Remotely configured network appliances and services

US 9,294,437 B1
Filed: 05/01/2012
Issued: 03/22/2016
Est. Priority Date: 05/01/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for enabling access to one or more networks, comprising:

establishing, by one or more computer systems configured with executable instructions, a network connection with at least one customer entity;

receiving, over the network connection, a provisioning request from the at least one customer entity to provision a network gateway;

provisioning, by the one or more computer systems, a virtual computer system instance as the network gateway to connect the at least one customer entity to a public network via the provisioned virtual computer system instance;

receiving, over the network connection, a service election request from the at least one customer entity to apply one or more network-related services to the network gateway the one or more network-related services performing at least one of monitoring, securing, filtering, or protecting data;

receiving, from the at least one customer entity, a request for a service of the one or more network-related services, the request including an identification of the service and a service provider of the service;

instantiating, on hardware under control of the one or more computer systems, an implementation of a virtual instance of the one or more network-related services within the virtual computer system instance in accordance with the service election request and executable code provided by the service provider, the virtual instance of the one or more network-related services extending at least one capability of the network gateway to a subset of network gateway traffic associated with the at least one customer entity; and

configuring the one or more computer systems in accordance with the service election request, such that the one or more computer systems is operable to adjust the at least one capability relating to an operation of the network gateway in response to a change to a demand of the network gateway, the at least one customer entity, or the one or more computer systems, the subset of network gateway traffic being determined based at least in part on the received service election request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

Citations

22 Claims

1. A computer-implemented method for enabling access to one or more networks, comprising:
- establishing, by one or more computer systems configured with executable instructions, a network connection with at least one customer entity;
  
  receiving, over the network connection, a provisioning request from the at least one customer entity to provision a network gateway;
  
  provisioning, by the one or more computer systems, a virtual computer system instance as the network gateway to connect the at least one customer entity to a public network via the provisioned virtual computer system instance;
  
  receiving, over the network connection, a service election request from the at least one customer entity to apply one or more network-related services to the network gateway the one or more network-related services performing at least one of monitoring, securing, filtering, or protecting data;
  
  receiving, from the at least one customer entity, a request for a service of the one or more network-related services, the request including an identification of the service and a service provider of the service;
  
  instantiating, on hardware under control of the one or more computer systems, an implementation of a virtual instance of the one or more network-related services within the virtual computer system instance in accordance with the service election request and executable code provided by the service provider, the virtual instance of the one or more network-related services extending at least one capability of the network gateway to a subset of network gateway traffic associated with the at least one customer entity; and
  
  configuring the one or more computer systems in accordance with the service election request, such that the one or more computer systems is operable to adjust the at least one capability relating to an operation of the network gateway in response to a change to a demand of the network gateway, the at least one customer entity, or the one or more computer systems, the subset of network gateway traffic being determined based at least in part on the received service election request.
- View Dependent Claims (2, 3, 4, 5, 21)
- - 2. The computer-implemented method of claim 1, wherein the network connection is a direct physical connection between the customer entity and the virtual computer system instance.
  - 3. The computer-implemented method of claim 1, further comprising:
    - receiving, over the network connection, a publication request from the at least one customer entity to advertise at least one public identifier to identify at least one resource under control of the at least one customer entity; and
      
      configuring the one or more computer systems in accordance with the publication request, such that the at least one resource is identifiable by at least one external user connected to the public network as associated with the at least one public identifier.
  - 4. The computer-implemented method of claim 3, wherein configuring the one or more computer systems in accordance with the publication request includes configuring the one or more computer systems to identify, using the at least one public identifier, at least one host in accordance with a region of at least one of the at least one external user or the one or more computer systems.
  - 5. The computer-implemented method of claim 1, wherein the one or more computer systems is further configured to provide a user interface (UI) for remote management of provisioning or reconfiguration of the network gateway to the at least one customer entity.
  - 21. The computer-implemented method of claim 1, wherein the virtual computer system instance is provisioned to connect the at least one customer entity to the public network via an endpoint in a private network of the at least one customer entity, and the identified service extending at least one capability of the network gateway to a subset of network gateway traffic of the private network.

6. A computer-implemented method for enabling access to one or more networks, comprising:
- receiving, by one or more computer systems configured with executable instructions, a provisioning request to provision a virtual computer system instance as a network gateway for at least one customer entity, the network gateway being configured to connect to a private network, and the customer entity being separate from the computing resource provider; and
  
  provisioning, by the one or more computer systems, the network gateway to connect the at least one customer entity to a public network via the provisioned virtual computer system instance;
  
  operating, on behalf of the at least one customer entity, the network gateway to serve as a public network access point for the at least one customer entity;
  
  receiving, by at least one of the one or more computer systems, a service election request from the at least one customer entity to apply one or more network-related services to the private network, the one or more network-related services performing at least one of monitoring, securing, filtering, or protecting data; and
  
  instantiating, on hardware under control of the one or more computer systems, an implementation of the one or more network-related services within the virtual computer system instance in accordance with the service election request such that at least one of the one or more network-related services extend at least one capability to network traffic of the private network, the network traffic of the private network being associated with the at least one customer entity, the one or more computer systems being operable to adjust at least one capability relating to an operation of the network gateway in response to a change in demand of at least one of the network gateway, the at least one customer entity, or the one or more computer systems.
- View Dependent Claims (7, 8, 9, 22)
- - 7. The computer-implemented method of claim 6, further comprising:
    - receiving a publication request from the at least one customer entity to advertise at least one public identifier to identify at least one resource under control of the at least one customer entity; and
      
