公开(公告)号：US20160112408A1

公开(公告)日：2016-04-21

申请号：US14978557

申请日：2015-12-22

Applicant: NETAPP, INC.

Inventor： Craig Fulmer Everhart ,  David Slik

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33

CPC classification number: H04L63/0823 ,  G06F21/33 ,  G06F21/44 ,  H04L9/3247 ,  H04L9/3268 ,  H04L63/065 ,  H04L63/104

Abstract: Example embodiments provide various techniques for securing communications within a group of entities. In one example method, a request from an entity to join the group is received and a signed, digital certificate associated with the entity is accessed. Here, the signed, digital certificate is signed with a group private key that is associated with a certification authority for the group. The signed, digital certificate is added to a group roster, and this addition is to admit the entity into the group. The group roster with the signed, digital certificate is itself signed with the group private key and distributed to the group, which includes the entity that transmitted the request. Communication to the entity is then encrypted using the signed, digital certificate included in the group roster.

Abstract translation: 示例性实施例提供用于保护一组实体内的通信的各种技术。 在一个示例性方法中，接收来自实体加入组的请求，并且访问与该实体相关联的签名的数字证书。 这里，签名的数字证书使用与该组的认证机构相关联的组私钥进行签名。 签名的数字证书被添加到组名册中，并且这个添加是将实体接纳到组中。 具有签名的数字证书的组名册本身已经用组私钥签名并分发给组，其中包括发送请求的实体。 然后使用组名册中包含的签名的数字证书对与该实体的通信进行加密。

公开(公告)号：US20160062833A1

公开(公告)日：2016-03-03

申请号：US14476620

申请日：2014-09-03

Applicant: NetApp, Inc.

Inventor： David Slik

IPC: G06F11/10 ,  G06F3/06 ,  G06F17/30

CPC classification number: G06F11/1076 ,  G06F3/064 ,  G06F3/0683 ,  G06F3/0689 ,  G06F11/1092 ,  G06F16/22 ,  G06F2003/0692 ,  H04L67/1097

Abstract: Technology is disclosed for a data storage architecture for providing enhanced storage resiliency for a data object. The data storage architecture can be implemented in a single-tier configuration and/or a multi-tier configuration. In the single-tier configuration, a data object is encoded, e.g., based on an erasure coding method, to generate many data fragments, which are stored across many storage devices. In the multi-tier configuration, a data object is encoded, e.g., based on an erasure coding method, to generate many data segments, which are sent to one or more tiers of storage nodes. Each of the storage nodes further encodes the data segment to generate many data fragments representing the data segment, which are stored across many storage devices associated with the storage node. The I/O operations for rebuilding the data in case of device failures is spread across many storage devices, which minimizes the wear of a given storage device.

Abstract translation: 公开了用于为数据对象提供增强的存储弹性的数据存储架构的技术。 数据存储架构可以在单层配置和/或多层配置中实现。 在单层配置中，例如基于擦除编码方法对数据对象进行编码，以生成许多存储在多个存储设备中的数据片段。 在多层配置中，例如基于擦除编码方法对数据对象进行编码，以生成发送到一层或多层存储节点的许多数据段。 每个存储节点进一步对数据段进行编码以生成表示数据段的许多数据片段，其被存储在与存储节点相关联的许多存储设备中。 在设备故障的情况下重建数据的I / O操作分布在许多存储设备中，这样可以最大限度地减少给定存储设备的磨损。

公开(公告)号：US20160062832A1

公开(公告)日：2016-03-03

申请号：US14475376

申请日：2014-09-02

Applicant: NetApp. Inc.

Inventor： David Slik ,  Barry Patrick Benight

IPC: G06F11/10 ,  G06F17/30

CPC classification number: G06F11/1076 ,  G06F3/064 ,  G06F3/0683 ,  G06F3/0689 ,  G06F11/1092 ,  G06F16/22 ,  G06F2003/0692 ,  H04L67/1097

Abstract: Technology is disclosed for a data storage architecture for providing enhanced storage resiliency for a data object. The data storage architecture can be implemented in a single-tier configuration and/or a multi-tier configuration. In the single-tier configuration, a data object is encoded, e.g., based on an erasure coding method, to generate many data fragments, which are stored across many storage devices. In the multi-tier configuration, a data object is encoded, e.g., based on an erasure coding method, to generate many data segments, which are sent to one or more tiers of storage nodes. Each of the storage nodes further encodes the data segment to generate many data fragments representing the data segment, which are stored across many storage devices associated with the storage node. The I/O operations for rebuilding the data in case of device failures is spread across many storage devices, which minimizes the wear of a given storage device.

