This application is being filed concurrently with the following U.S. Applications, each of which is incorporated herein by reference in its entirety:
Computing devices can utilize communication networks to exchange data. Companies and organizations operate computer networks that interconnect a number of computing devices to support operations or to provide services to third parties. The computing devices can be located in a single geographic location or located in multiple, distinct geographic locations (e.g., interconnected via private or public communication networks). Specifically, data centers or data processing centers, herein generally referred to as a “data center,” may include a number of interconnected computing systems to provide computing resources to users of the data center. The data centers may be private data centers operated on behalf of an organization or public data centers operated on behalf, or for the benefit of, the general public.
To facilitate increased utilization of data center resources, virtualization technologies allow a single physical computing device to host one or more instances of virtual machines that appear and operate as independent computing devices to users of a data center. With virtualization, the single physical computing device can create, maintain, delete, or otherwise manage virtual machines in a dynamic manner. In turn, users can request computer resources from a data center, including single computing devices or a configuration of networked computing devices, and be provided with varying numbers of virtual machine resources.
In addition to computational resources, data centers provide a number of other beneficial services to client devices. For example, data centers may provide data storage services configured to store data submitted by client devices, and enable retrieval of that data over a network. A variety of types of data storage services can be provided, often varying according to their input/output (I/O) mechanisms. For example, database services may allow I/O based on a database query language, such as the Structured Query Language (SQL). Block storage services may allow I/O based on modification to one or more defined-length blocks, in a manner similar to how an operating system interacts with local storage, and may thus facilitate virtualized disk drives usable, for example, to store an operating system of a virtual machine. Object storage services may allow I/O at the level of individual objects or resources, such as individual files, which may vary in content and length. For example, an object storage service may provide an interface compliant with the Representational State Transfer (REST) architectural style, such as by allowing I/O based on calls designating input data and a hypertext transport protocol request method (e.g., GET, PUT, POST, DELETE, etc.) to be applied to that data. By transmitting a call designating input data and a request method, a client can thus retrieve the data from an object storage service, write the data to the object storage service as a new object, modify an existing object, etc.
Generally described, aspects of the present disclosure relate to handling requests to read or write to data objects on an object storage system. More specifically, aspects of the present disclosure relate to modification of an input/output (I/O) path for an object storage service, such that one or more data manipulations can be inserted into the I/O path to modify the data to which a called request method is applied, without requiring a calling client device to specify such data manipulations. In one embodiment, data manipulations occur through execution of user-submitted code, which may be provided for example by an owner of a collection of data objects on an object storage system in order to control interactions with that data object. For example, in cases where an owner of an object collection wishes to ensure that end users do not submit objects to the collection including any personally identifying information (to ensure end user's privacy), the owner may submit code executable to strip such information from a data input. The owner may further specify that such code should be executed during each write of a data object to the collection. Accordingly, when an end user attempts to write input data to the collection as a data object (e.g., via an HTTP PUT method), the code may be first executed against the input data, and resulting output data may be written to the collection as the data object. Notably, this may result in the operation requested by the end user—such as a write operation—being applied not to the end user's input data, but instead to the data output by the data manipulation (e.g., owner-submitted) code. In this way, owners of data collections control I/O to those collections without relying on end users to comply with owner requirements. Indeed, end users (or any other client device) may be unaware that modifications to I/O are occurring. As such, embodiments of the present disclosure enable modification of I/O to an object storage service without modification of an interface to the service, ensuring inter-compatibility with other pre-existing software utilizing the service.
In some embodiments of the present disclosure, data manipulations may occur on an on-demand code execution system, sometimes referred to as a serverless execution system. Generally described, on-demand code execution systems enable execution of arbitrary user-designated code, without requiring the user to create, maintain, or configure an execution environment (e.g., a physical or virtual machine) in which the code is executed. For example, whereas conventional computing services often require a user to provision a specific device (virtual or physical), install an operating system on the device, configure application, define network interfaces, and the like, an on-demand code execution system may enable a user to submit code and may provide to the user an application programming interface (API) that, when used, enables the user to request execution of the code. On receiving a call through the API, the on-demand code execution system may generate an execution environment for the code, provision the environment with the code, execute the code, and provide a result. Thus, an on-demand code execution system can remove a need for a user to handle configuration and management of environments for code execution. Example techniques for implementing an on-demand code execution system are disclosed, for example, within U.S. Pat. No. 9,323,556, entitled “PROGRAMMATIC EVENT DETECTION AND MESSAGE GENERATION FOR REQUESTS TO EXECUTE PROGRAM CODE,” and filed Sep. 30, 2014 (the “'556 Patent”), the entirety of which is hereby incorporated by reference.
Due to the flexibility of on-demand code execution system to execute arbitrary code, such a system can be used to create a variety of network services. For example, such a system could be used to create a “micro-service,” a network service that implements a small number of functions (or only one function), and that interacts with other services to provide an application. In the context of on-demand code execution systems, the code executed to create such a service is often referred to as a “function” or a “task,” which can be executed to implement the service. Accordingly, one technique for performing data manipulations within the I/O path of an object storage service may be to create a task on an on-demand code execution system that, when executed, performs the required data manipulation. Illustratively, the task could provide an interface similar or identical to that of the object storage service, and be operable to obtain input data in response to a request method call (e.g., HTTP PUT or GET calls), execute the code of the task against the input data, and perform a call to the object storage service for implementation of the request method on resulting output data. A downside of this technique is a complexity. For example, end users might be required under this scenario to submit I/O requests to the on-demand code execution system, rather than the object storage service, to ensure execution of the task. Should an end user submit a call directly to the object storage service, task execution may not occur, and thus an owner would not be enabled to enforce a desired data manipulation for an object collection. In addition, this technique may require that code of a task be authored to both provide an interface to end users that enables handling of calls to implement request methods on input data, and an interface that enables performance of calls from the task execution to the object storage service. Implementation of these network interfaces may significantly increase the complexity of the required code, thus disincentivizing owners of data collections from using this technique. Moreover, where user-submitted code directly implements network communication, that code may need to be varied according to the request method handled. For example, a first set of code may be required to support GET operations, a second set of code may be required to support PUT operations, etc. Because embodiments of the present disclosure relieve the user-submitted code of the requirement of handling network communications, one set of code may in some cases be enabled to handle multiple request methods.
To address the above-noted problems, embodiments of the present disclosure can enable strong integration of serverless task executions with interfaces of an object storage service, such that the service itself is configured to invoke a task execution on receiving an I/O request to a data collection. Moreover, generation of code to perform data manipulations may be simplified by configuring the object storage service to facilitate data input and output from a task execution, without requiring the task execution to itself implement network communications for I/O operations. Specifically, an object storage service and on-demand code execution system can be configured in one embodiment to “stage” input data to a task execution in the form of a handle (e.g., a POSIX-compliant descriptor) to an operating-system-level input/output stream, such that code of a task can manipulate the input data via defined-stream operations (e.g., as if the data existed within a local file system). This stream-level access to input data can be contrasted, for example, with network-level access of input data, which generally requires that code implement network communication to retrieve the input data. Similarly, the object storage service and on-demand code execution system can be configured to provide an output stream handle representing an output stream to which a task execution may write output. On detecting writes to the output stream, the object storage service and on-demand code execution system may handle such writes as output data of the task execution, and apply a called request method to the output data. By enabling a task to manipulate data based on input and output streams passed to the task, as opposed to requiring the code to handle data communications over a network, the code of the task can be greatly simplified.
Another benefit of enabling a task to manipulate data based on input and output handles is increased security. A general-use on-demand code execution system may operate permissively with respect to network communications from a task execution, enabling any network communication from the execution unless such communication is explicitly denied. This permissive model is reflective of the use of task executions as micro-services, which often require interaction with a variety of other network services. However, this permissive model also decreases security of the function, since potentially malicious network communications can also reach the execution. In contrast to a permissive model, task executions used to perform data manipulations on an object storage system's I/O path can utilize a restrictive model, whereby only explicitly-allowed network communications can occur from an environment executing a task. Illustratively, because data manipulation can occur via input and output handles, it is envisioned that many or most tasks used to perform data manipulation in embodiments of the present disclosure would require no network communications to occur at all, greatly increasing security of such an execution. Where a task execution does require some network communications, such as to contact an external service to assist with a data manipulation, such communications can be explicitly allowed, or “whitelisted,” thus exposing the execution in only a strictly limited manner.
In some embodiments, a data collection owner may require only a single data manipulation to occur with respect to I/O to the collection. Accordingly, the object storage service may detect I/O to the collection, implement the data manipulation (e.g., by executing a serverless task within an environment provisioned with input and output handles), and apply the called request method to the resulting output data. In other embodiments, an owner may request multiple data manipulations occur with respect to an I/O path. For example, to increase portability and reusability, an owner may author multiple serverless tasks, which may be combined in different manners on different I/O paths. Thus, for each path, the owner may define a series of serverless tasks to be executed on I/O to the path. Moreover, in some configurations, an object storage system may natively provide one or more data manipulations. For example, an object storage system may natively accept requests for only portions of an object (e.g., of a defined byte range), or may natively enable execution of queries against data of an object (e.g., SQL queries). In some embodiments, any combination of various native manipulations and serverless task-based manipulations may be specified for a given I/O path. For example, an owner may specify that, for a particular request to read an object, a given SQL query be executed against the object, the output of which is processed via a first task execution, the output of which is processed via a second task execution, etc. The collection of data manipulations (e.g., native manipulations, serverless task-based manipulations, or a combination thereof) applied to an I/O path is generally referred to herein as a data processing “pipeline” applied to the I/O path.
In accordance with aspects of the present disclosure, a particular path modification (e.g., the addition of a pipeline) applied to an I/O path may vary according to attributes of the path, such as a client device from which an I/O request originates or an object or collection of objects within the request. For example, pipelines may be applied to individual objects, such that the pipeline is applied to all I/O requests for the object, or a pipeline may be selectively applied only when certain client devices access the object. In some instances, an object storage service may provide multiple I/O paths for an object or collection. For example, the same object or collection may be associated with multiple resource identifiers on the object storage service, such that the object or collection can be accessed through the multiple identifiers (e.g., uniform resource identifiers, or URIs), which illustratively correspond to different network-accessible endpoints. In one embodiment, different pipelines may be applied to each I/O path for a given object. For example, a first I/O path may be associated with unprivileged access to a data set, and thus be subject to data manipulations that remove confidential information from the data set prior during retrieval. A second I/O path may be associated with privileged access, and thus not be subject to those data manipulations. In some instances, pipelines may be selectively applied based on other criteria. For example, whether a pipeline is applied may be based on time of day, a number or rate of accesses to an object or collection, etc.
As will be appreciated by one of skill in the art in light of the present disclosure, the embodiments disclosed herein improve the ability of computing systems, such as object storage systems, to provide and enforce data manipulation functions against data objects. Whereas prior techniques generally depend on external enforcement of data manipulation functions (e.g., requesting that users strip personal information before uploading it), embodiments of the present disclosure enable direct insertion of data manipulation into an I/O path for the object storage system. Moreover, embodiments of the present disclosure provide a secure mechanism for implementing data manipulations, by providing for serverless execution of manipulation functions within an isolated execution environment. Embodiments of the present disclosure further improve operation of serverless functions, by enabling such functions to operate on the basis of local stream (e.g., “file”) handles, rather than requiring that functions act as network-accessible services. The presently disclosed embodiments therefore address technical problems inherent within computing systems, such as the difficulty of enforcing data manipulations at storage systems and the complexity of creating external services to enforce such data manipulations. These technical problems are addressed by the various technical solutions described herein, including the insertion of data processing pipelines into an I/O path for an object or object collection, potentially without knowledge of a requesting user, the use of serverless functions to perform aspects of such pipelines, and the use of local stream handles to enable simplified creation of serverless functions. Thus, the present disclosure represents an improvement on existing data processing systems and computing systems in general.
The general execution of tasks on the on-demand code execution system will now be discussed. As described in detail herein, the on-demand code execution system may provide a network-accessible service enabling users to submit or designate computer-executable source code to be executed by virtual machine instances on the on-demand code execution system. Each set of code on the on-demand code execution system may define a “task,” and implement specific functionality corresponding to that task when executed on a virtual machine instance of the on-demand code execution system. Individual implementations of the task on the on-demand code execution system may be referred to as an “execution” of the task (or a “task execution”). In some cases, the on-demand code execution system may enable users to directly trigger execution of a task based on a variety of potential events, such as transmission of an application programming interface (“API”) call to the on-demand code execution system, or transmission of a specially formatted hypertext transport protocol (“HTTP”) packet to the on-demand code execution system. In accordance with embodiments of the present disclosure, the on-demand code execution system may further interact with an object storage system, in order to execute tasks during application of a data manipulation pipeline to an I/O path. The on-demand code execution system can therefore execute any specified executable code “on-demand,” without requiring configuration or maintenance of the underlying hardware or infrastructure on which the code is executed. Further, the on-demand code execution system may be configured to execute tasks in a rapid manner (e.g., in under 100 milliseconds [ms]), thus enabling execution of tasks in “real-time” (e.g., with little or no perceptible delay to an end user). To enable this rapid execution, the on-demand code execution system can include one or more virtual machine instances that are “pre-warmed” or pre-initialized (e.g., booted into an operating system and executing a complete or substantially complete runtime environment) and configured to enable execution of user-defined code, such that the code may be rapidly executed in response to a request to execute the code, without delay caused by initializing the virtual machine instance. Thus, when an execution of a task is triggered, the code corresponding to that task can be executed within a pre-initialized virtual machine in a very short amount of time.
Specifically, to execute tasks, the on-demand code execution system described herein may maintain a pool of executing virtual machine instances that are ready for use as soon as a request to execute a task is received. Due to the pre-initialized nature of these virtual machines, delay (sometimes referred to as latency) associated with executing the task code (e.g., instance and language runtime startup time) can be significantly reduced, often to sub-100 millisecond levels. Illustratively, the on-demand code execution system may maintain a pool of virtual machine instances on one or more physical computing devices, where each virtual machine instance has one or more software components (e.g., operating systems, language runtimes, libraries, etc.) loaded thereon. When the on-demand code execution system receives a request to execute program code (a “task”), the on-demand code execution system may select a virtual machine instance for executing the program code of the user based on the one or more computing constraints related to the task (e.g., a required operating system or runtime) and cause the task to be executed on the selected virtual machine instance. The tasks can be executed in isolated containers that are created on the virtual machine instances, or may be executed within a virtual machine instance isolated from other virtual machine instances acting as environments for other tasks. Since the virtual machine instances in the pool have already been booted and loaded with particular operating systems and language runtimes by the time the requests are received, the delay associated with finding compute capacity that can handle the requests (e.g., by executing the user code in one or more containers created on the virtual machine instances) can be significantly reduced.
As used herein, the term “virtual machine instance” is intended to refer to an execution of software or other executable code that emulates hardware to provide an environment or platform on which software may execute (an example “execution environment”). Virtual machine instances are generally executed by hardware devices, which may differ from the physical hardware emulated by the virtual machine instance. For example, a virtual machine may emulate a first type of processor and memory while being executed on a second type of processor and memory. Thus, virtual machines can be utilized to execute software intended for a first execution environment (e.g., a first operating system) on a physical device that is executing a second execution environment (e.g., a second operating system). In some instances, hardware emulated by a virtual machine instance may be the same or similar to hardware of an underlying device. For example, a device with a first type of processor may implement a plurality of virtual machine instances, each emulating an instance of that first type of processor. Thus, virtual machine instances can be used to divide a device into a number of logical sub-devices (each referred to as a “virtual machine instance”). While virtual machine instances can generally provide a level of abstraction away from the hardware of an underlying physical device, this abstraction is not required. For example, assume a device implements a plurality of virtual machine instances, each of which emulate hardware identical to that provided by the device. Under such a scenario, each virtual machine instance may allow a software application to execute code on the underlying hardware without translation, while maintaining a logical separation between software applications running on other virtual machine instances. This process, which is generally referred to as “native execution,” may be utilized to increase the speed or performance of virtual machine instances. Other techniques that allow direct utilization of underlying hardware, such as hardware pass-through techniques, may be used, as well.
