公开(公告)号：US12124413B2

公开(公告)日：2024-10-22

申请号：US17708284

申请日：2022-03-30

Applicant: NetApp, Inc.

Inventor： Ritika ,  Jagadish Vasudeva ,  Vani Vully ,  Raj Kamal ,  Deepak Dangi ,  Parag Deshmukh

IPC: G06F16/174 ,  G06F3/06

CPC classification number: G06F16/1744 ,  G06F3/0613 ,  G06F3/064 ,  G06F3/0665 ,  G06F3/0689

Abstract: Systems and methods for reducing read application in a virtual storage system are provided. According to one embodiment, heuristic data may be tracked and utilized in real-time by a file system of the virtual storage system at the level of granularity of a volume, thereby allowing a fast path flag to be enabled/disabled at a volume level during various phases of operation of a workload. The heuristic data for a given volume may be indicative of a correlation between (i) data blocks stored on the given volume being located within a compressible zone of a zoned checksum scheme and (ii) the respective data blocks containing compressed data and a corresponding checksum. Based on the heuristic data, read requests may be selectively directed to the read path (e.g., a fast path or a slow path) expected to mitigate read amplification when data compression is enabled for a zoned checksum scheme.

公开(公告)号：US11662930B2

公开(公告)日：2023-05-30

申请号：US17676342

申请日：2022-02-21

Applicant: NetApp Inc.

Inventor： Srinivasan Narayanamurthy ,  Dnyaneshwar Nagorao Pawar ,  Jagadish Vasudeva ,  Parag Deshmukh ,  Siddhartha Nandi

IPC: G06F3/06 ,  H04L9/08

CPC classification number: G06F3/0641 ,  G06F3/067 ,  G06F3/0608 ,  H04L9/0838 ,  H04L9/0891

Abstract: Techniques are provided for aggregate inline deduplication and volume granularity encryption. For example, data that is exclusive to a volume of a tenant is encrypted using an exclusive encryption key accessible to the tenant. The exclusive encryption key of that tenant is inaccessible to other tenants. Shared data that has been deduplicated and shared between the volume and another volume of a different tenant is encrypted using a shared encryption key of the volume. The shared encryption key is made available to other tenants. In this way, data can be deduplicated across multiple volumes of different tenants of a storage environment, while maintaining security and data privacy at a volume level.

公开(公告)号：US11475132B2

公开(公告)日：2022-10-18

申请号：US16942123

申请日：2020-07-29

Applicant: NetApp, Inc.

Inventor： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC: G06F21/56 ,  G06F21/54 ,  G06F21/60 ,  G06F21/57

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file is associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

公开(公告)号：US20220171557A1

公开(公告)日：2022-06-02

申请号：US17676342

申请日：2022-02-21

Applicant: NetApp Inc.

Inventor： Srinivasan Narayanamurthy ,  Dnyaneshwar Nagorao Pawar ,  Jagadish Vasudeva ,  Parag Deshmukh ,  Siddhartha Nandi

IPC: G06F3/06 ,  H04L9/08

Abstract: Techniques are provided for aggregate inline deduplication and volume granularity encryption. For example, data that is exclusive to a volume of a tenant is encrypted using an exclusive encryption key accessible to the tenant. The exclusive encryption key of that tenant is inaccessible to other tenants. Shared data that has been deduplicated and shared between the volume and another volume of a different tenant is encrypted using a shared encryption key of the volume. The shared encryption key is made available to other tenants. In this way, data can be deduplicated across multiple volumes of different tenants of a storage environment, while maintaining security and data privacy at a volume level.

公开(公告)号：US20210334374A1

公开(公告)日：2021-10-28

申请号：US16942123

申请日：2020-07-29

Applicant: NetApp, Inc.

Inventor： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC: G06F21/56 ,  G06F21/54 ,  G06F21/57 ,  G06F21/60

Abstract: A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks (e.g., ransomware attacks) and mitigating data loss. In one or more embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

公开(公告)号：US09811280B2

公开(公告)日：2017-11-07

申请号：US14757429

申请日：2015-12-23

Applicant: NetApp, Inc.

