公开(公告)号：US10592353B2

公开(公告)日：2020-03-17

申请号：US15634796

申请日：2017-06-27

Applicant: salesforce.com, inc.

Inventor： Jameison Bear Martin ,  Nathaniel Wyatt ,  Patrick James Helland ,  Thomas Fanghaenel ,  Terry Chong ,  Subho Sanjay Chatterjee

IPC: G06F11/00 ,  G06F11/14 ,  G06F16/21

Abstract: Systems and methods are provided for performing a point-in-time restore of data of a first tenant of a multitenanted database system. Metadata can be located to identify an archival version of first data of the first tenant stored in immutable storage of the database system. The archival version includes a most recently committed version of each datum prior to a first point in time. By using the metadata, a restore reference set is mapped into a target database instance of the database system. The mapping can be performed when all existing data for a tenant is to be the archival version, and where versions of data and records committed after the point in time are not available to the target database instance.

公开(公告)号：US20230141205A1

公开(公告)日：2023-05-11

申请号：US18145181

申请日：2022-12-22

Applicant: salesforce.com, inc.

Inventor： Rohit Agrawal ,  Aditya Shetty ,  Kaushal Mittal ,  Terry Chong ,  Thomas Fanghaenel ,  Vaibhav Arora

IPC: G06F16/21 ,  G06F16/22

CPC classification number: G06F16/214 ,  G06F16/2246 ,  G06F21/6227

Abstract: Techniques are disclosed relating to merge operations for multi-level data structures, such as log-structured merge-trees (LSM trees). A computer system may store, in a database, a plurality of files as part of an LSM tree and a plurality of database key structures. A given one of the plurality of database key structures may indicate, for a corresponding one of the plurality of files, a set of key ranges derived from database records that are included in the corresponding file. The computer system may determine, using ones of the plurality of database key structures, a key range overlap that is indicative of an extent of overlap of key ranges from a set of the plurality of files with respect to a particular key range. Based on the determined key range overlap, the computer system may assign a priority level to a merge operation that involves the set of files.

公开(公告)号：US11483150B2

公开(公告)日：2022-10-25

申请号：US16889285

申请日：2020-06-01

Applicant: salesforce.com, inc.

Inventor： Dhanashree Kashid ,  Raghavendran Hanumantharau ,  Terry Chong ,  Andrew Stewart Tucker ,  Vadiraj Govardhan Hosur

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/60 ,  G06F21/62 ,  H04L9/14

Abstract: Disclosed techniques relate to storing a key cache within a secure enclave. In some embodiments, a computing system receives, from an application, a request to access a database, where the request is associated with a particular account. The computing system then accesses, using an identifier associated with the particular account, a key cache stored in a secure enclave of a memory of the computing system to determine at least one private key associated with the request, where the key cache stores private keys of a key management system (KMS) for a plurality of accounts. The computing system performs a cryptographic operation for accessing the database within the secure enclave using the at least one private key. In various embodiments, disclosed techniques may improve the security of cryptographic private keys cached for a plurality of tenants.

公开(公告)号：US20220245113A1

公开(公告)日：2022-08-04

申请号：US17162882

申请日：2021-01-29

Applicant: salesforce.com, inc.

Inventor： Rohit Agrawal ,  Aditya Shetty ,  Kaushal Mittal ,  Terry Chong ,  Thomas Fanghaenel ,  Vaibhav Arora

IPC: G06F16/22

Abstract: Techniques are disclosed relating to index metadata that is usable for accessing multi-level data structures. A computer system may operate a database, including maintaining a set of records having a set of corresponding keys. The computer system may create multi-level data structures that facilitate key range lookups against those records. A given multi-level data structure may store key information indicative of a subset of the corresponding keys. The computer system may create separate index metadata that is usable for accessing the multi-level data structures. The index metadata may specify indications of key information that is stored in the multi-level data structures and locations of the multi-level data structures. The computer system may perform a key range lookup that includes using the index metadata to determine a particular set of the multi-level data structures whose key information corresponds to a key range of the key range lookup.

公开(公告)号：US20220121766A1

公开(公告)日：2022-04-21

申请号：US17562387

申请日：2021-12-27

Applicant: salesforce.com, inc.

Inventor： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben Gur ,  William Charles Mortimore, JR.

IPC: G06F21/62 ,  G06F16/2455 ,  G06F21/60 ,  H04L9/08

Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

公开(公告)号：US20210328789A1

公开(公告)日：2021-10-21

申请号：US16849401

申请日：2020-04-15

Applicant: salesforce.com, inc.

