公开(公告)号：US20240214348A1

公开(公告)日：2024-06-27

申请号：US18303359

申请日：2023-04-19

Applicant: NetApp, Inc.

Inventor： Azzedine Benameur ,  Yun Shen

IPC: H04L9/40 ,  G06F9/54

CPC classification number: H04L63/0236 ,  G06F9/547 ,  H04L63/1425

Abstract: Systems and methods for enhancing API security by identifying anomalous activities in a cloud environment are provided. In one embodiment, the lack of awareness of an external API with respect to how calls to the external API may affect a cluster of a container orchestration platform is addressed. For instance, the views of the external and internal APIs may be combined to achieve better API security by correlating external API calls with undesirable behavior or other anomalies arising in the internal API. Responsive to identifying such undesirable behavior, information (e.g., a host, a source IP, a user, a specific payload) associated with the offending external API call may be added to a network security feature (e.g., a deny list, an IPS, or a WAF) utilized by the external API to facilitate performance of enhanced filtering of subsequent external API calls by the external API on behalf of the internal API.

公开(公告)号：US12021851B2

公开(公告)日：2024-06-25

申请号：US17517460

申请日：2021-11-02

Applicant: NetApp, Inc.

Inventor： Jin Zhang ,  Surajpal S. Sandhu ,  Matthew Martin Houston

IPC: H04L9/40 ,  H04L67/148

CPC classification number: H04L63/0485 ,  H04L63/061 ,  H04L63/20 ,  H04L67/148

Abstract: A system is described. The system includes a processing resource and a non-transitory computer-readable medium, coupled to the processing resource, having stored therein instructions that when executed by the processing resource cause the processing resource to detect an unrecognized Internet Protocol Security (IPsec) packet associated with an IP address at a first node within a cluster, retrieve one or more selector fields from the IPsec packet, query of a security policy database to determine whether a destination IP address included in the one or more retrieved selector fields matches one or more matching outbound IPsec policies associated with a destination IP address, determine whether a matching outbound IPsec policy includes an IPsec policy associated with the destination address entry and establish the first IPsec SA communication session between the first node and the client based on the outbound IPsec policy.

公开(公告)号：US20240193055A1

公开(公告)日：2024-06-13

申请号：US18112993

申请日：2023-02-22

Applicant: NETAPP, INC.

Inventor： Rajaram Balakrishnan ,  Balamurali Palaiah ,  Jayakrishnan Ramakrishna Pillai ,  Kiran Joseph D Almeida ,  Negi Shardul Singh ,  Vineeth Karinta

IPC: G06F11/14

CPC classification number: G06F11/1484 ,  G06F11/1451 ,  G06F11/1469

Abstract: Methods and systems for protecting virtual machines is provided. One method includes discovering, by a first plugin, from a virtual machine (“VM”) management system, a plurality of VMs that share a logical data store having a plurality of virtual volumes used for storing data for the VMs by a storage system registered with the first plugin and a virtual appliance of the VM management system; obtaining, by the first plugin, from the virtual appliance, metadata and storage layout of a set of virtual volumes used by a VM to store data; using a first application programming interface (API), by the first plugin, for identifying a first set of storage volumes used by the storage system to store data for the set of virtual volumes; and creating, by the first plugin, a consistency group (“CG”) having the identified the first set of storage volumes and generating a snapshot of the CG.

公开(公告)号：US20240192980A1

公开(公告)日：2024-06-13

申请号：US18112996

申请日：2023-02-22

Applicant: NETAPP, INC.

