Providing access to configurable private computer networks
First Claim
1. A computer-implemented method for providing access to private computer networks, the method comprising:
- receiving, by a configurable network service implemented by one or more configured computing systems, configuration information including user-specified network topology information for a private network extension to a remote private computer network, multiple user-specified network addresses for use by the private network extension, and an indication of a remote resource service that is external to the remote private computer network and external to the private network extension and that is separated from the remote private computer network and from the private network extension by one or more intervening networks;
creating, by the configurable network service, the private network extension in accordance with the received configuration information, the creating including configuring the private network extension to provide private access between the private network extension and the remote private computer network in accordance with the specified network topology information;
generating, by the configurable network service, a unique identifier for the private network extension to represent a first namespace within the remote resource service, the first namespace to include one or more computing-related resources provided by the remote resource service that are accessible only from the private network extension;
configuring, by the configurable network service, a local access mechanism that is part of the private network extension and that enables the private network extension to access the one or more computing-related resources within the first namespace, the configuring of the local access mechanism including assigning one of the multiple user-specified network addresses to represent the remote resource service and associating the unique identifier with the assigned network address, so that communications sent from the remote private computer network or from the private network extension to the assigned network address are modified to include the unique identifier to enable the remote resource service to identify the first namespace and are forwarded to the remote resource service over the one or more intervening networks; and
providing, by the configurable network service, the private access between the private network extension and the remote private computer network.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.
-
Citations
29 Claims
-
1. A computer-implemented method for providing access to private computer networks, the method comprising:
-
receiving, by a configurable network service implemented by one or more configured computing systems, configuration information including user-specified network topology information for a private network extension to a remote private computer network, multiple user-specified network addresses for use by the private network extension, and an indication of a remote resource service that is external to the remote private computer network and external to the private network extension and that is separated from the remote private computer network and from the private network extension by one or more intervening networks; creating, by the configurable network service, the private network extension in accordance with the received configuration information, the creating including configuring the private network extension to provide private access between the private network extension and the remote private computer network in accordance with the specified network topology information; generating, by the configurable network service, a unique identifier for the private network extension to represent a first namespace within the remote resource service, the first namespace to include one or more computing-related resources provided by the remote resource service that are accessible only from the private network extension; configuring, by the configurable network service, a local access mechanism that is part of the private network extension and that enables the private network extension to access the one or more computing-related resources within the first namespace, the configuring of the local access mechanism including assigning one of the multiple user-specified network addresses to represent the remote resource service and associating the unique identifier with the assigned network address, so that communications sent from the remote private computer network or from the private network extension to the assigned network address are modified to include the unique identifier to enable the remote resource service to identify the first namespace and are forwarded to the remote resource service over the one or more intervening networks; and providing, by the configurable network service, the private access between the private network extension and the remote private computer network. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method for providing access to private computer networks, the method comprising:
-
receiving, by one or more computer systems implementing a configurable network service, information from a first client that specifies multiple network addresses for use with a first private computer network for the first client; configuring, by the one or more computer systems, the first private computer network to includes multiple computing nodes provided by the configurable network service, the configuring of the first private computer network including associating each of the multiple computing nodes with at least one of the multiple network addresses; configuring, by the one or more computer systems, a local access mechanism as part of the first private computer network to enable access from the first private computer network to a remote resource service in a manner that represents accessing a namespace within the remote resource service, the remote resource service being external to the first private computer network and the namespace including a subset of computing-related resources of the remote resource service, the configuring of the local access mechanism including selecting an indicated one of the multiple network addresses to represent the remote resource service within the first private computer network and associating the indicated one network address with an obtained identifier that enables the remote resource service to identify the namespace; modifying, by the one or more computer systems, communications sent by the multiple computing nodes to the indicated one network address to include an indication of the identifier to enable the remote resource service to identify the namespace, and forwarding the modified communications to the remote resource service over one or more intervening networks; and initiating, by the one or more computer systems, availability of access to the first private computer network from one or more remote computing systems of the first client. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium whose contents configure a computing system of a configurable network service to provide access to private computer networks, by performing a method comprising:
-
receiving one or more requests from a remote customer to create a network extension to a remote private network of the customer, the one or more requests specifying configuration information for the network extension, the configuration information including network topology information for the network extension; selecting multiple computing nodes for use as part of the network extension, the multiple computing nodes being a subset of a plurality of computing nodes provided by the configurable network service and being selected based at least in part on the configuration information specified by the customer; configuring an access mechanism as part of the network extension, the access mechanism enabling access from the selected computing nodes to one or more computing-related resources provided by a resource service that is external to the network extension and that is external to the private network of the customer, the configuring of the access mechanism including assigning one of multiple network addresses for the network extension to represent the resource service within the network extension to the selected computing nodes, such that one or more communications sent from one or more of the selected computing nodes to the assigned network address are forwarded to the resource service; configuring the network extension to provide private access of the customer to the network extension to enable access from the multiple computing nodes of the network extension to the one or more computing-related resources provided by the resource service, the private access enabling intercommunications between the multiple computing nodes and one or more computing systems of the remote private network of the customer, the intercommunications being routed via the created network extension in accordance with the network topology information; and initiating the providing of the private access of the remote customer to the network extension. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A computing system configured to provide access to private computer networks, comprising:
-
one or more memories; and a configurable network service manager module that is configured to automatically provide computer networks by, for each of multiple remote clients; receiving configuration information from the client that includes an indication of multiple network addresses to associate with multiple computing nodes to be provided as part of a created computer network for the client; configuring multiple computing nodes in accordance with the received configuration information, the configuring including associating at least one of the multiple network addresses with each of the multiple computing nodes; configuring an access mechanism as part of the created computer network for the client that enables access to one or more resources provided by a network-accessible remote resource service that is not part of the created computer network for the client, the configuring of the access mechanism including assigning one of the multiple network addresses to represent the remote resource service, and associating an identifier with the assigned network address for use in accessing the one or more resources; providing access from the multiple computing nodes to the one or more resources provided by the resource service via the configured access mechanism by modifying communications sent to the assigned network address from the created private network to include an indication of the identifier and by forwarding the modified communications to the remote resource service; and providing to the client access to the multiple computing nodes of the created computer network. - View Dependent Claims (27, 28, 29)
-
Specification