Abstract translation: 公开了用于为数据对象提供增强的存储弹性的数据存储架构的技术。 数据存储架构可以在单层配置和/或多层配置中实现。 在单层配置中，例如基于擦除编码方法对数据对象进行编码，以生成许多存储在多个存储设备中的数据片段。 在多层配置中，例如基于擦除编码方法对数据对象进行编码，以生成发送到一层或多层存储节点的许多数据段。 每个存储节点进一步对数据段进行编码以生成表示数据段的许多数据片段，其被存储在与存储节点相关联的许多存储设备中。 在设备故障的情况下重建数据的I / O操作分布在许多存储设备中，这样可以最大限度地减少给定存储设备的磨损。

公开(公告)号：US20150331617A1

公开(公告)日：2015-11-19

申请号：US14276623

申请日：2014-05-13

Applicant: NetApp, Inc.

Inventor： David Slik

IPC: G06F3/06

CPC classification number: G06F3/06 ,  G06F3/0608 ,  G06F3/061 ,  G06F3/0611 ,  G06F3/0613 ,  G06F3/0638 ,  G06F3/0641 ,  G06F3/0644 ,  G06F3/0649 ,  G06F3/0659 ,  G06F3/0683 ,  G06F11/14 ,  G06F12/0802

Abstract: At least one embodiment involves a method of operating a storage front-end manager system to perform pipeline planning for a low latency storage system. The method can include: receiving a write request including payload data; storing the payload data of the write request in a staging area of the storage front-end manager system; determining a transformation pipeline based at least partly on an attribute of the write request; queuing the transformation pipeline for execution on the payload data to generate data fragments for storage; and transmitting the data fragments to a plurality of multiple-data-storage-devices enclosures after the transformation pipeline is executed.

Abstract translation: 至少一个实施例涉及一种操作存储前端管理器系统以对低延迟存储系统执行流水线计划的方法。 该方法可以包括：接收包括有效载荷数据的写入请求; 将所述写请求的有效载荷数据存储在所述存储前端管理器系统的暂存区域中; 至少部分地基于所述写请求的属性来确定变换流水线; 排队转换流水线以执行有效载荷数据以生成用于存储的数据片段; 以及在执行转换流水线之后将数据片段发送到多个多数据存储设备外壳。

公开(公告)号：US20150169625A1

公开(公告)日：2015-06-18

申请号：US14524033

申请日：2014-10-27

Applicant: NETAPP, INC.

Inventor： David Slik ,  Oliver Seiler ,  Pey Silvester

IPC: G06F17/30

CPC classification number: G06F17/30215 ,  G06F17/30082 ,  G06F17/30584

Abstract: A system and method for specifying the placement of and managing the placement of objects on a distributed networked grid. Some embodiments of the invention comprise a user interface for specifying rules for the placement of objects on the grid and an execution module that places objects on the grid based on the rules specified. Rules may comprise a matching criteria specification, which determines whether a rule applies to a particular object, and a placement specification, which directs the locations at which an object will be placed under the rule.

Abstract translation: 一种用于指定分布式网络上的对象的放置和管理布局的系统和方法。 本发明的一些实施例包括用于指定用于在网格上放置对象的规则的用户界面以及基于规定的规则将对象放置在网格上的执行模块。 规则可以包括匹配标准规范，其确定规则是否适用于特定对象，以及指定将被放置在规则下的对象的位置的布局规范。

公开(公告)号：US11853265B2

公开(公告)日：2023-12-26

申请号：US16943422

申请日：2020-07-30

Applicant: NetApp, Inc.