While a virtual machine executing an operating system is described herein as one example of an execution environment, other execution environments are also possible. For example, tasks or other processes may be executed within a software “container,” which provides a runtime environment without itself providing virtualization of hardware. Containers may be implemented within virtual machines to provide additional security, or may be run outside of a virtual machine instance.
The foregoing aspects and many of the attendant advantages of this disclosure will become more readily appreciated as the same become better understood by reference to the following description, when taken in conjunction with the accompanying drawings.
By way of illustration, various example client devices 102 are shown in communication with the service provider system 110, including a desktop computer, laptop, and a mobile phone. In general, the client devices 102 can be any computing device such as a desktop, laptop or tablet computer, personal computer, wearable computer, server, personal digital assistant (PDA), hybrid PDA/mobile phone, mobile phone, electronic book reader, set-top box, voice command device, camera, digital media player, and the like.
Generally described, the object storage service 160 can operate to enable clients to read, write, modify, and delete data objects, each of which represents a set of data associated with an identifier (an “object identifier” or “resource identifier”) that can be interacted with as an individual resource. For example, an object may represent a single file submitted by a client device 102 (though the object storage service 160 may or may not store such an object as a single file). This object-level interaction can be contrasted with other types of storage services, such as block-based storage services providing data manipulation at the level of individual blocks or database storage services providing data manipulation at the level of tables (or parts thereof) or the like.
The object storage service 160 illustratively includes one or more frontends 162, which provide an interface (a command-line interface (CLIs), application programing interface (APIs), or other programmatic interface) through which client devices 102 can interface with the service 160 to configure the service 160 on their behalf and to perform I/O operations on the service 160. For example, a client device 102 may interact with a frontend 162 to create a collection of data objects on the service 160 (e.g., a “bucket” of objects) and to configure permissions for that collection. Client devices 102 may thereafter create, read, update, or delete objects within the collection based on the interfaces of the frontends 162. In one embodiment, the frontend 162 provides a REST-compliant HTTP interface supporting a variety of request methods, each of which corresponds to a requested I/O operation on the service 160. By way of non-limiting example, request methods may include:
During general operation, frontends 162 may be configured to obtain a call to a request method, and apply that request method to input data for the method. For example, a frontend 162 can respond to a request to PUT input data into the service 160 as an object by storing that input data as the object on the service 160. Objects may be stored, for example, on object data stores 168, which correspond to any persistent or substantially persistent storage (including hard disk drives (HDDs), solid state drives (SSDs), network accessible storage (NAS), storage area networks (SANs), non-volatile random access memory (NVRAM), or any of a variety of storage devices known in the art). As a further example, the frontend 162 can respond to a request to GET an object from the service 160 by retrieving the object from the stores 168 (the object representing input data to the GET resource request), and returning the object to a requesting client device 102.
In some cases, calls to a request method may invoke one or more native data manipulations provided by the service 160. For example, a SELECT operation may provide an SQL-formatted query to be applied to an object (also identified within the request), or a GET operation may provide a specific range of bytes of an object to be returned. The service 160 illustratively includes an object manipulation engine 170 configured to perform native data manipulations, which illustratively corresponds to a device configured with software executable to implement native data manipulations on the service 160 (e.g., by stripping non-selected bytes from an object for a byte-range GET, by applying an SQL query to an object and returning results of the query, etc.).
In accordance with embodiments of the present disclosure, the service 160 can further be configured to enable modification of an I/O path for a given object or collection of objects, such that a called request method is applied to an output of a data manipulation function, rather than the resource identified within the call. For example, the service 160 may enable a client device 102 to specify that GET operations for a given object should be subject to execution of a user-defined task on the on-demand code execution system 120, such that the data returned in response to the operation is the output of a task execution rather than the requested object. Similarly, the service 160 may enable a client device 102 to specify that PUT operations to store a given object should be subject to execution of a user-defined task on the on-demand code execution system 120, such that the data stored in response to the operation is the output of a task execution rather than the data provided for storage by a client device 102. As will be discussed in more detail below, path modifications may include specification of a pipeline of data manipulations, including native data manipulations, task-based manipulations, or combinations thereof. Illustratively, a client device 102 may specify a pipeline or other data manipulation for an object or object collection through the frontend 162, which may store a record of the pipeline or manipulation in the I/O path modification data store 164, which store 164, like the object data stores 168, can represent any persistent or substantially persistent storage. While shown as distinct in
To enable data manipulation via execution of user-defined code, the system further includes an on-demand code execution system 120. In one embodiment, the system 120 is solely usable by the object storage service 160 in connection with data manipulations of an I/O path. In another embodiment, the system 120 is additionally accessible by client devices 102 to directly implement serverless task executions. For example, the on-demand code execution system 120 may provide the service 160 (and potentially client devices 102) with one or more user interfaces, command-line interfaces (CLIs), application programing interfaces (APIs), or other programmatic interfaces for generating and uploading user-executable code (e.g., including metadata identifying dependency code objects for the uploaded code), invoking the user-provided code (e.g., submitting a request to execute the user codes on the on-demand code execution system 120), scheduling event-based jobs or timed jobs, tracking the user-provided code, or viewing other logging or monitoring information related to their requests or user codes. Although one or more embodiments may be described herein as using a user interface, it should be appreciated that such embodiments may, additionally or alternatively, use any CLIs, APIs, or other programmatic interfaces.
The client devices 102, object storage service 160, and on-demand code execution system 120 may communicate via a network 104, which may include any wired network, wireless network, or combination thereof. For example, the network 104 may be a personal area network, local area network, wide area network, over-the-air broadcast network (e.g., for radio or television), cable network, satellite network, cellular telephone network, or combination thereof. As a further example, the network 104 may be a publicly accessible network of linked networks, possibly operated by various distinct parties, such as the Internet. In some embodiments, the network 104 may be a private or semi-private network, such as a corporate or university intranet. The network 104 may include one or more wireless networks, such as a Global System for Mobile Communications (GSM) network, a Code Division Multiple Access (CDMA) network, a Long Term Evolution (LTE) network, or any other type of wireless network. The network 104 can use protocols and components for communicating via the Internet or any of the other aforementioned types of networks. For example, the protocols used by the network 104 may include Hypertext Transfer Protocol (HTTP), HTTP Secure (HTTPS), Message Queue Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), and the like. Protocols and components for communicating via the Internet or any of the other aforementioned types of communication networks are well known to those skilled in the art and, thus, are not described in more detail herein.
To enable interaction with the on-demand code execution system 120, the system 120 includes one or more frontends 130, which enable interaction with the on-demand code execution system 120. In an illustrative embodiment, the frontends 130 serve as a “front door” to the other services provided by the on-demand code execution system 120, enabling users (via client devices 102) or the service 160 to provide, request execution of, and view results of computer executable code. The frontends 130 include a variety of components to enable interaction between the on-demand code execution system 120 and other computing devices. For example, each frontend 130 may include a request interface providing client devices 102 and the service 160 with the ability to upload or otherwise communication user-specified code to the on-demand code execution system 120 and to thereafter request execution of that code. In one embodiment, the request interface communicates with external computing devices (e.g., client devices 102, frontend 162, etc.) via a graphical user interface (GUI), CLI, or API. The frontends 130 process the requests and make sure that the requests are properly authorized. For example, the frontends 130 may determine whether the user associated with the request is authorized to access the user code specified in the request.
References to user code as used herein may refer to any program code (e.g., a program, routine, subroutine, thread, etc.) written in a specific program language. In the present disclosure, the terms “code,” “user code,” and “program code,” may be used interchangeably. Such user code may be executed to achieve a specific function, for example, in connection with a particular data transformation developed by the user. As noted above, individual collections of user code (e.g., to achieve a specific function) are referred to herein as “tasks,” while specific executions of that code (including, e.g., compiling code, interpreting code, or otherwise making the code executable) are referred to as “task executions” or simply “executions.” Tasks may be written, by way of non-limiting example, in JavaScript (e.g., node.js), Java, Python, or Ruby (or another programming language).
To manage requests for code execution, the frontend 130 can include an execution queue, which can maintain a record of requested task executions. Illustratively, the number of simultaneous task executions by the on-demand code execution system 120 is limited, and as such, new task executions initiated at the on-demand code execution system 120 (e.g., via an API call, via a call from an executed or executing task, etc.) may be placed on the execution queue and processed, e.g., in a first-in-first-out order. In some embodiments, the on-demand code execution system 120 may include multiple execution queues, such as individual execution queues for each user account. For example, users of the service provider system 110 may desire to limit the rate of task executions on the on-demand code execution system 120 (e.g., for cost reasons). Thus, the on-demand code execution system 120 may utilize an account-specific execution queue to throttle the rate of simultaneous task executions by a specific user account. In some instances, the on-demand code execution system 120 may prioritize task executions, such that task executions of specific accounts or of specified priorities bypass or are prioritized within the execution queue. In other instances, the on-demand code execution system 120 may execute tasks immediately or substantially immediately after receiving a call for that task, and thus, the execution queue may be omitted.
The frontend 130 can further include an output interface configured to output information regarding the execution of tasks on the on-demand code execution system 120. Illustratively, the output interface may transmit data regarding task executions (e.g., results of a task, errors related to the task execution, or details of the task execution, such as total time required to complete the execution, total data processed via the execution, etc.) to the client devices 102 or the object storage service 160.
In some embodiments, the on-demand code execution system 120 may include multiple frontends 130. In such embodiments, a load balancer may be provided to distribute the incoming calls to the multiple frontends 130, for example, in a round-robin fashion. In some embodiments, the manner in which the load balancer distributes incoming calls to the multiple frontends 130 may be based on the location or state of other components of the on-demand code execution system 120. For example, a load balancer may distribute calls to a geographically nearby frontend 130, or to a frontend with capacity to service the call. In instances where each frontend 130 corresponds to an individual instance of another component of the on-demand code execution system 120, such as the active pool 148 described below, the load balancer may distribute calls according to the capacities or loads on those other components. Calls may in some instances be distributed between frontends 130 deterministically, such that a given call to execute a task will always (or almost always) be routed to the same frontend 130. This may, for example, assist in maintaining an accurate execution record for a task, to ensure that the task executes only a desired number of times. For example, calls may be distributed to load balance between frontends 130. Other distribution techniques, such as anycast routing, will be apparent to those of skill in the art.
The on-demand code execution system 120 further includes one or more worker managers 140 that manage the execution environments, such as virtual machine instances 150 (shown as VM instance 150A and 150B, generally referred to as a “VM”), used for servicing incoming calls to execute tasks. While the following will be described with reference to virtual machine instances 150 as examples of such environments, embodiments of the present disclosure may utilize other environments, such as software containers. In the example illustrated in
Although the virtual machine instances 150 are described here as being assigned to a particular task, in some embodiments, the instances may be assigned to a group of tasks, such that the instance is tied to the group of tasks and any tasks of the group can be executed within the instance. For example, the tasks in the same group may belong to the same security group (e.g., based on their security credentials) such that executing one task in a container on a particular instance 150 after another task has been executed in another container on the same instance does not pose security risks. As discussed below, a task may be associated with permissions encompassing a variety of aspects controlling how a task may execute. For example, permissions of a task may define what network connections (if any) can be initiated by an execution environment of the task. As another example, permissions of a task may define what authentication information is passed to a task, controlling what network-accessible resources are accessible to execution of a task (e.g., objects on the service 160). In one embodiment, a security group of a task is based on one or more such permissions. For example, a security group may be defined based on a combination of permissions to initiate network connections and permissions to access network resources. As another example, the tasks of the group may share common dependencies, such that an environment used to execute one task of the group can be rapidly modified to support execution of another task within the group.
Once a triggering event to execute a task has been successfully processed by a frontend 130, the frontend 130 passes a request to a worker manager 140 to execute the task. In one embodiment, each frontend 130 may be associated with a corresponding worker manager 140 (e.g., a worker manager 140 co-located or geographically nearby to the frontend 130) and thus, the frontend 130 may pass most or all requests to that worker manager 140. In another embodiment, a frontend 130 may include a location selector configured to determine a worker manager 140 to which to pass the execution request. In one embodiment, the location selector may determine the worker manager 140 to receive a call based on hashing the call, and distributing the call to a worker manager 140 selected based on the hashed value (e.g., via a hash ring). Various other mechanisms for distributing calls between worker managers 140 will be apparent to one of skill in the art.
Thereafter, the worker manager 140 may modify a virtual machine instance 150 (if necessary) and execute the code of the task within the instance 150. As shown in
In accordance with aspects of the present disclosure, each VM 150 additionally includes staging code 157 executable to facilitate staging of input data on the VM 150 and handling of output data written on the VM 150, as well as a VM data store 158 accessible through a local file system of the VM 150. Illustratively, the staging code 157 represents a process executing on the VM 150 (or potentially a host device of the VM 150) and configured to obtain data from the object storage service 160 and place that data into the VM data store 158. The staging code 157 can further be configured to obtain data written to a file within the VM data store 158, and to transmit that data to the object storage service 160. Because such data is available at the VM data store 158, user code 156 is not required to obtain data over a network, simplifying user code 156 and enabling further restriction of network communications by the user code 156, thus increasing security. Rather, as discussed above, user code 156 may interact with input data and output data as files on the VM data store 158, by use of file handles passed to the code 156 during an execution. In some embodiments, input and output data may be stored as files within a kernel-space file system of the data store 158. In other instances, the staging code 157 may provide a virtual file system, such as a filesystem in userspace (FUSE) interface, which provides an isolated file system accessible to the user code 156, such that the user code's access to the VM data store 158 is restricted.
As used herein, the term “local file system” generally refers to a file system as maintained within an execution environment, such that software executing within the environment can access data as file, rather than via a network connection. In accordance with aspects of the present disclosure, the data storage accessible via a local file system may itself be local (e.g., local physical storage), or may be remote (e.g., accessed via a network protocol, like NFS, or represented as a virtualized block device provided by a network-accessible service). Thus, the term “local file system” is intended to describe a mechanism for software to access data, rather than physical location of the data.
The VM data store 158 can include any persistent or non-persistent data storage device. In one embodiment, the VM data store 158 is physical storage of the host device, or a virtual disk drive hosted on physical storage of the host device. In another embodiment, the VM data store 158 is represented as local storage, but is in fact a virtualized storage device provided by a network accessible service. For example, the VM data store 158 may be a virtualized disk drive provided by a network-accessible block storage service. In some embodiments, the object storage service 160 may be configured to provide file-level access to objects stored on the data stores 168, thus enabling the VM data store 158 to be virtualized based on communications between the staging code 157 and the service 160. For example, the object storage service 160 can include a file-level interface 166 providing network access to objects within the data stores 168 as files. The file-level interface 166 may, for example, represent a network-based file system server (e.g., a network file system (NFS)) providing access to objects as files, and the staging code 157 may implement a client of that server, thus providing file-level access to objects of the service 160.
