Network gateway services and extensions

US 9,288,182 B1
Filed: 05/01/2012
Issued: 03/15/2016
Est. Priority Date: 05/01/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for implementing network-related services, comprising:

establishing, by a computer system of a computing resource provider, a direct physical connection with at least one customer entity by which the computing resource provider is configured to provide the customer entity with access to at least one network, the direct physical connection comprising a communication link between the at least one customer entity and the computing resource provider;

receiving, by the computer system of the computing resource provider, over a second network connection, instructions from at least one third-party entity for implementing at least one network-related service to operate on network traffic received through at least one network gateway on behalf of a customer entity, the network gateway controlling access to the at least one network, the at least one third-party entity being a separate entity from the computing resource provider, the customer entity distinct from the third-party entity, the at least one network-related service including at least one of a distributed denial of service (DDoS) mitigation service, an unsolicited message control service, a data firewalling service, or a data encryption service;

providing an interface that enables the customer entity to select the at least one network-related service corresponding to the received instructions;

provisioning, by the computer system of the computing resource provider, the at least one network-related service in a separate virtual computer system instance that is accessible by the at least one customer entity via the direct physical connection; and

configuring the at least one network gateway to route the network traffic between the customer entity and a public communications network through the separate virtual computer system instance, the network traffic of the direct physical connection being subjected to the at least one network-related service, and the computing resource provider controlling network traffic over the direct physical connection such that the computer system is operable to adjust at least one capability relating to an operation of the at least one network gateway in response to a change to a demand of the at least one of the network gateway.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

Citations

16 Claims

1. A computer-implemented method for implementing network-related services, comprising:
- establishing, by a computer system of a computing resource provider, a direct physical connection with at least one customer entity by which the computing resource provider is configured to provide the customer entity with access to at least one network, the direct physical connection comprising a communication link between the at least one customer entity and the computing resource provider;
  
  receiving, by the computer system of the computing resource provider, over a second network connection, instructions from at least one third-party entity for implementing at least one network-related service to operate on network traffic received through at least one network gateway on behalf of a customer entity, the network gateway controlling access to the at least one network, the at least one third-party entity being a separate entity from the computing resource provider, the customer entity distinct from the third-party entity, the at least one network-related service including at least one of a distributed denial of service (DDoS) mitigation service, an unsolicited message control service, a data firewalling service, or a data encryption service;
  
  providing an interface that enables the customer entity to select the at least one network-related service corresponding to the received instructions;
  
  provisioning, by the computer system of the computing resource provider, the at least one network-related service in a separate virtual computer system instance that is accessible by the at least one customer entity via the direct physical connection; and
  
  configuring the at least one network gateway to route the network traffic between the customer entity and a public communications network through the separate virtual computer system instance, the network traffic of the direct physical connection being subjected to the at least one network-related service, and the computing resource provider controlling network traffic over the direct physical connection such that the computer system is operable to adjust at least one capability relating to an operation of the at least one network gateway in response to a change to a demand of the at least one of the network gateway.
- View Dependent Claims (2, 3, 4, 15, 16)
- - 2. The computer-implemented method of claim 1, wherein the at least one network-related service includes at least one of a distributed denial of service (DDoS) mitigation service, an unsolicited message or spam control service, a data firewalling service, or a data encryption service.
  - 3. The computer-implemented method of claim 2, wherein the received instructions include code that is executable by the computer system.
  - 4. The computer-implemented method of claim 1, wherein the received instructions are executable by the computer system to cause the one or more computer systems to be configured to implement the at least one corresponding network-related service.
  - 15. The computer-implemented method of claim 1, wherein the direct physical connection is implemented using at least one of fiber-optic cabling, copper cabling, or wireless transmissions.
  - 16. The computer-implemented method of claim 1, wherein the received instructions include all code for enabling full implementation of the at least one network-related service by the computing resource provider.

5. A computer-implemented method for implementing network-related services, comprising:
- establishing, by a computer system of a computing resource provider, a direct physical connection between computing resources of at least one customer entity and a computer system, the direct physical connection comprising a communication link between the computer system and the computing resources by which the computing resources are configured to provide the computer system with access to at least one network;
  
  receiving, by a computer system of a computing resource provider, instructions for implementing at least one network-related service provided by an entity external to the computing resource provider to operate on network traffic of the direct physical connection, the network traffic passing through one or more computing resources of the computing resource provider, the at least one network-related service including at least one of a distributed denial of service (DDoS) mitigation service, an unsolicited message control service, a data firewalling service, or a data encryption service;
  