Inventor： Rajaram Balakrishnan ,  Balamurali Palaiah ,  Jayakrishnan Ramakrishna Pillai ,  Kiran Joseph D Almeida ,  Negi Shardul Singh ,  Vineeth Karinta

IPC: G06F9/455 ,  G06F11/14

CPC classification number: G06F9/45558 ,  G06F11/1469 ,  G06F2009/4557 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2201/815

Abstract: Methods and systems for protecting virtual machines is provided. One method includes generating, by a first plugin, a directory for a virtual machine (VM) from among a plurality of VMs for a restore operation to restore the VM from a snapshot, the plurality of VMs sharing a logical data store having a plurality of virtual volumes used for storing data for the VMs by a storage system registered with the first plugin and a virtual appliance of a VM management system, the storage system using a first set of storage volumes to store data for a set of virtual volumes of the VM; renaming, by the first plugin, a logical object associated with the snapshot; and calling, by the first plugin, the virtual appliance to import the renamed logical object as a virtual volume.

公开(公告)号：US12007944B2

公开(公告)日：2024-06-11

申请号：US17536515

申请日：2021-11-29

Applicant: NetApp Inc.

Inventor： Ajay Pratap Singh Kushwah ,  Ling Zheng ,  Sharad Jain

IPC: G06F16/11 ,  G06F11/14 ,  G06F12/121 ,  G06F16/13 ,  H04L67/568

CPC classification number: G06F16/128 ,  G06F11/1448 ,  G06F11/1464 ,  G06F12/121 ,  G06F16/13 ,  H04L67/568

Abstract: With a forever incremental snapshot configuration and a typical caching policy (e.g., least recently used), a storage appliance may evict stable data blocks of an older snapshot, perhaps unchanged data blocks of the snapshot baseline. If stable data blocks have been evicted, restore of a recent snapshot will suffer the time penalty of downloading the stable blocks for restoring the recent snapshot. Creating synthetic baseline snapshots and refreshing eviction data of stable data blocks can avoid eviction of stable data blocks and reduce the risk of violating a recovery time objective.

公开(公告)号：US11983083B2

公开(公告)日：2024-05-14

申请号：US17744875

申请日：2022-05-16

Applicant: NetApp Inc.

Inventor： Balaji Ramani ,  Harsha Sridhara ,  Rakshit Karnawat

IPC: G06F11/00 ,  G06F3/06 ,  G06F11/20 ,  G06F21/00 ,  G06F21/53 ,  G06F21/57 ,  G06F11/14

CPC classification number: G06F11/2069 ,  G06F3/0619 ,  G06F3/0647 ,  G06F3/065 ,  G06F3/0683 ,  G06F11/2071 ,  G06F11/2094 ,  G06F21/00 ,  G06F21/53 ,  G06F21/57 ,  G06F11/1456 ,  G06F2201/805

Abstract: One or more techniques and/or systems are provided for migrating a trust relationship. For example, a first storage cluster and a second storage cluster have a disaster recovery relationship where the second storage cluster provides failover client access to replicated data, replicated from the first storage cluster to the second storage cluster, in the event the first storage cluster fails. The first storage cluster may have a trust relationship with a third storage cluster, such that data is mirrored from a volume of the first storage cluster into a mirrored volume of the third storage cluster based upon the trust relationship. In the event the first storage cluster fails over to the second storage cluster due to a disaster at the first storage cluster, the trust relationship is migrated to be between the second storage cluster and the third storage cluster for non-disruptive mirroring of data to the mirrored volume.

公开(公告)号：US11983080B2

公开(公告)日：2024-05-14

申请号：US17680621

申请日：2022-02-25

Applicant: NetApp, Inc.

Inventor： Wei Sun ,  Anil Paul Thoppil ,  Anne Maria Vasu

IPC: G06F11/10 ,  G06F3/06 ,  G06F11/16 ,  G06F11/30 ,  G06F16/27

CPC classification number: G06F11/1662 ,  G06F3/0622 ,  G06F3/064 ,  G06F3/0679 ,  G06F11/1088 ,  G06F11/3034 ,  G06F16/27

Abstract: Systems and methods that make use of cluster-level redundancy within a distributed storage management system to address various node-level error scenarios are provided. Rather than making use of a generalized one-size-fits-all approach in an effort to reduce complexity, an approach tailored to the node-level error scenario at issue may be performed to avoid doing more than necessary. According to one embodiment, responsive to identification of a failed RAID stripe by a node of a cluster of a distributed storage management system, for each block ID of multiple block IDs associated with the failed RAID stripe, a data block is restored corresponding to the block ID by reading the data block from another node of the cluster having a redundant copy of the data block; and writing the redundant copy of the data block to a storage area of the node that is unaffected by the failed RAID stripe.

