Invented by Shah; Amit, Amazon Technologies, Inc.

Today, we’re exploring a patent application that could change how cloud computing services deliver and update operating systems. This invention uses shared, read-only block storage so cloud providers can distribute OS images and updates to many virtual computers at once. In this post, we break down the context, the science behind it, and the details of the invention—so anyone, even without a tech background, can understand why it matters and how it works.

Background and Market Context

The way people use computers has changed a lot in the last few decades. In the past, companies had to buy their own servers and storage. These were expensive, took up space, and were hard to change if the company suddenly needed more or less computing power. If a business guessed wrong about how much they would need in the future, they could end up wasting money.

Virtualization and cloud computing changed all of this. With cloud services, you can rent as much or as little computing power as you need, only when you need it. You can get more space or faster computers almost instantly just by asking your cloud provider. This has made it easier for companies, big and small, to use technology without huge up-front costs or long waits.

But there’s still one big challenge: keeping the systems that run these virtual computers up to date. When you start a new virtual computer in the cloud, it needs an operating system, like Windows or Linux. When there’s a new version or a security patch, every virtual computer needs the update. If every virtual computer had its own copy of the operating system, that would waste a lot of storage space, and copying updates to every computer would take time and use up bandwidth.

Cloud providers want to be able to give users clean, safe, and up-to-date operating systems as quickly as possible, across many computers at once, without wasting resources. They also want to keep these systems safe from hackers and viruses. This is where the new patent comes in. It presents a way for many virtual computers to share the same “read-only” copy of the operating system, so they all get the same, safe, and up-to-date software, but don’t need separate copies. This saves space, makes updates faster, and helps keep things secure.

As more businesses move their work to the cloud, and as more people work from anywhere using virtual computers, solutions like this are becoming even more important. The ability to roll out updates quickly, securely, and at scale can help companies respond to new threats and needs without missing a beat. The market for cloud computing is already huge and growing, so improvements in core infrastructure like this can have far-reaching effects.

Scientific Rationale and Prior Art

Before this invention, the common way to install or update an operating system in the cloud was to give each virtual machine its own copy of the OS. Every time you made a new virtual machine, the provider would copy the whole operating system image to a storage area attached just to that machine. If you needed to update the OS, the provider would either update each copy one by one, or give each machine a new copy of the updated OS. For big cloud providers with thousands or millions of virtual computers, this is a huge job that uses a lot of storage and network bandwidth.

Some cloud providers tried to speed things up by using “snapshots” or “templates.” These are master copies of a system image that can be cloned to make new virtual machines. But even with this approach, every virtual machine still gets its own private copy, and updates still need to be copied to every machine’s storage. This means that if you have 1000 virtual computers, and the OS image is 4GB, you need 4 terabytes of storage just for those OS images, and you have to move 4GB for every new machine or update.

There were also attempts to use shared storage, where many machines could read from a common disk. But these solutions often allowed both reading and writing, which made them risky: if one machine got infected with a virus or was hacked, it could change the shared OS image for everyone. That could spread malware or break computers all over the cloud. Security experts raised real concerns about letting many machines write to a shared disk.

This led to a need for a better solution. The ideal answer would be to let many virtual computers share a single, safe, read-only copy of the operating system. This would save space and make updates fast, because you’d only have to store and copy the OS once. But each computer still needs somewhere to save its own settings and logs, since every computer is unique in how it’s used. So the system must let each machine write its own data somewhere private, while sharing the main OS files with everyone else.

There were also technical challenges. Cloud computing systems use block storage, which acts like a virtual hard drive. These storage blocks can be attached to virtual computers, and some systems let you attach the same block to more than one computer at a time (multi-attach). But making this safe, fast, and easy to update for operating systems wasn’t solved fully in the prior art. The need to balance speed, safety, and efficiency led directly to the approach in this patent.

