Search Patents
  • Patent number: 9886737
    Abstract: Methods, systems, and computer-readable media for local-to-remote migration for virtualized graphics processing are disclosed. A virtual compute instance comprising a local GPU is provisioned from a provider network. The provider network comprises a plurality of computing devices configured to implement a plurality of virtual compute instances with multi-tenancy. A virtual GPU is attached to the virtual compute instance. The virtual GPU is implemented using a physical GPU, and the physical GPU is accessible to the virtual compute instance over a network. Graphics processing for the virtual compute instance is migrated from the local GPU to the virtual GPU. An application is executed using the virtual GPU on the virtual compute instance.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: February 6, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Nicholas Patrick Wilt, Ashutosh Tambe, Nathan Lee Burns
  • Patent number: 8683560
    Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.
    Type: Grant
    Filed: December 29, 2010
    Date of Patent: March 25, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Marc J. Brooker, Mark Joseph Cavage, David Brown, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
  • Patent number: 10904277
    Abstract: Systems for providing a threat intelligence system differentiate between network activity that is a mass scan, or is an accidental or otherwise benign abnormality, or is a directed attack. All of the network activity of a computing resource service provider is logged, and the logs are parsed to include the activity of a particular activity source. The activity is stored in an activity profile, and is updated on a rolling window basis. The systems then use the activity profiles of activity sources that have communicated with a user's computing resources to determine whether the activity and/or activity source is a potential threat against the user's virtual computing environment(s) and/or the computing resources executing therein. The system computes a threat level score based on parameters identified in the activity profiles.
    Type: Grant
    Filed: February 27, 2018
    Date of Patent: January 26, 2021
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Nima Sharifi Mehr
  • Patent number: 11853783
    Abstract: Host systems for resuming operation of a virtual compute instance may be identified that support features enabled for the virtual compute instance. Virtual compute instance features may be enabled at runtime prior to a virtual compute instance being stopped. When a virtual compute instance is started again, these features may be used to identify a host system that supports at least these features so that when the virtual compute instance resumes operation on the identified host, the features can be enabled.
    Type: Grant
    Filed: March 29, 2021
    Date of Patent: December 26, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Mohamed A Aboubakr, Deepak Bhardwaj, Elton Victor Pinto, Ziran Nie, Akshay Bharat Shah, Ayush Jitendra Sanghvi, Michael A Ibarra, Venkat Srinath Vutphala, Shivanischal Anand
  • Patent number: 9294282
    Abstract: A virtualized system that is capable of executing a computation that has been identified as a repeatable computation and recording various representations of the state of the computing environment throughout the execution of the repeatable computation, where the state of the computing environment can be cryptographically signed and/or verified using a trusted platform module (TPM), or other cryptographic module. For example, a TPM embedded in the host computing device may generate a hash measurement that captures the state of the repeatable computation at the time of the computation. This measurement can be digitally signed using one or more cryptographic keys of the TPM and recorded for future use. The recorded state can subsequently be used to repeat the computation and/or determine whether the computation was repeated successfully according to certain defined criteria.
    Type: Grant
    Filed: July 1, 2013
    Date of Patent: March 22, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Eric Jason Brandwine, Deepak Singh
  • Patent number: 9811376
    Abstract: Techniques for preserving the state of virtual machine instances during a migration from a source location to a target location are described herein. A set of credentials configured to provide access to a storage device by a virtual machine instance at the source location is provided to the virtual machine instance. When the migration from the source location to the target location starts, a second set of credentials configured to provide access to a storage device by a virtual machine instance at the source location is provided to the virtual machine instance. During the migration, a response to an input-output request is provided to one or more of the locations using the set of credentials and based at least in part on the state of the migration.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: November 7, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Pieter Kristian Brouwer, Kristina Kraemer Brenneman, Marc John Brooker, Jerry Lin, Marc Stephen Olson
  • Patent number: 11303509
    Abstract: Implementation resources are operated in a manner furthering a particular purpose while excluding use of the implementation resources for other purposes. At least some of the implementation resources have capacity that is usable to implement multiple other resources. The capacity of the implementation resources is allocated in a manner that satisfies one or more conditions on the capacity of the implementation resources that is used. Generally, the capacity is allocated in a manner that reduces the likelihood that resources initiated close in time will fail together should underlying implementation resources fail. The implementation resources may be hardware devices that implement virtual computer systems.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: April 12, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Marc J. Brooker, Cornelle Christiaan Pretorius Janse Van Rensburg, Abhinav Agrawal, Adam D. Gray, Marvin M. Theimer, Peter N. DeSantis
  • Patent number: 9514485
    Abstract: A component executing within a programmable execution system (PES) receives a request to launch a virtual machine instance, such as from a customer of the PES. In response to receiving such a request, the component computes an expected cost of executing the virtual machine instance over its lifetime based upon one or more cost factors. The component also computes an expected value of executing the virtual machine instance over its lifetime based upon one or more value factors. Based upon the computed expected cost and the computed expected value associated with executing the virtual machine instance, the component determines whether or not to launch the virtual machine instance. The component might utilize a similar mechanism to determine whether to instantiate other types of computing resources.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: December 6, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Christopher de Kadt, Roland Paterson-Jones
  • Patent number: 10929275
    Abstract: A virtual private cloud (VPC) that includes one or more computing devices (e.g., a physical computing device, a virtual computing device, etc.) that each implement a service present in an actual production environment is provided herein. For example, at the request of a user, an instance deployment manager may replicate one or more of the services provided by an actual production environment such that the services can be executed by the computing devices within the VPC. The computing devices within the VPC may be configured to communicate with each other. However, the computing devices may not communicate with devices outside the VPC. Thus, the VPC may represent a sandboxed or isolated test stack that allows a user to independently test code within a replicated production environment.