In some instances, the VM data store 158 may represent virtualized access to another data store executing on the same host device of a VM instance 150. For example, an active pool 148 may include one or more data staging VM instances (not shown in
While some examples are provided herein with respect to use of IO stream handles to read from or write to a VM data store 158, IO streams may additionally be used to read from or write to other interfaces of a VM instance 150 (while still removing a need for user code 156 to conduct operations other than stream-level operations, such as creating network connections). For example, staging code 157 may “pipe” input data to an execution of user code 156 as an input stream, the output of which may be “piped” to the staging code 157 as an output stream. As another example, a staging VM instance or a hypervisor to a VM instance 150 may pass input data to a network port of the VM instance 150, which may be read-from by staging code 157 and passed as an input stream to the user code 157. Similarly, data written to an output stream by the task code 156 may be written to a second network port of the instance 150A for retrieval by the staging VM instance or hypervisor. In yet another example, a hypervisor to the instance 150 may pass input data as data written to a virtualized hardware input device (e.g., a keyboard) and staging code 157 may pass to the user code 156 a handle to the IO stream corresponding to that input device. The hypervisor may similarly pass to the user code 156 a handle for an IO stream corresponding to a virtualized hardware output device, and read data written to that stream as output data. Thus, the examples provided herein with respect to file streams may generally be modified to relate to any IO stream.
The object storage service 160 and on-demand code execution system 120 are depicted in
In the example of
While some functionalities are generally described herein with reference to an individual component of the object storage service 160 and on-demand code execution system 120, other components or a combination of components may additionally or alternatively implement such functionalities. For example, while the object storage service 160 is depicted in
As illustrated, the frontend server 200 includes a processing unit 290, a network interface 292, a computer readable medium drive 294, and an input/output device interface 296, all of which may communicate with one another by way of a communication bus. The network interface 292 may provide connectivity to one or more networks or computing systems. The processing unit 290 may thus receive information and instructions from other computing systems or services via the network 104. The processing unit 290 may also communicate to and from primary memory 280 or secondary memory 298 and further provide output information for an optional display (not shown) via the input/output device interface 296. The input/output device interface 296 may also accept input from an optional input device (not shown).
The primary memory 280 or secondary memory 298 may contain computer program instructions (grouped as units in some embodiments) that the processing unit 290 executes in order to implement one or more aspects of the present disclosure. These program instructions are shown in
The primary memory 280 may store an operating system 284 that provides computer program instructions for use by the processing unit 290 in the general administration and operation of the frontend server 200. The memory 280 may further include computer program instructions and other information for implementing aspects of the present disclosure. For example, in one embodiment, the memory 280 includes a user interface unit 282 that generates user interfaces (or instructions therefor) for display upon a computing device, e.g., via a navigation or browsing interface such as a browser or application installed on the computing device.
In addition to or in combination with the user interface unit 282, the memory 280 may include a control plane unit 286 and data plane unit 288 each executable to implement aspects of the present disclosure. Illustratively, the control plane unit 286 may include code executable to enable owners of data objects or collections of objects to attach manipulations, serverless functions, or data processing pipelines to an I/O path, in accordance with embodiments of the present disclosure. For example, the control plane unit 286 may enable the frontend 162 to implement the interactions of
The frontend server 200 of
While described in
With reference to
The interactions of
While examples are discussed herein with respect to a “file” handle, embodiments of the present disclosure may utilize handles providing access to any operating-system-level input/output (IO) stream, examples of which include byte streams, character streams, file streams, and the like. As used herein, the term operating-system-level input/output stream (or simply an “IO stream”) is intended to refer to a stream of data for which an operating system provides a defined set of functions, such as seeking within the stream, reading from a stream, and writing to a stream. Streams may be created in various manners. For example, a programming language may generate a stream by use of a function library to open a file on a local operating system, or a stream may be created by use of a “pipe” operator (e.g., within an operating system shell command language). As will be appreciated by one skilled in the art, most general purpose programming languages include, as basic functionality of the code, the ability to interact with streams.
In accordance with embodiments of the present disclosure, task code may be authored to accept, as a parameter of the code, an input handle and an output handle, both representing IO streams (e.g., an input stream and an output stream, respectively). The code may then manipulate data of the input stream, and write an output to the output stream. Given use of a general purpose programming language, any of a variety of functions may be implemented according to the desires of the user. For example, a function may search for and remove confidential information from the input stream. While some code may utilize only input and output handles, other code may implement additional interfaces, such as network communication interfaces. However, by providing the code with access to input and output streams (via respective handles) created outside of the code, the need for the code to create such streams is removed. Moreover, because streams may be created outside of the code, and potentially outside of an execution environment of the code, stream manipulation code need not necessarily be trusted to conduct certain operations that may be necessary to create a stream. For example, a stream may represent information transmitted over a network connection, without the code being provided with access to that network connection. Thus, use of IO streams to pass data into and out of code executions can simplify code while increasing security.
As noted above, the code may be authored in a variety of programming languages. Authoring tools for such languages are known in the art and thus will not be described herein. While authoring is described in
At (2), the client device 102A submits the stream manipulation code to the frontend 162 of the service 160, and requests that an execution of the code be inserted into an I/O path for one or more objects. Illustratively, the frontends 162 may provide one or more interfaces to the device 102A enabling submission of the code (e.g., as a compressed file). The frontends 162 may further provide interfaces enabling designation of one or more I/O paths to which an execution of the code should be applied. Each I/O path may correspond, for example, to an object or collection of objects (e.g., a “bucket” of objects). In some instances, an I/O path may further corresponding to a given way of accessing such object or collection (e.g., a URI through which the object is created), to one or more accounts attempting to access the object or collection, or to other path criteria. Designation of the path modification is then stored in the I/O path modification data store 164, at (3). Additionally, the stream manipulation code is stored within the object data stores 166 at (4).
As such, when an I/O request is received via the specified I/O path, the service 160 is configured to execute the stream manipulation code against input data for the request (e.g., data provided by the client device 102A or an object of the service 160, depending on the I/O request), before then applying the request to the output of the code execution. In this manner, a client device 102A (which in
The interactions of
To address these shortcomings, embodiments of the present disclosure enable an owner to create a pipeline of data manipulations to be applied to an I/O path, linking together multiple data manipulations, each of which may also be inserted into other I/O paths. An illustrative visualization of such a pipeline is shown in
Contrary to typical implementations of request methods, in the illustrative pipeline 400, the called request method is not initially applied to the input data. Rather, the input data is initially passed to an execution of “code A” 404, where code A represents a first set of user-authored code. The output of that execution is then passed to “native function A” 406, which illustratively represents a native function of the service 160, such as a “SELECT” or byte-range function implemented by the object manipulation engine 170. The output of that native function 406 is then passed to an execution of “code B” 408, which represents a second set of user-authored code. Thereafter, the output of that execution 408 is passed to the called request method 410 (e.g., GET, PUT, LIST, etc.). Accordingly, rather than the request method being applied to the input data as in conventional techniques, in the illustration of
While the pipeline 400 of
Furthermore, in some embodiments, a pipeline applied to a particular I/O path may be generated on-the-fly, at the time of a request, based on data manipulations applied to the path according to different criteria. For example, an owner of a data collection may apply a first data manipulation to all interactions with objects within a collection, and a second data manipulation to all interactions obtained via a given URI. Thus, when a request is received to interact with an object within the collection and via the given URI, the service 160 may generate a pipeline combining the first and second data manipulations. The service 160 may illustratively implement a hierarchy of criteria, such that manipulations applied to objects are placed within the pipeline prior to manipulations applied to a URI, etc.
In some embodiments, client devices 102 may be enabled to request inclusion of a data manipulation within a pipeline. For example, within parameters of a GET request, a client device 102 may specify a particular data manipulation to be included within a pipeline applied in connection with the request. Illustratively, a collection owner may specify one or more data manipulations allowed for the collection, and further specify identifiers for those manipulations (e.g., function names). Thus, when requesting to interact with the collection, a client device 102 may specify the identifier to cause the manipulation to be included within a pipeline applied to the I/O path. In one embodiment, client-requested manipulations are appended to the end of a pipeline subsequent to owner-specified data manipulations and prior to implementing the requested request method. For example, where a client device 102 requests to GET a data set, and requests that a search function by applied to the data set before the GET method is implemented, the search function can receive as input data the output of an owner-specified data manipulations for the data set (e.g., manipulations to remove confidential information from the data set). In addition, requests may in some embodiments specify parameters to be passed to one or more data manipulations (whether specified within the request or not). Accordingly, while embodiments of the present disclosure can enable data manipulations without knowledge of those manipulations on the part of client devices 102, other embodiments may enable client devices 102 to pass information within an I/O request for use in implementing data manipulations.
Moreover, while example embodiments of the present disclosure are discussed with respect to manipulation of input data to a called method, embodiments of the present disclosure may further be utilized to modify aspects of a request, including a called method. For example, a serverless task execution may be passed the content of a request (including, e.g., a called method and parameters) and be configured to modify and return, as a return value to a frontend 162, a modified version of the method or parameters. Illustratively, where a client device 102 is authenticated as a user with access to only a portion of a data object, a serverless task execution may be passed a call to “GET” that data object, and may transform parameters of the GET request such that it applies only to a specific byte range of the data object corresponding to the portion that the user may access. As a further example, tasks may be utilized to implement customized parsing or restrictions on called methods, such as by limiting the methods a user may call, the parameters to those methods, or the like. In some instances, application of one or more functions to a request (e.g., to modify the method called or method parameters) may be viewed as a “pre-data processing” pipeline, and may thus be implemented prior to obtaining the input data within the pipeline 400 (which input data may change due to changes in the request), or may be implemented independently of a data manipulation pipeline 400.
Similarly, while example embodiments of the present disclosure are discussed with respect to application of a called method to output data of one or more data manipulations, in some embodiments manipulations can additionally or alternatively occur after application of a called method. For example, a data object may contain sensitive data that a data owner desires to remove prior to providing the data to a client. The owner may further enable a client to specify native manipulations to the data set, such as conducting a database query on the dataset (e.g., via a SELECT resource method). While the owner may specify a pipeline for the data set to cause filtering of sensitive data to be conducted prior to application of the SELECT method, such an order of operations may be undesirable, as filtering may occur with respect to the entire data object rather than solely the portion returned by the SELECT query. Accordingly, additionally or alternatively to specifying manipulations that occur prior to satisfying a request method, embodiments of the present disclosure can enable an owner to specify manipulations to occur subsequent to application of a called method but prior to conducting a final operation to satisfy a request. For example, in the case of a SELECT operation, the service 160 may first conduct the SELECT operation against specified input data (e.g., a data object), and then pass the output of that SELECT operation to a data manipulation, such as a serverless task execution. The output of that execution can then be returned to a client device 102 to satisfy the request.
While
With reference to
The interactions begin at (1), where a client device 102A submits a PUT object call to the storage service 160, corresponding to a request to store input data (e.g., included or specified within the call) on the service 160. The input data may correspond, for example, to a file stored on the client device 102A. As shown in
Accordingly, at (3), the frontend 162 detects within the modifications for the I/O path inclusion of a serverless task execution. Thus, at (4), the frontend 162 submits a call to the on-demand code execution system 120 to execute the task specified within the modifications against the input data specified within the call.
The on-demand code execution system 120, at (5), therefore generates an execution environment 502 in which to execute code corresponding to the task. Illustratively, the call may be directed to a frontend 130 of the system, which may distribute instructions to a worker manager 140 to select or generate a VM instance 150 in which to execute the task, which VM instance 150 illustratively represents the execution environment 502. During generation of the execution environment 502, the system 120 further provisions the environment with code 504 of the task indicated within the I/O path modification (which may be retrieved, for example, from the object data stores 166). While not shown in
In some embodiments, generation of the execution environment 502 can include configuring the environment 502 with security constraints limiting access to network resources. Illustratively, where a task is intended to conduct data manipulation without reference to network resources, the environment 502 can be configured with no ability to send or receive information via a network. Where a task is intended to utilize network resources, access to such resources can be provided on a “whitelist” basis, such that network communications from the environment 502 are allowed only for specified domains, network addresses, or the like. Network restrictions may be implemented, for example, by a host device hosting the environment 502 (e.g., by a hypervisor or host operating system). In some instances, network access requirements may be utilized to assist in placement of the environment 502, either logically or physically. For example, where a task requires no access to network resources, the environment 502 for the task may be placed on a host device that is distant from other network-accessible services of the service provider system 110, such as an “edge” device with a lower-quality communication channel to those services. Where a task requires access to otherwise private network services, such as services implemented within a virtual private cloud (e.g., a local-area-network-like environment implemented on the service 160 on behalf of a given user), the environment 502 may be created to exist logically within that cloud, such that a task execution 502 accesses resources within the cloud. In some instances, a task may be configured to execute within a private cloud of a client device 102 that submits an I/O request. In other instances, a task may be configured to execute within a private cloud of an owner of the object or collection referenced within the request.
In addition to generating the environment 502, at (6), the system 120 provisions the environment with stream-level access to an input file handle 506 and an output file handle 508, usable to read from and write to the input data and output data of the task execution, respectively. In one embodiment, files handle 506 and 508 may point to a (physical or virtual) block storage device (e.g., disk drive) attached to the environment 502, such that the task can interact with a local file system to read input data and write output data. For example, the environment 502 may represent a virtual machine with a virtual disk drive, and the system 120 may obtain the input data from the service 160 and store the input data on the virtual disk drive. Thereafter, on execution of the code, the system 120 may pass to the code a handle of the input data as stored on the virtual disk drive, and a handle of a file on the drive to which to write output data. In another embodiment, files handle 506 and 508 may point to a network file system, such as an NFS-compatible file system, on which the input data has been stored. For example, the frontend 162 during processing of the call may store the input data as an object on the object data stores 166, and the file-level interface 166 may provide file-level access to the input data and to a file representing output data. In some cases, the file handles 506 and 508 may point to files on a virtual file system, such as a file system in user space. By providing handles 506 and 508, the task code 504 is enabled to read the input data and write output data using stream manipulations, as opposed to being required to implement network transmissions. Creation of the handles 506 and 508 (or streams corresponding to the handles) may illustratively be achieved by execution of staging code 157 within or associated with the environment 502.
The interactions of
While shown as a single interaction in
In addition, while a success return value is assumed in
For purposes of the present illustration, it will be assumed that the success return value of the task indicates that an HTTP 2XX success response should be passed to the device 102A. Accordingly, on receiving output data, the frontend 162 stores the output data as an object within the object data stores 166, (11). Interaction (11) illustratively corresponds to implementation of the PUT request method, initially called for by the client device 102A, albeit by storing the output of the task execution rather than the provided input data. After implementing the called PUT request method, the frontend 162, at (12), returns to the client device 102A the success indicator indicated by the success return value of the task (e.g., an HTTP 200 response code). Thus, from the perspective of the client device 102A, a call to PUT an object on the storage service 160 resulted in creation of that object on the service 160. However, rather than storing the input data provided by the device 102A, the object stored on the service 160 corresponds to output data of an owner-specified task, thus enabling the owner of the object greater control over the contents of that object. In some use cases, the service 160 may additionally store the input data as an object (e.g., where the owner-specified task corresponds to code executable to provide output data usable in conjunction with the input data, such as checksum generated from the input data).
