Patent application number | Description | Published |
20090172774 | METHOD AND SYSTEM FOR DISTRIBUTING SECURITY POLICIES - A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule. | 07-02-2009 |
20130007183 | Methods And Apparatus For Remotely Updating Executing Processes - Methods, apparatus, and computer-accessible storage media for remotely updating an executing process that receives I/O requests on I/O port(s), stores write data to a write log on local storage, and uploads data from the write log to remote storage. An update for the process is detected and downloaded, and an updated process is instantiated from the update. The current process is directed to perform a shutdown for update during an update window. In response, the current process saves its current configuration, flushes an in-memory portion of the write log to local storage, and releases its I/O port(s). The updated process loads the saved configuration, detects that the port(s) have been released, and starts accepting I/O requests on the ports. During flushing, the current process flushes current data in memory while continuing to append new write data, stops accepting new write requests, and then flushes the new write data. | 01-03-2013 |
20130007219 | Shadowing Storage Gateway - Methods, apparatus, and computer-accessible storage media for shadowing data stored on a local store to a remote store provided by a service provider. A gateway may be configured as a shadowing gateway on a customer network in response to receiving configuration information. The shadowing gateway may receive reads and writes to the local store. The gateway passes the requests to the local store, and also uploads write data indicated by the writes to the service provider to update a snapshot of the local store maintained by the service provider on the remote store. The write data may be buffered to a write log for uploading, and may be uploaded as blocks according to a block storage format used by the service provider. The shadowing process may be transparent to processes on the customer network. The shadowed data may be used to recover data on the local store. | 01-03-2013 |
20130007854 | Storage Gateway Activation Process - Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider. | 01-03-2013 |
20140330784 | METHODS AND APPARATUS FOR CONTROLLING SNAPSHOT EXPORTS - Methods, apparatus, and computer-accessible storage media for controlling export of snapshots to external networks in service provider environments. Methods are described that may be used to prevent customers of a service provider from downloading snapshots of volumes, such as boot images created by the service provider or provided by third parties, to which the customer does not have the appropriate rights. A request may be received from a user to access one or more snapshots, for example a request to export the snapshot or a request for a listing of snapshots. For each snapshot, the service provider may determine if the user has rights to the snapshot, for example by checking a manifest for the snapshot to see if entries in the snapshot manifest belong to an account other than the customer's. If the user has rights to the snapshot, the request is granted; otherwise, the request is not granted. | 11-06-2014 |
20140337483 | REDUNDANT STORAGE GATEWAYS - Methods, apparatus, and computer-accessible storage media for providing redundant storage gateways. A client may create a storage gateway group and add storage gateways to the group. The client may assign one or more volumes on a remote data store to each the storage gateways in the group. Volume data for each storage gateway in the group may be replicated to at least one other storage gateway in the group. If one of the gateways in the group becomes unavailable, one or more other gateways in the group may take over volumes previously assigned to the unavailable gateway, using the replicated data in the group to seamlessly resume gateway operations for the respective volumes. Client processes that previously communicated with the unavailable gateway may be manually or automatically directed to the gateway(s) that are taking over the unavailable gateway's volumes. | 11-13-2014 |
20140351906 | STORAGE GATEWAY ACTIVATION PROCESS - Methods, apparatus, and computer-accessible storage media for activating a gateway to a remote service provider. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. A gateway sends a public key and metadata describing the gateway to the provider. The gateway receives an activation key from the provider and exposes the activation key on the customer network. The customer obtains the key and communicates to the provider using the key to provide customer information including a name for the gateway and to authorize registration of the gateway. The provider provides the customer information to the gateway. The gateway requests security credentials from the provider using the customer information and the key. The provider sends a security credential to the gateway. The gateway may then obtain configuration information from the customer via the provider. | 11-27-2014 |
20140372381 | METHODS AND APPARATUS FOR DATA RESTORE AND RECOVERY FROM A REMOTE DATA STORE - Methods, apparatus, and computer-accessible storage media for restoring data from a snapshot to a data volume. The blocks in the volume may be treated as an implicit tree structure, for example a binary tree; each local block corresponds to a block on the snapshot. A local block on the volume may be marked, for example fingerprinted with metadata, to indicate that the local block has not been restored. Initially, the local block at the root node is marked. To restore a local block, the restore process may generate a list indicating all local blocks on a path from the root node of the tree to the target node that have not been restored. The marks in the local blocks are used in generating the list. For each block indicated in the list, children of the block are fingerprinted, and the block is restored from the snapshot. | 12-18-2014 |