公开(公告)号：US09081771B1

公开(公告)日：2015-07-14

申请号：US12975716

申请日：2010-12-22

Applicant: Sorin Faibish ,  Philippe Armangau ,  Christopher Seibel

Inventor： Sorin Faibish ,  Philippe Armangau ,  Christopher Seibel

IPC: G06F7/04 ,  G06F17/30 ,  G06F11/14

CPC classification number: G06F17/30 ,  G06F11/1448 ,  G06F17/30159 ,  G06F21/6218

Abstract: A method is used in encrypting in deduplication systems. A deduplicating technique is applied to a data object. Applying the deduplicating technique includes computing a digest of the data object. An encryption key is derived from the digest of the data object. The data object is encrypted using the encryption key.

Abstract translation: 一种方法用于重复数据删除系统的加密。 将重复数据删除技术应用于数据对象。 应用重复数据删除技术包括计算数据对象的摘要。 加密密钥是从数据对象的摘要导出的。 数据对象使用加密密钥进行加密。

公开(公告)号：US08949255B1

公开(公告)日：2015-02-03

申请号：US13536384

申请日：2012-06-28

Applicant: Sorin Faibish ,  John M. Bent ,  Percy Tzelnic ,  Gary Grider ,  Aaron Torres

Inventor： Sorin Faibish ,  John M. Bent ,  Percy Tzelnic ,  Gary Grider ,  Aaron Torres

IPC: G06F17/30

CPC classification number: G06F17/301

Abstract: Techniques are provided for storing files in a parallel computing system using sub-files with semantically meaningful boundaries. A method is provided for storing at least one file generated by a distributed application in a parallel computing system. The file comprises one or more of a complete file and a plurality of sub-files. The method comprises the steps of obtaining a user specification of semantic information related to the file; providing the semantic information as a data structure description to a data formatting library write function; and storing the semantic information related to the file with one or more of the sub-files in one or more storage nodes of the parallel computing system. The semantic information provides a description of data in the file. The sub-files can be replicated based on semantically meaningful boundaries.

Abstract translation: 提供了使用具有语义有意义的边界的子文件在并行计算系统中存储文件的技术。 提供了一种用于将由分布式应用生成的至少一个文件存储在并行计算系统中的方法。 该文件包括完整文件和多个子文件中的一个或多个。 该方法包括以下步骤：获得与文件相关的语义信息的用户指定; 提供语义信息作为数据格式化库写入功能的数据结构描述; 以及将与所述文件相关的所述语义信息与所述子文件中的一个或多个存储在所述并行计算系统的一个或多个存储节点中。 语义信息提供文件中数据的描述。 子文件可以基于语义有意义的边界进行复制。

公开(公告)号：US08752145B1

公开(公告)日：2014-06-10

申请号：US13341160

申请日：2011-12-30

Applicant: Yedidya Dotan ,  Sorin Faibish ,  Samuel Adams ,  Yael Villa ,  Robert S. Philpott

Inventor： Yedidya Dotan ,  Sorin Faibish ,  Samuel Adams ,  Yael Villa ,  Robert S. Philpott

IPC: G06F21/00 ,  G06F7/04

CPC classification number: H04L63/0861 ,  G06F21/32 ,  G06F2221/2115 ,  H04W12/06

Abstract: An improved authentication technique employs a user's mobile device to obtain a picture of the user from which facial geometry is extracted and applied as part of an authentication operation of the user to the remote network. In some examples, a server stores facial geometry for different users along with associated PINs. By matching facial geometry of the user with facial geometry on the server, the user's PIN can be obtained, without the user ever having to register or remember the PIN.

Abstract translation: 改进的认证技术采用用户的移动设备来获取用户的图片，从该用户的图片提取和应用面部几何被作为远程网络的用户的认证操作的一部分。 在一些示例中，服务器存储不同用户的面部几何以及关联的PIN。 通过将用户的面部几何与服务器上的面部几何相匹配，可以获得用户的PIN，而无需用户注册或记住PIN。

公开(公告)号：US08589550B1

公开(公告)日：2013-11-19

申请号：US11551943

申请日：2006-10-23

Applicant: Sorin Faibish ,  Uday K. Gupta

Inventor： Sorin Faibish ,  Uday K. Gupta

IPC: G06F15/173 ,  G06F17/30

CPC classification number: G06F3/0662 ,  G06F3/061 ,  G06F3/0659 ,  G06F3/067 ,  G06F2206/1012

Abstract: A data processing system includes compute nodes, at least one metadata server, iSCSI storage access servers, and data storage devices. The metadata server services requests from the compute nodes for file mapping information identifying iSCSI LUNs and logical blocks of file data. The storage access servers service iSCSI I/O requests from the compute nodes, and report server loading to the metadata server. A Gigabit Ethernet IP network transfers read and write data between the compute nodes and the storage access servers. The storage access servers are linked to the data storage devices for parallel access to iSCSI LUNs of the file data in the data storage devices. The metadata server is programmed for server load balancing by indicating to the compute nodes respective ones of the storage access servers that should be used for access to the iSCSI LUNs.

