公开(公告)号：US07861302B1

公开(公告)日：2010-12-28

申请号：US09715681

申请日：2000-11-17

申请人： Yoav Raz ,  Steven M. Blumenau ,  Michel F. Fisher ,  David C. Butchart

发明人： Yoav Raz ,  Steven M. Blumenau ,  Michel F. Fisher ,  David C. Butchart

IPC分类号： G06F11/00

CPC分类号： G06F21/564

摘要： Scanning a storage device for viruses includes determining physical portions of the storage device that have been modified since a previous virus scan and scanning at least parts of the physical portions for viruses. The physical portions may correspond to tracks of the storage device, sectors of the storage device, and/or to subportions of the storage device. Determining the physical portions of the storage device that have been modified may include creating a table that is indexed according to each of the portions and has entries indicating whether a corresponding one of the portions has been modified, the entries being cleared after a virus scan to indicate that no portions have been modified and setting a specific one of the entries in response to a corresponding one of the portions of the storage device being subject to a write operation. Creating the table may include copying an other table provided by the storage device and/or using an other table provided by the storage device.

摘要翻译： 扫描用于病毒的存储设备包括确定存储设备的物理部分，该物理部分自先前的病毒扫描已被修改，并扫描至少部分物理部分以用于病毒。 物理部分可以对应于存储设备的轨道，存储设备的扇区，和/或存储设备的子部分。 确定已经修改的存储设备的物理部分可以包括创建根据每个部分被索引的表，并且具有指示相应部分是否已经被修改的条目，在病毒扫描之后清除条目 指示没有部分被修改并且响应于存储设备的对应的一个部分进行写入操作来设置特定的一个条目。 创建表可以包括复制由存储设备提供的另一表和/或使用存储设备提供的其他表。

公开(公告)号：US07752316B1

公开(公告)日：2010-07-06

申请号：US10113168

申请日：2002-03-29

申请人： Mark Kaufman ,  Uresh K. Vahalia ,  Percy Tzelnic ,  Steven M. Blumenau ,  John T. Fitzgerald ,  Erez Ofer ,  James M. McGillis ,  Mark C. Lippitt ,  Natan Vishlitzky

发明人： Mark Kaufman ,  Uresh K. Vahalia ,  Percy Tzelnic ,  Steven M. Blumenau ,  John T. Fitzgerald ,  Erez Ofer ,  James M. McGillis ,  Mark C. Lippitt ,  Natan Vishlitzky

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： G06F21/6218 ,  G06F9/468 ,  G06F17/30067 ,  H04L63/10

摘要： This invention is a system and for managing data in a secure manner in a data storage environment that is in communication with a network including an internet-based network. The system includes computer-executable logic or software for securely managing internet client's access to data volumes stored on a data storage system, and may also include logic operating with a file server for providing dynamic access of data available to such client's in a secure fashion.

摘要翻译： 本发明是一种用于在与包括基于因特网的网络的网络通信的数据存储环境中以安全的方式管理数据的系统。 该系统包括用于安全地管理互联网客户端对存储在数据存储系统上的数据量的访问的计算机可执行逻辑或软件，并且还可以包括用文件服务器操作的逻辑，以便以安全的方式提供对这种客户端可用的数据的动态访问。

公开(公告)号：US07552056B2

公开(公告)日：2009-06-23

申请号：US09962790

申请日：2001-09-25

申请人： Stephen Todd ,  Michel Fisher ,  Paul Bober ,  Steven M. Blumenau

发明人： Stephen Todd ,  Michel Fisher ,  Paul Bober ,  Steven M. Blumenau

IPC分类号： G06Q99/00

CPC分类号： G06Q30/02 ,  G06Q30/0283 ,  G06Q40/12 ,  G06Q50/188

摘要： A registration application that allows a service provider customer that is using data storage resources (storage and/or storage-related services) provided by the service provider to register with a Service Provider Management System (SPMS) that is maintained by the service provider. The registration application executes on each of the customer's servers (that is, those which are connected to resources being used) to produce registration information and provides that registration information to the SPMS. The resources have a scratch pad storage area that is used by the servers and the SPMS to communicate with each other. The registration information is passed to the SPMS by the servers indirectly via the scratch pad area. The SPMS uses the registration information to associate customer information with the resources used by that customer's servers. The association of the customer information and resources can then be used by the SPMS to track customer usage of the resources for billing and other applications.

