Andrew Doane

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on… Show more

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link. Show less

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For… Show more

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. Show less

Arrangements for automatically detecting bi-directional artificial intelligence (AI) communications and automatically negotiating (i.e., switching to alternative) direct digital communications.

This patent relates to an interface to manage inter-regional connectivity for direct network peerings, e.g., via AWS Direct Connect. A system may include a connectivity coordinator, a first collection of computing resources in a first geographical zone and a second collection of computing resources in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically… Show more

This patent relates to an interface to manage inter-regional connectivity for direct network peerings, e.g., via AWS Direct Connect. A system may include a connectivity coordinator, a first collection of computing resources in a first geographical zone and a second collection of computing resources in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second collection on behalf of a client that has a dedicated physical link set up to connect to the first collection. In response to the request, the coordinator performs configuration operations to enable traffic to flow from the client’s network to the second collection over a logically isolated network path using the dedicated physical link. Show less

This patent relates to automated techniques for providing a virtual computer network to a client by an online configurable network service, in which the provided virtual computer network is overlaid on a substrate network using hardware provided by the configurable network service, and with communications between computing nodes of the virtual computer network being forwarded to each other over the substrate network. In addition, the client may further specify configuration information for the… Show more

This patent relates to automated techniques for providing a virtual computer network to a client by an online configurable network service, in which the provided virtual computer network is overlaid on a substrate network using hardware provided by the configurable network service, and with communications between computing nodes of the virtual computer network being forwarded to each other over the substrate network. In addition, the client may further specify configuration information for the virtual computer network that indicates a specified network topology for the virtual computer network, such as for the virtual computer network to have different sub-groups of computing nodes (e.g., subnets) which are separated by one or more router devices. To provide such a virtual computer network, the functionality of the router devices (and more generally of the specified network topology) may be emulated in order to provide one or more virtual such router devices, without physically providing such virtual router devices in the substrate network — and more generally, without physically implementing the specified network topology in the substrate network. Show less

This patent relates to a service that provides an interface for configuring private networks (e.g., VPCs) within a provider network. A request is received via the interface to configure network addresses for a client’s private network. The service also provides an interface for configuring access of instances within a private network to a remote resource service. The private network may be configured to associate an identifier that represents the remote resource service with an indicated… Show more

This patent relates to a service that provides an interface for configuring private networks (e.g., VPCs) within a provider network. A request is received via the interface to configure network addresses for a client’s private network. The service also provides an interface for configuring access of instances within a private network to a remote resource service. The private network may be configured to associate an identifier that represents the remote resource service with an indicated network address for an instance within the private network, so that communications sent to the remote resource service via the indicated network address to access a resource of the remote resource service are modified to include an indication of the identifier for use by the remote resource service in identifying the namespace. This may be used, for example, in configuring a VPN connection between the VPC and a client site. Show less

This patent relates to managed computer networks, such as managed virtual computer networks overlaid on one or more other underlying computer networks, e.g., employing NOVICE. Replication of a primary computing node that is actively participating in a managed computer network is facilitated, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual… Show more

This patent relates to managed computer networks, such as managed virtual computer networks overlaid on one or more other underlying computer networks, e.g., employing NOVICE. Replication of a primary computing node that is actively participating in a managed computer network is facilitated, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. Show less

This patent relates to a certificate management service in which customers can configure their computing resources (computers, databases or storage devices) to securely communicate with each other by providing cryptographic material to the resources. In particular, the service interacts with a control domain which provisions secure modules (such as virtual trusted platform modules (TPMs) or virtual smartcards) for the computing resources and sends the cryptographic material to the secure… Show more

This patent relates to a certificate management service in which customers can configure their computing resources (computers, databases or storage devices) to securely communicate with each other by providing cryptographic material to the resources. In particular, the service interacts with a control domain which provisions secure modules (such as virtual trusted platform modules (TPMs) or virtual smartcards) for the computing resources and sends the cryptographic material to the secure modules. The computing resources may then access the modules to use the cryptographic material for securing their communications. Show less