    Type: Grant
    Filed: May 8, 2019
    Date of Patent: February 23, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Liang Ge, Mohit Gupta
  • Patent number: 9455871
    Abstract: Embodiments of the present disclosure are directed to, among other things, providing resource allocation advice, configuration recommendations, and/or migration advice regarding data storage, access, placement, and/or related web services. In some examples, a web service may utilize or otherwise control a client instance to control, access, or otherwise manage resources of a distributed system. Based at least in part on one or more resource usage checks and/or configuration checks, resource usage information and/or configuration information of an account utilizing a web service, and/or user preferences and/or settings, resource allocation advice, system configuration recommendations, and/or migration advice may be provided to a user of an account. Additionally, in some examples, one or more remediation operations may be performed automatically.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: September 27, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Mahendra M. Chheda, Shawn E. Heidel, Robert B. Jaye, Justin K. Brindley-Koonce, Eric Jason Brandwine
  • Patent number: 9563385
    Abstract: Methods and apparatus for profile-guided preloading for virtualized resources are described. A block-level storage volume whose contents are to be populated via data transfers from a repository service is programmatically attached to a compute instance. An indication of data transfers from the repository to a block storage service implementing the volume is obtained, corresponding to a particular phase of program execution at the compute instance. A storage profile is generated, based at least in part on the indication of data transfers. The storage profile is subsequently used to pre-load data from the repository service on behalf of other compute instances.
    Type: Grant
    Filed: September 16, 2013
    Date of Patent: February 7, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcin Piotr Kowalski, David R. Richardson, James Alfred Gordon Greenfield, Jacobus Johannes Nicolaas Van Der Merwe, Matthew James Eddey, Christopher Richard Jacques De Kadt, Peter Nicholas Desantis
  • Patent number: 11144363
    Abstract: A workflow orchestration service coordinates the performance of a workflow. The workflow is accomplished by performing a task on each resource in a set of resources. In an embodiment, the resources are virtual computer system instances and the task is a set of commands to be run on each of the virtual computer system instances. As a result of a request, the workflow orchestration service initiates a task instance for each resource in the set of resources in accordance with a set of workflow parameters. In an embodiment, the workflow parameters include a parameter that limits the number of concurrent active task instances. In an embodiment, the workflow parameters identify condition that aborts the performance of the workflow. In an embodiment, upon failure of a task instance, the workflow orchestration service rolls back the state of an associated resource to a state before the task was initiated.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: October 12, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Daniel Francis Conde, Lachlan Hillman, Prasad Krishnan, Derek Ying Chen Kwiatkowski, Mats Erik Lanner
  • Patent number: 10038558
    Abstract: A virtualized system that is capable of executing a computation that has been identified as a repeatable computation and recording various representations of the state of the computing environment throughout the execution of the repeatable computation, where the state of the computing environment can be cryptographically signed and/or verified using a trusted platform module (TPM), or other cryptographic module. For example, a TPM embedded in the host computing device may generate a hash measurement that captures the state of the repeatable computation at the time of the computation. This measurement can be digitally signed using one or more cryptographic keys of the TPM and recorded for future use. The recorded state can subsequently be used to repeat the computation and/or determine whether the computation was repeated successfully according to certain defined criteria.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: July 31, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Nachiketh Rao Potlapally, Eric Jason Brandwine, Deepak Singh
  • Patent number: 8701109
    Abstract: Technologies are described herein for ensuring data in long-term storage will be accessible at a future date. Upon storing the data in long-term storage, a well-defined instance of data processing resources is created on a host computing platform for the installation and testing of a related application that is capable of accessing the stored data. Once testing of the related application is complete, a machine image is generated from the instance and stored with the data in the long-term storage. If access to the data stored in the long-term storage is required at a future date, the data and associated machine image may be retrieved, and a compatible instance of data processing resources created in which the machine image may be restored. The data in the long-term storage may then be accessed by the related applications executing in the newly created instance.
