Flexibly configurable remote network identities

US 9,438,556 B1
Filed: 05/01/2012
Issued: 09/06/2016
Est. Priority Date: 05/01/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

establishing, by one or more computer systems, a network connection with at least one customer device associated with a customer that is located in a separate facility from the one or more computer systems, the at least one customer device having connectivity with at least one host via the network connection;

assigning one or more virtual machines to a virtual network for the at least one customer device, the virtual network overlaid on a substrate network operated by a service provider;

providing, to a first customer device and over the network connection, at least one Internet Protocol (IP) address representing the first customer device to serve as an identifier for use over a public network by the first customer device;

receiving, through an application programming interface (API), a remapping request from a second customer device, the remapping request identifying at least one of the one or more virtual machines;

assigning, to the first customer device, the specified virtual machine of the one or more virtual machines identified in the received remapping request;

reassigning the identifier of the first customer device to the specified virtual machine within the virtual network, the reassigning used to cause network traffic addressed to the IP address representing the first customer device to be sent to the specified virtual machine;

processing, at the specified virtual machine, the network traffic using one or more network-related services comprising at least one network-related service configured to manage network traffic for the at least one host represented by the identifier; and

forwarding at least a portion of the processed network traffic from the specified virtual machine to the first customer device via the network connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network gateway is implemented on behalf of a customer entity. The network gateway may be implemented using a distributed computer system and the network gateway may connect a network of the customer entity to a public communications network. The network gateway may include network-related services without the need for adding specialized hardware. The network gateway may be provisioned programmatically in response to instructions received from the customer entity. The network gateway may be provisionable and accessible over several different types of data connections. The network gateway, by virtue of being implemented on a distributed computer system, is scalable upon demand without additional input by the customer entity.

Citations

25 Claims

1. A computer-implemented method, comprising:
- establishing, by one or more computer systems, a network connection with at least one customer device associated with a customer that is located in a separate facility from the one or more computer systems, the at least one customer device having connectivity with at least one host via the network connection;
  
  assigning one or more virtual machines to a virtual network for the at least one customer device, the virtual network overlaid on a substrate network operated by a service provider;
  
  providing, to a first customer device and over the network connection, at least one Internet Protocol (IP) address representing the first customer device to serve as an identifier for use over a public network by the first customer device;
  
  receiving, through an application programming interface (API), a remapping request from a second customer device, the remapping request identifying at least one of the one or more virtual machines;
  
  assigning, to the first customer device, the specified virtual machine of the one or more virtual machines identified in the received remapping request;
  
  reassigning the identifier of the first customer device to the specified virtual machine within the virtual network, the reassigning used to cause network traffic addressed to the IP address representing the first customer device to be sent to the specified virtual machine;
  
  processing, at the specified virtual machine, the network traffic using one or more network-related services comprising at least one network-related service configured to manage network traffic for the at least one host represented by the identifier; and
  
  forwarding at least a portion of the processed network traffic from the specified virtual machine to the first customer device via the network connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the network connection is one of a direct physical connection, a virtual private network (VPN) connection, or a connection that uses a public network.
  - 3. The computer-implemented method of claim 1, wherein the provided network-related services include at least one of firewall services, distributed denial of service mitigation services, load balancing, or e-mail filtering.
  - 4. The computer-implemented method of claim 1, further comprising providing a user interface (UI) for remote management of provisioning or reconfiguration of the provided one or more network-related services.
  - 5. The computer-implemented method of claim 1, wherein the network-related services are provided by a third party and further comprising:
    - receiving executable instructions associated with the virtual network for implementing at least one of the one or more network-related services from a third party; and
      
      associating, at a time after a selection of at least one of the one or more network-related services by the customer, a service effectuated at least in part by the received executable instructions associated with the virtual network.
  - 6. The computer-implemented method of claim 1, wherein the remapping occurs when the at least one customer device becomes unavailable.
  - 7. The computer-implemented method of claim 1, wherein the remapping request identifies reassignment conditions and the remapping occurs when the reassignment conditions have been met.

8. A computer-implemented method, comprising:
- establishing, by one or more computer systems, a network connection with at least one customer device associated with a customer that is separate from the one or more computer systems, the at least one customer device including at least one networked device via the network connection;
  
  providing, to a first customer device of the at least one customer device, at least one network identity to serve as an identifier of the first customer device for use on a public network with which the one or more computer systems are in communication;
  
  receiving, through an application programming interface (API), a remapping request from a second customer device of the at least one customer device, the remapping request identifying one or more virtual machines specified by the customer;
  
  upon receipt of the remapping request, remapping the identifier of the first customer device to the one or more specified virtual machines within a virtual network, the remapping causing traffic addressed to the identifier representing the first customer device to be sent to at least one of the one or more virtual machines; and
  
