-
公开(公告)号:US09516142B2
公开(公告)日:2016-12-06
申请号:US13459160
申请日:2012-04-28
申请人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
IPC分类号: H04L29/08 , H04L29/06 , H04L12/801 , H04L12/807 , H04L12/26
CPC分类号: H04L67/1097 , H04L43/16 , H04L47/193 , H04L47/27 , H04L47/822 , H04L63/1458 , H04L67/143 , H04L69/16 , H04L69/163
摘要: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.
摘要翻译: 提供了一种编程介质和系统的方法,用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中,NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程,它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值,则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时,服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。
-
公开(公告)号:US08909607B2
公开(公告)日:2014-12-09
申请号:US13476453
申请日:2012-05-21
IPC分类号: G06F17/30
CPC分类号: G06F17/30159
摘要: A computer identifies a relationship among a subset of a set of data blocks, a basis of the relationship forming a context shared by the subset of data blocks. The computer selects a code data structure from a set of code data structures using the context. The context is associated with the code data structure, and the code data structure includes a set of codes. The computer computes, for a first data block in the subset of data blocks, a first code corresponding to a content of the first data block. The computer determines whether the first code matches a stored code in the code data structure. The computer replaces, responsive to the first code matching the stored code, the first data block with a reference to an instance of the first data block. The computer causes the reference to be stored in a target data processing system.
摘要翻译: 计算机识别一组数据块的子集之间的关系,形成由数据块的子集共享的上下文的关系的基础。 计算机使用上下文从一组代码数据结构中选择代码数据结构。 上下文与代码数据结构相关联,并且代码数据结构包括一组代码。 对于数据块子集中的第一数据块,计算机计算与第一数据块的内容相对应的第一代码。 计算机确定第一代码是否与代码数据结构中存储的代码相匹配。 响应于与存储的代码匹配的第一代码,计算机替换参考第一数据块的实例的第一数据块。 计算机使参考存储在目标数据处理系统中。
-
公开(公告)号:US20130086318A1
公开(公告)日:2013-04-04
申请号:US13251752
申请日:2011-10-03
CPC分类号: G06F11/0727
摘要: A method, system, and computer program product for safe management of data storage using a VM are provided in the illustrative embodiments. An I/O request is received from the VM. A determination is made whether the I/O request requests a data manipulation on the data storage in an address range that overlaps with an address range of a VM signature stored on the data storage. In response to determining that the address range of the data manipulation overlaps with the address range of the VM signature, a determination is made whether an identifier of the VM matches an identifier of a second VM associated with the signature. In response to determining that the identifier of the VM does not match the identifier of the second VM, the I/O request is failed, thereby preventing an unsafe overwriting of the signature on the data storage.
摘要翻译: 在说明性实施例中提供了用于在使用VM的数据存储的安全管理的方法,系统和计算机程序产品。 从VM接收到I / O请求。 确定I / O请求是否在与存储在数据存储器上的VM签名的地址范围重叠的地址范围中的数据存储上请求数据操纵。 响应于确定数据操作的地址范围与VM签名的地址范围重叠,确定VM的标识符是否与与签名相关联的第二VM的标识符匹配。 响应于确定VM的标识符与第二VM的标识符不匹配,I / O请求失败,从而防止在数据存储器上不安全地重写签名。
-
公开(公告)号:US20110066851A1
公开(公告)日:2011-03-17
申请号:US12558744
申请日:2009-09-14
IPC分类号: H04L9/00 , G06F15/173
CPC分类号: H04L63/04 , H04L45/42 , H04L63/08 , H04L63/105
摘要: A computer implemented method and computer program product for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level.
摘要翻译: 一种用于获得安全路线的计算机实现的方法和计算机程序产品。 可信主机为可信主机设置节点安全关联。 可信主机在受信任的主机处接收指向目的地主机的客户端通信请求。 可信主机构建包括可信主机地址,目的主机地址和至少一个安全级别的安全路由查询,以形成至少一个安全路由。 可信主机基于至少一个安全路由将信息包从可信主机发送到目的地主机。 分组响应于客户端通信请求,并且分组各自具有与安全级别匹配的安全标签。
-
公开(公告)号:US09058338B2
公开(公告)日:2015-06-16
申请号:US13282454
申请日:2011-10-26
CPC分类号: G06F17/30153 , G06F3/0608 , G06F3/064 , G06F3/0673 , G06F12/10
摘要: An I/O request to store a file in a file-system is received. A determination is made whether the size of the file does not exceed a threshold size. Exceeding the threshold results in storing at least a portion of the file in a block of the file-system devoid of sub-blocks. A determination is made whether the size of the file does not exceed a size of unallocated space within a single block in the file-system. The single block includes a set of sub-blocks. Responsive to the size of the file not exceeding the threshold size and the size of unallocated space within the single block, the file is stored, at an address, in a first subset of the set of the sub-blocks of the single block. The address identifies the single block and a position of a sub-block in the subset.
