Abstract:
A method is used in encrypting in deduplication systems. A deduplicating technique is applied to a data object. Applying the deduplicating technique includes computing a digest of the data object. An encryption key is derived from the digest of the data object. The data object is encrypted using the encryption key.
Abstract:
Techniques are provided for storing files in a parallel computing system using sub-files with semantically meaningful boundaries. A method is provided for storing at least one file generated by a distributed application in a parallel computing system. The file comprises one or more of a complete file and a plurality of sub-files. The method comprises the steps of obtaining a user specification of semantic information related to the file; providing the semantic information as a data structure description to a data formatting library write function; and storing the semantic information related to the file with one or more of the sub-files in one or more storage nodes of the parallel computing system. The semantic information provides a description of data in the file. The sub-files can be replicated based on semantically meaningful boundaries.
Abstract:
An improved authentication technique employs a user's mobile device to obtain a picture of the user from which facial geometry is extracted and applied as part of an authentication operation of the user to the remote network. In some examples, a server stores facial geometry for different users along with associated PINs. By matching facial geometry of the user with facial geometry on the server, the user's PIN can be obtained, without the user ever having to register or remember the PIN.
Abstract:
A data processing system includes compute nodes, at least one metadata server, iSCSI storage access servers, and data storage devices. The metadata server services requests from the compute nodes for file mapping information identifying iSCSI LUNs and logical blocks of file data. The storage access servers service iSCSI I/O requests from the compute nodes, and report server loading to the metadata server. A Gigabit Ethernet IP network transfers read and write data between the compute nodes and the storage access servers. The storage access servers are linked to the data storage devices for parallel access to iSCSI LUNs of the file data in the data storage devices. The metadata server is programmed for server load balancing by indicating to the compute nodes respective ones of the storage access servers that should be used for access to the iSCSI LUNs.
Abstract:
A method is used in recovering in deduplication systems. Metadata of a data object is evaluated for determining deduplication status for the data object. Based on the deduplication status, the data object is recovered.
Abstract:
Embodiments of the present invention are directed to techniques for selecting a data path over which to exchange information between a client device and a storage system by making a selection between a file system server (NAS) data path type (a first data path type) and a direct (SAN) data path type (a second data path type) based on one or more adjustable path selection factors and/or information regarding components of the computer system. For example, a data path may be selected based on a likelihood that requested information will be in a cache of a file system server and/or any other suitable path selection factor.
Abstract:
The version set backup and restore facility responds to a version set backup request by backing up multiple snapshot copies of a storage object concurrently from a storage array to backup storage media. The version set backup and restore facility responds to a version set restore request by restoring a plurality of snapshot copies of the storage object concurrently from the backup storage media to the storage array. The on-tape backup image of the version set includes variable-length extents of data for each of the multiple snapshot copies of the storage object. The variable-length extents of data for each of the snapshot copies of the storage object are grouped together and ordered in the on-tape backup image by increasing or decreasing logical block address.
Abstract:
For enhanced access control, a client includes a token in each read or write command sent to a block storage device. The block storage device evaluates the token to determine whether or not read or write access is permitted at a specified logical block address. For example, the token is included in the logical block address field of a SCSI read or write command. The client may compute the token as a function of the logical block address of a data block to be accessed, or a metadata server may include the token in each block address of each extent reported to the client in response to a metadata request. For enhanced security, the token also is a function of a client identifier, a logical unit number, and access rights of the client to a particular extent of file system data blocks.
Abstract:
A read-write access to a file in a file server includes an initial metadata access step, an asynchronous read or write of file data, and a metadata commit step. In order to parallelize access to a range locking database, an inode and indirect file block mapping database, and a pre-allocation data base, operations are pipelined within the metadata access step and also within the metadata commit step. The pipelined operations within the metadata access step include a first stage of range locking, a second stage of reading block mapping metadata, and a third stage of reading and updating a pre-allocation map for write access. The pipelined operations within the metadata commit step include a first stage of releasing range locks, a second stage of accessing old block metadata for write access, and a third stage of updating metadata and flushing the pre-allocation map for write access.
Abstract:
A primary processor manages metadata of a production dataset and a snapshot copy, while a secondary processor provides concurrent read-write access to the primary dataset. The secondary processor determines when a first write is being made to a data block of the production dataset, and in this case sends a metadata change request to the primary data processor. The primary data processor commits the metadata change to the production dataset and maintains the snapshot copy while the secondary data processor continues to service other read-write requests. The secondary processor logs metadata changes so that the secondary processor may return a “write completed” message before the primary processor commits the metadata change. The primary data processor pre-allocates data storage blocks in such a way that the “write anywhere” method does not result in a gradual degradation in I/O performance.