External health checking of virtual private cloud network environments

US 9,992,086 B1
Filed: 08/23/2016
Issued: 06/05/2018
Est. Priority Date: 08/23/2016
Status: Active Grant

First Claim

Patent Images

1. A system for verifying functionality of computing devices within a virtual private cloud network environment (VPC), wherein the VPC includes one or more virtual computing devices arranged within a virtualized local area network, the virtualized local area network generated by a substrate network hosting the VPC, the system comprising:

at least one first computing device implementing a health check system, wherein the health check system is external to the VPC and is configured with computer-executable instructions to;

generate health check data for transmission to a target virtual computing device within the VPC, wherein the health check data is generated to elicit an expected response from the target virtual computing device;

associate the health check data with an identifier of the VPC; and

transmit the health check data and associated identifier to a communications manager in communication with the health checking system and the VPC;

at least one second computing device implementing the communications manager, wherein the communications manager is external to the VPC and is configured with computer-executable instructions to;

obtain the health check data from the health check system;

determine, from at least the identifier of the VPC, a network address of the substrate network that is assigned to an endpoint of the VPC; and

transmit the health check data to the endpoint and;

at least one third computing device implementing the endpoint of the VPC, wherein the endpoint is configured with computer-executable instructions to;

obtain the health check data from the communications manager;

transmit the health check data to the target virtual computing device within the VPC;

obtain a response to the health check data; and

transmit the response to the health check system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described to enable health checking of computing devices within a virtual private cloud (VPC) networking environment, without requiring that the devices be accessible via a public network address. An endpoint is placed within the VPC, which enables interaction with an external health checking system via a substrate network. The endpoint handles communications between the heath checking system and the VPC, and can modify data originating from the health checking system such that it appears to originate from the endpoint. Thus, from the viewpoint of the VPC, the endpoint itself may appear to be conducting health checking. Thus, external health checking can be used on a VPC without compromising the security of the VPC by requiring that a portion of the VPC be externally addressable.

1312 Citations

20 Claims

1. A system for verifying functionality of computing devices within a virtual private cloud network environment (VPC), wherein the VPC includes one or more virtual computing devices arranged within a virtualized local area network, the virtualized local area network generated by a substrate network hosting the VPC, the system comprising:
- at least one first computing device implementing a health check system, wherein the health check system is external to the VPC and is configured with computer-executable instructions to;
  
  generate health check data for transmission to a target virtual computing device within the VPC, wherein the health check data is generated to elicit an expected response from the target virtual computing device;
  
  associate the health check data with an identifier of the VPC; and
  
  transmit the health check data and associated identifier to a communications manager in communication with the health checking system and the VPC;
  
  at least one second computing device implementing the communications manager, wherein the communications manager is external to the VPC and is configured with computer-executable instructions to;
  
  obtain the health check data from the health check system;
  
  determine, from at least the identifier of the VPC, a network address of the substrate network that is assigned to an endpoint of the VPC; and
  
  transmit the health check data to the endpoint and;
  
  at least one third computing device implementing the endpoint of the VPC, wherein the endpoint is configured with computer-executable instructions to;
  
  obtain the health check data from the communications manager;
  
  transmit the health check data to the target virtual computing device within the VPC;
  
  obtain a response to the health check data; and
  
  transmit the response to the health check system.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the endpoint of the VPC is further configured with the computer-executable instructions to modify the health check data to designate the endpoint of the VPC as a source of the health check data.
  - 3. The system of claim 1, wherein the target virtual computing device is identified by a private domain name within the VPC, wherein the health check system is further configured with the computer-executable instructions to transmit a request to resolve the private domain name to the endpoint via the communications manager, and wherein the endpoint is further configured to:
    - transmit the request to a domain name system (DNS) server associated with the VPC;
      
      obtain a response to the request, the response indicating a network address of the target virtual computing device; and
      
      return the network address to the health check system.
  - 4. The system of claim 1, wherein the target virtual computing device is not associated with a publically accessible network address on the substrate network.
  - 5. The system of claim 1, wherein the response is at least one of the expected response, a response other than the expected response, or a notification that no response has been received from the target virtual computing device.

6. A computer-implemented method for verifying functionality of computing devices within a virtual private cloud network environment (VPC), wherein the VPC includes one or more computing devices arranged within a virtualized local area network, the virtualized local area network generated by a substrate network hosting the VPC, the computer-implemented method comprising:
- generating, at a health check system external to the VPC, health check data for transmission to a target computing device within the VPC;
  
  determining, at the health check system, an identifier of the VPC;
  
  routing, on the substrate network, the health check data from the health check system to an endpoint within the VPC, wherein the routing occurs based at least partly on the identifier of the VPC;
  
  modifying, at the endpoint, the health check data to designate the endpoint as a source of the health check data;
  
  transmitting the health check data from the endpoint to the target computing device within the VPC;
  
