Abstract: A system and method for a container service that obtains a software image of a software container that has been configured to be executed within a computer system instance registered to a cluster by one or more processors. The container service is configured to receive a request to launch the software image in accordance with a task definition, wherein the task definition specifies an allocation of resources for the software container. The container service may then determine, according to a placement scheme, a subset of a set of container instances registered to the cluster in which to launch the software image in accordance with the task definition. Upon determining the subset of the set of container instances, the container service may launch the software image as one or more running software containers in the set of container instances in accordance with the task definition.

Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.

Abstract: A log data service in a virtual environment that allows customers of a compute service provider to access system, application and custom log files associated with virtual machine instances that are executing. In some embodiments, log data can be received that includes events or messages from virtual machines in a multi-tenant environment. The log data can be transformed into metric data, which can be used by the customer to generate statistics, view graphs, and generally monitor the customer's virtual machine instances. The log data can also be stored as a service so that the customer has a central repository for which to access the log data.

Abstract: Embodiments provide migration of services across different clusters to balance utilization and meet customer demands. Different service migration options may be performed with or without downtime. The artifacts of the service are moved to a new destination cluster. The service is created on the new destination cluster and staged so that the service is almost ready to start. In one embodiment, the service is stopped on the old cluster and started on the new cluster. After stopping the service, DNS is updated to point to the service on the new cluster. In another embodiment, the service is stopped on the old cluster and started on the new cluster with the same IP address to avoid DNS reprogramming and associated delays. In a further embodiment, the migration is performed without downtime by moving the service part by part from one cluster to another.

Abstract: Goal state indicators can be communicated from a fabric controller of a computer cluster to each of multiple compute instances in the computer cluster managed by the fabric controller. The goal state indicators can be formatted according to a structured protocol that defines multiple possible goal states. Additionally, status reports can be received from the compute instances. Each of the status reports can indicate a current state of one of the compute instances relative to a goal state previously indicated in a goal state indicator communicated to that one of the compute instances.

Abstract: Applications, such as cloud services, may be deployed within a network environment (e.g., a cloud computing environment). Unfortunately, when the applications are instantiated within the network environment, they have the ability to compromise the security of other applications and/or the infrastructure of the network environment. Accordingly, as provided herein, a security scheme may be applied to a network environment within which an application is to be instantiated. The security scheme may comprise one or more security layers (e.g., virtual machine level security, application level security, operating system level security, etc.) derived from an application service model describing the application and/or resources allocated to the application.

Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.

Abstract: The provisioning of a virtual machine when booted from virtual storage. During virtual machine boot from an image, the virtual machine detects storage media. The virtual machine acquires a provisioning agent and provisioning data from the detected storage media. The virtual machine uses the provisioning data to provision itself, and executes the provisioning agent. The provisioning agent may monitor the progress of the provisioning and/or report a status of the provisioning. The virtual machine may operate in a cloud computing environment, the status of the provisioning agent being returned to the user through the cloud environment. The user need not generate the provisioning data in a format readable by the virtual machine. Instead, perhaps some naturally entered user input is used to automatically generate the properly formatted provisioning data using perhaps a service in the cloud.

Abstract: Goal state indicators can be communicated from a fabric controller of a computer cluster to each of multiple compute instances in the computer cluster managed by the fabric controller. The goal state indicators can be formatted according to a structured protocol that defines multiple possible goal states. Additionally, status reports can be received from the compute instances. Each of the status reports can indicate a current state of one of the compute instances relative to a goal state previously indicated in a goal state indicator communicated to that one of the compute instances.

Abstract: Applications, such as cloud services, may be deployed within a network environment (e.g., a cloud computing environment). Unfortunately, when the applications are instantiated within the network environment, they have the ability to compromise the security of other applications and/or the infrastructure of the network environment. Accordingly, as provided herein, a security scheme may be applied to a network environment within which an application is to be instantiated. The security scheme may comprise one or more security layers (e.g., virtual machine level security, application level security, operating system level security, etc.) derived from an application service model describing the application and/or resources allocated to the application.