Managed directory service

US 10,530,742 B2
Filed: 12/05/2013
Issued: 01/07/2020
Est. Priority Date: 11/11/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, at a managed directory service, an application programming interface call from a customer of a computing resource service provider, the application programming interface call at least including a request to create a computer system directory within an isolated virtual network of the customer, the isolated virtual network of the customer hosted in a computing environment of the computing resource service provider;

creating, in response to the request, the computer system directory in the isolated virtual network of the customer, the computing system directory being inaccessible to computing resources of the computing resource service provider outside the isolated virtual network without provision of access by the managed directory service, the computer system directory configured to at least join virtual machines within the isolated virtual network to a domain of the computer system directory; and

managing, using the managed directory service, the computer system directory on behalf of the customer, wherein the managed directory service is configured to access the computer system directory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for connecting computer system entities to remote computer system resources are described herein. A computer system entity that requests access to a remote computer system resource has that request fulfilled by a managed directory service which receives the request and connects the computer system entity to the remote computer system resource. While connected, the managed directory service receives commands to perform operations on the remote computer system resource and, if the computer system entity is authorized to perform the operations on the remote computer system resource, the managed directory service performs the operation on the remote computer system resource.

Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving, at a managed directory service, an application programming interface call from a customer of a computing resource service provider, the application programming interface call at least including a request to create a computer system directory within an isolated virtual network of the customer, the isolated virtual network of the customer hosted in a computing environment of the computing resource service provider;
  
  creating, in response to the request, the computer system directory in the isolated virtual network of the customer, the computing system directory being inaccessible to computing resources of the computing resource service provider outside the isolated virtual network without provision of access by the managed directory service, the computer system directory configured to at least join virtual machines within the isolated virtual network to a domain of the computer system directory; and
  
  managing, using the managed directory service, the computer system directory on behalf of the customer, wherein the managed directory service is configured to access the computer system directory.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, wherein managing the computer system directory includes:
    - creating a replica of the computer system directory to be usable in an event of unavailability of the computer system directory; and
      
      synchronizing the replica of the computer system directory and the computer system directory in accordance with changes made to the computer system directory.
  - 3. The computer-implemented method of claim 1, wherein:
    - the customer hosts one or more customer computer systems in a computing environment of the customer;
      
      the computing environment of the customer is configured to communicate with the isolated virtual network via a virtual private network connection; and
      
      the computer system directory is further configured to join one or more customer computer systems in the computing environment of the customer to the computer system directory.
  - 4. The computer-implemented method of claim 1, wherein managing the computer system directory includes obtaining one or more snapshots of the computer system directory.
  - 5. The computer-implemented method of claim 4, further comprising:
    - receiving a request to obtain a snapshot of the computer system directory; and
      
      obtaining at least one of the one or more snapshots as a result of receiving the request to obtain the snapshot.

6. A system, comprising:
- one or more processors; and
  
  memory including executable instructions that, when executed by the one or more processors, cause the system to;
  
  receive, at a managed directory service, from a customer of a computing resource service provider, a request using an application programming interface call to create a computer system directory in a computing environment of the computing resource service provider in accordance with one or more parameters specified by the customer;
  
  fulfill the request by at least creating the computer system directory in the computing environment of the computing resource service provider so that the computer system directory is configured to join, to the computer system directory, computing resources from the computing resource service provider, the computer system directory being created in a virtual network hosted by the computing resource service provider in the computing environment of the computing resource service provider, the virtual network being inaccessible by entities of the computing resource service provider outside the virtual network without provision of access by the managed directory service; and
  