This patent relates to providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. This CON is directed to the communication manager’s interactions with the “system manager” (Fig. 5B), to verify that the source substrate address of an incoming packet is mapped to a known virtual network address. Once the incoming packet is verified, the communication manager rewrites the packet’s header and… Show more

This patent relates to providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. This CON is directed to the communication manager’s interactions with the “system manager” (Fig. 5B), to verify that the source substrate address of an incoming packet is mapped to a known virtual network address. Once the incoming packet is verified, the communication manager rewrites the packet’s header and delivers the packet to the intended recipient node. Show less

This patent relates to providing service endpoints (“access mechanisms”) to access a remote service(s) via local IP addresses in a VPC. Techniques are described for providing users with access to computer networks, such as to enable users to create and configure computer networks that are provided by a remote configurable network service for the users' use. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only… Show more

This patent relates to providing service endpoints (“access mechanisms”) to access a remote service(s) via local IP addresses in a VPC. Techniques are described for providing users with access to computer networks, such as to enable users to create and configure computer networks that are provided by a remote configurable network service for the users' use. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to automatically include access control information to limit access to particular resources to computing nodes at the location of that provided computer network. Show less

This patent relates to managed computer networks, such as managed virtual computer networks overlaid on one or more other underlying computer networks, e.g., employing NOVICE. Replication of a primary computing node that is actively participating in a managed computer network is facilitated, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual… Show more

This patent relates to managed computer networks, such as managed virtual computer networks overlaid on one or more other underlying computer networks, e.g., employing NOVICE. Replication of a primary computing node that is actively participating in a managed computer network is facilitated, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. Show less

This patent relates to managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by… Show more

This patent relates to managing communications between multiple computing nodes, such as for computing nodes that are part of managed virtual computer networks provided on behalf of users or other entities. In some situations, one or more of the computing nodes of a managed virtual computer network is configured to perform actions to extend capabilities of the managed virtual computer network to other computing nodes that are not part of the managed virtual computer network, such as by forwarding communications between computing nodes of the managed virtual computer network and the other external computing nodes so as to enable the other external computing nodes to participate in the managed virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. Show less

Techniques are described for providing users with access to computer networks, such as to enable users to create computer networks that are provided by a remote configurable network service for use by the users. Such provided computer networks may be configured to be private computer networks accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such… Show more

Techniques are described for providing users with access to computer networks, such as to enable users to create computer networks that are provided by a remote configurable network service for use by the users. Such provided computer networks may be configured to be private computer networks accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to include a local access mechanism as part of a provided computer network that is configured to forward communications sent to the access mechanism to a particular remote resource service. Show less

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a… Show more

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms. Show less

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking… Show more

Techniques are described for providing logical networking functionality for managed computer networks, such as for virtual computer networks provided on behalf of users or other entities. In some situations, a user may configure or otherwise specify a network topology for a virtual computer network, such as a logical network topology that separates multiple computing nodes of the virtual computer network into multiple logical sub-networks and/or that specifies one or more logical networking devices for the virtual computer network. After a network topology is specified for a virtual computer network, logical networking functionality corresponding to the network topology may be provided in various manners, such as without physically implementing the network topology for the virtual computer network. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. Show less

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on… Show more

Methods and apparatus for interfaces to manage inter-regional connectivity for direct network peerings. A system may include a connectivity coordinator, a first resource collection in a first geographical zone and a second resource collection in a second geographical zone. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request via the interface to establish a logically isolated network path to the second resource collection on behalf of a client that has a dedicated physical link set up to connect to the first resource collection. In response to the request, the coordinator performs one or more configuration operations to enable traffic to flow from the client's network to the second resource collection over a logically isolated network path using the dedicated physical link. Show less

This patent relates to the presentation of advertisements on user devices and mobile ad systems (e.g., a mobile display worn by a person or attached to a vehicle). The content of publicly-displayed advertisements is dynamically updated based on a location of a user device, a location of a mobile ad system, and real-time input from an advertiser. For example, directions to a business location that are presented on a display of a mobile ad system can be updated as the location of the mobile ad… Show more