With reference to
The interactions begin at (1), where a client device 102A submits a GET call to the storage service 160, corresponding to a request to obtain data of an object (identified within the call) stored on the service 160. As shown in
Accordingly, at (3), the frontend 162 detects within the modifications for the I/O path inclusion of a serverless task execution. Thus, at (4), the frontend 162 submits a call to the on-demand code execution system 120 to execute the task specified within the modifications against the object specified within the call. The on-demand code execution system 120, at (5), therefore generates an execution environment 502 in which to execute code corresponding to the task. Illustratively, the call may be directed to a frontend 130 of the system, which may distribute instructions to a worker manager 140 to select or generate a VM instance 150 in which to execute the task, which VM instance 150 illustratively represents the execution environment 502. During generation of the execution environment 502, the system 120 further provisions the environment with code 504 of the task indicated within the I/O path modification (which may be retrieved, for example, from the object data stores 166). While not shown in
In addition, at (6), the system 120 provisions the environment with file-level access to an input file handle 506 and an output file handle 508, usable to read from and write to the input data (the object) and output data of the task execution, respectively. As discussed above, files handle 506 and 508 may point to a (physical or virtual) block storage device (e.g., disk drive) attached to the environment 502, such that the task can interact with a local file system to read input data and write output data. For example, the environment 502 may represent a virtual machine with a virtual disk drive, and the system 120 may obtain the object referenced within the call from the service 160, at (6′), and store the object on the virtual disk drive. Thereafter, on execution of the code, the system 120 may pass to the code a handle of the object as stored on the virtual disk drive, and a handle of a file on the drive to which to write output data. In another embodiment, files handle 506 and 508 may point to a network file system, such as an NFS-compatible file system, on which the object has been stored. For example, the file-level interface 166 may provide file-level access to the object as stored within the object data stores, as well as to a file representing output data. By providing handles 506 and 508, the task code 504 is enabled to read the input data and write output data using stream manipulations, as opposed to being required to implement network transmissions. Creation of the handles 506 and 508 may illustratively be achieved by execution of staging code 157 within or associated with the environment 502.
The interactions of
On receiving output data and the return value, the frontend 162 returns the output data of the task execution as the requested object. Interaction (11) thus illustratively corresponds to implementation of the GET request method, initially called for by the client device 102A, albeit by returning the output of the task execution rather than the object specified within the call. From the perspective of the client device 102A, a call to GET an object from the storage service 160 therefore results in return of data to the client device 102A as the object. However, rather than returning the object as stored on the service 160, the data provided to the client device 102A corresponds to output data of an owner-specified task, thus enabling the owner of the object greater control over the data returned to the client device 102A.
Similarly to as discussed above with respect to
While illustrative interactions are described above with reference to
While some embodiments may utilize return values without use of stream handles, other embodiments may instead utilize stream handles without use of return values. For example, while the interactions described above relate to providing a return value of a task execution to the storage service 160, in some instances the system 120 may be configured to detect completion of a function based on interaction with an output stream handle. Illustratively, staging code within an environment (e.g., providing a file system in user space or network-based file system) may detect a call to deallocate the stream handle (e.g., by calling a “file.close( )” function or the like). The staging code may interpret such a call as successful completion of the function, and notify the service 160 of successful completion without requiring the task execution to explicitly provide return value.
While the interactions described above generally relate to passing of input data to a task execution, additional or alternative information may be passed to the execution. By way of non-limiting example, such information may include the content of the request from the client device 102 (e.g., the HTTP data transmitted), metadata regarding the request (e.g., a network address from which the request was received or a time of the request), metadata regarding the client device 102 (e.g., an authentication status of the device, account time, or request history), or metadata regarding the requested object or collection (e.g., size, storage location, permissions, or time created, modified, or accessed). Moreover, in addition or as an alternative to manipulation of input data, task executions may be configured to modify metadata regarding input data, which may be stored together with the input data (e.g., within the object) and thus written by way of an output stream handle, or which may be separately stored and thus modified by way of a metadata stream handle, inclusion of metadata in a return value, or separate network transmission to the service 160.
With reference to
The routine 700 begins at block 702, where the frontend 162 obtains a request to apply an I/O method to input data. The request illustratively corresponds to a client device (e.g., an end user device). The I/O method may correspond, for example, to an HTTP request method, such as GET, PUT, LIST, DELETE, etc. The input data may be included within the request (e.g., within a PUT request), or referenced in the request (e.g., as an existing object on the object storage service 160).
At block 704, the frontend 162 determines one or more data manipulations in the I/O path for the request. As noted above, the I/O path may be defined based on a variety of criteria (or combinations thereof), such as the object or collection referenced in the request, a URI through which the request was transmitted, an account associated with the request, etc. Manipulations for each defined I/O path may illustratively be stored at the object storage service 160. Accordingly, at block 704, the frontend 162 may compare parameters of the I/O path for the request to stored data manipulations at the object storage service 160 to determine data manipulations inserted into the I/O path. In one embodiment, the manipulations form a pipeline, such as the pipeline 400 of
At block 706, the frontend 162 passes input data of the I/O request to an initial data manipulation for the I/O path. The initial data manipulation may include, for example, a native manipulation of the object storage service 160 or a serverless task defined by an owner of the object or collection referenced in the call. Illustratively, where the initial data manipulation is a native manipulation, the frontend 162 may pass the input to the object manipulation engine 170 of
While
Thereafter, the routine 700 proceeds to block 708, where the implementation of the routine 700 varies according to whether additional data manipulations have been associated with the I/O path. If so, the routine 700 proceeds to block 710, where an output of a prior manipulation is passed to a next manipulation associated with the I/O path (e.g., a subsequent stage of a pipeline).
Subsequent to block 710, the routine 700 then returns to block 708, until no additional manipulations exist to be implemented. The routine 700 then proceeds to block 712, where the frontend 162 applies the called I/O method (e.g., GET, PUT, POST, LIST, DELETE, etc.) to the output of the prior manipulation. For example, the frontend 162 may provide the output as a result of a GET or LIST request, or may store the output as a new object as a result of a PUT or POST request. The frontend 162 may further provide a response to the request to a requesting device, such as an indication of success of the routine 700 (or, in cases of failure, failure of the routine). In one embodiment, the response may be determined by a return value provided by a data manipulation implemented at blocks 706 or 710 (e.g., the final manipulation implemented before error or success). For example, a manipulation that indicates an error (e.g., lack of authorization) may specify an HTTP code indicating that error, while a manipulation that proceeds successfully may instruct the frontend 162 to return an HTTP code indicating success, or may instruct the frontend 162 to return a code otherwise associated with application of the I/O method (e.g., in the absence of data manipulations). The routine 700 thereafter ends at block 714.
Notably, application of the called method to that output, as opposed to input specified in an initial request, may alter data stored in or retrieved from the object storage service 160. For example, data stored on the service 160 as an object may differ from the data submitted within a request to store such data. Similarly, data retrieved from the system as an object may not match the object as stored on the system. Accordingly, implementation of routine 700 enables an owner of data objects to assert greater control over I/O to an object or collection stored on the object storage service 160 on behalf of the owner.
In some instances, additional or alternative blocks may be included within the routine 700, or implementation of such blocks may include additional or alternative operations. For example, as discussed above, in addition to or as an alternative to providing output data, serverless task executions may provide a return value. In some instances, this return value may instruct a frontend 162 as to further actions to take in implementing the manipulation. For example, an error return value may instruct the frontend 162 to halt implementation of manipulations, and provide a specified error value (e.g., an HTTP error code) to a requesting device. Another return value may instruct the frontend 162 to implement an additional serverless task or manipulation. Thus, the routine 700 may in some cases be modified to include, subsequent to blocks 706 and 710 for example, handling of the return value of a prior manipulation (or block 708 may be modified to include handling of such a value). Thus, the routine 700 is intended to be illustrative in nature.
With reference to
The routine 800 begins at block 802, where the system 120 obtains a call to implement a stream manipulation task (e.g., a task that manipulations data provided as an input IO stream handle). The call may be obtained, for example, in conjunction with blocks 706 or 710 of the routine 700 of
At block 804, the system 120 generates an execution environment for the task. Generation of an environment may include, for example, generation of a container or virtual machine instance in which the task may execute and provisioning of the environment with code of the task, as well as any dependencies of the code (e.g., runtimes, libraries, etc.). In one embodiment, the environment is generated with network permissions corresponding to permissions specified for the task. As discussed above, such permissions may be restrictively (as opposed to permissively) set, according to a whitelist for example. As such, absent specification of permissions by an owner of an I/O path, the environment may lack network access. Because the task operates to manipulate streams, rather than network data, this restrictive model can increase security without detrimental effect on functionality. In some embodiments, the environment may be generated at a logical network location providing access to otherwise restricted network resources. For example, the environment may be generated within a virtual private local area network (e.g., a virtual private cloud environment) associated with a calling device.
At block 806, the system 120 stages the environment with an IO stream representing to input data. Illustratively, the system 120 may configure the environment with a file system that includes the input data, and pass to the task code a handle enabling access of the input data as a file stream. For example, the system 120 may configure the environment with a network file system, providing network-based access to the input data (e.g., as stored on the object storage system). In another example, the system 120 may configure the environment with a “local” file system (e.g., from the point of view of an operating system providing the file system), and copy the input data to the local file system. The local file system may, for example, be a filesystem in user space (FUSE). In some instances, the local file system may be implemented on a virtualized disk drive, provided by the host device of the environment or by a network-based device (e.g., as a network-accessible block storage device). In other embodiments, the system 120 may provide the IO stream by “piping” the input data to the execution environment, by writing the input data to a network socket of the environment (which may not provide access to an external network), etc. The system 120 further configures the environment with stream-level access to an output stream, such as by creating a file on the file system for the output data, enabling an execution of the task to create such a file, piping a handle of the environment (e.g., stdout) to a location on another VM instance colocated with the environment or a hypervisor of the environment, etc.
At block 808, the task is executed within the environment. Execution of the task may include executing code of the task, and passing to the execution handles or handles of the input stream and output stream. For example, the system 120 may pass to the execution a handle for the input data, as stored on the file system, as a “stdin” variable. The system may further pass to the execution a handle for the output data stream, e.g., as a “stdout” variable. In addition, the system 120 may pass other information, such as metadata of the request or an object or collection specified within the request, as parameters to the execution. The code of the task may thus execute to conduct stream manipulations on the input data according to functions of the code, and to write an output of the execution to the output stream using OS-level stream operations.
The routine 800 then proceeds to block 810, where the system 120 returns data written to the output stream as output data of the task (e.g., to the frontend 162 of the object storage system). In one embodiment, block 810 may occur subsequent to the execution of the task completing, and as such, the system 120 may return the data written as the complete output data of the task. In other instances, block 810 may occur during execution of the task. For example, the system 120 may detect new data written to the output stream and return that data immediately, without awaiting execution of the task. Illustratively, where the output stream is written to an output file, the system 120 may delete data of the output file after writing, such that sending of new data immediately obviates a need for the file system to maintain sufficient storage to store all output data of the task execution. Still further, in some embodiments, block 810 may occur on detecting a close of the output stream handle describing the output stream.
In addition, at block 812, subsequent to the execution completing, the system 120 returns a return value provided by the execution (e.g., to the frontend 162 of the object storage system). The return value may specify an outcome of the execution, such as success or failure. In some instances, the return value may specify a next action to be undertaken, such as implementation an additional data manipulation. Moreover, the return value may specify data to be provided to a calling device requesting an I/O operation on a data object, such as an HTTP code to be returned. As discussed above, the frontend 162 may obtain such return value and undertake appropriate action, such as returning an error or HTTP code to a calling device, implementing an additional data manipulation, performing an I/O operation on output data, etc. In some instances, a return value may be explicitly specified within code of the task. In other instances, such as where no return value is specified within the code, a default return value may be returned (e.g., a ‘1’ indicating success). The routine 800 then ends at block 814.
Customers typically desire the ability to determine process data (such as determining a checksum value of a file, or perform some other function) once it has been uploaded to an object storage service in order to confirm the integrity of the uploaded data. However, current techniques often require waiting until the complete file is uploaded, even when the file is split into separate portions and the individual portions are uploaded in parallel (e.g., using a multi-part upload procedure, which is a term used to refer to any procedure where multiple parts or sub-objects are individually uploaded and later combined into a complete, reassembled, or sometimes referred to as unified, file or object), before processing of the reassembled (or sometimes referred to as unified), complete file can be determined. Where multi-part upload is supported, embodiments enable insertion of a processing function into the input/output path of each portion, such that individual intermediate or initial (or first) functions can be executed on each portion. In addition, embodiments also enable insertion of a processing function that combines the individual intermediate or initial function outputs (e.g., the checksum values of each portion of the input file, etc.) to determine a final (or second) function output associated with the reassembled input file (e.g., such as determining a checksum value of the reassembled file, or determining some other function output based on the reassembled file). Where multi-part upload enables parallel upload, intermediate function outputs can also be calculated in parallel. Pre-calculation of an intermediate function output (such as a checksum), either in parallel or iteratively during upload of portions, enables the function output (e.g., the checksum) for a complete file to be calculated much more rapidly after uploading is complete, as compared to calculating the function output of the complete, reassembled file only after the uploading and reassembling of the input file is complete. The term “reassembled” may also be referred to as “unified.” For example, a reassembled file, object, or data may also be referred to as a unified file, object, or data.
Multi-part upload enables a client to split a file into separate portions and the upload the separate portions in parallel. Once all portions have been successfully uploaded, the client may submit a call to merge, or reassemble the separate portions to form the original file. The client may also submit a manifest with the call that indicates which portions are to be merged, and the order in which the portions are to be merged.
One particularly useful application of such processing is to determine a checksum of a large file based upon individual checksum values of file parts, each of which may be uploaded in parallel. A checksum value is an error-detecting code determined from a set of data and used to detect changes to the set of data. One such checksum value is determined using a cyclical redundancy check (e.g., CRC-32, which is a 32-bit cyclical redundancy check). A checksum algorithm enables calculation of a value, or a checksum, for an object, where the value is smaller than the object, but is would significantly change if even minor changes to the object occur. Therefore, checksums can be used to detect errors associated with the transfer of the object from one location to another. The routine illustrated in
In some embodiments, the routine 900 may be used to automatically determine a checksum value of (or perform a first function on) each individual input data portion as it is uploaded and prior to reassembling the individual data object portions into the data object representing the complete input data. Determining a checksum value of each individual input data portion as it is uploaded and prior to reassembling the input data can advantageously reduce the amount of time before the stored input data is ready for further processing or retrieval. For example, if errors occur during input data portion upload, the error may be detected as soon as the input data portion upload is completed, instead of after the complete input data is reassembled. Such error detection can result in the re-uploading of just the input data portion having such errors. Alternatively, first values determined from each input data portion as they uploaded may be used to detect a first condition, instead of determining the first condition after the complete input data is reassembled. Additional processing may be performed with respect to each input data portion based on its corresponding first value, as well. In addition, a checksum value of the complete input data may be determined from the checksum values of each of the individual input data portion checksum values instead of from the reassembled input data (e.g., after reassembling the portions into the data object). Similarly, a second or final value associated with the complete input data may be determined from the first values of the individual data portions instead of from the reassembled input data by applying a second function to the first values. Determining the checksum (or second value) of the input data from the checksums (or first values) of its input data portions advantageously reduces latency and computing resource requirements. Aspects of the routine 900 will be described with additional reference to
The routine 900 may begin in response to an event, such as submission of a request from a client device 102 to upload input data to the object storage service 160. Illustratively, an owner of a collection of data objects to which the input data is to be added as a new data object may have previously specified that, on uploading of an object to the collection using multi-part upload, a first task should be executed to process each portion of the data object uploaded, and that a second task should be executed on a request to reassemble the portions into the data object. In some embodiments, the routine 900 or portions thereof may be implemented on multiple processors, serially or in parallel.
At block 902, the object storage service 160 can receive a request to store input data submitted via multi-part upload.
