Abstract: Aspects of the present disclosure involve a system and method for performing operations comprising receiving, by one or more processors, from a sender device, a content to be shared with one or more recipients via a messaging application; identifying, by the one or more processors, at least one recipient device for each recipient; accessing, by the one or more processors, device capabilities for each of the one or more recipient devices; determining, by the one or more processors, a set of content parameters compatible with the device capabilities of the recipient devices; and generating, by the one or more processors, a version of the content according to the set of content parameters.

Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.

Abstract: A processor on a host machine can concurrently operate a standard virtual machine manager (VMM) and a security VMM (SVMM), where the SVMM has a higher privilege level and manages access to a hardware TPM or other trusted source on the host machine. Such a configuration prevents a compromised VMM from gaining access to secrets stored in the hardware TPM. The SVMM can create a virtual TPM (vTPM) for each guest VM, and can seal information in each vTPM to the hardware TPM. A guest VM or the standard VMM can access information in the corresponding vTPM only through the corresponding SVMM. Such an approach enables the host to securely implement critical security functionality that can be exposed to customers, and provides protection against leakage of customer secrets in case of a security compromise.

Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.

Abstract: Operating profiles for consumers of computing resources may be automatically determined based on an analysis of actual resource usage measurements and other operating metrics. Measurements may be taken while a consumer, such as a virtual machine instance, uses computing resources, such as those provided by a host. A profile may be dynamically determined based on those measurements. Profiles may be generalized such that groups of consumers with similar usage profiles are associated with a single profile. Assignment decisions may be made based on the profiles, and computing resources may be reallocated or oversubscribed if the profiles indicate that the consumers are unlikely to fully utilize the resources reserved for them. Oversubscribed resources may be monitored, and consumers may be transferred to different resource providers if contention for resources is too high.

Abstract: Systems and methods are described for managing computing resources. In one embodiment, groupings of computer resources having common firmware settings are maintained based on an abstraction firmware framework representing associations between vendor-specific firmware settings and abstracted firmware settings that provide a degree of independence from specific vendor-specific firmware settings. In response to a request for a computer resource with a specified abstracted firmware configuration, it is determined which of the groupings can support the specified abstracted firmware configuration based on at least one criterion for managing the computer resources in accordance with the abstraction firmware framework.

Abstract: Systems and methods are described for testing computing resources. In one embodiment, a search space of computing settings is analyzed in accordance with weighted data that maps computing performance parameters with the computing settings. A subset of the computing settings is selected to generate a test population to optimize at least one computing performance parameter. One or more computing devices in a computing environment are configured in accordance with the test population, and the test conditions are iteratively updated based on test results in accordance with the test population and a fitness function.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.

Abstract: A set of techniques is described for enabling a user of a virtual resource to specify to the hosting system a preferred performance parameter such as throughput, latency, CPU utilization, or the like. The hosting system then dynamically tunes the underlying resources to favor the preferred performance parameter. Tuning the settings may include adjusting various batching and moderating processes that are available on the hosting device, such as enabling/disabling interrupt coalescing, enabling/disabling segmentation offload, increasing or decreasing the size of a ring buffer used to share data between several resources, batching input/output (I/O) operations and the like. For example, if the user has indicated that lower latency is preferable, the hosting system may disable interrupt coalescing; whereas if the user has indicated that higher throughput should be favored, the hosting system may enable interrupt coalescing.

Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.

Abstract: Approaches are described for enabling a host computing device to store credentials and other security information useful for recovering the state of the host computing device in a secure store, such as a trusted platform module (TPM) on the host computing device. When recovering the host computing device in the event of a failure (e.g., power outage, network failure, etc.), the host computing device can obtain the necessary credentials from the secure store and use those credentials to boot various services, restore the state of the host and perform various other functions. In addition, the secure store (e.g., TPM) may provide boot firmware measurement and remote attestation of the host computing devices to other devices on a network, such as when the recovering host needs to communicate with the other devices on the network.