Abstract translation: 数据处理系统包括计算节点，至少一个元数据服务器，iSCSI存储访问服务器和数据存储设备。 来自计算节点的元数据服务器服务请求用于识别iSCSI LUN和文件数据的逻辑块的文件映射信息。 存储访问服务器从计算节点服务iSCSI I / O请求，并将服务器加载到元数据服务器。 千兆以太网IP网络在计算节点和存储访问服务器之间传输读写数据。 存储访问服务器链接到数据存储设备，用于并行访问数据存储设备中文件数据的iSCSI LUN。 通过向计算节点指示应该用于访问iSCSI LUN的各个存储访问服务器，元数据服务器被编程用于服务器负载平衡。

公开(公告)号：US08442952B1

公开(公告)日：2013-05-14

申请号：US13075661

申请日：2011-03-30

Applicant: Philippe Armangau ,  Sorin Faibish ,  Christopher A. Seibel ,  John F. Gillono ,  Srinivasa R. Vempati

Inventor： Philippe Armangau ,  Sorin Faibish ,  Christopher A. Seibel ,  John F. Gillono ,  Srinivasa R. Vempati

IPC: G06F17/00

CPC classification number: G06F17/30159

Abstract: A method is used in recovering in deduplication systems. Metadata of a data object is evaluated for determining deduplication status for the data object. Based on the deduplication status, the data object is recovered.

Abstract translation: 在重复数据删除系统中使用一种方法进行恢复。 评估数据对象的元数据以确定数据对象的重复数据删除状态。 基于重复数据删除状态，恢复数据对象。

公开(公告)号：US08145614B1

公开(公告)日：2012-03-27

申请号：US11966645

申请日：2007-12-28

Applicant: Eyal Zimran ,  Sorin Faibish ,  Jason R. Glasgow

Inventor： Eyal Zimran ,  Sorin Faibish ,  Jason R. Glasgow

IPC: G06F17/30

CPC classification number: G06F17/30902 ,  G06F17/30132 ,  H04L67/1097

Abstract: Embodiments of the present invention are directed to techniques for selecting a data path over which to exchange information between a client device and a storage system by making a selection between a file system server (NAS) data path type (a first data path type) and a direct (SAN) data path type (a second data path type) based on one or more adjustable path selection factors and/or information regarding components of the computer system. For example, a data path may be selected based on a likelihood that requested information will be in a cache of a file system server and/or any other suitable path selection factor.

Abstract translation: 本发明的实施例涉及用于通过在文件系统服务器（NAS）数据路径类型（第一数据路径类型）和第二数据路径类型之间进行选择来选择在客户端设备和存储系统之间交换信息的数据路径的技术 基于一个或多个可调节路径选择因素的直接（SAN）数据路径类型（第二数据路径类型）和/或关于计算机系统的组件的信息。 例如，可以基于所请求的信息将在文件系统服务器的高速缓存中和/或任何其它合适的路径选择因素的可能性来选择数据路径。

公开(公告)号：US08099572B1

公开(公告)日：2012-01-17

申请号：US12242694

申请日：2008-09-30

Applicant: Gurjeet S. Arora ,  Ivan Bassov ,  Sorin Faibish ,  Ugur Sezer

Inventor： Gurjeet S. Arora ,  Ivan Bassov ,  Sorin Faibish ,  Ugur Sezer

IPC: G06F13/00 ,  G06F13/28 ,  G06F7/00 ,  G06F17/00

CPC classification number: G06F11/1451 ,  G06F11/1448 ,  G06F11/1469 ,  G06F13/28 ,  G06F2201/84

Abstract: The version set backup and restore facility responds to a version set backup request by backing up multiple snapshot copies of a storage object concurrently from a storage array to backup storage media. The version set backup and restore facility responds to a version set restore request by restoring a plurality of snapshot copies of the storage object concurrently from the backup storage media to the storage array. The on-tape backup image of the version set includes variable-length extents of data for each of the multiple snapshot copies of the storage object. The variable-length extents of data for each of the snapshot copies of the storage object are grouped together and ordered in the on-tape backup image by increasing or decreasing logical block address.

Abstract translation: 版本集备份和还原工具通过从存储阵列并行备份存储对象到备份存储介质的多个快照副本来响应版本集备份请求。 版本集备份和还原设施通过将存储对象的多个快照副本从备份存储介质并行地存储到存储阵列来响应版本集还原请求。 版本集的磁带备份映像包含存储对象的多个快照副本的每个数据的可变长度范围。 存储对象的每个快照副本的数据的可变长度盘区被分组在一起，并通过增加或减少逻辑块地址在磁带备份映像中排序。

公开(公告)号：US08086585B1

公开(公告)日：2011-12-27

申请号：US12242618

申请日：2008-09-30

Applicant: Per Brashers ,  Sorin Faibish ,  Jason Glasgow ,  Xiaoye Jiang ,  Mario Wurzl

Inventor： Per Brashers ,  Sorin Faibish ,  Jason Glasgow ,  Xiaoye Jiang ,  Mario Wurzl

IPC: G06F17/30

CPC classification number: G06F17/30097 ,  G06F17/30171

Abstract: For enhanced access control, a client includes a token in each read or write command sent to a block storage device. The block storage device evaluates the token to determine whether or not read or write access is permitted at a specified logical block address. For example, the token is included in the logical block address field of a SCSI read or write command. The client may compute the token as a function of the logical block address of a data block to be accessed, or a metadata server may include the token in each block address of each extent reported to the client in response to a metadata request. For enhanced security, the token also is a function of a client identifier, a logical unit number, and access rights of the client to a particular extent of file system data blocks.

