MANAGING DYNAMIC IP ADDRESS ASSIGNMENTS

US 20160373405A1
Filed: 06/16/2015
Published: 12/22/2016
Est. Priority Date: 06/16/2015
Status: Abandoned Application

First Claim

Patent Images

1. A computer-readable storage medium having computer-executable instructions stored thereupon that, when executed by a computer system, cause the computer system to:

receive, via a graphical user interface, a selection of an identifier for a web service by a customer of a service provider network, the service provider network having server computers hosting one or more virtual machines for the customer web service;

determine one or more public IP addresses for the web service;

identify virtual machines of the customer in the service provider network that are allowed to communicate with the web service;

generate IP address lists for the identified virtual machines, the IP address lists including the one or more public IP addresses for the web service; and

update security tables for the identified virtual machines with the generated IP address lists at server computers hosting the identified virtual machines.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various systems and processes may be used to manage Internet Protocol (IP) addresses that are dynamically assigned. In particular implementations, systems and processes for managing IP addresses that are dynamically assigned may include the ability to determine whether an identifier for a web service has been received from a customer having one or more virtual machines in a service provider network, the web service being accessible by the customer'"'"'s virtual machines over an external communication network. The systems and processes may also include the ability to determine a number of IP addresses for the web service, identify virtual machines of the customer that are allowed to communicate with the web service, generate one or more IP address lists for the identified virtual machines, and update security tables for the identified virtual machines with the IP address lists at server computers hosting the identified virtual machines.

Citations

24 Claims

1. A computer-readable storage medium having computer-executable instructions stored thereupon that, when executed by a computer system, cause the computer system to:
- receive, via a graphical user interface, a selection of an identifier for a web service by a customer of a service provider network, the service provider network having server computers hosting one or more virtual machines for the customer web service;
  
  determine one or more public IP addresses for the web service;
  
  identify virtual machines of the customer in the service provider network that are allowed to communicate with the web service;
  
  generate IP address lists for the identified virtual machines, the IP address lists including the one or more public IP addresses for the web service; and
  
  update security tables for the identified virtual machines with the generated IP address lists at server computers hosting the identified virtual machines.
- View Dependent Claims (2, 3, 4)
- - 2. The computer readable storage medium of claim 1, having further computer-executable instructions stored thereupon which, when executed by a computer system, cause the computer system to:
    - determine whether one or more computer network addresses for the web service have changed;
      
      confirm the computer network addresses for the web service;
      
      generate one or more updated computer network address lists for the identified virtual machines, the computer network address lists including the computer network addresses for the web service; and
      
      update the security tables for the identified virtual machines with the updated computer network address lists at the server computers hosting the virtual machines.
  - 3. The computer readable storage medium of claim 2, wherein determining whether one or computer network addresses for the web service have changed comprises receiving notice of one or more new computer network addresses for the web service.
  - 4. The computer readable storage medium of claim 2, having further computer-executable instructions stored thereupon which, when executed by a computer system, cause the computer system to:
    - determine that the computer network address lists have been distributed to the server computers hosting the identified virtual machines; and
      
      generate a notification for the web service that it is safe to begin using the new computer network addresses.

5. A method for managing Internet Protocol (IP) address assignment, the method comprising:
- receiving, from a user, a specification of an identifier for a web service and an indication of one or more virtual machines of the user, the identifier associated with network addresses for the web service;
  
  generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier, the network address lists including the network addresses for the web service; and
  
  updating security tables for the one or more virtual machines with the address lists at server computers hosting the one or more virtual machines, the security tables used by the server computers to at least determine whether to allow communications addressed to or from the network addresses for the service.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The method of claim 5, further comprising:
    - determining whether one or more IP addresses for the web service have changed;
      
      confirming the IP addresses for the web service;
      
      generating one or more updated IP address lists for virtual machines in the service provider network, the IP address lists including the IP addresses for the web service; and
      
      updating the security tables for the virtual machines with the updated IP address lists at the server computers hosting the virtual machines.
  - 7. The method of claim 6, wherein determining whether one or IP addresses for the web service have changed comprises receiving notice of one or more new IP addresses for the web service.
  - 8. The method of claim 7, further comprising:
    - determining that the IP address lists have been distributed to the server computers hosting the identified virtual machines; and
      
