Establishing secure remote access to private computer networks

US 9,756,018 B2
Filed: 06/10/2016
Issued: 09/05/2017
Est. Priority Date: 12/10/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

providing, by one or more computing systems that are part of a network service, a first computer network for a first client of the network service based on information specified by the first client, wherein the providing of the first computer network for the first client includes;

selecting multiple computing nodes from a plurality of computing nodes provided by the network service for use by remote clients;

provisioning the multiple computing nodes for use in the first computer network for the client; and

configuring one or more hardware devices of the network service that provide one or more of the multiple computing nodes to route communications for the first computer network according to a network topology specified for the first computer network by the first client;

receiving, by the one or more computing systems and via an interface of the network service for use by the remote clients to configure remote access to computer networks provided by the network service for the remote clients, a request to configure a secure connection between a first remote location and the first computer network provided by the network service for the first client; and

responding, by the one or more computing systems, to the received request by providing configuration information that causes one or more devices of the first client at the first remote location to participate in the secure connection for the first computer network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation.

109 Citations

20 Claims

1. A computer-implemented method comprising:
- providing, by one or more computing systems that are part of a network service, a first computer network for a first client of the network service based on information specified by the first client, wherein the providing of the first computer network for the first client includes;
  
  selecting multiple computing nodes from a plurality of computing nodes provided by the network service for use by remote clients;
  
  provisioning the multiple computing nodes for use in the first computer network for the client; and
  
  configuring one or more hardware devices of the network service that provide one or more of the multiple computing nodes to route communications for the first computer network according to a network topology specified for the first computer network by the first client;
  
  receiving, by the one or more computing systems and via an interface of the network service for use by the remote clients to configure remote access to computer networks provided by the network service for the remote clients, a request to configure a secure connection between a first remote location and the first computer network provided by the network service for the first client; and
  
  responding, by the one or more computing systems, to the received request by providing configuration information that causes one or more devices of the first client at the first remote location to participate in the secure connection for the first computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented method of claim 1 further comprising, by the one or more computing systems, receiving additional information from the first client to configure the secure connection and using the additional information as part of implementing the secure connection, wherein the additional information includes one or more first network addresses used by the one or more devices of the first client at the first remote location.
  - 3. The computer-implemented method of claim 2 wherein the one or more first network addresses include a range of multiple Internet Protocol (IP) addresses used by multiple computing devices at the first remote location, and wherein the using of the additional information as part of implementing the secure connection includes sending, by the one or more computing systems and to the multiple computing devices via the secure connection, one or more communications from one or more computing nodes in the first computer network that are directed to IP addresses in the range.
  - 4. The computer-implemented method of claim 2 wherein the one or more first network addresses are part of a group of multiple Internet Protocol (IP) addresses indicated in the additional information, and wherein the method further comprises assigning, by the one or more computing systems, a subset of the IP addresses in the group to multiple computing nodes in the first computer network.
  - 5. The computer-implemented method of claim 2 wherein the additional information further specifies one or more second network addresses used by one or more other devices at a second remote location, and wherein the method further comprises, by the one or more computing systems, associating the one or more first network addresses with the secure connection so that communications in the first computer network directed to the one or more first network addresses are sent to the one or more devices at the first remote location via the secure connection, and associating the one or more second network addresses with a second connection between the first computer network and the second remote location so that communications in the first computer network directed to the one or more second network addresses are sent to the second remote location via the second connection.
  - 6. The computer-implemented method of claim 1 further comprising, by the one or more computing systems, receiving additional information from the first client to configure the secure connection and using the additional information as part of implementing the secure connection, wherein the additional information includes a public Internet Protocol (IP) address for at least one device of the one or more devices of the first client at the first remote location, and wherein the using of the additional information includes sending, for one or more communications associated with the secure connection, the one or more communications over one or more computer networks to the public IP address.
  - 7. The computer-implemented method of claim 1 further comprising, by the one or more computing systems, receiving additional information for use in identifying a remote computer network of the first client at the first remote location, and using the additional information as part of participating in the secure connection.
  - 8. The computer-implemented method of claim 1 wherein the interface further enables the remote clients to configure the computer networks provided by the network service for the remote clients, and wherein the providing of the first computer network for the first client further includes:
    - receiving, by the one or more computing systems, additional configuration information supplied by the first client to configure functionality of the first computer network, including to provide a virtual router device as part of the first computer network; and
      