摘要翻译: 接收到将文件存储在文件系统中的I / O请求。 确定文件的大小是否不超过阈值大小。 超过阈值导致将文件的至少一部分存储在没有子块的文件系统的块中。 确定文件的大小是否不超过文件系统中单个块内的未分配空间的大小。 单个块包括一组子块。 响应于不超过单个块内的阈值大小和未分配空间的大小的文件的大小,文件在单个块的子块集合的第一子集中的地址处被存储。 该地址识别子块中的单个块和子块的位置。
-
公开(公告)号:US20130311432A1
公开(公告)日:2013-11-21
申请号:US13476453
申请日:2012-05-21
IPC分类号: G06F17/30
CPC分类号: G06F17/30159
摘要: A computer identifies a relationship among a subset of a set of data blocks, a basis of the relationship forming a context shared by the subset of data blocks. The computer selects a code data structure from a set of code data structures using the context. The context is associated with the code data structure, and the code data structure includes a set of codes. The computer computes, for a first data block in the subset of data blocks, a first code corresponding to a content of the first data block. The computer determines whether the first code matches a stored code in the code data structure. The computer replaces, responsive to the first code matching the stored code, the first data block with a reference to an instance of the first data block. The computer causes the reference to be stored in a target data processing system.
摘要翻译: 计算机识别一组数据块的子集之间的关系,形成由数据块的子集共享的上下文的关系的基础。 计算机使用上下文从一组代码数据结构中选择代码数据结构。 上下文与代码数据结构相关联,并且代码数据结构包括一组代码。 对于数据块子集中的第一数据块,计算机计算与第一数据块的内容相对应的第一代码。 计算机确定第一代码是否与代码数据结构中存储的代码相匹配。 响应于与存储的代码匹配的第一代码,计算机替换参考第一数据块的实例的第一数据块。 计算机使参考存储在目标数据处理系统中。
-
公开(公告)号:US08356099B2
公开(公告)日:2013-01-15
申请号:US13459193
申请日:2012-04-29
IPC分类号: G06F15/16
CPC分类号: G06F9/5038 , G06F2209/5021
摘要: A method, programmed medium and system are disclosed which provide for end-to-end QoS for a set of processes that comprise a workload over nfs. A set of processes that comprise a workload such as the processes of a WPAR, or an entire LPAR are given a class designation and assigned priority/limits. The data are then passed to the server which allocates resources based on the sum total of all the current classes and their priorities and/or limits. This requires re-engineering the nfs client code to be workload-aware and the nfs server code to accommodate the resource allocation and prioritization needs of the nfs clients.
摘要翻译: 公开了一种方法,编程介质和系统,其为包括nfs上的工作负载的一组进程提供端到端QoS。 给出了一组包含WPAR或整个LPAR的工作负载的进程,并给出了类别指定和分配的优先级/限制。 然后将数据传递给服务器,该服务器根据所有当前类及其优先级和/或限制的总和来分配资源。 这需要重新设计nfs客户端代码以使工作负载感知和nfs服务器代码适应nfs客户端的资源分配和优先级排序。
-
公开(公告)号:US20120284496A1
公开(公告)日:2012-11-08
申请号:US13102497
申请日:2011-05-06
IPC分类号: G06F9/00
CPC分类号: G06F9/4401 , G06F9/44505
摘要: Illustrative embodiments include a method, system, and computer program product for estimating boot-time memory requirement of a data processing system. A data processing system identifies, using system configuration information associated with the data processing system, a set of components needed for booting up the data processing system. The data processing system determines a dependency of a component identified in the set of components, the component including a memory estimator program. The data processing system determines an ancestry of the component identified in the set of components. The data processing system receives, using the memory estimator program of the component, a boot-time memory requirement of the component. The data processing system calculates a total boot-time memory requirement. The data processing system determines whether an amount of real memory of the data processing system satisfies the total boot-time memory requirement.
摘要翻译: 示例性实施例包括用于估计数据处理系统的启动时间存储器需求的方法,系统和计算机程序产品。 数据处理系统使用与数据处理系统相关联的系统配置信息来识别启动数据处理系统所需的一组组件。 数据处理系统确定在组件集合中识别的组件的依赖性,该组件包括存储器估计器程序。 数据处理系统确定在该组组件中标识的组件的祖先。 数据处理系统使用组件的存储器估计器程序接收组件的引导时间存储器要求。 数据处理系统计算总引导时间内存要求。 数据处理系统确定数据处理系统的真实存储器的数量是否满足总的引导时间存储器要求。
-
公开(公告)号:US20120272016A1
公开(公告)日:2012-10-25
申请号:US13092840
申请日:2011-04-22
IPC分类号: G06F12/00
CPC分类号: G06F9/5077
摘要: A method, system, and computer program product for memory affinitization in a multithreaded environment are provided in the illustrative embodiments. A first affinity domain formed in a computer receives from a second thread executing in a second affinity domain a request to access a unit of memory in the first affinity domain. The computer determines whether to migrate the unit of memory to the second affinity domain. The computer migrates, responsive the determining being affirmative, the unit of memory to the second affinity domain, thereby affinitizing the unit of memory with the second thread.
摘要翻译: 在说明性实施例中提供了用于在多线程环境中用于存储器关联的方法,系统和计算机程序产品。 在计算机中形成的第一亲和度域从在第二关联域执行的第二线程接收访问第一亲和域中的存储单元的请求。 计算机确定是否将内存单元迁移到第二个关联域。 计算机将确定肯定地移动到第二亲和度域的存储单元,从而与第二线程关联存储器单元。
-
公开(公告)号:US20120215916A1
公开(公告)日:2012-08-23
申请号:US13459160
申请日:2012-04-28
申请人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
IPC分类号: G06F15/173
CPC分类号: H04L67/1097 , H04L43/16 , H04L47/193 , H04L47/27 , H04L47/822 , H04L63/1458 , H04L67/143 , H04L69/16 , H04L69/163
摘要: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.
摘要翻译: 提供了一种编程介质和系统的方法,用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中,NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程,它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值,则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时,服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。
-
-
-
-
-
-
-
-
-
搜索结果
38 条记录 (耗时 0.015 秒)