  in response to a request of the at least one customer entity, configuring, using the computing resource provider, the one or more computer systems to implement the at least one network-related service to operate on the network traffic of the direct physical connection in accordance with the instructions, the at least one network-related service being implemented in an individual virtual computer system instance accessible via the direct physical connection; and
  
  modify at least one capability of the at least one network-related service in response to a change in demand of the at least one network-related service.
- View Dependent Claims (6, 7)
- - 6. The computer-implemented method of claim 5, further comprising enabling a customer entity to elect from the at least one implemented network-related services through an interface that allows the customer entity to select one or more from a plurality of network-related services each available to be configured to operate on at least a portion of the network traffic.
  - 7. The computer-implemented method of claim 5, wherein the computing resource provider provides a network gateway that is implemented using the computer system, the network gateway further connecting the at least one customer entity to the public communications network.

8. A computer system for implementing network-related services, comprising:
- one or more processors; and
  
  memory, including instructions executable by the one or more processors to cause the computer system to at least;
  
  establish, by a web service provider, a direct physical connection between computing resources of corresponding customer entities and the web service provider comprising a communication link between the customer entities and the computing resources by which the computing resources are configured to provide the customer entities with access to at least one network;
  
  receive, by the web service provider, service implementation data to implement corresponding network-related services to operate on network traffic of the direct physical connection, the network-related services provided by a third-party and the network traffic passing through one or more computing resources of the web service provider, the network-related service including at least one of a distributed denial of service (DDoS) mitigation service, an unsolicited message control service, a data firewalling service, or a data encryption service;
  
  in response to requests from the customer entities, implement, in a separate virtual computer system instance on the web service provider accessible via the direct physical connection, the corresponding network-related services to operate on the network traffic of the direct physical connection in accordance with the received service implementation data; and
  
  modify at least one capability of the network-related services in response to a change in demand of at least one of the customer entities, the network-related service, or the web service provider.
- View Dependent Claims (9, 10)
- - 9. The computer system of claim 8, wherein the service implementation data contains instructions executable by the one or more processors to cause the computer system to be configured to implement the corresponding network-related services.
  - 10. The computer system of claim 8, wherein the service implementation data is received from a computing resource of the computer system on behalf of a service provider that provides the corresponding network-related service.

11. One or more non-transitory computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- establish a direct physical connection between at least one customer entity and the computer system by which the computer system is configured to provide the customer entity with access to at least one network, the direct physical connection comprising a communication link between the at least one customer entity and the computer system;
  
  establish a second network connection between the computer system and a public communications network;
  
  provide an interface that allows the at least one customer entity to specify a configuration of computing resources of a computing resource provider such that network traffic of the direct physical connection is subjected to the computing resources, the provided interface allowing selection of one or more network-related services to operate on at least a portion of the network traffic in accordance with instructions received from at least one external third-party for implementing at least one network-related service, the one or more network-related service including at least one of a distributed denial of service (DDoS) mitigation service, an unsolicited message control service, a data firewalling service, or a data encryption service;
  
  configure, in a separate virtual computer system of the computing resource provider accessible by the customer entity via the direct physical connection, a set of computing resources according to the specified configuration such that, when the customer entity selects one or more of the network-related services, the computing resources operate on the network traffic of the direct physical connection according to corresponding instructions received from a corresponding external third-party; and
  
  modify at least one capability related to at least one operation of at least one of the one or more network-related services in response to a change in demand of at least one of the customer entity, the one or more network-related services, or the computer system.
- View Dependent Claims (12, 13, 14)
- - 12. The computer-readable storage media of claim 11, wherein modifying the at least one capability further includes notifying an appropriate technician via a computer-implemented technician request system.
  - 13. The computer-readable storage media of claim 11, wherein the at least one customer entity is separate from the computer system.
  - 14. The computer-readable storage media of claim 11, wherein the modifying of the at least one capability further includes:
    - determining at least one computing resource appropriate for responding to the change in demand; and
      
      configuring the computer system to use the at least one computing resource in implementing the at least one network-related service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Ganguly, Arijit, Dickinson, Andrew B., Lefelhocz, Christopher J., Agarwal, Manish, Searle, Ian R., Brandwine, Eric Jason
Primary Examiner(s)
Chan, Wing F
Assistant Examiner(s)
Mundur, Padma

Application Number

US13/461,566
Time in Patent Office

1,414 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 41/022   Multivendor or multi-standa...

H04L 63/00   Network architectures or ne...

H04L 63/0272   Virtual private networks

H04L 63/1441   Countermeasures against mal...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

Network gateway services and extensions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Network gateway services and extensions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links