Managing communications between computing nodes
First Claim
1. A computer-implemented method comprising:
- obtaining, by one or more configured computing devices of an application execution service, information indicating an access policy for use with a first computing node, the indicated access policy specifying one or more criteria regarding communications allowed to be at least one of sent by or received by the first computing node;
initiating, by the one or more configured computing devices, execution of the first computing node as a virtual machine hosted by a physical computing system of the application execution service; and
configuring, by the one or more configured computing devices, one or more software components executing on the physical computing system to manage at least communications for virtual machines hosted by the physical computing system, the configuring including storing information on the physical computing system about the access policy for use by the one or more software components in managing communications for the first computing node in accordance with the one or more specified criteria.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for managing communications between multiple intercommunicating computing nodes, such as multiple virtual machine nodes hosted on one or more physical computing machines or systems. In some situations, users may specify groups of computing nodes and optionally associated access policies for use in the managing of the communications for those groups, such as by specifying which source nodes are allowed to transmit data to particular destinations nodes. In addition, determinations of whether initiated data transmissions from source nodes to destination nodes are authorized may be dynamically negotiated for and recorded for later use in automatically authorizing future such data transmissions without negotiation. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.
23 Citations
25 Claims
-
1. A computer-implemented method comprising:
-
obtaining, by one or more configured computing devices of an application execution service, information indicating an access policy for use with a first computing node, the indicated access policy specifying one or more criteria regarding communications allowed to be at least one of sent by or received by the first computing node; initiating, by the one or more configured computing devices, execution of the first computing node as a virtual machine hosted by a physical computing system of the application execution service; and configuring, by the one or more configured computing devices, one or more software components executing on the physical computing system to manage at least communications for virtual machines hosted by the physical computing system, the configuring including storing information on the physical computing system about the access policy for use by the one or more software components in managing communications for the first computing node in accordance with the one or more specified criteria. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium having stored contents that configure a computing device to:
-
receive, by the configured computing device, information specifying an access policy for use with a first virtual machine hosted on a physical computing system, the specified access policy including one or more criteria regarding communications allowed to be at least one of sent by or received by the first virtual machine; configure, by the configured computing device, a transmission manager component to manage communications for the first virtual machine in accordance with the specified access policy, the transmission manager component being executed by the physical computing system to manage hosted virtual machines that include the first virtual machine; and manage, by the transmission manager component, at least one of communications sent to or received by the first virtual machine using the one or more criteria. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computing system, comprising:
-
one or more processors; and a memory storing instructions that, upon execution by at least one of the one or more processors, cause the computing system to; host multiple virtual machines that are each configurable to execute at least one application program in a portion of the memory allocated to that virtual machine; receive configuration instructions that configure a transmission manager component executing on the computing system to manage communications of one of the multiple virtual machines in accordance with an indicated access policy that specifies one or more criteria regarding communications allowed to be at least one of sent to or from the one virtual machine; and manage, by the executing transmission manager component and using the one or more criteria, the communications of the one virtual machine by; receiving a first communication from or to the one virtual machine; determining whether the first communication is authorized by the indicated access policy; and if the first communication is authorized by the indicated access policy, forwarding the first communication to a specified destination, and otherwise preventing the forwarding of the first communication. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification