公开(公告)号：US20220214813A1

公开(公告)日：2022-07-07

申请号：US17143358

申请日：2021-01-07

Applicant: EMC IP Holding Company LLC

Inventor： Boris Giterman ,  Yaniv Sagron ,  Arieh Don

IPC: G06F3/06 ,  G06F21/57

Abstract: A storage system comprises a plurality of storage devices, and is configured to establish a production drive group comprising a first subset of the storage devices, using a first firmware-level configuration process, and to establish a stealth drive group comprising a second subset of the storage devices, using a second firmware-level configuration process, the storage devices of the stealth drive group thereby being separated at a firmware level of the storage system from the storage devices of the production drive group. The storage system is further configured to copy data of one or more logical storage volumes from the production drive group to the stealth drive group, and responsive to completion of the copying of the data of the one or more logical storage volumes from the production drive group to the stealth drive group, to initiate a firmware-level reconfiguration process for the storage devices of the stealth drive group.

公开(公告)号：US11651066B2

公开(公告)日：2023-05-16

申请号：US17143560

申请日：2021-01-07

Applicant: EMC IP Holding Company LLC

Inventor： Efi Levi ,  Boris Giterman ,  Arieh Don

IPC: G06F21/45 ,  G06F1/12 ,  H04L9/40 ,  H04L67/10

CPC classification number: G06F21/45 ,  G06F1/12 ,  H04L63/0846 ,  H04L67/10

Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.

公开(公告)号：US20220138352A1

公开(公告)日：2022-05-05

申请号：US17089801

申请日：2020-11-05

Applicant: EMC IP Holding Company LLC

Inventor： Tomer Shachar ,  Maxim Balin ,  Yevgeni Gehtman ,  Boris Giterman

IPC: G06F21/78 ,  G06F21/60 ,  G06F21/62 ,  G06F3/06

Abstract: Techniques are provided for multi-cloud data protection using threshold-based file reconstruction. One method comprises obtaining a file comprising metadata and data for storage in a cloud environment; generating a plurality of encrypted file portions from the data; and uploading each of the encrypted file portions with the metadata as cloud objects to multiple different cloud environments. A threshold number of the encrypted file portions are needed from at least two different cloud environments to reconstruct the file. For file reconstruction, the threshold number of encrypted file portions can be validated, merged and decrypted.

公开(公告)号：US12229326B2

公开(公告)日：2025-02-18

申请号：US17089801

申请日：2020-11-05

Applicant: EMC IP Holding Company LLC

Inventor： Tomer Shachar ,  Maxim Balin ,  Yevgeni Gehtman ,  Boris Giterman

IPC: G06F21/78 ,  G06F3/06 ,  G06F21/60 ,  G06F21/62

Abstract: Techniques are provided for multi-cloud data protection using threshold-based file reconstruction. One method comprises obtaining a file comprising metadata and data for storage in a cloud environment; generating a plurality of encrypted file portions from the data; and uploading each of the encrypted file portions with the metadata as cloud objects to multiple different cloud environments. A threshold number of the encrypted file portions are needed from at least two different cloud environments to reconstruct the file. For file reconstruction, the threshold number of encrypted file portions can be validated, merged and decrypted.

公开(公告)号：US20220070190A1

公开(公告)日：2022-03-03

申请号：US17006070

申请日：2020-08-28

Applicant: EMC IP Holding Company LLC

Inventor： Boris Giterman ,  Arieh Don

IPC: H04L29/06 ,  G06F13/42 ,  G06N20/00

Abstract: An apparatus comprises at least one processing device that includes a processor and a memory coupled to the processor. The at least one processing device is configured to receive storage access protocol commands directed by one or more host devices to storage devices of a storage system over a storage area network, to generate statistics relating to the received storage access protocol commands, to process the generated statistics in a machine learning system trained to recognize anomalous access patterns to the storage devices over the storage area network, and to generate an alert indicative of an access anomaly based at least in part on the processing of the generated statistics in the machine learning system. A multi-path input-output (MPIO) driver of the one or more host devices may be provided with the alert and configured to initiate one or more remediation actions responsive to the alert.

公开(公告)号：US11916938B2

公开(公告)日：2024-02-27

申请号：US17006070

申请日：2020-08-28

Applicant: EMC IP Holding Company LLC

Inventor： Boris Giterman ,  Arieh Don

IPC: H04L9/40 ,  G06N20/00 ,  G06F13/42

CPC classification number: H04L63/1425 ,  G06F13/4221 ,  G06N20/00 ,  G06F2213/0036

Abstract: An apparatus comprises at least one processing device that includes a processor and a memory coupled to the processor. The at least one processing device is configured to receive storage access protocol commands directed by one or more host devices to storage devices of a storage system over a storage area network, to generate statistics relating to the received storage access protocol commands, to process the generated statistics in a machine learning system trained to recognize anomalous access patterns to the storage devices over the storage area network, and to generate an alert indicative of an access anomaly based at least in part on the processing of the generated statistics in the machine learning system. A multi-path input-output (MPIO) driver of the one or more host devices may be provided with the alert and configured to initiate one or more remediation actions responsive to the alert.

公开(公告)号：US11893259B2

公开(公告)日：2024-02-06

申请号：US17143358

申请日：2021-01-07

Applicant: EMC IP Holding Company LLC

Inventor： Boris Giterman ,  Yaniv Sagron ,  Arieh Don

IPC: G06F3/06 ,  G06F21/57

CPC classification number: G06F3/065 ,  G06F3/0635 ,  G06F3/0689 ,  G06F21/572 ,  G06F3/0604

Abstract: A storage system comprises a plurality of storage devices, and is configured to establish a production drive group comprising a first subset of the storage devices, using a first firmware-level configuration process, and to establish a stealth drive group comprising a second subset of the storage devices, using a second firmware-level configuration process, the storage devices of the stealth drive group thereby being separated at a firmware level of the storage system from the storage devices of the production drive group. The storage system is further configured to copy data of one or more logical storage volumes from the production drive group to the stealth drive group, and responsive to completion of the copying of the data of the one or more logical storage volumes from the production drive group to the stealth drive group, to initiate a firmware-level reconfiguration process for the storage devices of the stealth drive group.

公开(公告)号：US20220215084A1

公开(公告)日：2022-07-07

申请号：US17143560

申请日：2021-01-07

Applicant: EMC IP Holding Company LLC

Inventor： Efi Levi ,  Boris Giterman ,  Arieh Don

IPC: G06F21/45 ,  H04L29/06 ,  G06F1/12

Abstract: An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to generate a plurality of authentication tokens over time utilizing seed information of the host device, and for each of one or more of the input-output operations, to incorporate a particular one of the authentication tokens into the input-output operation, to send the input-output operation to the storage system, and to receive an indication from the storage system, responsive to the input-output operation sent to the storage system, as to whether or not the authentication token incorporated into the input-output operation matches a corresponding authentication token generated by the storage system. The at least one processing device illustratively comprises at least a portion of the host device.