摘要:
A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network, the secure data storage network including a plurality of secure data paths between the primary secure storage appliance and a client device and a plurality of secure data paths between the secure storage appliance and a plurality of storage systems, the volume corresponding to physical storage at each of the plurality of storage systems. The method also includes detecting a connectivity problem on at least one of the secure data paths. The method further includes assessing whether to reassign the volume to a different secure storage appliance based upon the connectivity problem.
摘要:
Methods and systems for presenting a virtual disk to a client device are disclosed. One method includes receiving client credentials from a client device, the client credentials including a client identifier. The method also includes authenticating the client device at a secure storage device. The method further includes determining a volume is associated with the client device based upon the client identifier, the volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices. The method also includes, upon determining the volume is associated with the client device, presenting the volume to the client device.
摘要:
A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.
摘要:
Methods and systems of presenting data in a secure data storage network are disclosed. One method includes defining a plurality of communities of interest, each community of interest capable of accessing data stored in a secure data storage network and including a plurality of users desiring access to a common set of data, wherein each of the plurality of communities of interest has a set of security rights. The method also includes associating each of the plurality of communities of interest with a different workgroup key. The method further includes, upon identification of a client device as associated with a user from among the plurality of users in a community of interest, presenting a virtual disk to the client device in accordance with the security rights, the virtual disk associated with the workgroup key associated with the community of interest and a volume containing the common set of data to the community of interest, the volume including a plurality of shares stored on a plurality of physical storage devices.
摘要:
Methods and systems for administrative management of a secure data storage network are disclosed. One system includes a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings, wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings, and the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user.
摘要:
A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.
摘要:
A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk. For security, the secondary data blocks are stored at geographically-distributed locations. The secure storage appliance is also capable of executing program instructions configured to reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client.
摘要:
Methods and systems for securing data in a data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices. The method further includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks, and cryptographically splitting the session key into a plurality of session key fragments. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares, and encrypting each of the plurality of session key fragments with a workgroup key associated with a source of the block of data.
摘要:
Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.
摘要:
Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.