Nonvolatile media dirty region tracking
    1.
    发明授权
    Nonvolatile media dirty region tracking 有权
    非易失媒体脏区跟踪

    公开(公告)号:US09003103B2

    公开(公告)日:2015-04-07

    申请号:US13229871

    申请日:2011-09-12

    IPC分类号: G06F13/00 G06F11/10 G06F11/20

    摘要: A storage set (e.g., an array of hard disk drives) may experience a failure, such as a loss of power, a software crash, or a disconnection of a storage device, while writes to the storage set are in progress. Recover from the failure may involve scanning the storage set to detect and correct inconsistencies (e.g., comparing mirrors of a data set or testing checksums). However, lacking information about the locations of pending writes to the storage set during the failure, this “cleaning” process may involve scanning the entire storage set, resulting in protracted recovery processes. Presented herein are techniques for tracking writes to the storage set by apportioning the storage set into regions of a region size (e.g., one gigabyte), and storing on the nonvolatile storage medium descriptors of “dirty” regions comprising in-progress writes. The post-failure recovery process may then be limited to the regions identified as dirty.

    摘要翻译: 存储组(例如,硬盘驱动器阵列)在对存储组的写入正在进行中可能经历诸如功率损失,软件崩溃或存储设备的断开之类的故障。 从故障恢复可能涉及扫描存储集以检测和纠正不一致(例如,比较数据集的镜像或测试校验和)。 但是,缺少关于在故障期间对存储集进行挂起的位置的信息,此“清理”过程可能涉及扫描整个存储集,导致持续的恢复过程。 这里提出的是通过将存储集合分配到区域大小(例如,一千兆字节)的区域来跟踪对存储集的写入的技术,以及在非易失性存储介质上存储包括进行中写入的“脏”区域的描述符。 然后,故障后恢复过程可以限于被识别为脏的区域。

    Allocation strategies for storage device sets
    2.
    发明授权
    Allocation strategies for storage device sets 有权
    存储设备集分配策略

    公开(公告)号:US08793463B2

    公开(公告)日:2014-07-29

    申请号:US13230505

    申请日:2011-09-12

    IPC分类号: G06F3/06 G06F12/06 G06F12/02

    摘要: A storage device set may allocate capacity for spaces (e.g., logical volumes) according to an allocation strategy, e.g., allocating capacity from the storage device having the greatest available capacity, or maximizing the distribution of allocated capacity across the storage devices. However, such allocation strategies may be inefficient (e.g., limiting the capability of the storage device set to satisfy subsequent requests with constraints such as a minimum distribution of capacity across several storage devices). The techniques presented herein achieve efficient allocation by first allocating capacity on storage devices having ample available capacity using a round-robin technique, and if such storage devices do not satisfy the capacity request, allocating capacity on storage devices having limited available capacity. Additionally, the techniques presented herein facilitate thin provisioning through capacity reservations, wherein storage devices withhold unallocated storage for particular spaces that may be utilized as a reserve if unreserved capacity is exhausted.

    摘要翻译: 存储设备组可以根据分配策略来分配空间(例如,逻辑卷)的容量,例如从具有最大可用容量的存储设备分配容量,或者跨越存储设备最大化分配的容量的分配。 然而,这种分配策略可能是低效的(例如,限制存储设备集合的能力以满足具有约束的后续请求,例如跨几个存储设备的容量的最小分布)。 本文提出的技术通过使用循环技术首先分配具有足够可用容量的存储设备的容量来实现有效的分配,并且如果这样的存储设备不满足容量请求,则在具有有限可用容量的存储设备上分配容量。 此外,本文中提供的技术有助于通过容量预留进行精简配置,其中存储设备对于特定空间进行保留,这些空间可用作储备,如果未预留的容量被耗尽。

    ALLOCATION STRATEGIES FOR STORAGE DEVICE SETS
    3.
    发明申请
    ALLOCATION STRATEGIES FOR STORAGE DEVICE SETS 有权
    存储设备分配策略

    公开(公告)号:US20130067187A1

    公开(公告)日:2013-03-14

    申请号:US13230505

    申请日:2011-09-12

    IPC分类号: G06F12/00

    摘要: A storage device set may allocate capacity for spaces (e.g., logical volumes) according to an allocation strategy, e.g., allocating capacity from the storage device having the greatest available capacity, or maximizing the distribution of allocated capacity across the storage devices. However, such allocation strategies may be inefficient (e.g., limiting the capability of the storage device set to satisfy subsequent requests with constraints such as a minimum distribution of capacity across several storage devices). The techniques presented herein achieve efficient allocation by first allocating capacity on storage devices having ample available capacity using a round-robin technique, and if such storage devices do not satisfy the capacity request, allocating capacity on storage devices having limited available capacity. Additionally, the techniques presented herein facilitate thin provisioning through capacity reservations, wherein storage devices withhold unallocated storage for particular spaces that may be utilized as a reserve if unreserved capacity is exhausted.

    摘要翻译: 存储设备组可以根据分配策略来分配空间(例如,逻辑卷)的容量,例如从具有最大可用容量的存储设备分配容量,或者跨越存储设备最大化分配的容量的分配。 然而,这种分配策略可能是低效的(例如,限制存储设备集合的能力以满足具有约束的后续请求,例如跨几个存储设备的容量的最小分布)。 本文提出的技术通过使用循环技术首先分配具有足够可用容量的存储设备的容量来实现有效的分配,并且如果这样的存储设备不满足容量请求,则在具有有限可用容量的存储设备上分配容量。 此外,本文中提供的技术有助于通过容量预留进行精简配置,其中存储设备对于特定空间进行保留,这些空间可用作储备,如果未预留的容量被耗尽。

    NONVOLATILE MEDIA DIRTY REGION TRACKING
    4.
    发明申请
    NONVOLATILE MEDIA DIRTY REGION TRACKING 有权
    非损失媒体区域跟踪

    公开(公告)号:US20130067179A1

    公开(公告)日:2013-03-14

    申请号:US13229871

    申请日:2011-09-12

    IPC分类号: G06F12/16 G06F12/02

    摘要: A storage set (e.g., an array of hard disk drives) may experience a failure, such as a loss of power, a software crash, or a disconnection of a storage device, while writes to the storage set are in progress. Recover from the failure may involve scanning the storage set to detect and correct inconsistencies (e.g., comparing mirrors of a data set or testing checksums). However, lacking information about the locations of pending writes to the storage set during the failure, this “cleaning” process may involve scanning the entire storage set, resulting in protracted recovery processes. Presented herein are techniques for tracking writes to the storage set by apportioning the storage set into regions of a region size (e.g., one gigabyte), and storing on the nonvolatile storage medium descriptors of “dirty” regions comprising in-progress writes. The post-failure recovery process may then be limited to the regions identified as dirty.

    摘要翻译: 存储组(例如,硬盘驱动器阵列)在对存储组的写入正在进行中可能经历诸如功率损失,软件崩溃或存储设备的断开之类的故障。 从故障恢复可能涉及扫描存储集以检测和纠正不一致(例如,比较数据集的镜像或测试校验和)。 但是,缺少关于在故障期间暂存写入存储集的位置的信息,此清理过程可能涉及扫描整个存储集,导致持续的恢复过程。 这里提出的是通过将存储集合分配到区域大小(例如,一千兆字节)的区域来跟踪对存储集的写入的技术,以及在非易失性存储介质上存储包括正在进行的写入的脏区域的描述符。 然后,故障后恢复过程可以限于被识别为脏的区域。

    POOLED PARTITION LAYOUT AND REPRESENTATION
    5.
    发明申请
    POOLED PARTITION LAYOUT AND REPRESENTATION 有权
    填充分区布局和表示

    公开(公告)号:US20130067191A1

    公开(公告)日:2013-03-14

    申请号:US13229734

    申请日:2011-09-11

    IPC分类号: G06F12/02

    摘要: A set of storage devices may interoperate to share a pool of storage space, such as in a Redundant Array of Inexpensive Disks (RAID) scheme. However, the details of the representation of the pool and the allocation of capacity to the pool may enable advantages and/or impose limitations on the storage set. Presented herein are techniques for generating a representing a pooled partition on one or more storage devices featuring a pool configuration representing the pool as a set of spaces manifested by the pool; a set of storage devices sharing the pool; and a set of extents that map physical areas of the storage devices to logical areas of the spaces. The flexibility of these pooling techniques may enable such features as flexible capacity allocation, delayed binding, thin provisioning, and the participation of a storage device in two or more distinct pools shared with different sets of storage devices.