Invention Description and Key Innovations

The patent we’re looking at describes a way for cloud providers to use shared, read-only block storage volumes to distribute operating systems and updates to many virtual computers at once. Here’s how it works, in simple terms:

First, the cloud provider makes a special storage volume that contains the base operating system. This storage is marked as “read-only” and “multi-attach,” which means many computers can read from it at once, but nobody can change it. When a user creates a new virtual computer, or when an update needs to be installed, this shared volume is attached to all the virtual machines at the same time.

When the virtual machines start up or get updated, they read the OS files from the shared volume. But when the system needs to write something—like settings, logs, or installation-specific data—it writes to a private, writable volume that only that virtual computer can access. This keeps each computer’s private data separate, and means that one machine can’t mess up the OS files for all the others.

This setup brings several big benefits:

First, it saves a huge amount of storage space. Instead of keeping a separate 4GB copy of the OS for every virtual machine, you only need one copy, no matter how many computers are running. If you have 100 computers, you only use 4GB, not 400GB. If you have 1000, you still only use 4GB. This is a massive efficiency gain, especially for big cloud providers.

Second, it makes updates faster and safer. When a new version of the operating system is ready, the cloud provider just swaps out the shared read-only volume with the new one. All the attached virtual computers will see the updated OS files the next time they start up or check for updates. Because the shared volume is read-only, it can’t be tampered with by malware or hackers running on any of the virtual machines. This greatly improves security, because nobody can slip a virus or backdoor into the OS image that everyone uses.

The system is also very flexible. It can use separate shared volumes for “add-ons” or extra features. For example, one volume might have the base version of Linux, another might have special drivers or software for a certain workload. This way, each virtual computer only attaches the volumes it needs, so you don’t waste space or bandwidth on features you’re not using. If a user asks for help pages or debug tools, those can be attached as extra shared volumes only when needed, further saving space and reducing clutter.

Another key part of the invention is how it manages updates and writes. A special agent can run on each virtual computer to make sure that all read requests go to the shared, read-only volume, while all write requests go to the private, writable volume. This agent can be built into the operating system or run as a separate helper program, making it easy to add this technology to many types of systems.

The patent also describes ways to make the system even more reliable and fast. For example, the shared volumes can be copied to different “availability zones” or data centers, so computers in different parts of the world can get quick access without being slowed down by network delays. The provider can also decide how many backup copies (replicas) of each volume to keep, balancing durability with storage costs. For read-only OS volumes, it’s easy to rebuild them from a master copy if something goes wrong, so you might use fewer backups to save space.

Finally, the system tracks which computers are attached to which volumes, and manages who can read or write, using secure control planes and membership groups. This helps keep everything organized, safe, and running smoothly, even as computers come and go or as failures happen in the data center.

In short, this invention lets cloud providers deliver operating systems and updates to huge numbers of virtual computers in a way that is fast, safe, efficient, and flexible. It addresses real problems seen in the cloud every day, and offers a practical solution that can be built with current technology.

Conclusion

The patent we’ve discussed presents a clever and much-needed answer to the challenge of distributing operating systems in cloud environments. By allowing many virtual computers to share a single, read-only copy of the OS, while keeping each machine’s private data separate, the system saves storage, improves security, and makes updates fast and easy. It also provides flexibility for add-ons and special features, and can scale across different data centers and workloads.

For businesses and users, this means faster deployments, lower costs, and more confidence in the safety and consistency of their cloud resources. For cloud providers, it means a more efficient, secure, and manageable way to serve their customers, even as demand continues to grow. As more of the world’s computing power moves into the cloud, innovations like this will become increasingly important for keeping systems modern, safe, and scalable.

Whether you’re a cloud architect, developer, or just curious about how the technology behind the world’s biggest data centers keeps evolving, this patent gives a window into the future of operating system management—a future where efficiency and security go hand in hand.

Click here https://ppubs.uspto.gov/pubwebapp/ and search 20250217057.