Inventor： David Slik ,  Tym Altman ,  Adam F. Ciapponi

IPC: G06F12/00 ,  G06F16/00 ,  G06F16/182 ,  G06F16/185 ,  H04L67/1097

CPC classification number: G06F16/183 ,  G06F16/185 ,  H04L67/1097

Abstract: A system can apply file placement rules to dynamically place files and directories within file system views backed by objects in an object storage system. After detection of an update to a first file system view that causes an update of an object in a storage grid, an object manager begins evaluation of file placement rules against metadata of the object. For each file placement rule that is triggered, the object manager determines identifies gateways that export the first file system view. The object manager then instructs the gateways to update their representations of the first file system view. The disclosed embodiments may be able to scale to managing hundreds of billions of files spanning thousands of file system views, especially in the presence of disconnected operation.

公开(公告)号：US11347691B2

公开(公告)日：2022-05-31

申请号：US15233519

申请日：2016-08-10

Applicant: NetApp, Inc.

Inventor： David Slik

IPC: G06F16/00 ,  G06F16/174

Abstract: A method, non-transitory computer readable medium, and device that assists with managing storage in a distributed deduplication system includes receiving an object to be stored from a client computing device. The received object is divided into a plurality of fragments. A plaintext hash value and a ciphertext hash value is determined for each of the plurality of fragments, wherein each of the plurality of fragments is renamed with the corresponding determined ciphertext hash value. Each of the renamed plurality of fragments are stored in a plurality of storage repositories.

公开(公告)号：US10474624B2

公开(公告)日：2019-11-12

申请号：US16409692

申请日：2019-05-10

Applicant: NETAPP, INC.

Inventor： David Slik

IPC: G06F15/173 ,  G06F3/06 ,  G06F13/40 ,  G06F13/42

Abstract: Methods and systems for a networked computing system are provided. One method includes generating, based on a first topology, a first proxy endpoint by a first device of a first pluggable compute module; establishing a communication tunnel between the first proxy endpoint and a non-volatile memory express (NVMe) storage device for peer-to-peer communication between the first proxy endpoint of the first device and a controller of the NVMe storage device. An NVMe translation module receives a request for the NVMe storage device from the first proxy endpoint and the NVMe translation module translates the request to an NVMe request for the NVMe storage device for accessing storage space at the NVMe storage device. The method further includes de-allocating the first proxy endpoint, when the first topology is deactivated making the first pluggable compute module and the NVMe storage device available for a second topology.

公开(公告)号：US20190286611A1

公开(公告)日：2019-09-19

申请号：US16409692

申请日：2019-05-10

Applicant: NETAPP, INC.

Inventor： David Slik

IPC: G06F15/173 ,  G06F3/06 ,  G06F13/40 ,  G06F13/42

Abstract: Methods and systems for a networked computing system are provided. One method includes generating, based on a first topology, a first proxy endpoint by a first device of a first pluggable compute module; establishing a communication tunnel between the first proxy endpoint and a non-volatile memory express (NVMe) storage device for peer-to-peer communication between the first proxy endpoint of the first device and a controller of the NVMe storage device. An NVMe translation module receives a request for the NVMe storage device from the first proxy endpoint and the NVMe translation module translates the request to an NVMe request for the NVMe storage device for accessing storage space at the NVMe storage device. The method further includes de-allocating the first proxy endpoint, when the first topology is deactivated making the first pluggable compute module and the NVMe storage device available for a second topology.

公开(公告)号：US20190036713A1

公开(公告)日：2019-01-31

申请号：US15663400

申请日：2017-07-28

Applicant: NetApp, Inc.

Inventor： David Slik

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

CPC classification number: H04L9/3278 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/14 ,  H04L9/30

Abstract: Methods, non-transitory computer readable media, and computing devices that facilitate secure cloud compute environments are disclosed. A secure application package (SAP) is encrypted with an SAP encryption key. The encrypted SAP is stored on cloud storage. A profiling bitstream is sent to a cloud provider. The profiling bitstream is configured to, when implemented by the HLD, generate and return a profile response, including a bitstream encryption key, which is encrypted with a public key. The profile response is decrypted using a private key and the bitstream encryption key is extracted. An application bitstream is sent to the cloud provider. The application bitstream is encrypted with the bitstream encryption key, includes the SAP encryption key, and is configured to, when implemented by the HLD, obtain the SAP from the cloud storage, decrypt the SAP using the SAP encryption key, and execute an application in a softcore included in the application bitstream.