Providing access to configurable private computer networks

US 8,578,003 B2
Filed: 06/07/2012
Issued: 11/05/2013
Est. Priority Date: 12/10/2008
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium having stored contents that configure a computing system to:

create a private virtual network at a configurable network service for a customer of the configurable network service, the private virtual network including multiple computing nodes associated with a plurality of private network addresses of a remote private computer network;

receive configuration information for the private virtual network via a provided programmatic interface, the received configuration information specifying a service that is external to the remote private computer network and external to the private virtual network;

configure a local access mechanism within the private virtual network that represents the service by at least assigning a private network address of the remote private computer network to represent the service within the private virtual network; and

forward to the service a communication sent to the assigned private network address.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms.

127 Citations

View as Search Results

25 Claims

1. A non-transitory computer-readable medium having stored contents that configure a computing system to:
- create a private virtual network at a configurable network service for a customer of the configurable network service, the private virtual network including multiple computing nodes associated with a plurality of private network addresses of a remote private computer network;
  
  receive configuration information for the private virtual network via a provided programmatic interface, the received configuration information specifying a service that is external to the remote private computer network and external to the private virtual network;
  
  configure a local access mechanism within the private virtual network that represents the service by at least assigning a private network address of the remote private computer network to represent the service within the private virtual network; and
  
  forward to the service a communication sent to the assigned private network address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory computer-readable medium of claim 1 wherein the non-transitory computer-readable medium includes stored contents that further configure the computing system to:
    - configure a virtual private network connection between the configurable network service and one or more computing systems of the remote private computer network; and
      
      forward, via the virtual private network connection, one or more additional communications between the computing nodes of the private virtual network and the one or more computing systems of the remote private computer network.
  - 3. The non-transitory computer-readable medium of claim 1 wherein the received configuration information further includes network access constraint information to prevent access from the private virtual network to external computing systems that are not associated with private network addresses of the remote private computer network.
  - 4. The non-transitory computer-readable medium of claim 1 wherein the received configuration information further specifies one or more private network addresses of the remote private computer network, wherein the assigned private network address is one of the specified private network addresses, and wherein the non-transitory computer-readable medium includes stored contents that further configure the computing system to use the one or more specified private network addresses with the private virtual network.
  - 5. The non-transitory computer-readable medium of claim 1 wherein the non-transitory computer-readable medium includes stored contents that further configure the computing system to:
    - receive, via the provided programmatic interface, additional configuration information specifying one or more additional services that are external to the remote private computer network and external to the private virtual network; and
      
      for each of the additional services, create a distinct local access mechanism within the private virtual network that represents the additional service, each of the created local access mechanisms having a distinct assigned private network address of the remote private computer network that is not associated with any of the multiple computing nodes.
  - 6. The non-transitory computer-readable medium of claim 1 wherein the service is a data storage service, a program execution service or an asynchronous message passing service.
  - 7. The non-transitory computer-readable medium of claim 1 wherein the private virtual network is configured to be an extension to the remote private computer network.
  - 8. The non-transitory computer-readable medium of claim 1 wherein the provided programmatic interface includes an API (“
    - application programming interface”
      
      ), and wherein the receiving of the configuration information is based on an invocation of the API by a remote computing system.

9. A computer-implemented method comprising:
- receiving, by a configurable network service executing on one or more computer systems, first configuration information for use in configuring a virtual network, the first configuration information being received via a programmatic interface provided by the configurable network service and specifying multiple private network addresses of a remote private computer network associated with the virtual network;
  
  providing, by the configurable network service, the virtual network and configuring the provided virtual network based on the first configuration information, the provided virtual network including multiple computing nodes each associated with one of the specified private network addresses;
  
  receiving via the provided programmatic interface, by the configurable network service, second configuration information specifying an indicated service that is external to the remote private computer network and external to the provided virtual network;
  
  creating, by the configurable network service, a local access mechanism within the provided virtual network that represents the service and that enables communications to be forwarded to the service from the multiple computing nodes of the provided virtual network, the creating including assigning one of the specified private network addresses to represent the service within the provided virtual network; and
  
  forwarding to the service, by the configurable network service, a communication sent via the provided virtual network to the assigned one private network address for the service.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The computer-implemented method of claim 9 further comprising:
    - configuring, by the configurable network service, a virtual private network connection between one or more of the multiple computing nodes of the provided virtual network and one or more other computing systems of the remote private computer network; and
      
