Patent•
Security protocols for low latency execution of program code
04 Feb 2015-
TL;DR: In this paper, a system for providing security mechanisms for secure execution of program code is described, where the system may be configured to maintain a plurality of virtual machine instances and allocate computing resources for executing the program code on one of the instances.
Abstract: A system for providing security mechanisms for secure execution of program code is described. The system may be configured to maintain a plurality of virtual machine instances. The system may be further configured to receive a request to execute a program code and allocate computing resources for executing the program code on one of the virtual machine instances. One mechanism involves executing program code according to a user-specified security policy. Another mechanism involves executing program code that may be configured to communicate or interface with an auxiliary service. Another mechanism involves splitting and executing program code in a plurality of portions, where some portions of the program code are executed in association with a first level of trust and some portions of the program code are executed with different levels of trust.
Citations
More filters
Patent•
29 Sep 2015TL;DR: In this paper, a service manages a plurality of virtual machine instances for low latency execution of user codes and provides the capability to execute user code in response to events triggered on an auxiliary service to provide implicit and automatic rate matching and scaling.
Abstract: A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on an auxiliary service to provide implicit and automatic rate matching and scaling between events being triggered on the auxiliary service and the corresponding execution of user code on various virtual machine instances. An auxiliary service may be configured as an event triggering service to detect events and generate event messages for execution of the user codes. The service can request, receive, or poll for event messages directly from the auxiliary service or via an intermediary message service. Event messages can be rapidly converted to requests to execute user code on the service. The time from processing the event message to initiating a request to begin code execution is less than a predetermined duration, for example, 100 ms.
77 citations
Patent•
01 Nov 2016TL;DR: In this article, a service manages a plurality of virtual machine instances for low latency execution of user codes and provides the capability to execute user code in response to events triggered on an auxiliary service to provide implicit and automatic rate matching and scaling between events being triggered on the auxiliary service and the corresponding execution of the user code on various virtual machine instance.
Abstract: A service manages a plurality of virtual machine instances for low latency execution of user codes. The service can provide the capability to execute user code in response to events triggered on an auxillary service to provide implicit and automatic rate matching and scaling between events being triggered on the auxiliary service and the corresponding execution of user code on various virtual machine instances. An auxiliary service may be configured as an event triggering service to detect events and generate event messages for execution of the user codes. The service can request, receive, or poll for event messages directly from the auxiliary service or via an intermediary message service. Event messages can be rapidly converted to requests to execute user code on the service. The time from processing the event message to initiating a request to begin code execution is less than a predetermined duration, for example, 100 ms.
71 citations
Patent•
28 Jun 2016TL;DR: In this paper, the authors describe a system and methods for managing asynchronous code executions in an on-demand code execution system or other distributed code execution environment, in which multiple execution environments, such as virtual machine instances, can be used to enable rapid execution of user-submitted code.
Abstract: Systems and methods are described for managing asynchronous code executions in an on-demand code execution system or other distributed code execution environment, in which multiple execution environments, such as virtual machine instances, can be used to enable rapid execution of user-submitted code. When asynchronous executions occur, a first execution may call a second execution, but not immediately need the second execution to complete. To efficiently allocate computing resources, this disclosure enables the second execution to be scheduled accordingly to a state of the on-demand code execution system, while still ensuring the second execution completes prior to the time required by the first execution. Scheduling of executions can, for example, enable more efficient load balancing on the on-demand code execution system.
70 citations
Patent•
30 Sep 2014TL;DR: In this article, a service manages a plurality of virtual machine instances for low latency execution of user codes based on a predetermined set of configurations, such that the time from receiving the request to beginning code execution is less than a predetermined duration.
Abstract: A service manages a plurality of virtual machine instances for low latency execution of user codes. The plurality of virtual machine instances can be configured based on a predetermined set of configurations. One or more containers may be created within the virtual machine instances. In response to a request to execute user code, the service identifies a pre-configured virtual machine instance suitable for executing the user code. The service can allocate the identified virtual machine instance to the user, create a new container within an instance already allocated to the user, or re-use a container already created for execution of the user code. When the user code has not been activated for a time-out period, the service can invalidate allocation of the virtual machine instance destroy the container. The time from receiving the request to beginning code execution is less than a predetermined duration, for example, 100 ms.
69 citations
Patent•
08 Apr 2015TL;DR: An endpoint management and proxy system is described in this paper, by which users can manage and enable exposure of application programming interfaces ("APIs") usable to cause execution of program code on a remote or third party system.
Abstract: An endpoint management and proxy system is described, by which users can manage and enable exposure of application programming interfaces ("APIs") usable to cause execution of program code on a remote or third party system. Systems and methods are disclosed which facilitate the handling of user requests to perform certain tasks on remote systems. The endpoint management system allows the application developer to define and specify a first proxy API which maps to a second API associated with the remote system. The endpoint proxy system receives requests to execute the proxy API, determines the API mapping, and sends one or more backend API requests to execute program codes by the associated remote systems. Responses from the remote systems are received by the endpoint proxy system which parses and/or transforms the results associated with the response and generates an output result for response back to the user computing systems.