At block 902, the object storage service 160 can also determine that function output is to be generated using portions of the input data to be stored in the object storage service 160. In some embodiments, the determination may be based on context data and/or the input data itself. For example, the object storage service 160 may receive an indication that the client will transfer the input data to the storage service 160 using a multi-part file transfer protocol, or the input data may be required to be uploaded to the object storage service 160 using a multi-part file transfer protocol. In such case, the object storage service 160 will determine an object identifier (e.g., an object ID) for the multi-part input data to be transferred. The object storage service 160 will provide the object ID to the client. In some embodiments, the input data is not transferred using a multi-part file transfer protocol. Instead, the input data is transferred in portions (e.g., objects, sub-objects, files, delineated elements, etc.), but not necessarily according to a multi-part file transfer protocol. A manifest or list may be provided to identify the portions that are to be subsequently joined together, and the order in which they are to be joined together, to reassemble the complete input data from its portions.
At block 904, the object storage service 160 may receive a portion of the input data from the client. In one specific, non-limiting embodiment, the input data may be a file, a composite file (e.g., a compressed file, such as a filed compressed according to a .zip, .tar or other compressed file format), a composable object, or a super-composable object composed of individual objects or sub-objects. Each input data portion is received with associated metadata, which can include the object ID and an indication of one or more functions to be performed on the input data portion, the complete input data, or both. For example, the metadata can include a checksum value associated with the data object portion (the “received CV”). The received input data portion, object ID, and metadata (e.g., the received CV) may be stored by the object storage service 160 in one or more staging areas. Staging areas are data storage locations, and include data storage accessible via a block storage service, a local disk, the object data store 166 of the object storage service 160, or other data storage location. The received input data portion, object ID, and metadata may be stored in the same or different staging areas. In addition, multiple input data portions may be received by the object storage system 160 in parallel, during at least partially overlapping time periods. Furthermore, the input data portions may be received in a different order than the order in which the input data portions are to be assembled into the complete data object. Therefore, the metadata can include an input data portion identifier (input data portion ID) that can be used to designate the input data portions to be used, and the order in which the input data portions are to be arranged, to assemble the complete input data. Furthermore, the input data portions may be the same size or have different sizes than one another.
The indications of one or more functions to be performed on the input data portion, the complete input data, or both, can include an indication to manipulate and/or validate the input data portion, the input data, or both, prior to storing the input data within the object storage service 160 object data store 166. For example, the indication can indicate that the input data portion, the complete input data, or both, are to be compressed, decompressed, encrypted, decrypted, or a combination thereof, prior to being stored within the object storage service 160 object data store 166. In addition, the indication can indicate that the input data portion, the complete input data, or both, are to be error checked prior to subsequent manipulation. For example, the input data portions may be individually error checked, or checksum checked prior to being reassembled to the complete input data. Additionally, the reassembled input data may be checksum checked prior to being stored in the object data store storage 166. In some embodiments, the object storage service 160 may automatically error check each input data portion and/or the complete input data without receiving an indication instructing the object storage service 160 to do so. The object storage service 160 may initiate error detection of each input data portion as soon as it is completely received, without waiting to reassemble the complete input data.
At block 906, the object storage service 160 can make a call to the execution environment 502 to execute a function (e.g., a first function) to determine a checksum value of (or perform a different calculation or determination using) the input data portion.
At block 908, the object storage service 160 can process the output of the function received from the execution environment 502 (or the function running within the execution environment 502). For example, the object storage service can perform error detection for (or perform some other calculation or determination using) the input data portion using the output data, such as the determined CV, received from the execution environment 502 (or the function running within the execution environment 502). Error detection may include comparing the determined CV to the stored, received CV. If the two values are different, the object storage service 160 may determine that an error has occurred during upload of the input data portion, and the client may be requested to re-send the associated input data portion.
In some embodiments, the object storage service 160 may provide the determined CV (or first values) associated with the input data portion to the client. The client may receive the determined CV and compare it to a client-determined checksum value of the input data portion (or otherwise process the first values). If the two values are different, the client may determine that it needs to re-send the associated input data portion to the object storage service 160. In such case, the client will instruct the object storage service 160 that the input data portion is being re-uploaded.
In some embodiments, instead of performing a checksum determination function on each input data portion that is received by the object storage service 160, the execution environment 502 (or the function running within the execution environment 502) is configured to perform the function on a fixed-sized portion of the input data (or input data portion). The size of the fixed-sized portion may be configured by the client. For example, the size may be designated using a parameter send to the object storage service 160 in connection with the initiation of the input data multi-part upload process. In some embodiments, the size is predetermined by the object storage service 160 or execution environment 502 (or the function running within the execution environment 502).
For example, the client may wish to upload a 10 GB file as input data using a multi-part upload process. The client may upload the input data in multiple portions, each having the same or different size. For example, the client may upload the input data in ten 1 GB data object portions. The execution environment 502 may process each portion as it is received (as discussed above), or it may process a fixed-sized portion of each portion, instead. For example, the execution environment 502 may process each 100 MB (or other predetermined, fixed size) of each 1 GB data object as it is received.
Such fixed-sized portion processing can advantageously enable the execution environment 502 to operate on a known fixed sized input. Such configuration would greatly simplify and improve the efficiency of the provisioning the staging area storage used to process each fixed-sized portion of the input data portion. In some embodiments, fixed-sized portion processing is used automatically if the complete input data size, or if an input data portion size exceeds a threshold value.
Blocks 904 to 908 define a parallelizable block 909 that may be iterated multiple times in parallel or sequentially, or both. For example, the blocks of block 909 may be performed for each input data portion received from the client, and in parallel (e.g., during at least partially overlapping time periods).
At block 910, the object storage service 160 (or VM instance 150, other execution environment 502, or the function running within the execution environment 502) can receive a request to perform a second function based on at least a portion of the first outputs. For example, the object storage service 160 can receive a request to determine a checksum of the reassembled input data from the stored input data portions, submitted via multi-part upload, or a request to reassemble the input data from the stored input data portions.
At block 910, the object storage service 160 can also determine that function output is to be generated using portions of the input data stored in the object storage service 160. In some embodiments, the determination may be based on context data and/or the input data itself. For example, the object storage service 160 may receive an indication that previously received input data portions are to be combined together. A manifest or list may be provided to identify the portions that are to be joined together, and the order in which they are to be joined together, to reassemble the complete input data from previously uploaded portions.
At block 912, the object storage service 160 may execute a call to the execution environment 502 (or the function running within the execution environment 502) to determine a checksum of the reassembled input data by (or perform a second function) using the individual checksums (or first values) of each of the input data portion checksums.
At decision block 914, the object storage service 160 processes the output of the function. For example, the object storage service 160 may perform error detection using the checksum of the reassembled input data, or it may provide the output to the client to enable the client to perform error detection. In some embodiments, the object storage service 160 may process the output of the function by storing the output as an object within the object data store 166. If an error is detected, the client may re-upload one or more portions of the input xdata. If no error is detected, the object storage service 160 reassembles the complete input data from the stored input data portions based upon the contents of the manifest.
At block 916, the object storage service 160 can store the reassembled input data as a data object in the object data store 166.
Blocks 912 through 916 are illustrated as occurring in sequence. However, the order in which these blocks occur may vary. In some embodiments, the ordering may be different, or two or more block may be performed at the same time, or during at least partially overlapping time periods. For example, in some embodiments, block 912 can be performed concurrently (or partially concurrently) with block 914 and/or block 916. In some embodiments, blocks 914 and 916 may occur before block 912, as well.
The routine may terminate at block 918.
In some embodiments, a client sends a request to an object storage service (such as object storage service 160) to write input data or a file as a data object to a storage location, such as an object data store (including object data store 166). For example, the client may wish to store a collection of customer records that include personal customer information (e.g., customer government-issued identification numbers, social security numbers, etc.). The client may wish to obfuscate the customer records prior to storage so that users may only retrieve versions of the customer records where the personal customer information has been obfuscated. The client may wish to allow only a small number of users with superior security credentials to have access to the un-obfuscated personal customer information. In another example, the input data may include medical images (e.g., photograph, x-ray, sonogram, ultrasound images, etc.), where a portion of the image includes personally identifiable information, such as the patients' names. The client may wish to obfuscate the personally-identifiable information from the medical image. The client request may include the input data, or information usable by the object storage service 160 to obtain the input data. In response to the request, the object storage service 160 may stage the input data in a staging area, such as any of the staging areas discussed above. Once the input data has been staged, a routine to obfuscate the input data may be initiated, such as routine 1100 of
The routine 1100 may begin in response to an event, such as when the routine illustrated in
At block 1102, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can receive parameters associated with a request to write input data.
At block 1104, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can obtain the input data to be stored as a data object using the reference data. The input data may be obtained in un-obfuscated or substantially un-obfuscated form.
At block 1106, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can determine that one or more portions of the input data are to be obfuscated. In some embodiments, the determination may be based on context data and/or the input data. For example, if a portion of the input data looks like, or is determined to be or to likely be a form of private or personally-identifiable information, the execution environment 502 (or the function running within the execution environment 502) can determine that such portion is to be obfuscated. The execution environment 502 (or the function running within the execution environment 502) may test one or more items of context data against one or more criteria to determine whether to perform an obfuscation and which portion(s) of the input data to obfuscate. If an item of context data satisfies one or more criteria, then the execution environment 502 (or the function running within the execution environment 502) can determine that one or more portions of the input data are to be obfuscated such that the obfuscated portion(s) render the portions of the input data as unable to be understood by a recipient.
Testing the context data against the criteria may include: determining that the input data includes private, or personally identifiable information (including, but not limited to: an individual's name, address, age, government-issued identification number, social security number, date of birth, place of birth, mother's maiden name, biometric information, health information, a vehicle identification number (VIN), etc.); or determining that the input data includes information that has been designated confidential.
In one specific, non-limiting embodiment, the input data may be a data file, such as a spreadsheet, delimited file, or other collection of data records. Some portions of the data file, such as collections of records, collections of columns or data fields, or the like are to be stored in obfuscated form if the request satisfies one or more criteria. The execution environment 502 (or the function running within the execution environment 502) may determine that properties of the request indicated by the context data or otherwise associated with the request satisfy the criteria for particular records, columns, and/or fields of the requested data object. The execution environment 502 (or the function running within the execution environment 502) may determine, based on this criteria that the particular records, columns, and/or fields of the requested input data are to be obfuscated prior to being output by the function (e.g., for storage as a data object).
At block 1108, the VM instance 150 or other execution environment 502 can selectively apply obfuscation to portions of the input data determined above.
For example, in one embodiment, the obfuscation method may include replacing a portion of the input data with a token that is mapped to a key-value pair secured in a secure location, such as an external database. For example, a social security number “909-09-0909” may be replaced with a globally unique identifier, such as “001,” and a distinct database may store a key-value pair mapping key “001” to “909-09-0909.”
In some embodiments, the obfuscation method may be specified by an entity that owns or is responsible for the data object requested to be stored (e.g., as part of the request to store the input data as the data object). For example, an entity may specify that particular type of obfuscation (e.g., an industry standard obfuscation method in the medical field) is to be used for a data object or bucket of data objects, while another entity may specify that a different type of obfuscation (e.g., tokenization using a mapping of tokens to data) is to be used for a different data object or bucket of data objects. If no obfuscation method is specified, the execution environment 502 (or the function running within the execution environment 502) may apply a default obfuscation method.
At block 1110, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can provide the selectively-obfuscated input data as output of the function. For example, the execution environment 502 (or the function running within the execution environment 502) can place the selectively-obfuscated input data at the output location indicated by the reference data, and finalize the output. Finalizing output of the function may include closing the output stream or file identified by the reference to the output location and/or providing a return value (e.g., indicating success, failure, or some other characteristics of function execution) to the object storage service 160. In addition, at block 1110, the VM instance 150 or other execution environment 502, or the function running within the execution environment 502, can also provide an index as second output data. The index may include a mapping between tokens and obfuscated private information. The index may be subsequently stored using the object storage service, a different object storage service, or a different storage service, such as a database storage service, or any other storage service.
Obfuscation of data object portions at write provides certain data management advantages. For example, if input data includes customer records, such as purchase history, personally identifiable information, and other private and non-private information, a data object including obfuscated versions of that information may be more easily updated if a particular customer deletes her account. For example, instead of having to scan through an entire data object to locate and remove all of the deleted customer's private information, the system can instead delete the mapping of tokens associated with the deleted customer from the token mapping table (or mapping of tokens to key-value pairs, as discussed above) or delete the customer's private information from the location in which such private information is stored.
In some embodiments, a client sends a request to an object storage service (such as object storage service 160) to write input data as a data object at a storage location, such as an object data store (including object data store 166). For example, the client may wish to store input data that includes a composite file, such as a compressed file, sometimes referred to as a .zip archive, a .tar archive, or a compressed file, or other file made up of a collection of individual data elements. The composite file may include one or more individual files, each of which is compressed. The composite file may also include an index of the contents of the composite file. The index may include the names of each of the individual files within the composite file, as well as other metadata regarding the composite file's contents. The index may also provide a mapping between the contents of the composite file and the byte-range location of each of the contents. There index, therefore, enables a user to use a “byte-range GET” to request only the bytes for a certain desired file, or other content of the composite file. In other examples, the composite file does not include an index of the composite file's contents. In yet other examples, the input data is not a composite file, but the object storage service 160 is configured to generate a storable data object that corresponds to a compressed version of the input data, and to store the compressed version within the object storage service. The client request may include the input data, or information usable by the object storage service 160 to obtain the input data. In response to the request, the object storage service 160 may stage the input data in a staging area, such as any of the staging areas discussed above. Once the object has been staged, a routine to index the input data may be initiated, such as routine 1100 of
The routine 1300 may begin in response to an event, such as when the routine illustrated in
At block 1302, the VM instance 150 or other execution environment 502 (or a function running within the execution environment 502) can receive parameters associated with a request to store input data as a data object.
At block 1304, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can obtain the input data using the reference data.
At block 1306, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) generates an index of the input data's contents. In some embodiments, the index is generated by obtaining the names of the individual files stored within the input data. For example, the input data may include an index of the data object's contents. If not, the execution environment 502 (or the function running within the execution environment 502) can read and store the names of each file within the input data. In some embodiments, the files within the input data are extracted or decompressed so the file names and/or file contents may be determined. In some embodiments, the execution environment 502 (or the function running within the execution environment 502) generates an index of the input data's contents using metadata or headers stored within the input data. In some embodiments, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) is configured to un-pack, or recursively un-pack the input data to determine its contents (e.g., identifiers of delineated elements within the input data, and the byte-range locations of the delineated elements within the input data, the delineated elements being files, or any other delineated element described herein). Recursive unpacking can include analyzing a second composite file that is located within a first file. The VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can unpack the first file to identify the second file (or second files), and then unpack the second file to determine identifiers of delineated elements and byte-range (or other) locations within the second file. In some embodiments, the execution environment 502 (or the function running within the execution environment 502) generates an index of the input data's contents by analyzing the text within the input data. The index includes content identifiers (e.g., file names, text fields, header information, metadata, etc.) as well as location information associated with each identifier. For example, the index can include a list of all files within the input data, as well as the location (e.g., byte range, etc.) of each file within the input data. In another example, the index can include a list of all the headers of the data sets within the input data (e.g., the sales data for various geographic regions), as well as the location of each data set within the input data (e.g., byte range, etc.). In addition, when the input file comprises a composite file, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can determine a file aggregation technique used to form the composite file. For example, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) may determine whether the composite file is a .zip, .tar, or other format by analyzing bytes within the file. For example, some aggregations techniques generate files having known header formats. Therefore, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can dynamically evaluate the input data based upon the bytes (sometimes referred to as file aggregation technique information), and use that information to determine how to further read and interpret the rest of the input data. For example, the file aggregation technique information may be used to determine whether to perform recursive unpacking of a file, such as discussed above.