This patent relates to the presentation of advertisements on user devices and mobile ad systems (e.g., a mobile display worn by a person or attached to a vehicle). The content of publicly-displayed advertisements is dynamically updated based on a location of a user device, a location of a mobile ad system, and real-time input from an advertiser. For example, directions to a business location that are presented on a display of a mobile ad system can be updated as the location of the mobile ad system moves with respect to the business location. Advertisers can also bid to provide advertisements within some geographic area. For example, a store that sells televisions can purchase advertisements for their televisions that are presented to mobile devices of users when the mobile devices are located in a competitor’s store that sells televisions. Show less

This patent relates to updating a customer's VPC in response to network changes made by the customer in the data plane. The customer may make routing changes that are propagated by its routers to the VPC. The virtual routers of the VPC may detect these changes, and update the virtual network configuration in response.

This VPC patent relates to the use of virtual networking protocols to share path costing information between AWS and a client's on-prem network. According to the patent, a customer's VPC and the client’s on-prem systems may exchange cost information related to communications to indicate preferences to use certain devices or inter-connections over others, and the VPC control plane may proceed to configure the client’s VPC to operate accordingly.

This patent relates to provisioning VPN connections to VPCs. According to the patent, in response to an API request from a customer, AWS takes actions to configure a VPN connection between the customer's data center and an AWS VPN endpoint that handles VPN connections for the VPC. For example, AWS will provision a VPN endpoint and send information to the customer that the customer can use to configure the VPN device on their end to communicate with the AWS VPN endpoint.

This patent relates to changing the relationship between a VPC IP address (a virtual address) and a substrate IP address (an IP address of the host EC2 server) if the instance is moved from one EC2 host to another. According to the patent, when an instance is moved a message indicating the new EC2 host IP address is sent to a Mapping service. The Mapping service can update its database of relationships and send updated information to other computers in the EC2 network to enable them to… Show more

This patent relates to changing the relationship between a VPC IP address (a virtual address) and a substrate IP address (an IP address of the host EC2 server) if the instance is moved from one EC2 host to another. According to the patent, when an instance is moved a message indicating the new EC2 host IP address is sent to a Mapping service. The Mapping service can update its database of relationships and send updated information to other computers in the EC2 network to enable them to correctly route communicates to the new host. Show less

This patent relates to a random number service (entropy service) providing random number seeds for initiation of secure connections. A client makes a first secure connection to the service using the best random number it has available. The client receives a strong random number seed from the service over the connection and uses the strong random number to reinitialize its cryptographic systems so that future cryptographic operations utilize the strong random number seed.

This patent is related to functions exposed by a hypervisor that ensures information stored remotely is secure and capable of secure deletion. The functions ensure that cryptographic keys are prevented from being persistently stored during serialization. The hypervisor signals to an instance that serialization will occur and the instance calls the first function to prevent the keys from being serialized. When resuming the instance, either the instance or the hypervisor may be responsible for… Show more

This patent is related to functions exposed by a hypervisor that ensures information stored remotely is secure and capable of secure deletion. The functions ensure that cryptographic keys are prevented from being persistently stored during serialization. The hypervisor signals to an instance that serialization will occur and the instance calls the first function to prevent the keys from being serialized. When resuming the instance, either the instance or the hypervisor may be responsible for restoring the instance’s keys by calling the second function. Show less

This patent relates to enabling connectivity between virtual private clouds. According to the patent, in response to requests from customers to inter-connect VPCs, the VPC service can create a peering router that inter-connects these customer's VPCs.

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various… Show more

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation. Show less

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization… Show more

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys. Show less

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to… Show more

Methods and apparatus for interfaces to manage last-mile connectivity and dynamic reconfiguration for direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements an interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator determines a connectivity provider to provide last-mile connectivity to the requester, and transmits a notification identifying the selected connectivity provider. Show less

This patent relates to EC2's Virtual Private Cloud. According to this patent, a customer can send an application program interface request to EC2 to specify routing cost information. The Virtual Private Cloud control system can apply the routing cost information to a virtual network. The virtual network can then use the routing cost information to influence how packets are routed within the customer's virtual private cloud.