公开(公告)号：US20240143453A1

公开(公告)日：2024-05-02

申请号：US18148696

申请日：2022-12-30

Applicant: NetApp, Inc.

Inventor： Akhil Kaushik ,  Dhruvil Shah ,  Arun Kumar Selvam

IPC: G06F11/14

CPC classification number: G06F11/1466 ,  G06F11/1451 ,  G06F2201/84

Abstract: Multi-site distributed storage systems and computer-implemented methods are described for improving a resumption time of input/output (I/O) operations during a common snapshot procedure for storage objects. A computer-implemented method includes initiating a snapshot multi create operation to selectively form a batch of first and second synchronous replicated datasets that belong to a first group of storage disks at the primary storage site and corresponding second group of storage disks at the secondary storage site, performing a batch snapshot create operation on the primary storage site by executing snapshots of storage objects on the primary storage site of the batch of first and second synchronous replicated datasets in parallel multiple threads to effectively utilize processing resources on the primary storage site, and initiating an independent workflow and state machine for each storage object of the batch of first and second synchronous replicated datasets.

公开(公告)号：US20240143447A1

公开(公告)日：2024-05-02

申请号：US18148644

申请日：2022-12-30

Applicant: NetApp, Inc.

Inventor： Akhil Kaushik ,  Krishna Murthy Chandraiah Setty Narasingarayanapeta ,  Dhruvil Shah

IPC: G06F11/14 ,  G06F3/06

CPC classification number: G06F11/1448 ,  G06F3/0611 ,  G06F3/064 ,  G06F3/067 ,  G06F2201/84

Abstract: Multi-site distributed storage systems and computer-implemented methods are described for improving a resumption time of input/output (I/O) operations during a common snapshot procedure for storage objects. A computer-implemented method includes initiating a snap create handler operation for a storage object of a batch of storage objects having a plurality of replicated datasets with each replicated dataset having a synchronous replication relationship between at least one storage object of the first storage node and at least one replicated storage object of the second storage node, determining whether a consistency point is currently in progress or not, and providing a hint to accelerate a currently in progress consistency point when the consistency point is currently in progress.

公开(公告)号：US20240143215A1

公开(公告)日：2024-05-02

申请号：US18060367

申请日：2022-11-30

Applicant: NetApp, Inc.

Inventor： Sangramsinh Pandurang Pawar ,  Bhoovaraghan Subramanian ,  William Derby Dallas ,  Sowkoor Sunad Bhandary ,  Rajesh Rajarman ,  FNU Sahasranshu

IPC: G06F3/06

CPC classification number: G06F3/0646 ,  G06F3/0604 ,  G06F3/067

Abstract: Systems and methods for performing a fast resynchronization of a mirrored aggregate of a distributed storage system using disk-level cloning are provided. According to one embodiment, responsive to a failure of a disk of a plex of the mirrored aggregate utilized by a high-availability (HA) pair of nodes of a distributed storage system, disk-level clones of the disks of the healthy plex may be created external to the distributed storage system and attached to the degraded HA partner node. After detection of the cloned disks by the degraded HA partner node, mirror protection may be efficiently re-established by assimilating the cloned disks within the failed plex and then resynchronizing the mirrored aggregate by performing a level-1 resync of the failed plex with the healthy plex based on a base file system snapshot of the healthy plex. In this manner, a more time-consuming level-0 resync may be avoided.