-
公开(公告)号:US08453257B2
公开(公告)日:2013-05-28
申请号:US12541191
申请日:2009-08-14
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , Alexei Kojenov , James P. Smith , Mark L. Yakushev
IPC分类号: H04L29/06
CPC分类号: G06F11/1453 , G06F21/55 , G06F21/64
摘要: The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.
摘要翻译: 本发明的各种实施例包括用于确保在源 - 重复数据删除存储管理系统中发生的重复数据删除活动的使用的技术。 这些技术旨在防止由源发起的假数据备份,目标数据污染和数据欺骗攻击。 在一个实施例中,一种技术包括限制对授权用户的块查询。 另一种技术提供对目标系统内的攻击和未授权访问密钥的检测。 附加技术包括通过验证数据块来验证来自源的数据的存在,验证数据块的数据样本或验证数据块的哈希值的组合。 进一步的实施例涉及使用策略来为目标内的块共享和链接提供授权级别。 这些技术分开并组合提供了一种全面的策略,以避免未经授权的访问目标存储系统中的数据。
-
32.发明授权Integrated approach for deduplicating data in a distributed environment that involves a source and a target 有权在涉及源和目标的分布式环境中重复数据删除的集成方法公开(公告)号:US09058298B2
公开(公告)日:2015-06-16
申请号:US12504083
申请日:2009-07-16
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , James P. Smith , David G. Van Hise , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , James P. Smith , David G. Van Hise , Mark L. Yakushev
CPC分类号: G06F11/1464 , G06F11/1453 , G06F17/30159
摘要: One aspect of the present invention includes a configuration of a storage management system that enables the performance of deduplication activities at both the client (source) and at the server (target) locations. The location of deduplication operations can then be optimized based on system conditions or predefined policies. In one embodiment, seamless switching of deduplication activities between the client and the server is enabled by utilizing uniform deduplication process algorithms and accessing the same deduplication index (containing information on the hashed data chunks). Additionally, any data transformations on the chunks are performed subsequent to identification of the data chunks. Accordingly, with use of this storage configuration, the storage system can find and utilize matching chunks generated with either client- or server-side deduplication.
摘要翻译: 本发明的一个方面包括能够在客户端(源)和服务器(目标)位置处执行重复数据删除活动的存储管理系统的配置。 然后可以基于系统条件或预定义策略来优化重复数据删除操作的位置。 在一个实施例中,通过使用统一的重复数据删除处理算法和访问相同的重复数据删除索引(包含关于散列数据块的信息),能够实现客户端和服务器之间的重复数据删除活动的无缝切换。 此外,在识别数据块之后执行块上的任何数据变换。 因此,利用这种存储配置,存储系统可以找到并利用通过客户端或服务器端重复数据删除生成的匹配块。
-
公开(公告)号:US20130101113A1
公开(公告)日:2013-04-25
申请号:US13279017
申请日:2011-10-21
IPC分类号: H04L9/28
CPC分类号: G06F21/6209 , G06F11/1458 , H04L9/0894 , H04L9/14
摘要: Provided are a computer program product, system, and method for encrypting data objects to back-up to a server. A client private key is intended to be maintained only by the client. A data object of chunks to store at the server is generated. A first portion of the chunks in the data object is encrypted with the client private key and the first portion of the chunks in the data object encrypted with the client private key are sent to the server to store. A second portion of the chunks in the data object not encrypted with the client private key are sent to the server to store.
-
公开(公告)号:US08892603B2
公开(公告)日:2014-11-18
申请号:US13479003
申请日:2012-05-23
CPC分类号: G06F17/3015 , G06F11/1453 , G06F11/1469
摘要: Provided are computer program product, system, and method for restoring deduplicated data objects from sequential backup devices. A server stores data objects of extents having deduplicated data in the at least one sequential backup device. The server receives from a client a request for data objects. The server determines extents stored in the at least one sequential backup device for the requested data objects. The server or client sorts the extents according to an order in which they are stored in the at least one sequential backup device to generate a sort list. The server retrieves the extents from the at least one sequential backup device according to the order in the sort list to access the extents sequentially from the sequential backup device in the order in which they were stored. The server returns the retrieved extents to the client and the client reconstructs the requested data objects from the received extents.