  obtaining, at the endpoint, a response from the target computing device; and
  
  routing the response, on the substrate network, from the endpoint to the health check system external to the VPC.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The computer-implemented method of claim 6, wherein the target computing device is a virtual computing device implemented by a host computing device.
  - 8. The computer-implemented method of claim 6, wherein routing the health check data from the health check system to the endpoint within the VPC comprising:
    - obtaining the health check data at a communications manager;
      
      determining, from the identifier of the VPC, a network address associated with the endpoint; and
      
      transmitting the health check data to the network address associated with the endpoint.
  - 9. The computer-implemented method of claim 6, wherein the target computing device is associated with network addresses internal to the VPC.
  - 10. The computer-implemented method of claim 6, wherein the target computing device is identified at the health check system by a private domain name localized to the VPC, and wherein the computer-implemented method further comprises:
    - transmitting a resolution request, including the private domain name, from the health check system to the endpoint;
      
      transmitting the resolution request from the endpoint to a domain name system (DNS) server of the VPC;
      
      obtaining a response to the resolution request at the endpoint; and
      
      returning the response to the resolution request to the health check system.
  - 11. The computer-implemented method of claim 6, wherein communications between the health check system and the endpoint occur via a communications manager configured to maintain a mapping between a network address of the endpoint on the substrate network and the identifier of the VPC.
  - 12. The computer-implemented method of claim 6 further comprising:
    - determining, at the health check system and based at least in part on the response, that the target computing device is unhealthy;
      
      transmitting from the health check system to the endpoint a notification to a domain name system (DNS) server associated with the VPC that the target computing device is unhealthy; and
      
      transmitting the notification from the endpoint to the DNS server.
  - 13. The computer-implemented method of claim 12, wherein the DNS server is configured to respond to the notification by removing a network address of the target computing device from DNS records of the DNS server.

14. A system for verifying functionality of computing devices within a virtual private cloud network environment (VPC), wherein the VPC includes one or more computing devices arranged within a virtualized local area network, the virtualized local area network generated by a substrate network hosting the VPC, the system comprising:
- one or more computing devices external to the VPC and configured with computer-executable instructions to;
  
  generate health check data for transmission to a target computing device within the VPC;
  
  route the health check data from the one or more computing devices external to the VPC to an endpoint of the VPC, wherein the routing occurs based at least partly on an identifier of the VPC;
  
  one or more computing device implementing the endpoint of the VPC, wherein one or more computing device implementing the endpoint of the VPC are configured with computer-executable instructions to;
  
  modify the health check data to designate the endpoint as a source of the health check data;
  
  transmit the health check data to the target computing device within the VPC;
  
  obtain a response from the target device; and
  
  transmit the response to the one or more computing devices external to the VPC.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14 further comprising one or more computing devices implementing a communications manager, wherein the one or more computing devices implementing the communications manager are configured with computer-executable instructions to facilitate communications between the endpoint and the health check system at least partly by:
    - obtaining data transmitted by the health check system, the data including an identifier of the VPC;
      
      determining a network address on the substrate network associated with the endpoint; and
      
      transmitting the data to the network address on the substrate network associated with the endpoint.
  - 16. The system of claim 14, wherein the target computing device is a virtual computing device implemented by a host computing device on the substrate network.
  - 17. The system of claim 14, wherein the target computing device is associated with only network addresses internal to the VPC.
  - 18. The system of claim 14, wherein the target computing device is identified at the health check system by a private domain name localized to the VPC, and wherein the one or more computing device implementing the endpoint of the VPC are further configured with computer-executable instructions to:
    - obtain a request from the health check system to resolve the private domain name into a network address;
      
      transmit a request from the endpoint to a domain name system (DNS) server of the VPC;
      
      obtain a response from the DNS server of the VPC; and
      
      transmit the response to the health check system.
  - 19. The system of claim 14, wherein the one or more computing devices external to the VPC are further configured with computer-executable instructions to:
    - determine, based at least in part on the response, that the target computing device is unhealthy; and
      
      transmit a notification to the endpoint that the target computing device is unhealthy; and
      
      wherein the one or more computing device implementing the endpoint of the VPC are further configured with computer-executable instructions to transmit the notification from the endpoint to a domain name system (DNS) server of the VPC.
  - 20. The system of claim 19, wherein the DNS server is configured to respond to the notification by altering responses of the DNS server to resolution requests associated with the target computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Mizik, Andrey, Zen, Lee-Ming, Kaplin, Pavlo, Gu, Yu, Lai, Minli
Primary Examiner(s)
Kim, Hee Soo

Application Number

US15/245,089
Time in Patent Office

651 Days
Field of Search

709224-226
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 43/0817   by checking functioning

H04L 43/10   Active monitoring, e.g. hea...

H04L 43/20   the monitoring system or th...

H04L 67/10   in which an application is ...

External health checking of virtual private cloud network environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1312 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

External health checking of virtual private cloud network environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1312 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links