At block 1308, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can provide the index as output of the function. For example, the execution environment 502 (or the function running within the execution environment 502) can may return the index to the object storage service 160. In some embodiments, the VM instance 150 or other execution environment 502 (or the function running within the execution environment 502) can return the input data instead of, in addition to (as second output data), or combined with the index.
At block 1310, the object storage service 160 can process the function output. For example, the object storage service 160 (or a different service) may store the index.
In some embodiments, at block 1310, the object storage service 160 may create a data object corresponding to the input data and to add metadata to the data object that includes a reference to the index. The reference can include an indication that there is an index associated with the data object. In another embodiment, the data object corresponding to the input data and the index may be associated with each other via a naming convention. For example, the data object and the index may have similar identifier or name portions, such as a prefix, suffix, or other identifier. The reference may be used by a subsequent user of the data object to obtain a desired portion of the data object. For example, a user may retrieve the index and select a desired portion of the data object. The object storage service 160 and execution environment 502 (or the function running within the execution environment 502) may use the desired portion indicated by the user and the index to identify the location within the data object (e.g., byte range) of the desired portion of the data object. The object storage service 160 and execution environment 502 (or the function running within the execution environment 502) may use the location to retrieve, e.g., extract or decompress, the desired portion of the data object (e.g., via executing a byte-range query or GET, etc. on the stored data object) and provide it to the user.
The routine may terminate at block 1312.
All of the methods and processes described above may be embodied in, and fully automated via, software code modules executed by one or more computers or processors. The code modules may be stored in any type of non-transitory computer-readable medium or other computer storage device. Some or all of the methods may alternatively be embodied in specialized computer hardware.
Conditional language such as, among others, “can,” “could,” “might” or “may,” unless specifically stated otherwise, are otherwise understood within the context as used in general to present that certain embodiments include, while other embodiments do not include, certain features, elements or steps. Thus, such conditional language is not generally intended to imply that features, elements or steps are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without user input or prompting, whether these features, elements or steps are included or are to be performed in any particular embodiment.
Disjunctive language such as the phrase “at least one of X, Y or Z,” unless specifically stated otherwise, is otherwise understood with the context as used in general to present that an item, term, etc., may be either X, Y or Z, or any combination thereof (e.g., X, Y or Z). Thus, such disjunctive language is not generally intended to, and should not, imply that certain embodiments require at least one of X, at least one of Y or at least one of Z to each be present.
Unless otherwise explicitly stated, articles such as ‘a’ or ‘an’ should generally be interpreted to include one or more described items. Accordingly, phrases such as “a device configured to” are intended to include one or more recited devices. Such one or more recited devices can also be collectively configured to carry out the stated recitations. For example, “a processor configured to carry out recitations A, B and C” can include a first processor configured to carry out recitation A working in conjunction with a second processor configured to carry out recitations B and C.
The term “or” should generally be understood to be inclusive, rather than exclusive. Accordingly, a set containing “a, b, or c” should be construed to encompass a set including a combination of a, b, and c.
Any routine descriptions, elements or blocks in the flow diagrams described herein or depicted in the attached figures should be understood as potentially representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or elements in the routine. Alternate implementations are included within the scope of the embodiments described herein in which elements or functions may be deleted, or executed out of order from that shown or discussed, including substantially synchronously or in reverse order, depending on the functionality involved as would be understood by those skilled in the art.
It should be emphasized that many variations and modifications may be made to the above-described embodiments, the elements of which are to be understood as being among other acceptable examples. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims.
Number | Name | Date | Kind |
---|---|---|---|
3891974 | Coulter et al. | Jun 1975 | A |
4084224 | Appell et al. | Apr 1978 | A |
4084228 | Dufond et al. | Apr 1978 | A |
4949254 | Shorter | Aug 1990 | A |
5283888 | Dao et al. | Feb 1994 | A |
5970488 | Crowe et al. | Oct 1999 | A |
6385636 | Suzuki | May 2002 | B1 |
6463509 | Teoman et al. | Oct 2002 | B1 |
6501736 | Smolik et al. | Dec 2002 | B1 |
6523035 | Fleming et al. | Feb 2003 | B1 |
6708276 | Yarsa et al. | Mar 2004 | B1 |
7036121 | Casabona et al. | Apr 2006 | B1 |
7590806 | Harris et al. | Sep 2009 | B2 |
7665090 | Tormasov et al. | Feb 2010 | B1 |
7707579 | Rodriguez | Apr 2010 | B2 |
7730464 | Trowbridge | Jun 2010 | B2 |
7774191 | Berkowitz et al. | Aug 2010 | B2 |
7823186 | Pouliot | Oct 2010 | B2 |
7886021 | Scheifler et al. | Feb 2011 | B2 |
8010990 | Ferguson et al. | Aug 2011 | B2 |
8024564 | Bassani et al. | Sep 2011 | B2 |
8046765 | Cherkasova et al. | Oct 2011 | B2 |
8051180 | Mazzaferri et al. | Nov 2011 | B2 |
8051266 | DeVal et al. | Nov 2011 | B2 |
8065676 | Sahai et al. | Nov 2011 | B1 |
8065682 | Baryshnikov et al. | Nov 2011 | B2 |
8095931 | Chen et al. | Jan 2012 | B1 |
8127284 | Meijer et al. | Feb 2012 | B2 |
8146073 | Sinha | Mar 2012 | B2 |
8166304 | Murase et al. | Apr 2012 | B2 |
8171473 | Lavin | May 2012 | B2 |
8209695 | Pruyne et al. | Jun 2012 | B1 |
8219987 | Vlaovic et al. | Jul 2012 | B1 |
8321554 | Dickinson | Nov 2012 | B2 |
8321558 | Sirota et al. | Nov 2012 | B1 |
8336079 | Budko et al. | Dec 2012 | B2 |
8352608 | Keagy et al. | Jan 2013 | B1 |
8387075 | McCann et al. | Feb 2013 | B1 |
8429282 | Ahuja | Apr 2013 | B1 |
8448165 | Conover | May 2013 | B1 |
8490088 | Tang | Jul 2013 | B2 |
8555281 | Van Dijk et al. | Oct 2013 | B1 |
8566835 | Wang et al. | Oct 2013 | B2 |
8613070 | Borzycki et al. | Dec 2013 | B1 |
8631130 | Jackson | Jan 2014 | B2 |
8677359 | Cavage et al. | Mar 2014 | B1 |
8694996 | Cawlfield et al. | Apr 2014 | B2 |
8700768 | Benari | Apr 2014 | B2 |
8719415 | Sirota et al. | May 2014 | B1 |
8725702 | Raman et al. | May 2014 | B1 |
8756696 | Miller | Jun 2014 | B1 |
8769519 | Leitman et al. | Jul 2014 | B2 |
8799236 | Azari et al. | Aug 2014 | B1 |
8799879 | Wright et al. | Aug 2014 | B2 |
8806468 | Meijer et al. | Aug 2014 | B2 |
8819679 | Agarwal et al. | Aug 2014 | B2 |
8825863 | Hansson et al. | Sep 2014 | B2 |
8825964 | Sopka et al. | Sep 2014 | B1 |
8839035 | Dimitrovich et al. | Sep 2014 | B1 |
8850432 | Mcgrath et al. | Sep 2014 | B2 |
8874952 | Tameshige et al. | Oct 2014 | B2 |
8904008 | Calder et al. | Dec 2014 | B2 |
8997093 | Dimitrov | Mar 2015 | B2 |
9027087 | Ishaya et al. | May 2015 | B2 |
9038068 | Engle et al. | May 2015 | B2 |
9052935 | Rajaa | Jun 2015 | B1 |
9086897 | Oh et al. | Jul 2015 | B2 |
9092837 | Bala et al. | Jul 2015 | B2 |
9098528 | Wang | Aug 2015 | B2 |
9110732 | Forschmiedt et al. | Aug 2015 | B1 |
9110770 | Raju et al. | Aug 2015 | B1 |
9111037 | Nalis et al. | Aug 2015 | B1 |
9112813 | Jackson | Aug 2015 | B2 |
9129118 | Johansson | Sep 2015 | B1 |
9141410 | Leafe et al. | Sep 2015 | B2 |
9146764 | Wagner | Sep 2015 | B1 |
9152406 | De et al. | Oct 2015 | B2 |
9164754 | Pohlack | Oct 2015 | B1 |
9183019 | Kruglick | Nov 2015 | B2 |
9208007 | Harper et al. | Dec 2015 | B2 |
9218190 | Anand et al. | Dec 2015 | B2 |
9223561 | Orveillon et al. | Dec 2015 | B2 |
9223966 | Satish et al. | Dec 2015 | B1 |
9250893 | Blahaerath et al. | Feb 2016 | B2 |
9268586 | Voccio et al. | Feb 2016 | B2 |
9298633 | Zhao et al. | Mar 2016 | B1 |
9317689 | Aissi | Apr 2016 | B2 |
9323556 | Wagner | Apr 2016 | B2 |
9361145 | Wilson et al. | Jun 2016 | B1 |
9413626 | Reque et al. | Aug 2016 | B2 |
9436555 | Dornemann et al. | Sep 2016 | B2 |
9461996 | Hayton et al. | Oct 2016 | B2 |
9465821 | Patiejunas et al. | Oct 2016 | B1 |
9471775 | Wagner et al. | Oct 2016 | B1 |
9483335 | Wagner et al. | Nov 2016 | B1 |
9489227 | Oh et al. | Nov 2016 | B2 |
9497136 | Ramarao et al. | Nov 2016 | B1 |
9501345 | Lietz et al. | Nov 2016 | B1 |
9514037 | Dow et al. | Dec 2016 | B1 |
9537788 | Reque et al. | Jan 2017 | B2 |
9563681 | Patiejunas et al. | Feb 2017 | B1 |
9575798 | Terayama et al. | Feb 2017 | B2 |
9588790 | Wagner et al. | Mar 2017 | B1 |
9594590 | Hsu | Mar 2017 | B2 |
9596350 | Dymshyts et al. | Mar 2017 | B1 |
9600312 | Wagner et al. | Mar 2017 | B2 |
9628332 | Bruno, Jr. et al. | Apr 2017 | B2 |
9635132 | Lin et al. | Apr 2017 | B1 |
9641434 | Laurence | May 2017 | B1 |
9652306 | Wagner et al. | May 2017 | B1 |
9652617 | Evans et al. | May 2017 | B1 |
9654508 | Barton et al. | May 2017 | B2 |
9661011 | Van Horenbeeck et al. | May 2017 | B1 |
9678773 | Wagner et al. | Jun 2017 | B1 |
9678778 | Youseff | Jun 2017 | B1 |
9703681 | Taylor et al. | Jul 2017 | B2 |
9715402 | Wagner et al. | Jul 2017 | B2 |
9727725 | Wagner et al. | Aug 2017 | B2 |
9733967 | Wagner et al. | Aug 2017 | B2 |
9760387 | Wagner et al. | Sep 2017 | B2 |
9767098 | Patiejunas et al. | Sep 2017 | B2 |
9767271 | Ghose | Sep 2017 | B2 |
9785476 | Wagner et al. | Oct 2017 | B2 |
9787779 | Frank et al. | Oct 2017 | B2 |
9811363 | Wagner | Nov 2017 | B1 |
9811434 | Wagner | Nov 2017 | B1 |
9830175 | Wagner | Nov 2017 | B1 |
9830193 | Wagner et al. | Nov 2017 | B1 |
9830449 | Wagner | Nov 2017 | B1 |
9864636 | Patel et al. | Jan 2018 | B1 |
9910713 | Wisniewski et al. | Mar 2018 | B2 |
9921864 | Singaravelu et al. | Mar 2018 | B2 |
9928108 | Wagner et al. | Mar 2018 | B1 |
9929916 | Subramanian et al. | Mar 2018 | B1 |
9930103 | Thompson | Mar 2018 | B2 |
9930133 | Susarla et al. | Mar 2018 | B2 |
9946895 | Kruse | Apr 2018 | B1 |
9952896 | Wagner et al. | Apr 2018 | B2 |
9977691 | Marriner et al. | May 2018 | B2 |
9979817 | Huang et al. | May 2018 | B2 |
10002026 | Wagner | Jun 2018 | B1 |
10013267 | Wagner et al. | Jul 2018 | B1 |
10042660 | Wagner et al. | Aug 2018 | B2 |
10048974 | Wagner et al. | Aug 2018 | B1 |
10061613 | Brooker et al. | Aug 2018 | B1 |
10067801 | Wagner | Sep 2018 | B1 |
10102040 | Marriner et al. | Oct 2018 | B2 |
10108443 | Wagner et al. | Oct 2018 | B2 |
10120579 | Patiejunas et al. | Nov 2018 | B1 |
10139876 | Lu et al. | Nov 2018 | B2 |
10140137 | Wagner | Nov 2018 | B2 |
10162672 | Wagner et al. | Dec 2018 | B2 |
10162688 | Wagner | Dec 2018 | B2 |
10203990 | Wagner et al. | Feb 2019 | B2 |
10248467 | Wisniewski et al. | Apr 2019 | B2 |
10277708 | Wagner et al. | Apr 2019 | B2 |
10303492 | Wagner et al. | May 2019 | B1 |
10353678 | Wagner | Jul 2019 | B1 |
10353746 | Reque et al. | Jul 2019 | B2 |
10365985 | Wagner | Jul 2019 | B2 |
10387177 | Wagner et al. | Aug 2019 | B2 |
10402231 | Marriner et al. | Sep 2019 | B2 |
10437629 | Wagner et al. | Oct 2019 | B2 |
10445140 | Sagar et al. | Oct 2019 | B1 |
10528390 | Brooker et al. | Jan 2020 | B2 |
10552193 | Wagner et al. | Feb 2020 | B2 |
