Providing enhanced access to remote services

US 8,312,154 B1
Filed: 06/18/2007
Issued: 11/13/2012
Est. Priority Date: 06/18/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by a computing system executing a node manager software system, a first communication sent from a first virtual machine node to a first remote Web service to request functionality from the first remote Web service, the first remote Web service being configured to perform authentication activities for received communications before providing corresponding functionality, and forwarding the first communication to the first remote Web service without altering the forwarded first communication;

receiving, by the computing system executing the node manager software system, a second communication sent from a second virtual machine node to a first interface of a second remote Web service to request functionality from the second remote Web service, the second remote Web service having at least the first interface and a second interface, the first interface being a default interface for unauthenticated communications such that authentication activities are performed by the second remote Web service for communications received via the first interface, the second interface being available for authenticated communications such that authentication activities are not performed by the second remote Web service for communications received via the second interface; and

altering, by the computing system executing the node manager software system, the received second communication to eliminate authentication activities that would otherwise be performed by the second remote Web service for the received second communication, the altering including;

retrieving stored information about a client associated with the second virtual machine node;

authenticating the received second communication based at least in part on the obtained information about the associated client;

altering the received second communication to request corresponding functionality to be provided from the second remote Web service for the second virtual machine node without the second remote Web service performing authentication activities for the altered second communication, the altering including modifying the received second communication to use the second interface of the second remote Web service instead of the first interface of the second remote Web service; and

sending the altered second communication to the second interface of the second remote Web service on behalf of the second virtual machine node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing client computing nodes with enhanced access to remote network-accessible services, such as by providing local capabilities specific to the remote services. In at least some situations, access to remote services by a client computing node may be enhanced by automatically locally performing some activities of the remote services, such as to improve the efficiency of communications that are sent between the client computing node and the remote service and/or to improve the efficiency by the remote service of processing communications from the client computing node. As one example, a node manager system local to a client computing node may perform authentication of communications sent by the client computing node to a remote service and/or may perform other activities specific to the remote service, so that the remote service does not need to perform the authentication and/or other performed activities for the communications.

44 Citations

View as Search Results

28 Claims

1. A computer-implemented method, comprising:
- receiving, by a computing system executing a node manager software system, a first communication sent from a first virtual machine node to a first remote Web service to request functionality from the first remote Web service, the first remote Web service being configured to perform authentication activities for received communications before providing corresponding functionality, and forwarding the first communication to the first remote Web service without altering the forwarded first communication;
  
  receiving, by the computing system executing the node manager software system, a second communication sent from a second virtual machine node to a first interface of a second remote Web service to request functionality from the second remote Web service, the second remote Web service having at least the first interface and a second interface, the first interface being a default interface for unauthenticated communications such that authentication activities are performed by the second remote Web service for communications received via the first interface, the second interface being available for authenticated communications such that authentication activities are not performed by the second remote Web service for communications received via the second interface; and
  
  altering, by the computing system executing the node manager software system, the received second communication to eliminate authentication activities that would otherwise be performed by the second remote Web service for the received second communication, the altering including;
  
  retrieving stored information about a client associated with the second virtual machine node;
  
  authenticating the received second communication based at least in part on the obtained information about the associated client;
  
  altering the received second communication to request corresponding functionality to be provided from the second remote Web service for the second virtual machine node without the second remote Web service performing authentication activities for the altered second communication, the altering including modifying the received second communication to use the second interface of the second remote Web service instead of the first interface of the second remote Web service; and
  
  sending the altered second communication to the second interface of the second remote Web service on behalf of the second virtual machine node.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the authenticating of the received second communication is based at least in part on using a software component supplied by the second remote Web service for use by the node manager software system.
  - 3. The method of claim 1 further comprising:
    - receiving additional communications sent from one or more virtual machine nodes to the second remote Web service;
      
      determining that the additional communications are each sent from a virtual machine node for which the node manager software system has previously authenticated a received communication; and
      
      without performing additional authentication activities, altering the intercepted additional communications to request corresponding functionality from the second remote Web service, and sending the altered additional communications to the second interface of the second remote Web service.
  - 4. The method of claim 1 further comprising:
    - intercepting, by the computing system executing the node manager software system, a third communication sent to a distinct third remote Web service that performs authentication activities for received communications before providing corresponding functionality; and
      
      altering how functionality is requested from the third remote Web service to eliminate authentication activities by the third remote Web service in a manner specific to the third remote Web service, the altering of how functionality is requested from the third remote Web service differing from the altering of how functionality is requested from the second remote Web service.