摘要翻译： 允许服务提供商客户使用由服务提供商提供的数据存储资源（存储和/或存储相关服务）向由服务提供商维护的服务提供商管理系统（SPMS）注册的注册应用程序。 注册应用程序在每个客户的服务器（即与被使用的资源相连接的服务器）上执行以产生注册信息并将该注册信息提供给SPMS。 资源具有由服务器和SPMS用于彼此通信的暂存区存储区域。 注册信息由服务器间接通过暂存区域传递给SPMS。 SPMS使用注册信息将客户信息与客户服务器使用的资源相关联。 然后，客户信息和资源的关联可以由SPMS使用以跟踪用于计费和其他应用的资源的客户使用。

公开(公告)号：US07415591B1

公开(公告)日：2008-08-19

申请号：US10421239

申请日：2003-04-23

申请人： Stephen J. Todd ,  Steven M. Blumenau ,  Zoran Cakeljic

发明人： Stephen J. Todd ,  Steven M. Blumenau ,  Zoran Cakeljic

IPC分类号： G06F13/14

CPC分类号： G06F3/0647 ,  G06F3/0614 ,  G06F3/0635 ,  G06F3/067 ,  G06F11/1471 ,  G06F11/2071

摘要： Methods and apparatus for migrating a logical object. In one embodiment, a migration is performed by automatically determining the source location(s) of the logical object, moving the data stored therein to a target location while maintaining the availability of the data at the source location to an application program, and automatically servicing access requests from the application program at the target location after moving the data. In another embodiment, a migration is performed by automatically provisioning target location(s) to store a logical object, moving the data in the logical object to the target location(s) while maintaining its availability to an application program, and automatically servicing access requests from the application program at the target location after moving the data. In a further embodiment, a migration is performed by moving the data within a logical object from a source logical volume to a target logical volume, automatically servicing access requests from an application program at the target logical volume after moving the data, and retiring the source logical volume.

摘要翻译： 迁移逻辑对象的方法和设备。 在一个实施例中，通过自动确定逻辑对象的源位置来执行迁移，将存储在其中的数据移动到目标位置，同时保持源位置处的数据到应用程序的可用性，并自动维护 移动数据后，从目标位置的应用程序访问请求。 在另一个实施例中，通过自动提供目标位置来存储逻辑对象来执行迁移，将逻辑对象中的数据移动到目标位置，同时保持对应用程序的可用性，以及自动服务访问请求 从移动数据后的目标位置的应用程序。 在另一个实施例中，通过将逻辑对象内的数据从源逻辑卷移动到目标逻辑卷来执行迁移，在移动数据之后自动地服务于来自目标逻辑卷处的应用程序的访问请求，并且退出源 逻辑卷。

公开(公告)号：US07260636B2

公开(公告)日：2007-08-21

申请号：US09748053

申请日：2000-12-22

申请人： Steven M. Blumenau ,  John T. Fitzgerald ,  John F. Madden, Jr.

发明人： Steven M. Blumenau ,  John T. Fitzgerald ,  John F. Madden, Jr.

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  H04L63/0876 ,  H04L63/101

摘要： A method and apparatus for a networked computer system including a plurality of devices and a shared resource. In response to one of the devices attempting to access the shared resource and representing itself to the shared resource as a first device, determining whether the device is attempting to access the shared resource through a physical connection through the network that is different than a physical connection used by the first device to access the shared resource, and when it is, denying the attempted access.

摘要翻译： 一种用于包括多个设备和共享资源的联网计算机系统的方法和装置。 响应于尝试访问共享资源并将其自身表示为共享资源的设备中的一个作为第一设备，确定设备是否正在通过不同于物理连接的网络的物理连接来尝试访问共享资源 由第一个设备用于访问共享资源，何时，拒绝尝试的访问。

公开(公告)号：US07093021B2

公开(公告)日：2006-08-15

申请号：US10058651

申请日：2002-01-28

申请人： Steven M. Blumenau ,  Yoav Raz

发明人： Steven M. Blumenau ,  Yoav Raz

IPC分类号： H04L9/00

CPC分类号： G06F21/602 ,  G06F2221/2153

摘要： An object is authenticated by transmitting a random number to the object. The object has an integrated circuit chip including a memory and encryption circuitry. The memory stores information defining an encryption scheme preassigned to the object. The encryption circuitry reads the memory, and encrypts the random number according to the encryption scheme defined by the information read from the memory to produce encrypted data. The memory cannot be read from any output of the integrated chip, and the chip is constructed so that it is virtually impossible to recover the information contained in the memory by visual inspection, probing, or disassembly of the chip. The object is authenticated by checking whether the encrypted data is a correct result of encrypting the data using the encryption scheme pressigned to the object.