Abstract: A computing system includes a chassis, one or more backplanes coupled to the chassis. Computing devices are coupled to the one or more backplanes. The one or more backplanes include backplane openings that allow air to pass from one side of the backplane to the other side of the backplane. Air channels are formed by adjacent circuit board assemblies of the computing devices and the one or more backplanes. Channel capping elements at least partially close the air channels.

Abstract: Disclosed are various embodiments for mitigating congestion in networks employing flow-based hashing to assign flows to routes. A flow of packets is sent from a source endpoint to a destination endpoint by way of a network. The flow of packets is associated with flow identification information. It is detected whether congestion is affecting the flow of packets in the network. A perturbation to the flow identification information for the flow of packets is effected in response to determining that congestion is affecting the flow of packets in the network.

Abstract: Disclosed are various embodiments for avoiding flow collisions in networks employing flow-based hashing to assign flows to routes. A flow of packets is sent from a source endpoint to a destination endpoint by way of a network. The flow is associated with flow identification information including, for example, a source port, a source network address, a destination port, and a destination address. It is determined whether to perturb the flow identification information for the flow to avoid flow collisions caused by flow-based hashing performed in the network. A state associated with the flow is updated to effect a perturbation to the flow identification information for the flow if the flow identification information for the flow is to be perturbed.

Abstract: When providing a user with native access to at least a portion of device hardware, the user can be prevented from modifying firmware and other configuration information by controlling the mechanisms used to update that information. In some embodiments, an asymmetric keying approach can be used to encrypt or sign the firmware. In other cases access can be controlled by enabling firmware updates only through a channel or port that is not exposed to the customer, or by mapping only those portions of the hardware that are to be accessible to the user. In other embodiments, the user can be prevented from modifying firmware by only provisioning the user on a machine after an initial mutability period wherein firmware can be modified, such that the user never has access to a device when firmware can be updated. Combinations and variations of the above also can be used.

Abstract: The transmission of data on computer networks according to one or more policies is disclosed. A policy may specify, among other things, various parameters which are to be followed when transmitting initiating network traffic. Multiple network interfaces may be installed on a server to enable transmission of data from the single server according a number of discrete configuration settings implicated by the various policies. The multiple network interfaces may correspond to separate physical components, with each component configured independently to implement a feature of a policy. The multiple network interfaces may also correspond to a single physical component that exposes multiple network interfaces, both to the network and to the server on which it is installed.

Abstract: Systems and methods for handling resources in a computer system differently in certain situations, such as catastrophic events, based upon an assigned layer of the resource in the system. The layer can be based, for example, on criticality of the resource to the system. Services or devices can be assigned a criticality level representing a layer. The different layers can be treated differently in the case of an event, such as fire, a power outage, an overheating situation and so forth. In response to receiving information about such an event, the different layers can be handled in accordance with their criticality.

Abstract: Host machines and other devices performing synchronized operations can be dispersed across multiple racks in a data center to provide additional buffer capacity and to reduce the likelihood of congestion. The level of dispersion can depend on factors such as the level of oversubscription, as it can be undesirable in a highly connected network to push excessive host traffic into the aggregation fabric. As oversubscription levels increase, the amount of dispersion can be reduced and two or more host machines can be clustered on a given rack, or otherwise connected through the same edge switch. By clustering a portion of the machines, some of the host traffic can be redirected by the respective edge switch without entering the aggregation fabric. When provisioning hosts for a customer, application, or synchronized operation, for example, the levels of clustering and dispersion can be balanced to minimize the likelihood for congestion throughout the network.

Abstract: Operating profiles for consumers of computing resources may be automatically determined based on an analysis of actual resource usage measurements and other operating metrics. Measurements may be taken while a consumer, such as a virtual machine instance, uses computing resources, such as those provided by a host. A profile may be dynamically determined based on those measurements. Profiles may be generalized such that groups of consumers with similar usage profiles are associated with a single profile. Assignment decisions may be made based on the profiles, and computing resources may be reallocated or oversubscribed if the profiles indicate that the consumers are unlikely to fully utilize the resources reserved for them. Oversubscribed resources may be monitored, and consumers may be transferred to different resource providers if contention for resources is too high.