公开(公告)号：US08954406B2

公开(公告)日：2015-02-10

申请号：US14138680

申请日：2013-12-23

Applicant: Hitachi Data Systems Corporation

Inventor： Andres Rodriguez ,  Jack A. Orenstein ,  David M. Shaw ,  Benjamin K. D. Bernhard

IPC: G06F17/30 ,  G06F11/14

CPC classification number: G06F17/30289 ,  G06F11/1469 ,  G06F17/30073 ,  G06F17/30082 ,  G06F17/30117 ,  G06F17/30188 ,  G06F17/30197 ,  G06F17/30221 ,  Y10S707/99932 ,  Y10S707/99944 ,  Y10S707/99956

Abstract: An archive cluster application runs across a redundant array of independent nodes. Each node runs an archive cluster application instance comprising a set of software processes: a request manager, a storage manager, a metadata manager, and a policy manager. The request manager manages requests for data, the storage manager manages data read/write functions, and the metadata manager facilitates metadata transactions and recovery. The policy manager implements policies, which are operations that determine the behavior of an “archive object” within the cluster. The archive cluster application provides object-based storage. It associates metadata and policies with the raw archived data, which together comprise an archive object. Object policies govern the object's behavior in the archive. The archive manages itself independently of client applications, acting automatically to ensure that object policies are valid.

Abstract translation: 归档集群应用程序跨独立节点的冗余阵列运行。 每个节点运行包含一组软件过程的归档集群应用程序实例：请求管理器，存储管理器，元数据管理器和策略管理器。 请求管理器管理数据请求，存储管理器管理数据读/写功能，元数据管理器便于元数据事务和恢复。 策略管理器实现策略，这些策略是确定集群中“归档对象”的行为的操作。 归档集群应用程序提供基于对象的存储。 它将元数据和策略与原始归档数据相关联，这些数据共同构成归档对象。 对象策略管理对象在归档中的行为。 归档管理自身独立于客户端应用程序，自动执行以确保对象策略有效。

公开(公告)号：US20140181055A1

公开(公告)日：2014-06-26

申请号：US14138680

申请日：2013-12-23

Applicant: Hitachi Data Systems Corporation

Inventor： Andres Rodriguez ,  Jack A. Orenstein ,  David M. Shaw ,  Benjamin K.D. Bernhard

IPC: G06F17/30

CPC classification number: G06F17/30289 ,  G06F11/1469 ,  G06F17/30073 ,  G06F17/30082 ,  G06F17/30117 ,  G06F17/30188 ,  G06F17/30197 ,  G06F17/30221 ,  Y10S707/99932 ,  Y10S707/99944 ,  Y10S707/99956

Abstract: An archive cluster application runs across a redundant array of independent nodes. Each node runs an archive cluster application instance comprising a set of software processes: a request manager, a storage manager, a metadata manager, and a policy manager. The request manager manages requests for data, the storage manager manages data read/write functions, and the metadata manager facilitates metadata transactions and recovery. The policy manager implements policies, which are operations that determine the behavior of an “archive object” within the cluster. The archive cluster application provides object-based storage. It associates metadata and policies with the raw archived data, which together comprise an archive object. Object policies govern the object's behavior in the archive. The archive manages itself independently of client applications, acting automatically to ensure that object policies are valid.

公开(公告)号：US09143485B2

公开(公告)日：2015-09-22

申请号：US13908002

申请日：2013-06-03

Applicant: Hitachi Data Systems Corporation

Inventor： David M. Shaw

IPC: H04L29/06 ,  H04L9/08 ,  G11B20/00

CPC classification number: H04L63/0428 ,  G06F21/6218 ,  G06F21/79 ,  G11B20/00086 ,  G11B2220/41 ,  H04L9/085 ,  H04L9/0897 ,  H04L63/0414 ,  H04L63/062 ,  H04L2209/60

Abstract: A storage cluster of symmetric nodes includes a data privacy scheme that implements key management through secret sharing. The protection scheme preferably is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen. Due to the secret sharing, any t of the n nodes must be present before the cluster can mount the drives. To un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.

Abstract translation: 对称节点的存储集群包括通过秘密共享实现密钥管理的数据隐私方案。 保护方案优选在安装时实现。 在安装时，将生成一个加密密钥，将其分割，并将组成部分写入相应的归档节点。 钥匙不是写入驱动器，以确保它不能被盗。 由于秘密共享，在集群可以安装驱动器之前，n个节点中的任何一个都必须存在。 要解开共享密钥，一个进程在集群启动之前运行。 它联系尽可能多的节点以尝试达到足够的t值。 一旦这样做，该进程将取消共享秘密，并在本地安装驱动器。 给定双向通信，这种安装在所有t节点上同时发生或多或少地出现。 安装驱动器后，集群可以正常继续启动。

公开(公告)号：US20130339738A1

公开(公告)日：2013-12-19

申请号：US13908002

申请日：2013-06-03

Applicant: Hitachi Data Systems Corporation

Inventor： David M. Shaw

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  G06F21/6218 ,  G06F21/79 ,  G11B20/00086 ,  G11B2220/41 ,  H04L9/085 ,  H04L9/0897 ,  H04L63/0414 ,  H04L63/062 ,  H04L2209/60

Abstract: A storage cluster of symmetric nodes includes a data privacy scheme that implements key management through secret sharing. The protection scheme preferably is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen. Due to the secret sharing, any t of the n nodes must be present before the cluster can mount the drives. To un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.

公开(公告)号：US09794232B2

公开(公告)日：2017-10-17

申请号：US14812297

申请日：2015-07-29

Applicant: HITACHI DATA SYSTEMS CORPORATION

Inventor： David M. Shaw

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/62 ,  G06F21/79 ,  G11B20/00

CPC classification number: H04L63/0428 ,  G06F21/6218 ,  G06F21/79 ,  G11B20/00086 ,  G11B2220/41 ,  H04L9/085 ,  H04L9/0897 ,  H04L63/0414 ,  H04L63/062 ,  H04L2209/60

Abstract: A storage cluster of symmetric nodes includes a data privacy scheme that implements key management through secret sharing. The protection scheme preferably is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen. Due to the secret sharing, any t of the n nodes must be present before the cluster can mount the drives. To un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.