公开(公告)号：US06993589B1

公开(公告)日：2006-01-31

申请号：US10238806

申请日：2002-09-10

申请人： Steven M Blumenau ,  Christopher J. Hackett ,  Matthew J. D'Errico

发明人： Steven M Blumenau ,  Christopher J. Hackett ,  Matthew J. D'Errico

IPC分类号： G06F15/16

CPC分类号： G06F9/5016

摘要： Method and apparatus for managing access to one of a plurality of raw storage devices in a computer system including a host computer and a storage system. The computer system includes a plurality of logical volumes of data that are visible to the host computer and the storage system and are perceived by the host computer as comprising a plurality of raw storage devices. The host computer includes a file system/LVM mapping layer. In accordance with one aspect of the invention, a request, from a requester having less than system administrator access privileges, to perform an action directly on the one of the plurality of raw storage devices is granted, so that a logical channel is provided to directly access the one of the plurality of raw storage devices without the logical channel being mapped by the file system/LVM mapping layer. Another aspect is directed to a computer system including a host computer comprising an application layer including at least one application program. A plurality of volumes of storage are visible to the application layer, and access privileges less than the root access privileges are assigned to the at least one application program to access the plurality of volumes of storage.

摘要翻译： 用于管理对包括主计算机和存储系统的计算机系统中的多个原始存储设备之一的访问的方法和装置。 计算机系统包括主机计算机和存储系统可见的多个逻辑卷数据，并且被主计算机感知为包括多个原始存储设备。 主机包括文件系统/ LVM映射层。 根据本发明的一个方面，允许具有小于系统管理员访问权限的请求者直接对多个原始存储设备之一执行动作的请求，从而直接提供逻辑信道 访问多个原始存储设备中的一个，而不会由文件系统/ LVM映射层映射逻辑信道。 另一方面涉及包括主计算机的计算机系统，主计算机包括包括至少一个应用程序的应用层。 许多卷的存储对应用层可见，并且小于根访问特权的访问权限被分配给至少一个应用程序以访问多个卷的存储。

公开(公告)号：US06931440B1

公开(公告)日：2005-08-16

申请号：US09295718

申请日：1999-04-21

申请人： Steven M Blumenau ,  Steven Cohen

发明人： Steven M Blumenau ,  Steven Cohen

IPC分类号： G06F3/06 ,  G06F9/00 ,  G06F15/16

CPC分类号： G06F3/0653 ,  G06F3/0605 ,  G06F3/0629 ,  G06F3/0683 ,  G06F9/4411

摘要： One embodiment is directed to a method and apparatus for modifying a configuration of a computer system including a host computer and at least one computer system resource accessible to at least one application program executing on the host computer. The computer system is dynamically reconfigured, without reinitializing the host computer or the application program, to alter a manner in which the at least one application program accesses the at least one computer system resource. Another embodiment is directed to a method and apparatus for responding to changes in a configuration of the computer system impacting a manner in which the at least one computer system resource is accessed by the host computer. Information relating to a first configuration of the computer system at a first point in time is stored, the first configuration relating to a first manner of accessing the at least one computer system resource by the host computer. A second configuration of the computer system at a second point in time is determined, the second configuration relating to a second manner of accessing the at least one computer system resource by the host computer. The second configuration of the computer system is compared with the first configuration to determine whether the second configuration differs from the first configuration. When it is determined that the second configuration differs from the first configuration, the second manner of accessing the at least one computer system resource by the host computer is determined.