68 citations
References
More filters
Journal Article•
TL;DR: Docker promises the ability to package applications and their dependencies into lightweight containers that move easily between different distros, start up quickly and are isolated from each other.
Abstract: Docker promises the ability to package applications and their dependencies into lightweight containers that move easily between different distros, start up quickly and are isolated from each other.
2,394 citations
Patent•
09 Mar 2009TL;DR: In this article, a distributed application is defined as an application made up of distinct components (e.g., virtual appliances, virtual machines, virtual interfaces, virtual volumes, virtual network connections, etc.) in separate runtime environments.
Abstract: Teachings of this application include a computing network that may include multiple different data centers and/or server grids which are deployed in different geographic locations. In at least one embodiment, at least some of the server grids may be operable to provide on-demand, grid and/or utility computing resources for hosting various types of distributed applications. In at least one embodiment, a distributed application may be characterized as an application made up of distinct components (e.g., virtual appliances, virtual machines, virtual interfaces, virtual volumes, virtual network connections, etc.) in separate runtime environments. In at least one embodiment, different ones of the distinct components of the distributed application may be hosted or deployed on different platforms (e.g., different servers) connected via a network. In some embodiments, a distributed application may be characterized as an application that runs on two or more networked computers.
1,663 citations
Patent•
26 Apr 2005
TL;DR: In this paper, a management capability is provided for a virtual computing platform that allows for the creation, deletion, modification, control (e.g., start, stop, suspend, resume) and status (i.e., events) off the virtual servers which execute on the virtual computing platforms and the management capability provides controls for these functions.
Abstract: A management capability is provided for a virtual computing platform. In one example, this platform allows interconnected physical resources such as processors, memory, network interfaces and storage interfaces to be abstracted and mapped to virtual resources (e.g., virtual mainframes, virtual partitions). Virtual resources contained in a virtual partition can be assembled into virtual servers that execute a guest operating system (e.g., Linux). In one example, the abstraction is unique in that any resource is available to any virtual server regardless of the physical boundaries that separate the resources. For example, any number of physical processors or any amount of physical memory can be used by a virtual server even if these resources span different nodes. A virtual computing platform is provided that allows for the creation, deletion, modification, control (e.g., start, stop, suspend, resume) and status (i.e., events) off the virtual servers which execute on the virtual computing platform and the management capability provides controls for these functions. In a particular example, such a platform allows the number and type of virtual resources consumed by a virtual server to be scaled up or down when the virtual server is running. For instance, an administrator may scale a virtual server manually or may define one or more policies that automatically scale a virtual server. Further, using the management API, a virtual server can monitor itself and can scale itself up or down depending on its need for processing, memory and I/O resources. For example, a virtual server may monitor its CPU utilization and invoke controls through the management API to allocate a new processor for itself when its utilization exceeds a specific threshold. Conversely, a virtual server may scale down its processor count when its utilization falls. Policies can be used to execute one or more management controls. More specifically, a management capability is provided that allows policies to be defined using management object's properties, events and/or method results. A management policy may also incorporate external data (e.g., an external event) in its definition. A policy may be triggered, causing the management server or other computing entity to execute an action. An action may utilize one or more management controls. In addition, an action may access external capabilities such as sending notification e-mail or sending a text message to a telephone paging system. Further, management capability controls may be executed using a discrete transaction referred to as a 'job.' A series of management controls may be assembled into a job using one or management interfaces. Errors that occur when a job is executed may cause the job to be rolled back, allowing affected virtual servers to return to their original state.
717 citations
Patent•
02 May 2009
TL;DR: In this paper, a multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources via the Internet, and different tenants may define unique configurations of VM resources and unique rules to govern the use of the VM resources.
Abstract: A multi-tenant virtual machine infrastructure (MTVMI) allows multiple tenants to independently access and use a plurality of virtual computing resources via the Internet. Within the MTVMI, different tenants may define unique configurations of virtual computing resources and unique rules to govern the use of the virtual computing resources. The MTVMI may be configured to provide valuable services for tenants and users associated with the tenants.
626 citations
Patent•
03 Sep 2009
TL;DR: In this article, the authors describe a method of copying data of one or more virtual machines being hosted by non-virtual machines by receiving an indication that specifies how to perform a copy of data.
Abstract: Described in detail herein is a method of copying data of one or more virtual machines being hosted by one or more non-virtual machines. The method includes receiving an indication that specifies how to perform a copy of data of one or more virtual machines hosted by one or more virtual machine hosts. The method may include determining whether the one or more virtual machines are managed by a virtual machine manager that manages or facilitates management of the virtual machines. If so, the virtual machine manager is dynamically queried to automatically determine the virtual machines that it manages or that it facilitates management of. If not, a virtual machine host is dynamically queried to automatically determine the virtual machines that it hosts. The data of each virtual machine is then copied according to the specifications of the received indication.
606 citations