10564946 | Wagner et al. | Feb 2020 | B1 |
10572375 | Wagner | Feb 2020 | B1 |
10592269 | Wagner et al. | Mar 2020 | B2 |
20010044817 | Asano et al. | Nov 2001 | A1 |
20020120685 | Srivastava et al. | Aug 2002 | A1 |
20020172273 | Baker et al. | Nov 2002 | A1 |
20030071842 | King et al. | Apr 2003 | A1 |
20030084434 | Ren | May 2003 | A1 |
20030229794 | James, II et al. | Dec 2003 | A1 |
20040003087 | Chambliss et al. | Jan 2004 | A1 |
20040049768 | Matsuyama et al. | Mar 2004 | A1 |
20040098154 | McCarthy | May 2004 | A1 |
20040158551 | Santosuosso | Aug 2004 | A1 |
20040205493 | Simpson et al. | Oct 2004 | A1 |
20040249947 | Novaes et al. | Dec 2004 | A1 |
20040268358 | Darling et al. | Dec 2004 | A1 |
20050027611 | Wharton | Feb 2005 | A1 |
20050044301 | Vasilevsky et al. | Feb 2005 | A1 |
20050120160 | Plouffe et al. | Jun 2005 | A1 |
20050132167 | Longobardi | Jun 2005 | A1 |
20050132368 | Sexton et al. | Jun 2005 | A1 |
20050149535 | Frey et al. | Jul 2005 | A1 |
20050193113 | Kokusho et al. | Sep 2005 | A1 |
20050193283 | Reinhardt et al. | Sep 2005 | A1 |
20050237948 | Wan et al. | Oct 2005 | A1 |
20050240943 | Smith et al. | Oct 2005 | A1 |
20050257051 | Richard | Nov 2005 | A1 |
20060123066 | Jacobs et al. | Jun 2006 | A1 |
20060129684 | Datta | Jun 2006 | A1 |
20060184669 | Vaidyanathan et al. | Aug 2006 | A1 |
20060200668 | Hybre et al. | Sep 2006 | A1 |
20060212332 | Jackson | Sep 2006 | A1 |
20060242647 | Kimbrel et al. | Oct 2006 | A1 |
20060248195 | Toumura et al. | Nov 2006 | A1 |
20070094396 | Takano et al. | Apr 2007 | A1 |
20070130341 | Ma | Jun 2007 | A1 |
20070174419 | O'Connell et al. | Jul 2007 | A1 |
20070192082 | Gaos et al. | Aug 2007 | A1 |
20070199000 | Shekhel et al. | Aug 2007 | A1 |
20070220009 | Morris et al. | Sep 2007 | A1 |
20070240160 | Paterson-Jones | Oct 2007 | A1 |
20070255604 | Seelig | Nov 2007 | A1 |
20080028409 | Cherkasova et al. | Jan 2008 | A1 |
20080052401 | Bugenhagen et al. | Feb 2008 | A1 |
20080052725 | Stoodley et al. | Feb 2008 | A1 |
20080082977 | Araujo et al. | Apr 2008 | A1 |
20080104247 | Venkatakrishnan et al. | May 2008 | A1 |
20080104608 | Hyser et al. | May 2008 | A1 |
20080126110 | Haeberle et al. | May 2008 | A1 |
20080126486 | Heist | May 2008 | A1 |
20080127125 | Anckaert et al. | May 2008 | A1 |
20080147893 | Marripudi et al. | Jun 2008 | A1 |
20080189468 | Schmidt et al. | Aug 2008 | A1 |
20080195369 | Duyanovich et al. | Aug 2008 | A1 |
20080201568 | Quinn et al. | Aug 2008 | A1 |
20080201711 | Amir Husain | Aug 2008 | A1 |
20080209423 | Hirai | Aug 2008 | A1 |
20090006897 | Sarsfield | Jan 2009 | A1 |
20090013153 | Hilton | Jan 2009 | A1 |
20090025009 | Brunswig et al. | Jan 2009 | A1 |
20090055810 | Kondur | Feb 2009 | A1 |
20090055829 | Gibson | Feb 2009 | A1 |
20090070355 | Cadarette et al. | Mar 2009 | A1 |
20090077569 | Appleton et al. | Mar 2009 | A1 |
20090125902 | Ghosh et al. | May 2009 | A1 |
20090158275 | Wang et al. | Jun 2009 | A1 |
20090177860 | Zhu et al. | Jul 2009 | A1 |
20090193410 | Arthursson et al. | Jul 2009 | A1 |
20090198769 | Keller et al. | Aug 2009 | A1 |
20090204960 | Ben-Yehuda et al. | Aug 2009 | A1 |
20090204964 | Foley et al. | Aug 2009 | A1 |
20090222922 | Sidiroglou et al. | Sep 2009 | A1 |
20090271472 | Scheifler et al. | Oct 2009 | A1 |
20090288084 | Astete et al. | Nov 2009 | A1 |
20090300599 | Piotrowski | Dec 2009 | A1 |
20100023940 | Iwamatsu et al. | Jan 2010 | A1 |
20100031274 | Sim-Tang | Feb 2010 | A1 |
20100031325 | Maigne et al. | Feb 2010 | A1 |
20100036925 | Haffner | Feb 2010 | A1 |
20100058342 | Machida | Mar 2010 | A1 |
20100058351 | Yahagi | Mar 2010 | A1 |
20100064299 | Kacin et al. | Mar 2010 | A1 |
20100070678 | Zhang et al. | Mar 2010 | A1 |
20100070725 | Prahlad et al. | Mar 2010 | A1 |
20100106926 | Kandasamy et al. | Apr 2010 | A1 |
20100114825 | Siddegowda | May 2010 | A1 |
20100115098 | De Baer et al. | May 2010 | A1 |
20100122343 | Ghosh | May 2010 | A1 |
20100131936 | Cheriton | May 2010 | A1 |
20100131959 | Spiers et al. | May 2010 | A1 |
20100186011 | Magenheimer | Jul 2010 | A1 |
20100198972 | Umbehocker | Aug 2010 | A1 |
20100199285 | Medovich | Aug 2010 | A1 |
20100257116 | Mehta et al. | Oct 2010 | A1 |
20100269109 | Cartales | Oct 2010 | A1 |
20100312871 | Desantis et al. | Dec 2010 | A1 |
20100325727 | Neystadt et al. | Dec 2010 | A1 |
20110010722 | Matsuyama | Jan 2011 | A1 |
20110029970 | Arasaratnam | Feb 2011 | A1 |
20110040812 | Phillips | Feb 2011 | A1 |
20110055378 | Ferris et al. | Mar 2011 | A1 |
20110055396 | DeHaan | Mar 2011 | A1 |
20110055683 | Jiang | Mar 2011 | A1 |
20110078679 | Bozek et al. | Mar 2011 | A1 |
20110099204 | Thaler | Apr 2011 | A1 |
20110099551 | Fahrig et al. | Apr 2011 | A1 |
20110131572 | Elyashev et al. | Jun 2011 | A1 |
20110134761 | Smith | Jun 2011 | A1 |
20110141124 | Halls et al. | Jun 2011 | A1 |
20110153727 | Li | Jun 2011 | A1 |
20110153838 | Belkine et al. | Jun 2011 | A1 |
20110154353 | Theroux et al. | Jun 2011 | A1 |
20110179162 | Mayo et al. | Jul 2011 | A1 |
20110184993 | Chawla et al. | Jul 2011 | A1 |
20110225277 | Freimuth et al. | Sep 2011 | A1 |
20110231680 | Padmanabhan et al. | Sep 2011 | A1 |
20110247005 | Benedetti et al. | Oct 2011 | A1 |
20110265164 | Lucovsky | Oct 2011 | A1 |
20110271276 | Ashok et al. | Nov 2011 | A1 |
20110276945 | Chasman et al. | Nov 2011 | A1 |
20110314465 | Smith et al. | Dec 2011 | A1 |
20110321033 | Kelkar et al. | Dec 2011 | A1 |
20120011496 | Shimamura | Jan 2012 | A1 |
20120011511 | Horvitz et al. | Jan 2012 | A1 |
20120016721 | Weinman | Jan 2012 | A1 |
20120041970 | Ghosh et al. | Feb 2012 | A1 |
20120054744 | Singh et al. | Mar 2012 | A1 |
20120072762 | Atchison et al. | Mar 2012 | A1 |
20120072914 | Ota | Mar 2012 | A1 |
20120079004 | Herman | Mar 2012 | A1 |
20120096271 | Ramarathinam et al. | Apr 2012 | A1 |
20120096468 | Chakravorty et al. | Apr 2012 | A1 |
20120102307 | Wong | Apr 2012 | A1 |
20120102333 | Wong | Apr 2012 | A1 |
20120102481 | Mani et al. | Apr 2012 | A1 |
20120110155 | Adlung et al. | May 2012 | A1 |
20120110164 | Frey et al. | May 2012 | A1 |
20120110570 | Jacobson et al. | May 2012 | A1 |
20120110588 | Bieswanger et al. | May 2012 | A1 |
20120131379 | Tameshige et al. | May 2012 | A1 |
20120144290 | Goldman et al. | Jun 2012 | A1 |
20120166624 | Suit et al. | Jun 2012 | A1 |
20120192184 | Burckart et al. | Jul 2012 | A1 |
20120197795 | Campbell et al. | Aug 2012 | A1 |
20120197958 | Nightingale et al. | Aug 2012 | A1 |
20120198442 | Kashyap et al. | Aug 2012 | A1 |
20120222038 | Katragadda et al. | Aug 2012 | A1 |
20120233464 | Miller et al. | Sep 2012 | A1 |
20120331113 | Jain et al. | Dec 2012 | A1 |
20130014101 | Ballani et al. | Jan 2013 | A1 |
20130042234 | DeLuca et al. | Feb 2013 | A1 |
20130054804 | Jana et al. | Feb 2013 | A1 |
20130054927 | Raj et al. | Feb 2013 | A1 |
20130055262 | Lubsey et al. | Feb 2013 | A1 |
20130061208 | Tsao et al. | Mar 2013 | A1 |
20130067494 | Srour et al. | Mar 2013 | A1 |
20130080641 | Lui et al. | Mar 2013 | A1 |
20130097601 | Podvratnik et al. | Apr 2013 | A1 |
20130111032 | Alapati et al. | May 2013 | A1 |
20130111469 | B et al. | May 2013 | A1 |
20130124466 | Naidu et al. | May 2013 | A1 |
20130124807 | Nielsen et al. | May 2013 | A1 |
20130132942 | Wang | May 2013 | A1 |
20130139152 | Chang et al. | May 2013 | A1 |
20130139166 | Zhang et al. | May 2013 | A1 |
20130151648 | Luna | Jun 2013 | A1 |
20130152047 | Moorthi et al. | Jun 2013 | A1 |
20130179574 | Calder et al. | Jul 2013 | A1 |
20130179881 | Calder et al. | Jul 2013 | A1 |
20130179894 | Calder et al. | Jul 2013 | A1 |
20130179895 | Calder et al. | Jul 2013 | A1 |
20130185719 | Kar et al. | Jul 2013 | A1 |
20130185729 | Vasic et al. | Jul 2013 | A1 |
20130191924 | Tedesco | Jul 2013 | A1 |
20130198319 | Shen et al. | Aug 2013 | A1 |
20130198743 | Kruglick | Aug 2013 | A1 |
20130198748 | Sharp et al. | Aug 2013 | A1 |
20130198763 | Kunze et al. | Aug 2013 | A1 |
20130205092 | Roy et al. | Aug 2013 | A1 |
20130219390 | Lee et al. | Aug 2013 | A1 |
20130227097 | Yasuda et al. | Aug 2013 | A1 |
20130227534 | Ike et al. | Aug 2013 | A1 |
20130227563 | McGrath | Aug 2013 | A1 |
20130227641 | White et al. | Aug 2013 | A1 |
20130227710 | Barak et al. | Aug 2013 | A1 |
20130232480 | Winterfeldt et al. | Sep 2013 | A1 |
20130239125 | Iorio | Sep 2013 | A1 |
20130246944 | Pandiyan et al. | Sep 2013 | A1 |
20130262556 | Xu et al. | Oct 2013 | A1 |
20130263117 | Konik et al. | Oct 2013 | A1 |
20130275376 | Hudlow et al. | Oct 2013 | A1 |
20130275958 | Ivanov et al. | Oct 2013 | A1 |
20130275969 | Dimitrov | Oct 2013 | A1 |
20130275975 | Masuda et al. | Oct 2013 | A1 |
20130283176 | Hoole et al. | Oct 2013 | A1 |
20130290538 | Gmach et al. | Oct 2013 | A1 |
20130291087 | Kailash et al. | Oct 2013 | A1 |
20130297964 | Hegdal et al. | Nov 2013 | A1 |
20130311650 | Brandwine et al. | Nov 2013 | A1 |
20130339950 | Ramarathinam et al. | Dec 2013 | A1 |
20130346946 | Pinnix | Dec 2013 | A1 |
20130346964 | Nobuoka et al. | Dec 2013 | A1 |
20130346987 | Raney et al. | Dec 2013 | A1 |
20130346994 | Chen et al. | Dec 2013 | A1 |
20130347095 | Barjatiya et al. | Dec 2013 | A1 |
20140007097 | Chin et al. | Jan 2014 | A1 |
20140019523 | Heymann et al. | Jan 2014 | A1 |
20140019735 | Menon et al. | Jan 2014 | A1 |
20140019965 | Neuse et al. | Jan 2014 | A1 |
20140019966 | Neuse et al. | Jan 2014 | A1 |
20140040343 | Nickolov et al. | Feb 2014 | A1 |
20140040857 | Trinchini et al. | Feb 2014 | A1 |
20140040880 | Brownlow et al. | Feb 2014 | A1 |
20140047261 | Patiejunas et al. | Feb 2014 | A1 |
20140059209 | Alnoor | Feb 2014 | A1 |
20140059226 | Messerli et al. | Feb 2014 | A1 |
20140059552 | Cunningham et al. | Feb 2014 | A1 |
20140068235 | Nightingale et al. | Mar 2014 | A1 |
20140068568 | Wisnovsky | Mar 2014 | A1 |
20140068611 | McGrath et al. | Mar 2014 | A1 |
20140081984 | Sitsky et al. | Mar 2014 | A1 |
20140082165 | Marr et al. | Mar 2014 | A1 |
20140082201 | Shankari et al. | Mar 2014 | A1 |
20140101649 | Kamble et al. | Apr 2014 | A1 |
20140108722 | Lipchuk et al. | Apr 2014 | A1 |
20140109087 | Jujare et al. | Apr 2014 | A1 |
20140109088 | Dournov et al. | Apr 2014 | A1 |
20140129667 | Ozawa | May 2014 | A1 |
20140130040 | Lemanski | May 2014 | A1 |
20140137110 | Engle et al. | May 2014 | A1 |
20140173614 | Konik et al. | Jun 2014 | A1 |
20140173616 | Bird et al. | Jun 2014 | A1 |
20140180862 | Certain et al. | Jun 2014 | A1 |
20140189677 | Curzi et al. | Jul 2014 | A1 |
20140201735 | Kannan et al. | Jul 2014 | A1 |
20140207912 | Thibeault | Jul 2014 | A1 |
20140215073 | Dow et al. | Jul 2014 | A1 |
20140229221 | Shih et al. | Aug 2014 | A1 |
20140245297 | Hackett | Aug 2014 | A1 |
20140279581 | Devereaux | Sep 2014 | A1 |
20140280325 | Krishnamurthy et al. | Sep 2014 | A1 |
20140282615 | Cavage et al. | Sep 2014 | A1 |
20140282629 | Gupta et al. | Sep 2014 | A1 |
20140283045 | Brandwine et al. | Sep 2014 | A1 |
20140289286 | Gusak | Sep 2014 | A1 |
20140298295 | Overbeck | Oct 2014 | A1 |
20140304698 | Chigurapati et al. | Oct 2014 | A1 |
20140304815 | Maeda | Oct 2014 | A1 |
20140317617 | O'Donnell | Oct 2014 | A1 |
20140344457 | Bruno, Jr. et al. | Nov 2014 | A1 |
20140344736 | Ryman et al. | Nov 2014 | A1 |
20140380085 | Rash et al. | Dec 2014 | A1 |
20150033241 | Jackson et al. | Jan 2015 | A1 |
20150039891 | Ignatchenko et al. | Feb 2015 | A1 |
20150040229 | Chan et al. | Feb 2015 | A1 |
20150046926 | Kenchammana-Hosekote et al. | Feb 2015 | A1 |
20150052258 | Johnson et al. | Feb 2015 | A1 |
20150058914 | Yadav | Feb 2015 | A1 |
20150067830 | Johansson et al. | Mar 2015 | A1 |
20150074659 | Madsen et al. | Mar 2015 | A1 |
20150081885 | Thomas et al. | Mar 2015 | A1 |
20150106805 | Melander et al. | Apr 2015 | A1 |
20150120928 | Gummaraju et al. | Apr 2015 | A1 |
20150134626 | Theimer et al. | May 2015 | A1 |
20150135287 | Medeiros et al. | May 2015 | A1 |
20150142952 | Bragstad et al. | May 2015 | A1 |
20150143381 | Chin et al. | May 2015 | A1 |