      generating a notification for the web service that it is safe to begin using the new IP addresses.
  - 9. The method of claim 5, wherein determining whether one or more IP addresses for the web service have changed comprises receiving notice that one or more IP addresses for the web service are to be deleted.
  - 10. The method of claim 9, further comprising:
    - determining that the IP address lists have been distributed to the server computers hosting the identified virtual machines; and
      
      generating a notification for the web service that it is safe to remove the IP addresses.
  - 11. The method of claim 5, wherein generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier comprises merging the network addresses for the web service with network addresses specified for the virtual machines.
  - 12. The method of claim 5, wherein generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier comprises expanding a network address prefix into a plurality of network addresses.
  - 13. The method of claim 5, further comprising generating a notification regarding a change in IP address for security groups associated with the web service.
  - 14. The method of claim 5, further comprising:
    - receiving a customer selection of a web service for a security group;
      
      determining whether a web service version is proximate the customer resources;
      
      recommending use of the web service version proximate the customer resources;
      
      receiving a customer selection of a web service version; and
      
      associating the selected web service version with the security group.

15. A system, comprising:
- one or more computing devices comprising processing units and memory;
  
  the one or more computing devices configured to;
  
  receiving, from a user, a specification of an identifier for a web service and an indication of one or more virtual machines of the user, the identifier associated with network addresses for the web service;
  
  generate one or more network address lists for the one or more virtual machine based at least in part of the specification of the identifier, the network address lists including the network addresses for the web service; and
  
  update security tables for the one or more virtual machines with the address lists at server computers hosting the one or more virtual machines, the security tables used by the server computers to at least determine whether to allow communication addressed to or from the network addresses for the service.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The system of claim 15, wherein the computing devices are further configured to:
    - determine whether one or more IP addresses for the web service have changed;
      
      confirm the IP addresses for the web service;
      
      generate one or more updated IP address lists for virtual machines in the service provider network, the IP address lists including the IP addresses for the web service; and
      
      update the security tables for the virtual machines with the updated IP address lists at the server computers hosting the virtual machines.
  - 17. The system of claim 16, wherein determining whether one or IP addresses for the web service have changed comprises receiving notice of one or more new IP addresses for the web service.
  - 18. The system of claim 17, wherein the computing devices are further configured to:
    - determine that the IP address lists have been distributed to the server computers hosting the identified virtual machines; and
      
      generate a notification for the web service that it is safe to begin using the new IP addresses.
  - 19. The system of claim 15, wherein determining whether one or more IP addresses for the web service have changed comprises receiving notice that one or more IP addresses for the web service are to be deleted.
  - 20. The system of claim 19, wherein the computing devices are further configured to:
    - determine that the IP address lists have been distributed to the server computers hosting the identified virtual machines; and
      
      generate a notification for the web service that it is safe to remove the IP addresses.
  - 21. The system of claim 15, wherein generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier comprises merging the network addresses for the web service with network addresses specified for the virtual machines.
  - 22. The system of claim 15, wherein generating one or more network address lists for the one or more virtual machines based at least in part on the specification of the identifier comprises expanding a network address prefix into a plurality of network addresses.
  - 23. The system of claim 15, wherein the computing devices are further configured to generate a notification regarding a change in IP address for security groups associated with the web service.
  - 24. The system of claim 15, wherein the computing devices are further configured to:
    - receive a customer selection of a web service for a security group;
      
      determine whether a web service version is proximate the customer resources;
      
      recommend use of the web service version proximate the customer resources;
      
      receive a customer selection of a web service version; and
      
      associate the selected web service version with the security group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
VOEGELE, MICHAEL SIAOSI, MILLER, KEVIN CHRISTOPHER

Application Number

US14/741,148
Publication Number

US 20160373405A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 9/45558   Hypervisor-specific managem...

H04L 61/30   Managing network names, e.g...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0236   Filtering by address, proto...

H04L 63/0263   Rule management

H04L 63/101   Access control lists [ACL]

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

H04L 67/51   Discovery or management the...

MANAGING DYNAMIC IP ADDRESS ASSIGNMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING DYNAMIC IP ADDRESS ASSIGNMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links