      forwarding via the virtual private network connection, by the configurable network service, one or more additional communications between the one or more computing nodes of the provided virtual network and the other computing systems of the remote private computer network.
  - 11. The computer-implemented method of claim 10 wherein the communication sent to the assigned one private network address for the service is from one of the multiple computing nodes of the provided virtual network, and wherein the forwarding of the communication to the service occurs via one or more internal networks of the configurable network service.
  - 12. The computer-implemented method of claim 10 wherein the communication sent to the assigned one private network address for the service is from one of the other computing systems of the remote private computer network, and wherein the method further comprises receiving the communication via the configured virtual private network connection before the forwarding of the communication to the service.
  - 13. The computer-implemented method of claim 9 wherein the provided virtual network is provided by the configurable network service as a network extension to the remote private computer network, and wherein the first configuration information further includes network access constraint information to prevent access from the provided virtual network to external computing systems that are not associated with private network addresses of the remote private computer network.
  - 14. The computer-implemented method of claim 9 further comprising receiving an indication of one or more private network addresses of the remote private computer network, and configuring the provided virtual network to use the one or more specified private network addresses, wherein the assigned one private network address is one of the indicated private network addresses.
  - 15. The computer-implemented method of claim 9 further comprising:
    - receiving, by the configurable network service and via the provided programmatic interface, third configuration information specifying a second service that is a remote resource service external to the remote private computer network and external to the provided virtual network; and
      
      creating, by the configurable network service, a second local access mechanism within the provided virtual network that represents the second service and that enables communications to be forwarded to the second service via the second local access mechanism.
  - 16. The computer-implemented method of claim 9 wherein the service is a program execution service or a data storage service.
  - 17. The computer-implemented method of claim 9 wherein the service provides computing-related resources to clients, and wherein the method further comprises, after the forwarding of the communication to the service, receiving access from the service to one or more provided computing-related resources.
  - 18. The computer-implemented method of claim 9 wherein the provided programmatic interface includes an API (“
    - application programming interface”
      
      ), and wherein the receiving of the second configuration information is based on an invocation of the API by a client associated with the remote private computer network.

19. A configured computing system comprising:
- one or more processors; and
  
  a configurable network service manager module that is configured to, when executed by at least one of the one or more processors;
  
  configure a local virtual network that includes multiple computing nodes associated with a plurality of private network addresses of a remote computer network;
  
  provide, to a client associated with the remote computer network, access to the local virtual network;
  
  receive configuration information from the client for the local virtual network via a provided programmatic interface, the received configuration information including an indication of a remote resource service that is external to the remote computer network and external to the local virtual network;
  
  in response to receiving the configuration information, configure a local access mechanism within the local virtual network that represents the indicated remote resource service, the configuring of the local access mechanism including associating an additional private network address of the remote computer network with the indicated remote resource service; and
  
  forward, to the indicated remote resource service, a communication sent via the local virtual network to the assigned additional private network address.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The computing system of claim 19 wherein the configurable network service manager module is further configured to:
    - configure a virtual private network connection between the multiple computing nodes of the local virtual network and one or more computing systems of the remote computer network; and
      
      forward, via the configured virtual private network connection, one or more additional communications between the computing nodes of the local virtual network and the one or more computing systems of the remote computer network.
  - 21. The computing system of claim 19 wherein the remote computer network is a private network of the client, wherein the local virtual network is a private network extension to the remote computer network, and wherein the received configuration information further includes network access constraint information to prevent access from the local virtual network to external computing systems that are not associated with private network addresses of the remote computer network.
  - 22. The computing system of claim 21 wherein the assigned additional private network address is not assigned to any of the multiple computing nodes of the local virtual network or to any other computing systems of the remote computer network.
  - 23. The computing system of claim 19 wherein the local virtual network is configured at a first time, wherein the access to the local virtual network is provided to the client at a second time subsequent to the first time, and wherein the configuration information is received at a third time subsequent to the second time while the local private virtual network is in use.
  - 24. The computing system of claim 19 wherein the remote resource service is associated with computing-related resources for at least one of a group that includes a data storage service, a program execution service and an asynchronous message passing service.
  - 25. The computing system of claim 19 wherein the provided programmatic interface includes an API (“
    - application programming interface”
      
      ), and wherein the receiving of the configuration information occurs via an invocation of the API.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brandwine, Eric Jason, Brandwine, Clarissa Loree Cook, Cohn, Daniel T., Doane, Andrew J., Moses, Carl J., Schmidt, Stephen E.
Primary Examiner(s)
RECEK, JASON D

Application Number

US13/491,328
Publication Number

US 20120311108A1
Time in Patent Office

516 Days
Field of Search

709220-222
US Class Current

709/220
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0803   Configuration setting

H04L 45/586   of virtual routers

H04L 63/0272   Virtual private networks

Providing access to configurable private computer networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Providing access to configurable private computer networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others