5. A computer-implemented method for enhancing access to remote network-accessible services, the method comprising:
- receiving, by a computing system, a communication that requests functionality from a remote network-accessible service, the communication being sent from a virtual machine node hosted by the computing system to a first interface of the remote service, the remote network-accessible service having at least the first interface and a distinct second interface, the first interface being a default interface for unauthenticated communications such that authentication activities are performed by the remote network-accessible service for communications received via the first interface, the second interface being available for authenticated communications such that authentication activities are not performed by the remote network-accessible service for communications received via the second interface;
  
  obtaining information about a client associated with the virtual machine node;
  
  authenticating the received communication based at least in part on the obtained information about the associated client; and
  
  sending one or more other communications to the second interface of the remote service that request functionality from the remote network-accessible service for the virtual machine node, the one or more other communications being based on, but distinct from, the received communication.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 6. The method of claim 5 wherein the computing system hosts multiple virtual machine nodes, and wherein the method is performed under control of a node manager software system on the computing system that manages operations of the multiple virtual machine nodes.
  - 7. The method of claim 5 wherein the authenticating of the received communication is based at least in part on using a software component specific to the remote service.
  - 8. The method of claim 5 wherein the authenticating of the received communication is based at least in part on using a software component supplied by the remote service.
  - 9. The method of claim 5 wherein the second interface of the remote service is available only to authorized requesters.
  - 10. The method of claim 5 wherein the sending of the one or more other communications to the remote service includes generating the one or more other communications by altering the received communication.
  - 11. The method of claim 5 wherein the one or more other communications differ from the received communication by one or more of the other communications having additional information that is specific to the computing system, the other communications lacking information from the received communication that is specific to the virtual machine node, the other communications having a destination that is distinct from a destination for the received communication, and the other communications having a form that is distinct from a form of the received communication.
  - 12. The method of claim 5 wherein the authenticating of the received communication from the virtual machine node is further based in part on information previously received from the remote service in response to a prior communication sent from the virtual machine node to the remote service.
  - 13. The method of claim 12 wherein the information previously received from the remote service in response to a prior communication sent from the virtual machine node to the remote service is an indication that the remote service authenticated the prior communication from the virtual machine node.
  - 14. The method of claim 5 further comprising:
    - at a time after the authenticating of the received communication, receiving one or more additional communications from the virtual machine nodes to the remote service; and
      
      without performing additional authentication, sending one or more additional communications to the remote service to request functionality from the remote service, the one or more sent additional communications being based on the received additional communications and such that the remote service will not perform authentication activities for the sent additional communications.
  - 15. The method of claim 5 further comprising, before sending the one or more other communications to the second interface of the remote service on behalf of the virtual machine node, performing a subset of multiple activities for the received communication that are typically performed by the remote service to cause the remote service to perform only activities other than the subset of activities after receiving the sent one or more other communications.
  - 16. The method of claim 5 further comprising maintaining state information about the virtual machine node to enable repeated authentication of communications from the virtual machine node to not be performed.
  - 17. The method of claim 5 wherein the authenticating of the received communication from the virtual machine node includes at least one of verifying an identity of the client associated with the virtual machine node, of verifying contents of the received communication, and of verifying that the virtual machine node is authorized to send the received communication to the remote service.
  - 18. The method of claim 5 wherein the requested functionality from the remote service includes obtaining data from the remote service, and wherein the method further comprises providing at least some of the data to the virtual machine node from a local data cache.
  - 19. The method of claim 5 wherein the receiving of the communication, the obtaining of the information, the authenticating of the received communication and the sending of the one or more other communications is performed for each of multiple communications from multiple virtual machine nodes that are intended for multiple distinct remote services.