摘要翻译： 一个实施例涉及用于修改包括主计算机的计算机系统的配置和至少一个在主计算机上执行的应用程序可访问的计算机系统资源的方法和装置。 计算机系统被动态地重新配置，而不重新初始化主计算机或应用程序，以改变至少一个应用程序访问至少一个计算机系统资源的方式。 另一个实施例涉及一种用于响应计算机系统的配置的变化的方法和装置，其影响至少一个计算机系统资源被主计算机访问的方式。 存储与第一时间点上的计算机系统的第一配置有关的信息，第一配置涉及由主计算机访问至少一个计算机系统资源的第一种方式。 确定在第二时间点的计算机系统的第二配置，第二配置涉及由主计算机访问至少一个计算机系统资源的第二种方式。 将计算机系统的第二配置与第一配置进行比较，以确定第二配置是否与第一配置不同。 当确定第二配置与第一配置不同时，确定由主计算机访问至少一个计算机系统资源的第二种方式。

公开(公告)号：US06457139B1

公开(公告)日：2002-09-24

申请号：US09223126

申请日：1998-12-30

申请人： Matthew J. D'Errico ,  Steven M. Blumenau ,  Erez Ofer

发明人： Matthew J. D'Errico ,  Steven M. Blumenau ,  Erez Ofer

IPC分类号： G06F100

CPC分类号： G06F3/061 ,  G06F3/0629 ,  G06F3/0683

摘要： Method and apparatus directed to a computer system including a host computer and an intelligent storage system that stores data accessed by the host computer, the computer system including a plurality of logical volumes of data that are visible to the host computer and the storage system and that are perceived by the host computer as comprising a plurality of raw storage devices, the storage system including a plurality of physical storage devices and at least one mapping layer that maps the plurality of logical volumes to the plurality of physical storage devices so that the data in each of the plurality of logical volumes is stored on at least one of the plurality of physical storage devices. One aspect of the invention is directed to providing the host computer with information identifying, for at least one of the plurality of logical volumes, which ones of the plurality of physical storage devices store data included in the at least one of the plurality of logical volumes. The host computer can use this information in configuring data blocks among the plurality of logical volumes.

摘要翻译： 指向包括主计算机和存储由主机计算机访问的数据的智能存储系统的计算机系统的计算机系统的方法和装置，所述计算机系统包括对主计算机和存储系统可见的多个逻辑卷数据，并且 由主计算机感知为包括多个原始存储设备，所述存储系统包括多个物理存储设备和至少一个映射层，其将所述多个逻辑卷映射到所述多个物理存储设备，使得所述数据在 多个逻辑卷中的每一个存储在多个物理存储设备中的至少一个上。 本发明的一个方面涉及为主计算机提供信息，该信息为多个逻辑卷中的至少一个逻辑卷中的至少一个逻辑卷标识，多个物理存储设备中的哪一个存储多个逻辑卷中的至少一个逻辑卷中包含的数据 。 主计算机可以使用该信息来配置多个逻辑卷中的数据块。

公开(公告)号：US06438595B1

公开(公告)日：2002-08-20

申请号：US09104597

申请日：1998-06-24

申请人： Steven M. Blumenau ,  Yoav Raz

发明人： Steven M. Blumenau ,  Yoav Raz

IPC分类号： G06F1517

CPC分类号： H04L29/12047 ,  G06F9/5083 ,  H04L29/12009 ,  H04L29/12783 ,  H04L61/15 ,  H04L61/35 ,  H04L67/1002 ,  H04L67/1006 ,  H04L67/1008 ,  H04L67/1036 ,  H04L67/1097 ,  H04L67/2842 ,  H04L69/329

摘要： A data network links a number of host processors to alternative shared resources. In order to allocate a respective subset of the alternative shared resources to each host, a directory service of the network is programmed to present a respective view of the network to each host. For example, hosts on the same network loop may see a different picture of the network. When a host logs into the network, the directory service reports to the host information about the alternative shared resources that the host should use. The host then commences a sequence of data processing operations during which the host accesses only the shared resources that were reported to it by the directory service. The shared resources, for example, are ports of a storage subsystem, and a respective subset of the ports is assigned to each host to balance loading of the hosts on the ports.

摘要翻译： 数据网络将多个主机处理器链接到备用共享资源。 为了将替代共享资源的相应子集分配给每个主机，网络的目录服务被编程为向每个主机呈现网络的相应视图。 例如，同一网络环路上的主机可能会看到网络的不同图片。 当主机登录到网络中时，目录服务向主机报告有关主机应使用的备用共享资源的信息。 然后，主机开始一系列数据处理操作，在此期间主机仅访问目录服务向其报告的共享资源。 例如，共享资源是存储子系统的端口，并且将相应的端口子集分配给每个主机以平衡端口上的主机的负载。