  manage, using the managed directory service, the computer system directory on behalf of the customer, wherein the managed directory service is configured to access the computer system directory.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The system of claim 6, wherein the one or more parameters specify the virtual network of the customer where the computer system directory is created.
  - 8. The system of claim 6, wherein the instructions that cause the system to manage the computer system directory include instructions that, when executed by the one or more processors, cause the system to maintain a replica of the computer system directory in accordance with changes made to the computer system directory over time.
  - 9. The system of claim 6, wherein the computer system directory is created to at least join computer system instances to the computer system directory, the computer instances located in a computing environment outside of the computing environment of the computing resource service provider.
  - 10. The system of claim 9, wherein the computing environment outside of the computing environment of the computing resource service provider is hosted on premises of the customer.
  - 11. The system of claim 6, wherein the instructions that cause the system to manage the computer system directory include instructions that, when executed by the one or more processors, cause the system to patch executable code for operating the computer system directory.
  - 12. The system of claim 6, wherein the instructions that cause the system to manage the computer system directory include instructions that, when executed by the one or more processors, cause the system to obtain one or more snapshots of the computer system directory.
  - 13. The system of claim 12, wherein the instructions that cause the system to manage the computer system directory include instructions that, when executed by the one or more processors, cause the system to instantiate a version of the computer system directory from an obtained snapshot of the one or more snapshots.

14. A non-transitory computer-readable storage medium comprising executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least:
- receive, at a managed directory service, from a customer of a computing resource service provider, a request using an application programming interface call to create a computer system directory in a computing environment of the computing resource service provider in accordance with one or more parameters specified by the customer;
  
  fulfill the received request by at least creating the computer system directory in the computing environment of the computing resource service provider so that the computer system directory is configured to join, to the computer system directory, computing resources of the computing resource service provider, the computer system directory being created in a virtual network of the computing resource service provider where the computing resources are inaccessible to entities of the computing resource service provider outside the virtual network without provision of access by the managed directory service; and
  
  manage, using the managed directory service, the computer system directory on behalf of the customer, wherein the managed directory service is configured to access the computer system directory.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the one or more parameters specify the virtual network of the customer, the virtual network of the customer hosted by the computing resource service provider in the computing environment of the computing resource service provider.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the one or more parameters specify a sub-network of the virtual network of the customer in which the computer system directory is to be created.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the computer system to manage the computer system directory include instructions that, when executed by the one or more processors, cause the computer system to receive and fulfill application programming interface calls to perform management operations on the computer system directory.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the computer system to manage the computer system directory include instructions that, when executed by the one or more processors, cause the computer system to synchronize a replica of the computer system directory for use in a failover event.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the computer system directory is created to at least join computer system instances to the computer system directory, the computer system instances located in a computing environment hosted by an entity different from the computing resource service provider.
  - 20. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the computer system to manage the computer system directory include instructions that, when executed by the one or more processors, cause the computer system to perform updates to executable code used to operate the computer system directory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Shah, Shon Kiran, Rao, Guruprakash Bangalore, Mehta, Gaurang Pankaj, Rizzo, Thomas Christopher, Palande, Sameer, Rai, Krithi
Primary Examiner(s)
Chang, Jungwon

Application Number

US14/098,445
Publication Number

US 20150134800A1
Time in Patent Office

2,224 Days
Field of Search

709201, 709203, 718 1, 707770, 707831, 707827, 726 4, 370255
US Class Current
CPC Class Codes

G06F 16/955   using information identifie...

G06F 16/9566   URL specific, e.g. using al...

G06F 2009/45562   Creating, deleting, cloning...

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 21/604   Tools and structures for ma...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 40/134   Hyperlinking

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45558   Hypervisor-specific managem...

H04L 2101/30   Types of network names

H04L 41/50   Network service management,...

H04L 41/5009   Determining service level p...

H04L 41/5041   characterised by the time r...

H04L 41/5058   Service discovery by the se...

H04L 41/5083   wherein the managed service...

H04L 47/70   Admission control; Resource...

H04L 61/10   of different types

H04L 61/4541   Directories for service dis...

H04L 61/4547   for personal communications...

H04L 61/50 : Address allocation

H04L 61/5007 : Internet protocol [IP] addr...

H04L 63/08 : for authentication of entit...

H04L 63/102 : Entity profiles

H04L 63/104 : Grouping of entities

H04L 67/02 : based on web technology, e....

H04L 67/10 : in which an application is ...

H04L 67/1095 : Replication or mirroring of...

H04L 67/51 : Discovery or management the...

View All

Managed directory service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managed directory service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links