PROVIDING PRIVATE ACCESS TO NETWORK-ACCESSIBLE SERVICES
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network. The techniques may be used in situations in which a configurable network service provides managed virtual computer networks for clients and also provides one or more network-accessible services that are available to the managed virtual computer networks, with particular managed virtual computer networks being configured to provide local private access to at least one of the provided network-accessible services, despite those provided network-accessible services being located externally to the particular managed virtual computer networks. In some situations, a Lightweight Directory Access Protocol (“LDAP”) network-accessible service is provided, and a logical endpoint for the LDAP service is created within a managed virtual computer network to enable the multiple computing nodes of the managed virtual computer network to communicate with one or more LDAP computer servers from the LDAP service.
39 Citations
26 Claims
-
1-17. -17. (canceled)
-
18. A non-transitory computer-readable medium whose stored contents configure a computing system to perform a method, the method comprising:
-
obtaining information regarding a first virtual computer network that has multiple computing nodes and that is provided for a first client by a configurable network service, the first virtual computer network being overlaid on a distinct substrate network that interconnects the multiple computing nodes, the multiple computing nodes being associated with a plurality of virtual network addresses for the first virtual computer network and each having a distinct associated substrate network address that corresponds to a location of the computing node in the substrate network, the obtained information further indicating that one of the plurality of virtual network addresses is associated with a network-accessible service that is provided by the configurable network service for use by the multiple computing nodes of the first virtual computer network; for each of one or more communications that are each sent to a destination that is one of the multiple computing nodes by specifying one of the plurality of virtual network addresses that is associated with the destination one computing node, encoding the communication in a manner specific to the substrate network, and forwarding the encoded communication over the substrate network to the destination one computing node by using the substrate network address for the destination one computing node, the encoding and forwarding of each of the one or more communications being performed by the configured computing system; and for each of one or more other communications that are each sent to a destination that is the one virtual network address associated with the network-accessible service, facilitating providing functionality of the network-accessible service to the first virtual computer network by encoding the other communication in a manner specific to the substrate network, and forwarding the encoded other communication over the substrate network to at least one computer server external to the first virtual computer network that is part of the network-accessible service. - View Dependent Claims (19, 20, 21)
-
-
22. A system, comprising:
-
one or more processors of one or more computing systems; and one or more modules that are each configured to, when executed by at least one of the one or more processors, provide networking functionality for a first virtual computer network that is overlaid on one or more distinct second networks used as a substrate and that has a plurality of virtual network addresses for use in designating multiple computing nodes that are part of the first virtual computer network, the multiple computing nodes being connected to the one or more second networks and each being associated with one of the plurality of virtual network addresses and with a distinct associated substrate network address that corresponds to the one or more second networks, the providing of the networking functionality including; receiving one or more network communications that are each directed to a destination one of the multiple computing nodes that is specified using one of the plurality of virtual network addresses; for each of the one or more network communications, encoding the network communication in a manner specific to the one or more second networks and to use the associated substrate network address of the destination one computing node for the network communication, and sending the encoded network communication to the one or more second networks for forwarding to the destination one computing node for the network communication based on the associated substrate network address that is being used for the encoded network communication; receiving one or more other network communications that are each directed to a destination specified using one of the plurality of virtual network addresses that is associated with one or more Lightweight Directory Access Protocol (“
LDAP”
) computer servers available to the first virtual computer network; andfor each of the one or more other network communications, sending the other network communication to at least one of the one or more LDAP computer servers to enable functionality of the one or more LDAP computer servers to be provided to the first virtual computer network. - View Dependent Claims (23, 24, 25, 26)
-
Specification