Abstract: A computing resource is loaded with the code or data, and an audited record of the loaded code or data is generated. Furthermore, a configuration integrity is generated based on the record of the loaded code or data. The configuration integrity verifier is sent to a requestor for verification of the code or data, the configuration integrity verifier being usable as a trusted verification of the loaded code or data.

Abstract: Disclosed are various embodiments for distributing application components among many devices across a network for optimal execution of the application. A distribution is determined based on performance metrics, distribution profiles, and/or other indications of how to distribute application components for execution on many devices. In various embodiments, an application component may be simultaneously executed on many devices or on one device. The application components execute as if on one device even though they are distributed among many devices. Performance metrics indicate how well an application component executes in a device. During execution, the application components may be redistributed if another distribution is indicated by performance tolerances. If application components are redistributed, the execution of the application continues as if no redistribution had occurred.

Abstract: A system and method for management and processing of resource requests is provided. A content delivery network service provider receives a DNS query from a client computing device. The DNS query corresponds to a requested resource from the client computing device. The content delivery network service provider associates the client computing device with a cluster of other client computing devices. Based on routing information for the cluster, the content delivery network service provider routes the DNS query. The process can further include monitoring performance data associated with the delivery of the requested resource and updating the routing information for the cluster based on the performance data for use in processing subsequent requests from client computing devices in the cluster.

Abstract: A distributed load balancer in which a router receives packets from at least one client and routes packet flows to multiple load balancer nodes. The router exposes a public IP address and the load balancer nodes all advertise the same public IP address to the router. The router may implement a per-flow hashed multipath routing technique, for example an equal-cost multipath (ECMP) routing technique, to distribute the flows across the load balancer nodes. Thus, the multiple load balancer nodes may service a single public endpoint. The load balancer nodes may advertise to the router according to the Border Gateway Protocol (BGP). Rather than advertising itself, however, a load balancer node may be advertised to the router by one or more neighbor load balancer nodes; the neighbor nodes may terminate the BGP sessions with the router in response to determining that the load balancer node has failed.

Abstract: A distributed load balancer in which a router receives packets from at least one client and routes packet flows to multiple ingress servers. For unknown packet flows, an ingress server cooperates with primary and secondary flow trackers to establish connections to server nodes. For known packet flows, the ingress server sends the packets to target server nodes. The server nodes randomly select egress servers for outgoing packets of the packet flows. The ingress servers, flow trackers, and egress servers are implemented by multiple load balancer nodes in a load balancer node layer. The ingress and egress servers for a given packet flow may be on different load balancer nodes. The load balancer nodes may use a consistent hash function to compute a consistent hash ring for the nodes according to packet flow client/public endpoint pairs so that nodes associated with given packet flows can be located.

Abstract: Systems and methods are disclosed for providing a risk aware domain name service (DNS), which includes modulating a time to live (TTL) value associated with the DNS based at least in part on one or more DNS-related metrics associated with a DNS server providing DNS resolution.

Abstract: Disclosed are various embodiments for reducing privileges for imported software packages, such as software libraries. Trusted code is received that is configured to use untrusted code. A wrapper is generated for the untrusted code. The trusted code is reconfigured to use the wrapper. The wrapper is configured to invoke the untrusted code with reduced privileges as compared to the trusted code.

Abstract: Systems and method for the management of migrations of virtual machine instances are provided. A migration manager monitors the resource usage of a virtual machine instance over time in order to create a migration profile. When migration of a virtual machine instance is desired, the migration manager schedules the migration to occur such that the migration conforms to the migration profile.

Abstract: In various embodiments, static, dynamic, and behavioral analysis may be performed on an application. A set of software libraries or code fragments employed by the application may be determined. A set of device resources employed by the application may be determined. An application fingerprint is generated for the application. The application fingerprint encodes identifiers for the set of software libraries or code fragments and identifiers for the set of device resources.

Abstract: A network function virtualization service includes an action implementation layer and an action decisions layer. On a flow of network traffic received at the service, the action implementation layer performs a packet processing action determined at the action decisions layer.

Abstract: Method and apparatus for determining feature unavailability are disclosed. In the method and apparatus a user device attempts to communicate with a second server over a second network path whereby the communication may be blocked. The user device receives data from a first server over a first network path whereby the data indicates that communication using the second network path may be blocked.

Abstract: In response to a request to duplicate a network, the network is duplicated. The duplicate network includes one or more virtual devices that correspond to one or more devices in the network being duplicated. The devices of the duplicate network are communicatively arranged in a manner consistent with a topology of the network being duplicated. Once the duplicate network is created, access to the duplicate network is provided.

Abstract: A computer system propagates state information updates between nodes. A node establishes connections with one or more nodes of a plurality of nodes based at least in part on the number of connections between the one or more nodes and the nodes of the plurality of nodes. The node then propagates state information of the node to one or more other nodes of the plurality of nodes.

Abstract: Configuration items of an environment for a client of a configuration discovery service are identified. A view category is selected for the target environment. A set of configuration items for which information regarding recent configuration changes is to be provided is identified. Data which can be used to display a graphical representation of at least a portion of the environment and the configuration changes is transmitted.

Abstract: Methods and apparatus are described by which media player functionality such as, for example, adaptive bitrate selection may be supported in media players on iOS, tvOS, or MacOS devices for video content encoded using the HEVC codec. Each video segment reference in the manifest includes two associated HLS-compliant tags, a discontinuity tag followed by a map segment tag.

Abstract: A risk aware domain name service (DNS), which includes modulating a time to live (TTL) value associated with the DNS based at least in part on one or more DNS-related metrics associated with a DNS server providing DNS resolution is disclosed. A zone file that indicates a particular TTL value may be generated based at least in part on the one or more DNS-related metrics and provided to the DNS server.

Abstract: Disclosed are various embodiments for a workflow engine that obtains a workflow agent that comprises a workflow definition and a workflow history. The workflow engine determines a next action for the workflow agent based at least upon the workflow definition and the workflow history of the workflow agent. The workflow engine initiates the next action for the workflow agent. Subsequent actions may be initiated by the workflow engine or forwarded to another workflow engine.

Abstract: Disclosed are various embodiments for configuring virtual private networks (VPNs). A request is made, through a service call, for creation of a VPN through a client VPN gateway and a server VPN gateway. In response to the service call, a generic gateway configuration document is received. The generic gateway configuration document is applicable to the client VPN gateway. The generic gateway configuration document is translated to a device-specific gateway configuration document.

Abstract: Disclosed are various embodiments that provide an automated dispatching framework for global networks. Monitoring services in private networks monitor networking devices in the private networks. Events are reported by the monitoring services by storing the events in a queue in a global network. A network support management service retrieves the status updates from the queue. Support actions are implemented by the network support management service based at least in part on the status updates.

Abstract: A plurality of cipher suites is negotiated as part of a handshake process to establish a cryptographically protected communications session. The handshake process is completed to establish the cryptographically protected communications session. A message is communicated over the established cryptographically protected communications session using at least two cipher suites of the plurality of cipher suites.