Networks interconnecting large numbers of compute resources have become ubiquitous. Data centers, for example, have been created in which thousands of servers are housed and maintained. In some cases, service providers have large networks of servers, storage devices and other support infrastructure for use by their customers, thereby alleviating the customers from having to own and operate their own hardware. Customers of the service provider can interact with the service provider's network through applications programming interfaces (APIs) or a graphical user interface or other interfacing modality to create and manage virtual machine instances on which the customers can load their own customer-specific applications.
The advent of virtualization technologies for commodity hardware advantageously permits the service provider to create “virtual machine instances” on the physical computers and permit customers exclusive use of such instances. To the customer, the virtual machine instance is accessible in much the same as a physical computer. Virtualization technologies such as the use of hypervisors enable multiple virtual machine instances to be executed on a common server computer. It is even possible that one server computer can execute virtual machine instances belonging to disparate customers.
The possibility that different customers' virtual machine instances may be launched on the same physical server computer may create security worries on behalf of the customers. However, the virtualization technologies are such that each virtual machine instance can be logically isolated from another virtual machine instances running on the same physical server computer. Thus, the possibility for data leakage or other kinds of cross-contamination between virtual machine instances can be reduced nearly to zero. Nevertheless, no software is provably free of all flaws, so security concerns may remain.