    摘要翻译: 一组存储设备可以互操作以共享存储空间池,例如在冗余磁盘冗余阵列(RAID)方案中。 但是,池的表示细节和池的容量分配可能会使存储集的优点和/或限制。 这里提出的技术是在一个或多个存储设备上生成表示池化分区的技术,其特征在于将表示池的池配置作为由池显示的一组空间; 一组共享池的存储设备; 以及将存储设备的物理区域映射到空间的逻辑区域的一组盘区。 这些池化技术的灵活性可以实现诸如灵活容量分配,延迟绑定,精简配置以及存储设备参与与不同组存储设备共享的两个或多个不同池中的这些特征。

    Pooled partition layout and representation
    6.
    发明授权
    Pooled partition layout and representation 有权
    池分区布局和表示

    公开(公告)号:US09069468B2

    公开(公告)日:2015-06-30

    申请号:US13229734

    申请日:2011-09-11

    IPC分类号: G06F9/50 G06F3/06

    摘要: A set of storage devices may interoperate to share a pool of storage space, such as in a Redundant Array of Inexpensive Disks (RAID) scheme. However, the details of the representation of the pool and the allocation of capacity to the pool may enable advantages and/or impose limitations on the storage set. Presented herein are techniques for generating a representing a pooled partition on one or more storage devices featuring a pool configuration representing the pool as a set of spaces manifested by the pool; a set of storage devices sharing the pool; and a set of extents that map physical areas of the storage devices to logical areas of the spaces. The flexibility of these pooling techniques may enable such features as flexible capacity allocation, delayed binding, thin provisioning, and the participation of a storage device in two or more distinct pools shared with different sets of storage devices.

    摘要翻译: 一组存储设备可以互操作以共享存储空间池,例如在冗余磁盘冗余阵列(RAID)方案中。 但是,池的表示细节和池的容量分配可能会使存储集的优点和/或限制。 这里提出的技术是在一个或多个存储设备上生成表示池化分区的技术,其特征在于将表示池的池配置作为由池显示的一组空间; 一组共享池的存储设备; 以及将存储设备的物理区域映射到空间的逻辑区域的一组盘区。 这些池化技术的灵活性可以实现诸如灵活容量分配,延迟绑定,精简配置以及存储设备参与与不同组存储设备共享的两个或多个不同池中的这些特征。

    Firewall installer
    8.
    发明授权
    Firewall installer 有权
    防火墙安装程序

    公开(公告)号:US08266685B2

    公开(公告)日:2012-09-11

    申请号:US11804409

    申请日:2007-05-18

    IPC分类号: H04L29/06

    摘要: Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.

    摘要翻译: 本发明的实施例涉及一种防火墙安装程序,其接收一组配置指令,用于以说明性格式配置防火墙,该声明性格式描述要由防火墙实现的一个或多个规则,并且自动配置防火墙。 提供能够基于声明性输入而不是过程性过程导向输入配置防火墙的防火墙安装程序,通过允许管理员以更高的声明级别指定所需的防火墙配置,从而有助于管理防火墙,并释放管理员不需要 指定在防火墙中实现配置更改的过程。 在本发明的一个实施例中,防火墙安装者可以接收和存储用于配置防火墙的输入,即使在防火墙未运行时,防火墙安装者也可以接收和存储用于配置防火墙的输入,使得防火墙在下一次联机时对这些配置更改执行。

    Method and system for distributing security policies
    9.
    发明授权
    Method and system for distributing security policies 有权
    分发安全策略的方法和系统

    公开(公告)号:US07831826B2

    公开(公告)日:2010-11-09

    申请号:US12402448

    申请日:2009-03-11

    IPC分类号: G06F9/00 H04L9/00

    摘要: A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

    摘要翻译: 提供了分发和执行安全策略的方法和系统。 在要被保护的主机计算机系统上执行的防火墙代理接收负责执行主机计算机系统上的安全策略的执行引擎的安全策略。 安全策略具有规则,每个条件在条件满足时提供要执行的条件和操作。 规则还具有由分发系统用于识别负责执行规则的安全组件的规则类型。 为了分发在主机计算机系统上接收到的安全策略,防火墙代理将部分基于规则类型标识适用于哪个执行引擎。 防火墙代理然后将规则分发到所识别的强制引擎,然后执行该规则。

    Method and system for distributing security policies
    10.
    发明授权
    Method and system for distributing security policies 有权
    分发安全策略的方法和系统

    公开(公告)号:US07509493B2

    公开(公告)日:2009-03-24

    申请号:US10993688

    申请日:2004-11-19

    IPC分类号: G06F9/00 H04L9/00

    摘要: A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

    摘要翻译: 提供了分发和执行安全策略的方法和系统。 在要被保护的主机计算机系统上执行的防火墙代理接收负责执行主机系统上的安全策略的执行引擎的安全策略。 安全策略具有规则,每个条件在条件满足时提供要执行的条件和操作。 规则还具有由分发系统用于识别负责执行规则的安全组件的规则类型。 为了分发在主机计算机系统上接收到的安全策略,防火墙代理将部分基于规则类型标识适用于哪个执行引擎。 防火墙代理然后将规则分发到所识别的强制引擎,然后执行该规则。