摘要翻译: 提供的是用于从顺序备份设备恢复重复数据删除的数据对象的计算机程序产品,系统和方法。 服务器将具有重复数据删除数据的盘区的数据对象存储在所述至少一个顺序备份设备中。 服务器从客户端接收对数据对象的请求。 服务器确定存储在所请求的数据对象的至少一个顺序备份设备中的区段。 服务器或客户端根据它们存储在至少一个顺序备份设备中的顺序对扩展区进行排序以生成排序列表。 服务器根据排序列表中的顺序从至少一个顺序备份设备中检索扩展数据块,以顺序备份设备按顺序从存储顺序访问扩展数据块。 服务器将检索到的扩展区返回到客户端,客户机从接收到的扩展区重新构建所请求的数据对象。
-
公开(公告)号:US08788466B2
公开(公告)日:2014-07-22
申请号:US12186239
申请日:2008-08-05
IPC分类号: G06F7/00
CPC分类号: G06F3/0608 , G06F3/0641 , G06F3/0647 , G06F3/067
摘要: One aspect of the present invention includes enabling the efficient transfer of deduplicated data between storage pools in a storage management system without unnecessary reassembly and deduplication of data objects. In one embodiment, the storage management system tracks deduplication information for the data chunks of data objects within an index at the storage management system level, in addition to tracking storage information for each data object within another index at the storage management system level. The data chunk deduplication information is then accessible by any storage pool. Accordingly, transfers of the data objects and data chunks of the data object are easily facilitated, even between non-deduplicating and deduplicating storage pools.
摘要翻译: 本发明的一个方面包括使得能够在存储管理系统中的存储池之间有效地传输重复数据删除的数据,而无需重新组装和重复数据对象。 在一个实施例中,除了跟踪在存储管理系统级别的另一个索引内的每个数据对象的存储信息之外,存储管理系统还跟踪存储管理系统级别的索引内的数据块的数据块的重复数据删除信息。 然后,任何存储池都可访问数据块重复数据删除信息。 因此,即使在非重复数据删除和重复数据删除存储池之间,数据对象的数据对象和数据块的传输也很容易。
-
36.发明授权Restoring a restore set of files from backup objects stored in sequential backup devices 失效从存储在顺序备份设备中的备份对象恢复一组还原文件公开(公告)号:US08209298B1
公开(公告)日:2012-06-26
申请号:US12972291
申请日:2010-12-17
申请人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , David G. Van Hise , Mark L. Yakushev
发明人: Matthew J. Anglin , David M. Cannon , Avishai H. Hochberg , David G. Van Hise , Mark L. Yakushev
IPC分类号: G06F17/30
CPC分类号: G06F11/1469 , G06F11/1453 , G06F11/1466
摘要: Provided are a computer program product, system, and method for restoring a restore set of files from backup objects stored in sequential backup devices. Backup objects are stored in at least one sequential backup device. A client initiates a restore request to restore a restore set of data in a volume as of a restore point-in-time. A determination is made of backup objects stored in at least one sequential backup device including the restore set of data for the restore point-in-time, wherein the determined backup objects are determined from a set of backup objects including a full volume backup and delta backups providing data in the volume at different points-in-time, and wherein extents in different backup objects providing data for blocks in the volume at different points-in-time are not stored contiguously in the sequential backup device. A determination is made of extents stored in the at least one sequential backup device for the determined backup objects. The determined extents are sorted according to an order in which they are stored in the at least one sequential backup device to generate a sort list. The extents are retrieved from the at least one sequential backup device according to the order in the sort list to access the extents sequentially from the sequential backup device in the order in which they were stored. The retrieved extents are returned to the client and the client reconstructs the restore data set from the received extents.
摘要翻译: 提供了一种计算机程序产品,系统和方法,用于从存储在顺序备份设备中的备份对象恢复恢复文件集。 备份对象存储在至少一个顺序备份设备中。 客户端启动还原请求,以恢复卷中恢复的还原数据集。 确定存储在至少一个顺序备份设备中的备份对象,包括用于恢复时间点的还原数据集,其中所确定的备份对象由一组备份对象确定,包括全卷备份和增量 在不同时间点在卷中提供数据的备份,并且其中不同备份对象中的不同备份对象中的盘区在不同时间点为块中的块提供数据不会连续存储在顺序备份设备中。 确定存储在所确定的备份对象的至少一个顺序备份设备中的范围。 确定的区段根据它们存储在至少一个顺序备份设备中的顺序进行排序以生成排序列表。 根据排序列表中的顺序从至少一个顺序备份设备检索扩展数据块,以顺序备份设备按顺序从存储顺序访问区段。 检索到的盘区返回到客户端,客户机从收到的盘区重构恢复数据集。
-
公开(公告)号:US20100299311A1
公开(公告)日:2010-11-25
申请号:US12848486
申请日:2010-08-02
申请人: Matthew J. Anglin , David M. Cannon
发明人: Matthew J. Anglin , David M. Cannon
IPC分类号: G06F17/30
CPC分类号: G06F17/30162 , G06F11/1453
摘要: The present invention provides for a system and method for assuring integrity of deduplicated data objects stored within a storage system. A data object is copied to secondary storage media, and a digital signature such as a checksum is generated of the data object. Then, deduplication is performed upon the data object and the data object is split into chunks. The chunks are combined when the data object is subsequently accessed, and a signature is generated for the reassembled data object. The reassembled data object is provided if the newly generated signature is identical to the originally generated signature, and otherwise a backup copy of the data object is provided from secondary storage media.
