.

Abstract: Generally described, aspects of the present disclosure relate to a live update process of the virtual machine monitor during the operation of the virtual machine instances. An update to a virtual machine monitor can be a difficult process to execute because of the operation of the virtual machine instances. Generally, in order to update the virtual machine monitor, the physical computing device needs to be rebooted, which interrupts operation of the virtual machine instances. The live update process provides for a method of updating the virtual machine monitor without rebooting the physical computing device.

Abstract: Techniques for updating code of a device may be described. In an example, bus may connect the device to a management entity. The device may run a first version of the code. A second version of the code may be available from memory. The device may access the second version from the memory, stop running the first version of the code, and start running the second version of the code without restarting the management entity or the device.

Abstract: A peripheral device may implement storage virtualization for non-volatile storage devices connected to the peripheral device. A host system connected to the peripheral device may host one or multiple virtual machines. The peripheral device may implement different virtual interfaces for the virtual machines or the host system that present a storage partition at a non-volatile storage device to the virtual machine or host system for storage. Access requests from the virtual machines or host system are directed to the respective virtual interface at the peripheral device. The peripheral device may perform data encryption or decryption, or may perform throttling of access requests. The peripheral device may generate and send physical access requests to perform the access requests received via the virtual interfaces to the non-volatile storage devices. Completion of the access requests may be indicated to the virtual machines via the virtual interfaces.

Abstract: Provided are systems and methods for generating transactions with a configurable port. In some implementations, a peripheral device is provided. The peripheral device comprises a configurable port. In some implementations, the configurable port may be configured to receive a first transaction. In these implementations, the first transactions may include an address. The address may include a transaction attribute. In some implementations, the configurable port may extract the transaction attribute and a transaction address from the address. The configurable port may further generate a second transaction that includes the transaction attribute and the transaction address. The configurable port may also transmit the second transaction.

Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.

Abstract: Generally described, aspects of the present disclosure relate to loading an updated virtual machine monitor on the physical computing device during a boot process. The updated virtual machine monitor may be loaded from an update manager external to the virtual machine monitor, such as the offload device or a server connected with the physical computing device over a network. In certain embodiments, the updated virtual machine monitor may be loaded in a tiered process by first loading a startup virtual machine monitor, which automatically updates by loading the updated virtual machine monitor. The startup virtual machine monitor may be a virtual machine monitor with less functionality than the updated machine manager, such as where the startup virtual machine monitor may be a “lite” or simple virtual machine monitor while the updated virtual machine monitor may be a fully functional virtual machine monitor of the most recent update or version.

Abstract: Approaches to enable the configuration of computing resources for executing virtual machines on behalf of users to be cryptographically attested to or verified. When a user requests a virtual machine to be provisioned, an operator of the virtualized computing environment can initiate a two phase launch of the virtual machine. In the first phase, the operator provisions the virtual machine on a host computing device and obtains cryptographic measurements of the software and/or hardware resources on the host computing device. The operator may then provide those cryptographic measurements to the user that requested the virtual machine. If the user approves the cryptographic measurements, the operator may proceed with the second phase and actually launch the virtual machine on the host. In some cases, operator may compare the cryptographic measurements to a list of approved measurements to determine whether the host computing device is acceptable for hosting the virtual machine.

Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.

Abstract: Techniques are described for allocating resources to a task from a shared hardware structure. A plurality of tasks may execute on a processor, wherein the processor may include one or more processing cores and each task may include a plurality of computer executable instructions. In accordance with one technique for allocating resources to a task from a shared hardware structure amongst multiple tasks, aspects of the disclosure describe assigning a first identifier to a first task from the plurality of tasks, associating a portion of the shared hardware resource with the first identifier, and restricting access and/or observability for computer executable instructions executed from any other task than the first task to the portion of the hardware resource associated with the first identifier.

Abstract: A communication device with receded ports includes one or more port connectors in a first position, one or more port connectors in a setback position that is receded back from the first position, and one or more port connectors in one or more additional setback positions. The communication device with receded ports includes, a circuit board, and one or more circuits mounted on the circuit board. Circuit traces electrically connect the port connectors in the first position, the setback position, and the one or more subsequent setback positions to a circuit mounted on a circuit board. The port connectors in the first position, setback position, and one or more subsequent setback positions may be situated in a triangular pattern, stair-stepped pattern, curved pattern, or some other pattern.

Abstract: The performing of virtual machine (VM)-based secure operations is enabled using a trusted co-processor that is able to operate in a secure mode to perform operations in a multi-tenant environment that are protected from other VMs and DOM-0, among other domains and components. A customer VM can contact a VM manager (VMM) to perform an operation with respect to sensitive data. The VMM can trigger secure mode operation, whereby memory pages are marked and access blocked to entities outside a trusted enclave. The trusted co-processer can measure the VMM and compare the result against an earlier result to ensure that the VMM has not been compromised. Once the operations are performed, the trusted co-processor can return the results, and the VMM can exit the secure mode such that access to the marked pages and customer data is restored.

Abstract: Generally described, aspects of the present disclosure relate to a live update process of the virtual machine monitor during the operation of the virtual machine instances. An update to a virtual machine monitor can be a difficult process to execute because of the operation of the virtual machine instances. Generally, in order to update the virtual machine monitor, the physical computing device needs to be rebooted, which interrupts operation of the virtual machine instances. The live update process provides for a method of updating the virtual machine monitor without rebooting the physical computing device.

Abstract: A formalized set of interfaces (e.g., application programming interfaces (APIs)) is described, that uses a security scheme, such as asymmetric (or symmetric) cryptography, in order to enable secure migration of virtual machine instances between multiple host computing devices. The migration is performed by receiving a request to migrate a virtual machine where the request includes public keys for the source host computing and the destination host computing. The source and destination hosts use the public keys to establish an encrypted session and then use the encrypted session to migrate the virtual machine.