  applying one or more network-related services, using at least one device of the one or more computer systems, to the traffic addressed to the identifier to generate processed network traffic;
  
  forwarding the processed network traffic to the first networked device represented by the at least one networked identity via the established network connection.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer-implemented method of claim 8, wherein the provided at least one network identity is bound to the at least one device of the one or more computer systems.
  - 10. The computer-implemented method of claim 8, wherein the identifier is remapped to a different networked device of the first customer device.
  - 11. The computer-implemented method of claim 8, wherein:
    - the first customer device includes a plurality of networked customer computer systems; and
      
      the at least one networked device includes at least one of the one or more virtual machines of the plurality of networked customer computer systems.
  - 12. The computer-implemented method of claim 8, wherein the at least one network identity is provided on a request of a customer controlling the first customer device.
  - 13. The computer-implemented method of claim 8, further comprising instantiating, within a service provider environment, a private network comprising at least one compute node;
    - and wherein the identifier is remapped to the compute node of the private network.

14. A computer system, comprising:
- one or more processors; and
  
  memory, including instructions executable by the one or more processors to cause the computer system to at least;
  
  provide, on a public communications network, network identities on behalf of customer devices that are;
  
  separate from the computer system; and
  
  connected to the computer system through at least one customer network;
  
  for the customer devices associated with the network identities, manage network traffic from the public communications network and the at least one customer network in accordance with requirements specified for corresponding customer devices associated with the network identities, the network identities representing virtual machines assigned to the customer devices; and
  
  upon receiving programmatic remapping requests from other customer devices, remap the network identities on the public communication network to different customer devices on the at least one customer network based at least in part on device remapping information included in the remapping request such that network traffic addressed to the different customer devices is routed to the virtual machines at the network identities, wherein the virtual machines are configured to apply the specified requirements to the network traffic and reroute the network traffic to the different customer devices via the at least one customer network.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer system of claim 14, wherein the computer system provides the network identities in response to requests submitted by customers in control of the customer devices.
  - 16. The computer system of claim 14, wherein the specified requirements include provision of network-related services, the network-related services including at least firewall services, distributed denial of service mitigation services, or e-mail filtering.
  - 17. The computer system of claim 14, wherein the customer devices reside in a datacenter that is separate from the computer system.
  - 18. The computer system of claim 14, wherein the instructions cause the computer system to further provide access to the public communications network to at least the connected customer devices.
  - 19. The computer system of claim 15, wherein the request is received by the computer system through a user interface (UI) provided to the customer devices by the computer system.

20. One or more non-transitory computer-readable storage media having collectively stored thereon executable instructions that, when executed by one or more processors of a computing resource provider'"'"'s computer system, cause the computer system to at least:
- associate, to customer devices that are separate from the computer system, network identities that identify one or more virtual machines on a virtual network corresponding to customer devices on a public network;
  
  manage, for customer devices identified by the network identities, network traffic from a public network and from the virtual network in accordance with requirements specified for the customer devices, the network traffic managed such that network traffic between public network and the customer devices is routed through the one or more virtual machines; and
  
  upon receiving programmatic remapping requests from other customer devices, reassociating the network identities that identify the one or more virtual machines on the virtual network to different customer devices on the public network based at least in part on device remapping information included in the remapping request.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The non-transitory computer-readable storage media of claim 20, wherein the instructions further cause the computer system to associate the network identities to at least one device of the computer system.
  - 22. The non-transitory computer-readable storage media of claim 21, wherein the network traffic is managed by the at least one device of the computer system.
  - 23. The non-transitory computer-readable storage media of claim 21, wherein the association of the network identities to the at least one device of the computer system enables the computing resource provider to at least record usage, by the customer devices, of the network identities.
  - 24. The non-transitory computer-readable storage media of claim 20, wherein the customer devices include virtualized computing devices of a plurality of networked customer computer systems.
  - 25. The non-transitory computer-readable storage media of claim 20, wherein the instructions further cause the computer system to, at a time after an identified customer device becomes unavailable, reassociate the associated network identity to serve as an identifier for a different customer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Ganguly, Arijit, Dickinson, Andrew B., Lefelhocz, Christopher J., Agarwal, Manish, Searle, Ian R., Brandwine, Eric Jason
Primary Examiner(s)
Wasel, Mohamed
Assistant Examiner(s)
Wu, Tsung

Application Number

US13/461,661
Time in Patent Office

1,589 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 2009/4557   Distribution of virtual mac...

G06F 9/45558   Hypervisor-specific managem...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 12/66   Arrangements for connecting...

H04L 41/0813   characterised by the condit...

H04L 61/2514   between local and global IP...

H04L 61/5007   Internet protocol [IP] addr...

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

Flexibly configurable remote network identities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Flexibly configurable remote network identities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links