Providing private access to network-accessible services
First Claim
1. A computer-implemented method comprising:
- receiving, by one or more programmed computing systems of a configurable network service that provides private computer networks to remote clients, information from a first client regarding a first virtual computer network having multiple computing nodes, the received information indicating a plurality of virtual network addresses for the first virtual computer network and including information about use by the first virtual computer network of a network-accessible Lightweight Directory Access Protocol (“
LDAP”
) service made available by the configurable network service, wherein the LDAP service is external to the first virtual computer network and includes a pool of multiple LDAP computer servers for use by the first virtual computer network;
assigning, by the one or more programmed computing systems, one of the plurality of virtual network addresses to represent the LDAP service within the first virtual computer network, and associating other of the plurality of virtual network addresses with the multiple computing nodes;
encoding, by the one or more programmed computing systems, and for a first communication sent by one of the multiple computing nodes to a virtual network address associated with another of the multiple computing nodes, the first communication in a manner specific to a substrate network on which the first virtual computer network is overlaid, and forwarding the encoded first communication over the substrate network to a location of the another computing node within the substrate network; and
for a second communication sent by one of the multiple computing nodes to the one virtual network address assigned to represent the LDAP service,selecting, by the one or more programmed computing systems, one of the multiple LDAP computer servers of the pool to use for the second communication based at least in part on whether the second communication is of a type that corresponds to a data write request or a data read request; and
initiating, by the one or more programmed computing systems, providing functionality of the LDAP service to the first virtual computer network by encoding the second communication in a manner specific to the substrate network, and forwarding the encoded second communication over the substrate network to the selected one LDAP computer server.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for managing communications for a managed virtual computer network overlaid on a distinct substrate computer network. The techniques may be used in situations in which a configurable network service provides managed virtual computer networks for clients and also provides one or more network-accessible services that are available to the managed virtual computer networks, with particular managed virtual computer networks being configured to provide local private access to at least one of the provided network-accessible services, despite those provided network-accessible services being located externally to the particular managed virtual computer networks. In some situations, a Lightweight Directory Access Protocol (“LDAP”) network-accessible service is provided, and a logical endpoint for the LDAP service is created within a managed virtual computer network to enable the multiple computing nodes of the managed virtual computer network to communicate with one or more LDAP computer servers from the LDAP service.
-
Citations
23 Claims
-
1. A computer-implemented method comprising:
-
receiving, by one or more programmed computing systems of a configurable network service that provides private computer networks to remote clients, information from a first client regarding a first virtual computer network having multiple computing nodes, the received information indicating a plurality of virtual network addresses for the first virtual computer network and including information about use by the first virtual computer network of a network-accessible Lightweight Directory Access Protocol (“
LDAP”
) service made available by the configurable network service, wherein the LDAP service is external to the first virtual computer network and includes a pool of multiple LDAP computer servers for use by the first virtual computer network;assigning, by the one or more programmed computing systems, one of the plurality of virtual network addresses to represent the LDAP service within the first virtual computer network, and associating other of the plurality of virtual network addresses with the multiple computing nodes; encoding, by the one or more programmed computing systems, and for a first communication sent by one of the multiple computing nodes to a virtual network address associated with another of the multiple computing nodes, the first communication in a manner specific to a substrate network on which the first virtual computer network is overlaid, and forwarding the encoded first communication over the substrate network to a location of the another computing node within the substrate network; and for a second communication sent by one of the multiple computing nodes to the one virtual network address assigned to represent the LDAP service, selecting, by the one or more programmed computing systems, one of the multiple LDAP computer servers of the pool to use for the second communication based at least in part on whether the second communication is of a type that corresponds to a data write request or a data read request; and initiating, by the one or more programmed computing systems, providing functionality of the LDAP service to the first virtual computer network by encoding the second communication in a manner specific to the substrate network, and forwarding the encoded second communication over the substrate network to the selected one LDAP computer server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium having stored contents that configure a computing system of a configurable network service to perform a method, the method comprising:
-
obtaining, by the configured computing system, information regarding a first virtual computer network that has multiple computing nodes and that has a plurality of associated virtual network addresses, the obtained information indicating a virtual network address of the plurality that is associated with a network-accessible Lightweight Directory Access Protocol (“
LDAP”
) service provided by the configurable network service for use by the multiple computing nodes, wherein the LDAP service is external to the first virtual computer network and includes a pool of multiple LDAP computer servers for use by the first virtual computer network;encoding, by the configured computing system and for a first communication sent to a destination that is one of the multiple computing nodes, the first communication in a manner specific to a substrate network on which the first virtual computer network is overlaid, and forwarding the encoded first communication over the substrate network to the destination; and for a second communication sent to the indicated virtual network address associated with the LDAP service, selecting, by the configured computing system, one of the multiple LDAP computer servers of the pool to use for the second communication based at least in part on whether the second communication is of a type that corresponds to a data write request or a data read request; and initiating, by the configured computing system, providing functionality of the LDAP service to the first virtual computer network by encoding the second communication in a manner specific to the substrate network, and forwarding the encoded second communication over the substrate network toward the selected one LDAP computer server. - View Dependent Claims (16, 17, 18)
-
-
19. A system, comprising:
-
one or more processors of one or more computing systems; and one or more modules that are configured to, when executed by at least one of the one or more processors, provide networking functionality for a first virtual computer network that is overlaid on a distinct second network and that has a plurality of virtual network addresses for use with multiple computing nodes of the first virtual computer network, the providing of the networking functionality including; receiving a first network communication directed to a destination that is one of the multiple computing nodes and is specified using one of the plurality of virtual network addresses; encoding the first network communication in a manner specific to the second network, and sending the encoded network communication to the second network for forwarding to the destination; receiving a second network communication directed to an indicated virtual network address of the plurality of virtual network addresses, wherein the indicated virtual network address is associated with multiple Lightweight Directory Access Protocol (“
LDAP”
) computer servers that are external to the first virtual computer network and are available to the first virtual computer network;selecting one of the multiple LDAP computer servers to use for the second network communication based at least in part on whether the second network communication is of a type that corresponds to a data write request or to a data read request; and initiating sending the second network communication to the selected one LDAP computer server to enable LDAP functionality to be provided to the first virtual computer network. - View Dependent Claims (20, 21, 22, 23)
-
Specification