      configuring the one or more computer systems in accordance with the publication request, such that the at least one resource is identifiable by at least one external user connected to the public network as associated with the at least one public identifier.
  - 8. The computer-implemented method of claim 6, wherein the provisioning of the network gateway is achieved by at least one of the customer entity or the computing resource provider invoking an application programming interface (API) provided by the computing resource provider.
  - 9. The computer-implemented method of claim 6, further comprising:
    - receiving code for implementing at least one of the one or more network-related services from a third party; and
      
      executing, upon selection by the at least one customer entity of the at least one of the one or more network-related services, the received code.
  - 22. The computer-implemented method of claim 6, wherein the received provisioning request includes a selection of a particular service provider for implementing the one or more network-related services.

10. A computer system for enabling access to one or more networks, comprising:
- one or more processors; and
  
  memory, including instructions executable by the one or more processors to cause the computer system to at least;
  
  instantiate virtual computer system instances to act as network gateways to a public communications network on behalf of customer entities that connect to the computer system through corresponding private customer entity networks;
  
  manage network traffic from the public communications network received through the virtual computer system instances in accordance with requirements specified by the corresponding customer entities, the corresponding customer entities capable of specifying at least one network-related service and a provider of the at least one network-related service, the at least one network-related services performing at least one of monitoring, securing, filtering, or protecting data;
  
  instantiate an implementation of the at least one network-related service within the virtual computer system instances in accordance with instructions provided by the provider of the at least one network-related service, the at least one network-related service extending at least one capability of the virtual computer system instances to a subset of network traffic of the private customer entity networks; and
  
  modify at least one capability relating to an operation of the virtual computer system instances in response to a change in demand of the virtual computer system instances.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer system of claim 10, wherein the computer system provisions the virtual computer system instances in response to requests submitted by the customer entities.
  - 12. The computer system of claim 10, wherein the computer system instantiates the virtual computer system instances and extends the at least one capability of the virtual computer system instances with the at least one network-related service in response to requests submitted by the customer entities.
  - 13. The computer system of claim 10, wherein the instructions further include, in response to requests submitted by the customer entities, routing, using the virtual computer system instances and in accordance with the requests, network traffic from the public communications network received through the virtual computer system instances to resources under the control of the customer entities.
  - 14. The computer system of claim 11, wherein the request is received by the computer system through a user interface (UI) provided to the customer entities by the computer system.

15. One or more non-transitory computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a computing resource provider'"'"'s computer system, cause the computer system to at least:
- receive a provisioning request to provision a network gateway for at least one customer entity that is separate from the computing resource provider;
  
  instantiate a virtual computer system instance to act as the network gateway and connect the at least one customer entity to a public network, the at least one customer entity connecting to the computer system through a customer entity network;
  
  manage network traffic from the public network received through the virtual computer system instance in accordance with requirements specified by the customer entity;
  
  receive, by at least one of the computer system, a service election request from the at least one customer entity to apply the one or more network-related services to the virtual computer system instance, the received service election request identifying the at least one network-related service and a provider of the at least one network-related service, one or more network-related services performing at least one of monitoring, securing, filtering, or protecting data;
  
  instantiate an implementation of the at least one network-related service in accordance with instructions provided by the provider of the at least one network-related service, the at least one network-related service extending at least one capability of the virtual computer system instance to a subset of network traffic of the public network, the subset of network traffic associated with the at least one customer entity; and
  
  modify at least one capability relating to an operation of the virtual computer system instance in response to a change in demand of at least one of the virtual computer system instance, the at least one customer entity, the computing resource provider, or the computer system.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage media of claim 15, wherein receiving the provisioning request further includes receiving a publication request to advertise at least one public identifier to identify at least one resource under control of the at least one customer entity.
  - 17. The computer-readable storage media of claim 16, wherein instantiating the virtual computer system instance further includes configuring the computer system in accordance with the publication request, such that at least one host is identifiable by at least one external user connected to the public network as being associated with the at least one public identifier.
  - 18. The computer-readable storage media of claim 15, wherein the provisioning request originates from at least one of the computing resource provider and the computer system provisioning the network gateway.
  - 19. The computer-readable storage media of claim 15, wherein at least the provisioning request is initiated via a direct network connection with the at least one customer entity.
  - 20. The computer-readable storage media of claim 15, further including executable instructions that, when executed by the one or more processors of the computing resource provider'"'"'s computer system, cause the computer system to at least further:
    - determine at least one computing resource appropriate for responding to the change in demand; and
      
      configure the computer system to use the at least one computing resource in instantiating the virtual computer system instance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Ganguly, Arijit, Dickinson, Andrew B., Lefelhocz, Christopher J., Agarwal, Manish, Searle, Ian R., Brandwine, Eric Jason
Primary Examiner(s)
Zong, Ruolei
Assistant Examiner(s)
Mundur, Padma

Application Number

US13/461,478
Time in Patent Office

1,421 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/00   Network architectures or ne...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

Remotely configured network appliances and services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Remotely configured network appliances and services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links