    Type: Grant
    Filed: February 6, 2012
    Date of Patent: April 15, 2014
    Assignee: Amazon Technologies, Inc.
    Inventor: Colin L. Lazier
  • Patent number: 10972449
    Abstract: Disclosed herein are techniques for enabling device communication in a secure environment. In one example, a system comprises a storage in a server, a first component in the server, the first component being isolated in a secure environment in the server, and an entry point device authorized to access the first component via the secure environment. The entry point device may receive a request to access the first component. The entry point device may store a notification in a region of the storage accessible by the first component, wherein the notification is to be read by the first component from the storage to set the first component to an operation mode. The entry point device may store operation data in the storage, wherein the operation data is to be acquired by the first component from the storage to control an operation of the first component in the operation mode.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: April 6, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Alex Levin, Barak Wasserstrom, Georgy Zorik Machulsky, Saar Gross, Or Yochanan
  • Patent number: 10423438
    Abstract: In a multi-tenant environment, separate virtual machines can be used for configuring and operating different subsets of programmable integrated circuits, such as a Field Programmable Gate Array (FPGA). The programmable integrated circuits can communicate directly with each other within a subset, but cannot communicate between subsets. Generally, all of the subsets of programmable ICs are within a same host server computer within the multi-tenant environment, and are sandboxed or otherwise isolated from each other so that multiple customers can share the resources of the host server computer without knowledge or interference with other customers.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: September 24, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Islam Mohamed Hatem Abdulfattah Mohamed Atta, Mark Bradley Davis, Robert Michael Johnson, Christopher Joseph Pettey, Asif Khan, Nafea Bshara
  • Patent number: 8943023
    Abstract: Methods and apparatus for receiving uploaded data from a sender at a receiver. A data deduplication technique is described that may reduce the bandwidth used in uploading data from the sender to the receiver. In the technique, the receiver, rather than the sender, maintains a fingerprint dictionary for previously uploaded data. When a sender has additional data to be uploaded, the sender extracts fingerprints for units of the data and sends the fingerprints to the receiver. The receiver checks its fingerprint dictionary to determine the data units to be uploaded and notifies the sender of the identified units, which then sends the identified units of data to the receiver. The technique may, for example, be applied in virtualized data store systems to reduce bandwidth usage in uploading data.
    Type: Grant
    Filed: December 29, 2010
    Date of Patent: January 27, 2015
    Assignee: Amazon Technologies, Inc.
    Inventor: James Christopher Sorenson, III
  • Patent number: 10015241
    Abstract: Operating profiles for consumers of computing resources may be automatically determined based on an analysis of actual resource usage measurements and other operating metrics. Measurements may be taken while a consumer, such as a virtual machine instance, uses computing resources, such as those provided by a host. A profile may be dynamically determined based on those measurements. Profiles may be generalized such that groups of consumers with similar usage profiles are associated with a single profile. Assignment decisions may be made based on the profiles, and computing resources may be reallocated or oversubscribed if the profiles indicate that the consumers are unlikely to fully utilize the resources reserved for them. Oversubscribed resources may be monitored, and consumers may be transferred to different resource providers if contention for resources is too high.
    Type: Grant
    Filed: April 25, 2016
    Date of Patent: July 3, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Michael David Marr, Matthew D. Klein
  • Patent number: 11822947
    Abstract: Methods, systems, and computer-readable media for automated management of machine images are disclosed. A machine image management system determines that a trigger for a machine image build process has occurred. The machine image management system performs the machine image build process responsive to the trigger. The machine image build process generates a machine image, and the machine image comprises a plurality of operating system components associated with an application. The machine image is validated by the machine image management system for compliance with one or more policies. The machine image management system provides the machine image to one or more recipients. One or more compute resources are launched using the machine image, and the application is executed on the compute resource(s) launched using the machine image.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: November 21, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Samartha Chandrashekar, Francois Daniels
  • Patent number: 11061584
    Abstract: Methods and apparatus for profile-guided preloading for virtualized resources are described. A block-level storage volume whose contents are to be populated via data transfers from a repository service is programmatically attached to a compute instance. An indication of data transfers from the repository to a block storage service implementing the volume is obtained, corresponding to a particular phase of program execution at the compute instance. A storage profile is generated, based at least in part on the indication of data transfers. The storage profile is subsequently used to pre-load data from the repository service on behalf of other compute instances.
    Type: Grant
    Filed: February 6, 2017
    Date of Patent: July 13, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcin Piotr Kowalski, David R. Richardson, James Alfred Gordon Greenfield, Jacobus Johannes Nicolaas Van Der Merwe, Matthew James Eddey, Christopher Richard Jacques De Kadt, Peter Nicholas Desantis