摘要翻译: 本发明提供了一种确保存储在存储系统内的重复数据删除的数据对象的完整性的系统和方法。 将数据对象复制到辅助存储介质,并且生成诸如校验和的数字签名。 然后,对数据对象执行重复数据删除,数据对象被分割成块。 当随后访问数据对象时,组合块,并为重新组装的数据对象生成签名。 如果新生成的签名与原始生成的签名相同,则提供重组的数据对象,否则从辅助存储介质提供数据对象的备份副本。
-
公开(公告)号:US08930509B2
公开(公告)日:2015-01-06
申请号:US13542564
申请日:2012-07-05
IPC分类号: G06F15/16 , G06F15/173 , H04L12/24
CPC分类号: H04L41/0893 , H04L41/08 , H04L41/0886 , H04L41/22
摘要: One aspect of the invention is a method for providing real-time feedback regarding the effect of applying a policy definition used for management in a computing system. An example of the method includes receiving the policy definition, and accessing stored information regarding at least one managed entity in the computing system. This example also includes applying the policy definition to the information regarding the at least one managed entity. This example further includes outputting information providing real-time feedback regarding the effect of applying the policy definition to the information regarding the at least one managed entity. Another aspect of the invention is a method for defining a policy used for management in a computing system.
摘要翻译: 本发明的一个方面是提供关于在计算系统中应用用于管理的策略定义的效果的实时反馈的方法。 该方法的示例包括接收策略定义,以及访问关于计算系统中的至少一个被管实体的存储信息。 该示例还包括将策略定义应用于关于至少一个被管实体的信息。 该示例还包括输出提供关于将策略定义应用于关于至少一个被管实体的信息的效果的实时反馈的信息。 本发明的另一方面是一种用于定义用于计算系统中的管理的策略的方法。
-
公开(公告)号:US20110218969A1
公开(公告)日:2011-09-08
申请号:US12719108
申请日:2010-03-08
IPC分类号: G06F17/30
CPC分类号: G06F11/1453 , G06F11/1402 , G06F11/1469 , G06F11/2089
摘要: Various techniques for improving the performance of restoring deduplicated data files from a server to a client within a storage management system are disclosed. In one embodiment, a chunk index is maintained on the client that tracks the chunks remaining on the client for each data file that is stored to and restored from the storage server. When a specific file is selected for restore from the storage server to the client, the client determines if any local copies of this specific file's chunks are stored in files already existing on the client data store. The file is then reconstructed from a combination of these local copies of the file chunks and chunks retrieved from the storage server. Therefore, only chunks that are not stored or are inaccessible to the client are retrieved from the server, reducing server-side processing requirements and the bandwidth required for data restore operations.
摘要翻译: 公开了用于提高从存储管理系统中的服务器向客户端恢复重复数据消除的数据文件的性能的各种技术。 在一个实施例中,在客户机上维护块索引,其跟踪存储在存储服务器中并从存储服务器恢复的每个数据文件的客户端上剩余的块。 当选择特定文件从存储服务器恢复到客户端时,客户端确定该特定文件块的任何本地副本是否存储在客户端数据存储上已存在的文件中。 然后从文件块的这些本地副本和从存储服务器检索的块的组合重建文件。 因此,仅从服务器检索不存储或无法访问客户端的块,从而减少了数据恢复操作所需的服务器端处理要求和带宽。
-
公开(公告)号:US20100198958A1
公开(公告)日:2010-08-05
申请号:US12760494
申请日:2010-04-14
IPC分类号: G06F15/173
CPC分类号: H04L41/0893 , H04L41/08 , H04L41/0886 , H04L41/22
摘要: One aspect of the invention is a method for providing real-time feedback regarding the effect of applying a policy definition used for management in a computing system. An example of the method includes receiving the policy definition, and accessing stored information regarding at least one managed entity in the computing system. This example also includes applying the policy definition to the information regarding the at least one managed entity. This example further includes outputting information providing real-time feedback regarding the effect of applying the policy definition to the information regarding the at least one managed entity. Another aspect of the invention is a method for defining a policy used for management in a computing system.
摘要翻译: 本发明的一个方面是提供关于在计算系统中应用用于管理的策略定义的效果的实时反馈的方法。 该方法的示例包括接收策略定义,以及访问关于计算系统中的至少一个被管实体的存储信息。 该示例还包括将策略定义应用于关于至少一个被管实体的信息。 该示例还包括输出提供关于将策略定义应用于关于至少一个被管实体的信息的效果的实时反馈的信息。 本发明的另一方面是一种用于定义用于计算系统中的管理的策略的方法。
-
-
-
-
-
-
-
-
-
搜索结果
65 条记录 (耗时 0.035 秒)