20150178110 | Li et al. | Jun 2015 | A1 |
20150186129 | Apte et al. | Jul 2015 | A1 |
20150188775 | Van Der Walt et al. | Jul 2015 | A1 |
20150199218 | Wilson et al. | Jul 2015 | A1 |
20150205596 | Hiltegen et al. | Jul 2015 | A1 |
20150227598 | Hahn et al. | Aug 2015 | A1 |
20150235144 | Gusev et al. | Aug 2015 | A1 |
20150242225 | Muller et al. | Aug 2015 | A1 |
20150254248 | Burns et al. | Sep 2015 | A1 |
20150256621 | Noda et al. | Sep 2015 | A1 |
20150261578 | Greden et al. | Sep 2015 | A1 |
20150289220 | Kim et al. | Oct 2015 | A1 |
20150309923 | Iwata et al. | Oct 2015 | A1 |
20150319160 | Ferguson et al. | Nov 2015 | A1 |
20150332048 | Mooring et al. | Nov 2015 | A1 |
20150350701 | Lemus et al. | Dec 2015 | A1 |
20150356294 | Tan et al. | Dec 2015 | A1 |
20150363181 | Alberti et al. | Dec 2015 | A1 |
20150370560 | Tan et al. | Dec 2015 | A1 |
20150371244 | Neuse et al. | Dec 2015 | A1 |
20150378762 | Saladi et al. | Dec 2015 | A1 |
20150378764 | Sivasubramanian et al. | Dec 2015 | A1 |
20150378765 | Singh et al. | Dec 2015 | A1 |
20150379167 | Griffith et al. | Dec 2015 | A1 |
20160012099 | Tuatini et al. | Jan 2016 | A1 |
20160019536 | Ortiz et al. | Jan 2016 | A1 |
20160026486 | Abdallah | Jan 2016 | A1 |
20160048606 | Rubinstein et al. | Feb 2016 | A1 |
20160072727 | Leafe et al. | Mar 2016 | A1 |
20160077901 | Roth et al. | Mar 2016 | A1 |
20160098285 | Davis et al. | Apr 2016 | A1 |
20160100036 | Lo et al. | Apr 2016 | A1 |
20160117254 | Susarla et al. | Apr 2016 | A1 |
20160124665 | Jain et al. | May 2016 | A1 |
20160140180 | Park et al. | May 2016 | A1 |
20160191420 | Nagarajan et al. | Jun 2016 | A1 |
20160285906 | Fine et al. | Sep 2016 | A1 |
20160292016 | Bussard et al. | Oct 2016 | A1 |
20160294614 | Searle et al. | Oct 2016 | A1 |
20160306613 | Busi et al. | Oct 2016 | A1 |
20160350099 | Suparna et al. | Dec 2016 | A1 |
20160357536 | Firlik et al. | Dec 2016 | A1 |
20160364265 | Cao et al. | Dec 2016 | A1 |
20160371127 | Antony et al. | Dec 2016 | A1 |
20160371156 | Merriman | Dec 2016 | A1 |
20160378449 | Khazanchi et al. | Dec 2016 | A1 |
20160378554 | Gummaraju et al. | Dec 2016 | A1 |
20170041309 | Ekambaram et al. | Feb 2017 | A1 |
20170060621 | Whipple et al. | Mar 2017 | A1 |
20170068574 | Cherkasova et al. | Mar 2017 | A1 |
20170075749 | Ambichl et al. | Mar 2017 | A1 |
20170083381 | Cong et al. | Mar 2017 | A1 |
20170085447 | Chen et al. | Mar 2017 | A1 |
20170085591 | Ganda et al. | Mar 2017 | A1 |
20170093684 | Jayaraman et al. | Mar 2017 | A1 |
20170093920 | Ducatel et al. | Mar 2017 | A1 |
20170230499 | Mumick et al. | Aug 2017 | A1 |
20170272462 | Kraemer et al. | Sep 2017 | A1 |
20170286143 | Wagner et al. | Oct 2017 | A1 |
20170357940 | Radhakrishnan | Dec 2017 | A1 |
20170371724 | Wagner et al. | Dec 2017 | A1 |
20180046453 | Nair et al. | Feb 2018 | A1 |
20180046482 | Karve et al. | Feb 2018 | A1 |
20180060221 | Yim et al. | Mar 2018 | A1 |
20180067841 | Mahimkar | Mar 2018 | A1 |
20180121245 | Wagner et al. | May 2018 | A1 |
20180143865 | Wagner et al. | May 2018 | A1 |
20180176187 | Davis | Jun 2018 | A1 |
20180176192 | Davis | Jun 2018 | A1 |
20180176193 | Davis | Jun 2018 | A1 |
20180225230 | Litichever et al. | Aug 2018 | A1 |
20180246903 | Frerking et al. | Aug 2018 | A1 |
20180253333 | Gupta | Sep 2018 | A1 |
20180262533 | McCaig et al. | Sep 2018 | A1 |
20180275987 | Vandeputte | Sep 2018 | A1 |
20180285591 | Thayer | Oct 2018 | A1 |
20180295134 | Gupta et al. | Oct 2018 | A1 |
20180309819 | Thompson | Oct 2018 | A1 |
20190028552 | Johnson, II et al. | Jan 2019 | A1 |
20190034363 | Palermo et al. | Jan 2019 | A1 |
20190072529 | Andrawes et al. | Mar 2019 | A1 |
20190102231 | Wagner | Apr 2019 | A1 |
20190108058 | Wagner et al. | Apr 2019 | A1 |
20190149320 | Keselman | May 2019 | A1 |
20190155629 | Wagner et al. | May 2019 | A1 |
20190171470 | Wagner | Jun 2019 | A1 |
20190196884 | Wagner | Jun 2019 | A1 |
20190227849 | Wisniewski et al. | Jul 2019 | A1 |
20190384647 | Reque et al. | Dec 2019 | A1 |
20190391834 | Mullen et al. | Dec 2019 | A1 |
20190391841 | Mullen et al. | Dec 2019 | A1 |
20200057680 | Marriner et al. | Feb 2020 | A1 |
20200104198 | Hussels et al. | Apr 2020 | A1 |
20200104378 | Wagner et al. | Apr 2020 | A1 |
Number | Date | Country |
---|---|---|
2663052 | Nov 2013 | EP |
2002287974 | Oct 2002 | JP |
2006-107599 | Apr 2006 | JP |
2007-538323 | Dec 2007 | JP |
2010-026562 | Feb 2010 | JP |
2011-233146 | Nov 2011 | JP |
2011257847 | Dec 2011 | JP |
2013-156996 | Aug 2013 | JP |
2014-525624 | Sep 2014 | JP |
2017-534107 | Nov 2017 | JP |
2017-534967 | Nov 2017 | JP |
2018-503896 | Feb 2018 | JP |
2018-512087 | May 2018 | JP |
2018-536213 | Dec 2018 | JP |
WO 2008114454 | Sep 2008 | WO |
WO 2009137567 | Nov 2009 | WO |
WO 2012039834 | Mar 2012 | WO |
WO 2012050772 | Apr 2012 | WO |
WO 2013106257 | Jul 2013 | WO |
WO 2015078394 | Jun 2015 | WO |
WO 2015108539 | Jul 2015 | WO |
WO 2016053950 | Apr 2016 | WO |
WO 2016053968 | Apr 2016 | WO |
WO 2016053973 | Apr 2016 | WO |
WO 2016090292 | Jun 2016 | WO |
WO 2016126731 | Aug 2016 | WO |
WO 2016164633 | Oct 2016 | WO |
WO 2016164638 | Oct 2016 | WO |
WO 2017059248 | Apr 2017 | WO |
WO 2017112526 | Jun 2017 | WO |
WO 2017172440 | Oct 2017 | WO |
WO 2020005764 | Jan 2020 | WO |
WO 2020069104 | Apr 2020 | WO |
Entry |
---|
Anonymous: “Docker run reference”, Dec. 7, 2015, XP055350246, Retrieved from the Internet: URL:https://web.archive.org/web/20151207111702/https:/docs.docker.com/engine/reference/run/ [retrieved on Feb. 28, 2017]. |
Adapter Pattern, Wikipedia, https://en.wikipedia.org/w/index.php?title=Adapter_pattern&oldid=654971255, [retrieved May 26, 2016], 6 pages. |
Amazon, “AWS Lambda: Developer Guide”, Retrieved from the Internet, Jun. 26, 2016, URL : http://docs.aws.amazon.com/lambda/_latest/dg/lambda-dg.pdf, 346 pages. |
Amazon, “AWS Lambda: Developer Guide”, Retrieved from the Internet, 2019, URL : http://docs.aws.amazon.com/lambda/_latest/dg/lambda-dg.pdf, 521 pages. |
Balazinska et al., Moirae: History-Enhanced Monitoring, Published: 2007, 12 pages. |
Ben-Yehuda et al., “Deconstructing Amazon EC2 Spot Instance Pricing”, ACM Transactions on Economics and Computation 1.3, 2013, 15 pages. |
Bhadani et al., Performance evaluation of web servers using central load balancing policy over virtual machines on cloud, Jan. 2010, 4 pages. |
CodeChef ADMIN discussion web page, retrieved from https://discuss.codechef.com/t/what-are-the-memory-limit-and-stack-size-on-codechef/14159, 2019. |
CodeChef IDE web page, Code, Compile & Run, retrieved from https://www.codechef.com/ide, 2019. |
Czajkowski, G., and L. Daynes, Multitasking Without Compromise: A Virtual Machine Evolution 47(4a):60-73, ACM SIGPLAN Notices—Supplemental Issue, Apr. 2012. |
Das et al., Adaptive Stream Processing using Dynamic Batch Sizing, 2014, 13 pages. |
Deis, Container, 2014, 1 page. |
Dombrowski, M., et al., Dynamic Monitor Allocation in the Java Virtual Machine, JTRES '13, Oct. 9-11, 2013, pp. 30-37. |
Dynamic HTML, Wikipedia page from date Mar. 27, 2015, retrieved using the WayBackMachine, from https://web.archive.org/web/20150327215418/https://en.wikipedia.org/wiki/Dynamic_HTML, 2015, 6 pages. |
Espadas, J., et al., A Tenant-Based Resource Allocation Model for Scaling Software-as-a-Service Applications Over Cloud Computing Infrastructures, Future Generation Computer Systems, vol. 29, pp. 273-286, 2013. |
Han et al., Lightweight Resource Scaling for Cloud Applications, 2012, 8 pages. |
Hoffman, Auto scaling your website with Amazon Web Services (AWS)—Part 2, Cardinalpath, Sep. 2015, 15 pages. |
http://discuss.codechef.com discussion web page from date Nov. 11, 2012, retrieved using the WayBackMachine, from https://web.archive.org/web/20121111040051/http://discuss.codechef.com/questions/2881 /why-are-simple-java-programs-using-up-so-much-space, 2012. |
https://www.codechef.com code error help page from Jan. 2014, retrieved from https://www.codechef.com/JAN14/status/ERROR,va123, 2014. |
http://www.codechef.com/ide web page from date Apr. 5, 2015, retrieved using the WayBackMachine, from https://web.archive.org/web/20150405045518/http://www.codechef.com/ide, 2015. |
Kamga et al., Extended scheduler for efficient frequency scaling in virtualized systems, Jul. 2012, 8 pages. |
Kato, et al. “Web Service Conversion Architecture of the Web Application and Evaluation”; Research Report from Information Processing Society, Apr. 3, 2006 with Machine Translation. |
Kazempour et al., AASH: an asymmetry-aware scheduler for hypervisors, Jul. 2010, 12 pages. |
Kraft et al., 10 performance prediction in consolidated virtualized environments, Mar. 2011, 12 pages. |
Krsul et al., “VMPlants: Providing and Managing Virtual Machine Execution Environments for Grid Computing”, Supercomputing, 2004. Proceedings of the ACM/IEEESC 2004 Conference Pittsburgh, PA, XP010780332, Nov. 6-12, 2004, 12 pages. |
Meng et al., Efficient resource provisioning in compute clouds via VM multiplexing, Jun. 2010, 10 pages. |
Merkel, “Docker: Lightweight Linux Containers for Consistent Development and Deployment”, Linux Journal, vol. 2014 Issue 239, Mar. 2014, XP055171140, 16 pages. |
Monteil, Coupling profile and historical methods to predict execution time of parallel applications. Parallel and Cloud Computing, 2013, <hal-01228236, pp. 81-89. |
Nakajima, J., et al., Optimizing Virtual Machines Using Hybrid Virtualization, SAC '11, Mar. 21-25, 2011, TaiChung, Taiwan, pp. 573-578. |
Qian, H., and D. Medhi, et al., Estimating Optimal Cost of Allocating Virtualized Resources With Dynamic Demand, ITC 2011, Sep. 2011, pp. 320-321. |
Sakamoto, et al. “Platform for Web Services using Proxy Server”; Research Report from Information Processing Society, Mar. 22, 2002, vol. 2002, No. 31. |
Shim (computing), Wikipedia, https://en.wikipedia.org/w/index.php?title+Shim_(computing)&oldid+654971528, [retrieved on May 26, 2016], 2 pages. |
Stack Overflow, Creating a database connection pool, 2009, 4 pages. |
Tan et al., Provisioning for large scale cloud computing services, Jun. 2012, 2 pages. |
Vaghani, S.B., Virtual Machine File System, ACM SIGOPS Operating Systems Review 44(4):57-70, Dec. 2010. |
Vaquero, L., et al., Dynamically Scaling Applications in the cloud, ACM SIGCOMM Computer Communication Review 41(1):45-52, Jan. 2011. |
Wang et al., “Improving utilization through dynamic VM resource allocation in hybrid cloud environment”, Parallel and Distributed V Systems (ICPADS), IEEE, 2014. Retrieved on Feb. 14, 2019, Retrieved from the internet: URL<https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097814, 8 pages. |
Wikipedia “API” pages from date Apr. 7, 2015, retrieved using the WayBackMachine from https://web.archive.org/web/20150407191158/https://en .wikipedia.org/wiki/Application_programming_interface. |
Wikipedia List_of_HTTP status_codes web page, retrieved from https://en.wikipedia.org/wiki/List_of_HTTP status_codes, 2019. |
Wikipedia Recursion web page from date Mar. 26, 2015, retrieved using the WayBackMachine, from https://web.archive.org/web/20150326230100/https://en.wikipedia.org/wiki/Recursion_(computer _science), 2015. |
Wikipedia subroutine web page, retrieved from https://en.wikipedia.org/wiki/Subroutine, 2019. |
Wu et al., HC-Midware: A Middleware to Enable High Performance Communication System Simulation in Heterogeneous Cloud, Association for Computing Machinery, Oct. 20-22, 2017, 10 pages. |
Yamasaki et al. “Model-based resource selection for efficient virtual cluster deployment”, Virtualization Technology in Distributed Computing, ACM, Nov. 2007, pp. 1-7. |
Yue et al., AC 2012-4107: Using Amazon EC2 in Computer and Network Security Lab Exercises: Design, Results, and Analysis, 2012, American Society for Engineering Education 2012. |
Zheng, C., and D. Thain, Integrating Containers into Workflows: A Case Study Using Makeflow, Work Queue, and Docker, VTDC '15, Jun. 15, 2015, Portland, Oregon, pp. 31-38. |
Number | Date | Country | |
---|---|---|---|
20210097202 A1 | Apr 2021 | US |