Inventor： Bharath Kumar K. M. ,  Jagadish Vasudeva ,  Atul Goel ,  Jaldhi Dave

IPC: G06F3/06

CPC classification number: G06F3/0631 ,  G06F3/0604 ,  G06F3/0689

Abstract: Presented herein are methods, non-transitory computer readable media, and devices for maximizing parallelization in a parity de-clustered and sliced disk RAID architecture implemented on at least one hard disk drive by creating at least one allocation group, each created allocation group comprising at least one parity group within a sliced disk group, selecting one of said at least one allocation group, and performing at least one of write or read concurrently on all parity groups within the selected allocation group.

公开(公告)号：US20250044992A1

公开(公告)日：2025-02-06

申请号：US18921549

申请日：2024-10-21

Applicant: NetApp, Inc.

Inventor： Mrinal K. Bhattacharjee ,  Jagadish Vasudeva ,  Sateesh Kumar Pola

IPC: G06F3/06

Abstract: Systems and methods for supporting dynamic disk growth within a storage appliance are provided. According to one embodiment, a portion of a logical size of each of multiple disks (e.g., hyperscale disks or Logical Unit Numbers (LUNs)) are provisioned for use by a storage system as backing for respective file system disks. To accommodate growth, block numbers for the file system disks are pre-allocated within a sparse space of a contiguous sequence of block numbers corresponding to a number of blocks represented by the logical size. Metadata is maintained for the file system disks regarding a range of the pre-allocated block numbers that are available for use. Responsive to a triggering condition, the provisioned portion of a disk is increased and subsequently, responsive to detecting a change in a size of the disk by the storage system, a size of the corresponding file system disk is updated within the metadata.

公开(公告)号：US12099606B2

公开(公告)日：2024-09-24

申请号：US18464714

申请日：2023-09-11

Applicant: NetApp, Inc.

Inventor： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC: G06F21/56 ,  G06F21/54 ,  G06F21/57 ,  G06F21/60

CPC classification number: G06F21/566 ,  G06F21/54 ,  G06F21/568 ,  G06F21/577 ,  G06F21/602

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

公开(公告)号：US20240111870A1

公开(公告)日：2024-04-04

申请号：US18464714

申请日：2023-09-11

Applicant: NetApp, Inc.

Inventor： Jagadish Vasudeva ,  Prateeksha Varshney ,  Priya Sehgal ,  Mrinal K. Bhattacharjee ,  Amit Valjibhai Panara ,  Siddhartha Nandi

IPC: G06F21/56 ,  G06F21/54 ,  G06F21/57 ,  G06F21/60

CPC classification number: G06F21/566 ,  G06F21/54 ,  G06F21/568 ,  G06F21/577 ,  G06F21/602

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

公开(公告)号：US20230315691A1

公开(公告)日：2023-10-05

申请号：US17708284

申请日：2022-03-30

Applicant: NetApp, Inc.

Inventor： Ritika ,  Jagadish Vasudeva ,  Vani Vully ,  Raj Kamal ,  Deepak Dangi ,  Parag Deshmukh

IPC: G06F16/174 ,  G06F16/188

CPC classification number: G06F16/1744 ,  G06F16/188

Abstract: Systems and methods for reducing read application in a virtual storage system are provided. According to one embodiment, heuristic data may be tracked and utilized in real-time by a file system of the virtual storage system at the level of granularity of a volume, thereby allowing a fast path flag to be enabled/disabled at a volume level during various phases of operation of a workload. The heuristic data for a given volume may be indicative of a correlation between (i) data blocks stored on the given volume being located within a compressible zone of a zoned checksum scheme and (ii) the respective data blocks containing compressed data and a corresponding checksum. Based on the heuristic data, read requests may be selectively directed to the read path (e.g., a fast path or a slow path) expected to mitigate read amplification when data compression is enabled for a zoned checksum scheme.