      responding, by the one or more computing systems, to the received additional configuration information by configuring the functionality of computing machines providing the multiple computing nodes to emulate functionality of the virtual router device.
  - 9. The computer-implemented method of claim 1 wherein the providing of the configuration information includes providing a public Internet Protocol (IP) address associated with one or more devices of the network service that participate in the secure connection, and wherein the method further comprises receiving, by the one or more computing systems, a further request sent to the public IP address from at least one device of the one or more devices at the first remote location to establish the secure connection, and participating in establishing the secure connection in response to the further request.
  - 10. The computer-implemented method of claim 1 wherein the providing of the configuration information includes providing an identifier associated with the first computer network, and wherein the method further comprises receiving, by the one or more computing systems, a further request that includes the identifier and is to establish the secure connection, and participating in establishing the secure connection in response to the further request.
  - 11. The computer-implemented method of claim 1 wherein the interface is a graphical user interface, and wherein the receiving of the request includes receiving information sent over one or more intervening networks to the network service from a computing device of the first client on which the graphical user interface is displayed based on one or more interactions of the first client with the displayed graphical user interface.
  - 12. The computer-implemented method of claim 1 wherein the interface is a message-based interface, and wherein the receiving of the request includes receiving one or more electronic messages sent over one or more intervening networks to the network service from a computing device of the first client.
  - 13. The computer-implemented method of claim 1 wherein the interface further enables the remote clients to initiate creation of the computer networks provided by the network service for the remote clients, wherein the method further comprises receiving, by the one or more computing systems, an initial request that is made via the interface by the first client to create the first computer network for the first client, wherein the providing of the first computer network for the first client further includes responding, by the one or more computing systems, to the received initial request by creating the first computer network as a virtual computer network, and wherein the multiple computing nodes are implemented using hardware devices provided by the network service.

14. A non-transitory computer-readable medium having stored contents that cause one or more computing systems of a network service to:
- provide, by the one or more computing systems, a first computer network for a first client of the network service based on information specified by the first client, wherein the providing of the first computer network for the first client includes;
  
  selecting multiple computing nodes from a plurality of computing nodes provided by the network service for use by remote clients;
  
  provisioning the multiple computing nodes for use in the first computer network for the client; and
  
  configuring one or more hardware devices of the network service that provide one or more of the multiple computing nodes to emulate functionality of a virtual router device of the first computer network that is indicated in the information specified by the first client and to route communications between the multiple computing nodes according to a network topology specified for the first computer network by the first client;
  
  receive, by the one or more computing systems and via an interface of the network service for use by remote clients to manage computer networks provided by the network service for the remote clients, a request to configure remote access from a first remote location to the first computer network provided by the network service for the first client; and
  
  respond, by the one or more computing systems, to the received request by providing configuration information that enables one or more devices at the first remote location to participate in the remote access to the first computer network from the first remote location.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer-readable medium of claim 14 wherein the stored contents include software instructions that, when executed, further cause the one or more computing systems to receive an initial request from the first client via the interface to create the first computer network for the first client, and wherein the providing of the first computer network for the first client further includes responding, by the one or more configured computing systems, to the received initial request by creating the first computer network as a virtual computer network for use by the first client.
  - 16. The non-transitory computer-readable medium of claim 14 wherein the remote access includes a secure connection between the network service and the first remote location, and wherein the stored contents further cause the one or more computing systems to receive additional information from the first client that includes multiple Internet Protocol (IP) addresses used by the one or more devices of the first client at the first remote location, and to use the additional information as part of implementing the secure connection by sending, to the one or more devices via the secure connection, one or more communications from the first computer network that are directed to one or more of the IP addresses.
  - 17. The non-transitory computer-readable medium of claim 14 wherein the remote access includes a secure connection between the network service and the first remote location, and wherein the stored contents further cause the one or more computing systems to receive additional information from the first client that includes a public Internet Protocol (IP) address for at least one device of the first client at the first remote location, and to use the additional information by sending, for one or more communications associated with the secure connection, the one or more communications over one or more computer networks to the public IP address.

18. A system comprising:
- one or more hardware processors of one or more computing systems; and
  
  one or more memories with stored instructions that, when executed by at least one of the one or more hardware processors, cause the one or more computing systems to implement functionality for a network service that provides computer networks to remote clients, the implementing of the functionality including;
  
  providing a first computer network for a first client of the network service based on information specified by the first client, wherein the providing of the first computer network for the first client includes;
  
  selecting multiple computing nodes from a plurality of computing nodes provided by the network service for use by remote clients;
  
  provisioning the multiple computing nodes for use in the first computer network for the client; and
  
  configuring one or more hardware devices of the network service that provide one or more of the multiple computing nodes to route communications according to a network topology of the first computer network that is indicated in the information specified by the first client;
  
  receiving, from the first client via an interface of the network service, a request for a secure connection between a first remote location and the first computer network provided by the network service for the first client; and
  
  responding to the received request by providing configuration information that enables one or more devices at the first remote location to participate in the secure connection.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18 wherein the stored instructions further cause the one or more computing systems to receive information that includes multiple Internet Protocol (IP) addresses used by one or more devices of the first client at the first remote location, and to use the information as part of participating in the secure connection by sending, to the one or more devices, one or more communications from the first computer network that are directed to one or more of the IP addresses.
  - 20. The system of claim 18 wherein the stored instructions further cause the one or more computing systems to receive information that includes a public Internet Protocol (IP) address for at least one device at the first remote location, and to use the information by sending, for one or more communications associated with the secure connection, the one or more communications over one or more computer networks to the public IP address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Doane, Andrew J., Brandwine, Eric Jason
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US15/179,700
Publication Number

US 20160285831A1
Time in Patent Office

452 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 61/5069   for group communication, mu...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 67/34   involving the movement of s...

H04L 67/52   specially adapted for the l...

H04L 67/75   Indicating network or usage...

Establishing secure remote access to private computer networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Establishing secure remote access to private computer networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others