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For… Show more

Techniques are described for providing managed computer networks, such as for managed virtual computer networks overlaid on one or more other underlying computer networks. In some situations, the techniques include facilitating replication of a primary computing node that is actively participating in a managed computer network, such as by maintaining one or more other computing nodes in the managed computer network as replicas, and using such replica computing nodes in various manners. For example, a particular managed virtual computer network may span multiple broadcast domains of an underlying computer network, and a particular primary computing node and a corresponding remote replica computing node of the managed virtual computer network may be implemented in distinct broadcast domains of the underlying computer network, with the replica computing node being used to transparently replace the primary computing node in the virtual computer network if the primary computing node becomes unavailable. Show less

Methods and apparatus for dynamic bandwidth management using routing signals in a network implementing direct peerings. A system includes a resource collection, an endpoint device connected to a private link of a network path to a client network, and a bandwidth manager. The bandwidth manager receives configuration settings of the client, comprising a baseline transmission rate of traffic. The bandwidth manager determines whether a difference between a measured transmission rate of traffic over… Show more

Methods and apparatus for dynamic bandwidth management using routing signals in a network implementing direct peerings. A system includes a resource collection, an endpoint device connected to a private link of a network path to a client network, and a bandwidth manager. The bandwidth manager receives configuration settings of the client, comprising a baseline transmission rate of traffic. The bandwidth manager determines whether a difference between a measured transmission rate of traffic over one or more network paths linking the resource collection and the client network, and a peak transmission capacity of the one or more network paths, exceeds a threshold value. In response to a determination that the difference exceeds the threshold value, the bandwidth manager initiates a transmission of a routing signal to the client network indicative of an available transmission rate that differs from the baseline transmission rate.
Show less

Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise… Show more

Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise moving a particular computing node that is part of a virtual network to a new physical network location, or modifying other aspects of how the computing node participates in the virtual network (e.g., changing one or more virtual network addresses used by the computing node). In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. Show less

A network-based service may generate notifications regarding items of interest to a user. A contact selection service may receive the notifications and generate a user interface for transmission of the notification to the user. The generated user interface may include a unique identifier and may further enable the user to submit user contact information to request contact with a service agent. The contact selection service may further pre-authorize contacts between users and customer service… Show more

A network-based service may generate notifications regarding items of interest to a user. A contact selection service may receive the notifications and generate a user interface for transmission of the notification to the user. The generated user interface may include a unique identifier and may further enable the user to submit user contact information to request contact with a service agent. The contact selection service may further pre-authorize contacts between users and customer service agents CSA. The unique identifier, and optionally the submitted user contact information, may be employed by the contact selection service to selectively determine which customer contact requests received by the contact selection service are pre-authorized for contact with a CSA and enables such contacts between customers and CSAs to proceed. Show less

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various… Show more

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation. Show less

This patent relates to creating and configuring virtual private networks (VPN). When a user makes a request to create the VPN via a mobile device, the user can include information related to other users in the request so that the other users can have access to the VPN. The VPN is created and configured based on the information in the request. Tunnels are established between the VPN and the mobile devices of the users such that the tunnels facilitate an appearance of the mobile devices being… Show more

This patent relates to creating and configuring virtual private networks (VPN). When a user makes a request to create the VPN via a mobile device, the user can include information related to other users in the request so that the other users can have access to the VPN. The VPN is created and configured based on the information in the request. Tunnels are established between the VPN and the mobile devices of the users such that the tunnels facilitate an appearance of the mobile devices being present in the VPN while connecting remotely from other networks. Show less

Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise… Show more

Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are part of a virtual computer network. In some situations, various types of modifications may be made to one or more computing nodes of an existing virtual computer network, and the described techniques include managing ongoing communications for those computing nodes so as to accommodate the modifications. Such modifications may include, for example, migrating or otherwise moving a particular computing node that is part of a virtual network to a new physical network location, or modifying other aspects of how the computing node participates in the virtual network (e.g., changing one or more virtual network addresses used by the computing node). In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users. Show less

