公开(公告)号：US09940460B1

公开(公告)日：2018-04-10

申请号：US14975445

申请日：2015-12-18

Applicant: EMC Corporation

Inventor： Philip Derbeko ,  Assaf Natanzon ,  Yaniv Harel ,  Harel Ram ,  Yossef Saad

IPC: G06F21/56 ,  G06F11/14

CPC classification number: G06F21/568 ,  G06F11/1458

Abstract: Embodiments described herein perform cleanup of backup images of a storage system by applying a record of I/O operations recorded while performing anti-malware operations on the storage system. The recording of the I/O operations can be replayed to resolve malware infections in the backup images, snapshots, or replicas of the storage system without requiring a restore-cleanup cycle for each backup image.

公开(公告)号：US09547591B1

公开(公告)日：2017-01-17

申请号：US13630957

申请日：2012-09-28

Applicant: EMC Corporation

Inventor： Assaf Natanzon ,  Philip Derbeko ,  Anat Eyal

IPC: G06F12/08 ,  G06F3/06 ,  G06F12/10

CPC classification number: G06F12/08 ,  G06F3/06 ,  G06F9/45558 ,  G06F9/4856 ,  G06F9/4893 ,  G06F12/10 ,  G06F2009/4557 ,  G06F2009/45583 ,  Y02D10/24

Abstract: A method, computer program product, and computing system for associating a heatmap file with a multi-portion data file located on a data array. The heatmap file is configured to monitor the usage of each portion of the multi-portion data file. At least one portion of the multi-portion data file is used via a virtual machine executed on a first physical machine. The heatmap file is updated to reflect the usage of the at least one portion of the multi-portion data file.

Abstract translation: 一种用于将热图文件与位于数据阵列上的多部分数据文件相关联的方法，计算机程序产品和计算系统。 热图文件被配置为监视多部分数据文件的每个部分的使用。 通过在第一物理机器上执行的虚拟机来使用多部分数据文件的至少一部分。 更新热图文件以反映多部分数据文件的至少一部分的使用。

公开(公告)号：US09405684B1

公开(公告)日：2016-08-02

申请号：US13630678

申请日：2012-09-28

Applicant: EMC Corporation

Inventor： Philip Derbeko ,  Assaf Natanzon ,  Anat Eyal

IPC: G06F12/08 ,  G06F3/06 ,  G06F17/30

CPC classification number: G06F12/08 ,  G06F3/06 ,  G06F3/0611 ,  G06F3/0656 ,  G06F3/067 ,  G06F12/0871 ,  G06F17/30 ,  G06F17/30132 ,  G06F2212/465

Abstract: A method, computer program product, and computing system for processing, on a host, a read request for a portion of a data file stored on a backend storage system. The portion of the data file is obtained from the backend storage system. The portion of the data file is divided into a plurality of file chunks based, at least in part, upon a file type. Each of the plurality of file chunks is compared to other file chunks stored within a frontend cache system associated with the host to identify unique file chunks within the plurality of file chunks. The unique file chunks are stored within the frontend cache system.

Abstract translation: 一种用于在主机上处理存储在后端存储系统上的数据文件的一部分的读取请求的方法，计算机程序产品和计算系统。 从后端存储系统获取数据文件的一部分。 至少部分地，根据文件类型将数据文件的该部分分成多个文件块。 将多个文件块中的每一个与存储在与主机相关联的前端缓存系统中的其他文件块进行比较，以识别多个文件块中的唯一文件块。 唯一的文件块存储在前端缓存系统中。

公开(公告)号：US09286219B1

公开(公告)日：2016-03-15

申请号：US13630220

申请日：2012-09-28

Applicant: EMC Corporation

Inventor： Philip Derbeko ,  Arieh Don ,  Anat Eyal ,  Alex Veprinsky ,  Zvi Gabriel Benhanokh

IPC: G06F12/08

CPC classification number: G06F12/0811 ,  G06F12/0868 ,  G06F12/0895 ,  G06F12/126 ,  G06F2212/2022 ,  G06F2212/222 ,  G06F2212/311 ,  G06F2212/313

Abstract: A method, computer program product, and computing system for defining a portion of a frontend cache system for use as a data array cache portion. One or more cache slots included within a backend cache system are identified that are going to be overwritten with hot cache data and are currently filled with cold cache data. The cold cache data included within the one or more cache slots included within the backend cache system is written to one or more cache slots included within the data array cache portion.