Inventor： Vadiraj Govardhan Hosur ,  Andrew Tucker ,  Terry Chong ,  Raghavendran Hanumantharau ,  Dhanashree Kashid ,  Scott Daniel Wisniewski ,  Prithviraj Vasanth ,  Pranesh Radhakrishnan

IPC: H04L9/08 ,  G06F21/60 ,  G06F21/62

Abstract: Disclosed techniques relate to caching tenant encryption keys for a multi-tenant database. In some embodiments, a computing system encrypts data for a database in a multi-tenant database system using encryption keys assigned to respective tenants that are using the database. The computing system may store the encryption keys in a cache and, in response to a key rotation request for a first tenant, invalidate an entry in the cache for the first encryption key of the first tenant. The computing system may block writes for the first tenant until a new key is cached (e.g., based on retrieval from a key management system). In various embodiments, disclosed techniques may reduce encryption latency.

公开(公告)号：US20210073189A1

公开(公告)日：2021-03-11

申请号：US16950086

申请日：2020-11-17

Applicant: salesforce.com, inc.

Inventor： Jameison Bear Martin ,  Nathaniel Wyatt ,  Gary J. Baker ,  Thomas Fanghaenel ,  Terry Chong

IPC: G06F16/21 ,  G06F16/22

Abstract: Systems and methods are provided for migrating a tenant of a database system from a source database instance to a destination database instance. The systems and methods include quiescing the tenant data of the tenant to be migrated from the source database instance to the destination database instance so that no new data is written to the storage of the database system associated with the tenant identifier at the source database instance, transmitting metadata of the tenant to be migrated from the source database instance to the destination database instance, and modifying, at the destination database instance, the metadata of the tenant so that the destination database instance has information to point to groupings of data in the storage for the destination database to access the tenant data.

公开(公告)号：US12019610B2

公开(公告)日：2024-06-25

申请号：US17458591

申请日：2021-08-27

Applicant: salesforce.com, inc.

Inventor： Vaibhav Arora ,  Terry Chong ,  Thomas Fanghaenel

IPC: G06F16/23 ,  G06F12/02 ,  G06F12/0815 ,  G06F16/22 ,  G06F16/2455

CPC classification number: G06F16/2358 ,  G06F12/0269 ,  G06F12/0815 ,  G06F16/2282 ,  G06F16/2308 ,  G06F16/24552

Abstract: Techniques are disclosed relating to truncating a tenant's data from a table. A database node may maintain a multi-tenant table having records for tenants. Maintaining the table may include writing a record for a tenant into an in-memory cache and performing a flush operation to flush the record to a shared storage. The database node may write a truncate record into the in-memory cache that truncates a tenant from the table such that records of the tenant having a timestamp indicating a time before the truncate record cannot be accessed as part of a record query. While the truncate record remains in the in-memory cache, the database node may receive a request to perform a record query for a key of the tenant, make a determination on whether a record was committed for the key after the truncate record was committed, and return a response based on the determination.

公开(公告)号：US11537569B2

公开(公告)日：2022-12-27

申请号：US17009605

申请日：2020-09-01

Applicant: salesforce.com, inc.

Inventor： Rohit Agrawal ,  Aditya Shetty ,  Kaushal Mittal ,  Terry Chong ,  Thomas Fanghaenel ,  Vaibhav Arora

IPC: G06F16/22 ,  G06F16/21 ,  G06F21/62

Abstract: Techniques are disclosed relating to merge operations for multi-level data structures, such as log-structured merge-trees (LSM trees). A computer system may store, in a database, a plurality of files as part of an LSM tree and a plurality of database key structures. A given one of the plurality of database key structures may indicate, for a corresponding one of the plurality of files, a set of key ranges derived from database records that are included in the corresponding file. The computer system may determine, using ones of the plurality of database key structures, a key range overlap that is indicative of an extent of overlap of key ranges from a set of the plurality of files with respect to a particular key range. Based on the determined key range overlap, the computer system may assign a priority level to a merge operation that involves the set of files.

公开(公告)号：US11099771B2

公开(公告)日：2021-08-24

申请号：US16139717

申请日：2018-09-24

Applicant: salesforce.com, inc.

Inventor： Thomas Fanghaenel ,  Terry Chong ,  Jameison Bear Martin

IPC: G06F16/00 ,  G06F3/06 ,  G06F16/215 ,  G06F16/30

Abstract: A method of deleting tombstones early includes setting an initial-flag in a first record in the storage system, setting a delete-flag in a second record in the storage system, selecting a set of one or more records in the storage system to be written to an extent of the storage system in a merge operation, each of the one or more records being associated with the first key, and performing the merge operation, wherein the second record is not written to the extent during the merge operation based at least in part on a determination that the first record having the initial-flag set is the oldest record in the set and the second record having the delete-flag set is the newest record in the set.