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization… Show more

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently. Show less

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes… Show more

Techniques are described for providing managed virtual computer networks that may have a configured logical network topology with one or more virtual networking devices, with corresponding networking functionality provided for communications between multiple computing nodes of the virtual computer network by emulating functionality that would be provided by the networking devices if they were physically present. In some situations, the emulating of networking device functionality includes receiving routing communications directed to the networking devices and using included routing information to update the configured network topology for the managed computer network. In addition, the techniques may further include supporting interactions with devices that are external to the virtual computer network, including remote physical networking devices that are part of a remote computer network configured to interoperate with the virtual computer network, and/or specialized network devices that are accessible via a substrate network on which the virtual computer network is overlaid. Show less

Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider… Show more

Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client. Show less

A system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system is presented. A client system can read a machine-readable code generated by a merchant system associated with a merchant, or other product or service provider, and present the information encoded by the machine-readable code to a customer. Upon receiving confirmation that the customer desires to proceed with the transaction, the… Show more

A system and associated processes for consolidating and replacing various forms of payment (e.g. credit cards, debit cards, and cash) with a single payment system is presented. A client system can read a machine-readable code generated by a merchant system associated with a merchant, or other product or service provider, and present the information encoded by the machine-readable code to a customer. Upon receiving confirmation that the customer desires to proceed with the transaction, the client system can initiate payment by contacting a payment system associated with the customer. This payment system can then transfer payment to the merchant by, for example, transferring cash from the customer's account or using credit associated with the customer's account. Thus, embodiments of the present disclosure enable a customer to complete a transaction without using, for example, cash, a credit card, or a debit card. Show less

This patent relates to virtual network provisioning techniques. The patent describes an API that can be used to configure virtual networking devices of a customer's virtual private network to communicate with a different network (i.e. another virtual private cloud or a customer’s data center). The customer can invoke the API and specify routing configuration information. The exchanged routing information enables the each network to learn about routes within the other network, so as to allow… Show more

This patent relates to virtual network provisioning techniques. The patent describes an API that can be used to configure virtual networking devices of a customer's virtual private network to communicate with a different network (i.e. another virtual private cloud or a customer’s data center). The customer can invoke the API and specify routing configuration information. The exchanged routing information enables the each network to learn about routes within the other network, so as to allow communications to be directed between the two virtual private networks. Show less

A network-based service may generate notifications regarding items of interest to a user. A contact selection service may receive the notifications and generate a user interface for transmission of the notification to the user. The generated user interface may include a unique identifier and may further enable the user to submit user contact information to request contact with a service agent. The contact selection service may further pre-authorize contacts between users and customer service… Show more

A network-based service may generate notifications regarding items of interest to a user. A contact selection service may receive the notifications and generate a user interface for transmission of the notification to the user. The generated user interface may include a unique identifier and may further enable the user to submit user contact information to request contact with a service agent. The contact selection service may further pre-authorize contacts between users and customer service agents CSA. The unique identifier, and optionally the submitted user contact information, may be employed by the contact selection service to selectively determine which customer contact requests received by the contact selection service are pre-authorized for contact with a CSA and enables such contacts between customers and CSAs to proceed. Show less

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a… Show more

Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service in order to create and configure computer networks that are provided by the configurable network service for use by the users. Computer networks provided by the configurable network service may be configured to be private computer networks that are accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. If so, secure private access between an existing computer network and new computer network extension that is being provided may be enabled using one or more VPN connections or other private access mechanisms. Show less

This application is generally related to using information from the operation of a computer network to trigger actions outside of the computer network - the described techniques may be useful in services similar to, for example, Amazon.com's Virtual Private Cloud system. As one example, a service may provide a virtual computer network to a customer, and then monitor information that is sent to router devices within the client's virtual computer network. Such monitored routing information may… Show more

This application is generally related to using information from the operation of a computer network to trigger actions outside of the computer network - the described techniques may be useful in services similar to, for example, Amazon.com's Virtual Private Cloud system. As one example, a service may provide a virtual computer network to a customer, and then monitor information that is sent to router devices within the client's virtual computer network. Such monitored routing information may be used by the service to make changes to network devices that are used to run the customer’s virtual computer network. For example, the changes could be to update the service's DNS servers or its NAT (network address translation) devices. Show less