Abstract translation: 一种用于定义用作数据阵列高速缓存部分的前端缓存系统的一部分的方法，计算机程序产品和计算系统。 识别后端缓存系统中包含的一个或多个缓存时隙将被热缓存数据覆盖，并且当前被冷缓存数据填充。 将包含在后端高速缓存系统中的一个或多个高速缓冲存储器槽中的冷缓存数据写入包含在数据数组高速缓存部分内的一个或多个高速缓存槽。

公开(公告)号：US10346260B1

公开(公告)日：2019-07-09

申请号：US14870116

申请日：2015-09-30

Applicant: EMC Corporation

Inventor： Assaf Natanzon ,  Philip Derbeko

IPC: G06F16/27 ,  G06F11/14 ,  G06F3/06

Abstract: A computer implemented method, system, and computer comprising intercepting an production IO at a splitter, determining if the production IO is a write IO, based on a positive determination of a write IO; replicating a copy of the write IO, based on a negative determination, determining if the production IO is a read IO and based on a positive determination of a read IO; replicating to metadata of the read IO.

公开(公告)号：US10044744B1

公开(公告)日：2018-08-07

申请号：US15138807

申请日：2016-04-26

Applicant: EMC Corporation

Inventor： Philip Derbeko ,  Yuri Manusov ,  Naomi Eskira ,  Sorin Faibish

IPC: H04L29/06

Abstract: A processing device in one embodiment comprises a processor coupled to a memory and is configured to intercept a storage communication directed over a storage channel between a potentially infected machine and an associated storage system, and to determine if the intercepted storage communication is from a security agent deployed on the potentially infected machine. If the intercepted storage communication is from the security agent, at least a portion of the communication is provided to a security system. If the intercepted storage communication is not from the security agent, the communication is forwarded to the storage system. Accordingly, the security agent is configured to communicate with the security system using storage communications sent over the storage channel in a manner that avoids detection of the security agent by malware that may be installed on the machine and configured to monitor network communications.

公开(公告)号：US10025931B1

公开(公告)日：2018-07-17

申请号：US14984317

申请日：2015-12-30

Applicant: EMC Corporation

Inventor： Assaf Natanzon ,  Philip Derbeko

IPC: G06F21/00 ,  G06F21/56 ,  G06F21/78

Abstract: Example embodiments of the present invention relate to methods, systems, and a computer program product for detecting and responding to the presence of persistently executing malware. The method includes receiving a host-level I/O log and receiving a storage-level I/O log. An analysis may be performed on the host-level I/O log and the storage-level I/O log and evidence of malware may be detected according thereto.

公开(公告)号：US09672160B1

公开(公告)日：2017-06-06

申请号：US14925658

申请日：2015-10-28

Applicant: EMC Corporation

Inventor： Philip Derbeko ,  Anat Eyal ,  Zvi Gabriel Benhanokh ,  Arieh Don ,  Orly Devor

IPC: G06F12/00 ,  G06F12/12 ,  G06F12/0891 ,  G06F12/0895

CPC classification number: G06F12/12 ,  G06F12/0246 ,  G06F12/0866 ,  G06F12/0891 ,  G06F12/0895 ,  G06F12/121 ,  G06F12/122 ,  G06F12/123 ,  G06F2212/1044 ,  G06F2212/222 ,  G06F2212/69

Abstract: A method, computer program product, and computing system for storing a plurality of frontend data chunks within a cache system. The plurality of frontend data chunks correspond to a plurality of backend data chunks stored within a data array. A device weight is determined for each of the plurality of backend data chunks. The device weight is indicative of the type of storage device upon which each of the plurality of backend data chunks is stored within the data array. A deletion score is assigned to each of the plurality of frontend data chunks. Each deletion score is based, at least in part, upon the device weight determined for its corresponding backend data chunk.

公开(公告)号：US20170093890A1

公开(公告)日：2017-03-30

申请号：US14870135

申请日：2015-09-30

Applicant: EMC Corporation

Inventor： Assaf Natanzon ,  Philip Derbeko

IPC: H04L29/06 ,  G06F11/14 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F11/1458 ,  G06F17/30575 ,  G06F2201/84

Abstract: A computer implemented method, computer program product and comprising rolling an image to a point in time in a protection window by applying write data using write metadata and examining read metadata, the write data, and the write metadata to determine if the image was accessed by an intruder.

公开(公告)号：US09244832B1

公开(公告)日：2016-01-26

申请号：US13832963

申请日：2013-03-15

Applicant: EMC Corporation

Inventor： Yulia Sherman ,  Vadim Moldavsky ,  Philip Derbeko

IPC: G06F12/02

CPC classification number: G06F12/0246 ,  G06F12/0866 ,  G06F2212/1016 ,  G06F2212/222 ,  G06F2212/601 ,  G06F2212/6012

Abstract: A computer-executable method, system, and computer program product for managing a flash cache, having modes of cache management, the computer-executable method, system, and computer program product may be enabled to optimize flash cache by using a model to determine an optimized mode for the flash cache.

Abstract translation: 可以启用用于管理具有高速缓存管理模式，计算机可执行方法，系统和计算机程序产品的闪存缓存的计算机可执行方法，系统和计算机程序产品，以通过使用模型来确定闪存高速缓存 闪存缓存的优化模式。