20. A non-transitory computer-readable storage medium whose contents configure a computing system to provide enhanced access to remote services, by performing a method comprising:
- receiving a communication sent from a virtual machine node hosted by the configured computing system that is intended for a first interface of a remote service, the communication requesting functionality from the remote service, the remote service having at least the first interface and a distinct second interface, the first interface being a default interface for unauthenticated communications such that authentication activities are performed by the remote service for communications received via the first interface, the second interface being available for authenticated communications such that authentication activities are not performed by the remote service for communications received via the second interface;
  
  obtaining information about a client associated with the virtual machine node;
  
  authenticating the received communication based at least in part on the obtained information about the associated client; and
  
  sending one or more other communications to the second interface of the remote service that request functionality from the remote network-accessible service for the virtual machine node, the one or more other communications being based on, but distinct from, the received communication.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The non-transitory computer-readable storage medium of claim 20 wherein the client is a virtual machine node executing on the computing system, and wherein the method is performed by a node manager executing on the computing system to manage operations of virtual machine nodes of the computing system.
  - 22. The non-transitory computer-readable storage medium of claim 20 wherein the remote service performs multiple activities to provide the requested functionality, wherein the configured computing system performs a subset of the multiple activities of the remote service on behalf of the remote service, and wherein the authenticating of the received communication is included in the performing of the subset of the multiple activities.
  - 23. The non-transitory computer-readable storage medium of claim 20 wherein the computer-readable storage medium is a memory of the computing system.
  - 24. The non-transitory computer-readable storage medium of claim 20 wherein the contents are instructions that when executed cause the computing device to perform the method.

25. A computing system configured to provide enhanced access to services provided by remote computing systems, the computing system comprising:
- a memory for executing multiple virtual machine nodes; and
  
  a processor configured to execute a node manager system that, when executed by the processor, manages operations of the multiple virtual machine nodes, the managing of the operations including;
  
  obtaining communications that are each initiated by one of the virtual machine nodes and intended for one of the services in order to obtain functionality from the service, the service being provided by one of the remote computing systems, the service having at least the first interface and a distinct second interface, the first interface being a default interface for unauthenticated communications such that authentication activities are performed by the service for communications received via the first interface, the second interface being available for authenticated communications such that authentication activities are not performed by the service for communications received via the second interface; and
  
  for each of at least some of the obtained communications;
  
  obtaining information about a client associated with the virtual machine node initiating the received communication;
  
  authenticating the received communication based at least in part on the obtained information about the associated client; and
  
  sending one or more other communications to the second interface of the remote service that request functionality from the service for the virtual machine node initiating the received communication, the one or more other communications being based on, but distinct from, the received communication.
- View Dependent Claims (26, 27, 28)
- - 26. The computing system of claim 25 wherein the computing system further comprises a software component for the remote service for use by the node manager system in the authenticating of the received communication.
  - 27. The computing system of claim 25 wherein the service performs multiple activities to provide the requested functionality, wherein the computing system performs one or more activities on behalf of the service for which the communication is intended based at least in part on the retrieved information about the virtual machine node that initiated the communication, and wherein the performing of the one or more activities on behalf of the service includes the authenticating of the received communication.
  - 28. The computing system of claim 25 wherein the node manager system includes software instructions for execution in memory of a computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Cabrera, Luis Felipe, DeSantis, Peter N., Vermeullen, Allan H.
Primary Examiner(s)
HOANG, HIEU T

Application Number

US11/764,739
Time in Patent Office

1,975 Days
Field of Search

709227-229
US Class Current

709/229
CPC Class Codes

G06F 2209/542   Intercept

G06F 9/54   Interprogram communication

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 67/02   based on web technology, e....

Providing enhanced access to remote services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Providing enhanced access to remote services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others