Abstract translation: 对于增强的访问控制，客户端在发送到块存储设备的每个读取或写入命令中包含令牌。 块存储设备评估令牌以确定在指定的逻辑块地址是否允许读取或写入访问。 例如，令牌包含在SCSI读或写命令的逻辑块地址字段中。 客户端可以根据要访问的数据块的逻辑块地址来计算令牌，或者元数据服务器可以响应于元​​数据请求向客户端报告的每个区段的每个块地址中包括令牌。 为了增强安全性，令牌还是客户端标识符，逻辑单元号以及客户端对文件系统数据块的特定范围的访问权限的函数。

公开(公告)号：US07822728B1

公开(公告)日：2010-10-26

申请号：US11557941

申请日：2006-11-08

Applicant: Richard G. Chandler ,  Stephen A. Fridella ,  Sorin Faibish ,  Uday K. Gupta ,  Xiaoye Jiang

Inventor： Richard G. Chandler ,  Stephen A. Fridella ,  Sorin Faibish ,  Uday K. Gupta ,  Xiaoye Jiang

IPC: G06F7/00 ,  G06F17/00

CPC classification number: G06F17/30171 ,  Y10S707/99938

Abstract: A read-write access to a file in a file server includes an initial metadata access step, an asynchronous read or write of file data, and a metadata commit step. In order to parallelize access to a range locking database, an inode and indirect file block mapping database, and a pre-allocation data base, operations are pipelined within the metadata access step and also within the metadata commit step. The pipelined operations within the metadata access step include a first stage of range locking, a second stage of reading block mapping metadata, and a third stage of reading and updating a pre-allocation map for write access. The pipelined operations within the metadata commit step include a first stage of releasing range locks, a second stage of accessing old block metadata for write access, and a third stage of updating metadata and flushing the pre-allocation map for write access.

Abstract translation: 对文件服务器中的文件的读写访问包括初始元数据访问步骤，文件数据的异步读取或写入以及元数据提交步骤。 为了并行访问范围锁定数据库，inode和间接文件块映射数据库以及预分配数据库，操作在元数据访问步骤内以及元数据提交步骤中流水线化。 元数据访问步骤中的流水线操作包括范围锁定的第一阶段，读取块映射元数据的第二阶段以及读取和更新用于写访问的预分配映射的第三阶段。 元数据提交步骤中的流水线操作包括释放范围锁的第一阶段，访问用于写入访问的旧块元数据的第二阶段，以及更新元数据的第三阶段以及刷新用于写访问的预分配映射。

公开(公告)号：US07676514B2

公开(公告)日：2010-03-09

申请号：US11382193

申请日：2006-05-08

Applicant: Sorin Faibish ,  Stephen A. Fridella ,  Uday K. Gupta ,  Xiaoye Jiang

Inventor： Sorin Faibish ,  Stephen A. Fridella ,  Uday K. Gupta ,  Xiaoye Jiang

IPC: G06F7/00 ,  G06F17/00 ,  G06F13/00

CPC classification number: G06F3/067 ,  G06F3/061 ,  G06F3/0631 ,  G06F3/064

Abstract: A primary processor manages metadata of a production dataset and a snapshot copy, while a secondary processor provides concurrent read-write access to the primary dataset. The secondary processor determines when a first write is being made to a data block of the production dataset, and in this case sends a metadata change request to the primary data processor. The primary data processor commits the metadata change to the production dataset and maintains the snapshot copy while the secondary data processor continues to service other read-write requests. The secondary processor logs metadata changes so that the secondary processor may return a “write completed” message before the primary processor commits the metadata change. The primary data processor pre-allocates data storage blocks in such a way that the “write anywhere” method does not result in a gradual degradation in I/O performance.

Abstract translation: 主处理器管理生产数据集和快照副本的元数据，而辅助处理器提供对主数据集的并发读写访问。 第二处理器确定何时对生产数据集的数据块进行第一次写入，并且在这种情况下向主数据处理器发送元数据改变请求。 主数据处理器将元数据更改提交给生产数据集，并在辅助数据处理器继续服务其他读写请求时维护快照副本。 次要处理器记录元数据更改，以便辅助处理器可能在主处理器提交元数据更改之前返回“写入完成”消息。 主数据处理器预先分配数据存储块，使得“在任何地方写入”方法不会导致I / O性能逐渐降级。