公开(公告)号：US20210389893A1

公开(公告)日：2021-12-16

申请号：US17461220

申请日：2021-08-30

Applicant: NetApp Inc.

Inventor： Srinivasan Narayanamurthy ,  Parag Deshmukh

IPC: G06F3/06 ,  H04L9/06 ,  G06F17/18 ,  H04L9/08 ,  G06F16/215 ,  G06F16/901 ,  G06F21/60

Abstract: Techniques are provided for deduplicating encrypted data. For example, a device has data to store in an encrypted state within a remote data store. A key is used to encrypt the data to create encrypted data. The data is hashed to create hashed data and the encrypted data is hashed to create hashed encrypted data. A probabilistic data structure of the data is generated. The key is encrypted based upon the data to create an encrypted key. The encrypted data is transmitted to the remote data store, along with metadata comprising the hashed data, the hashed encrypted data, the probabilistic data structure, and the encrypted key. The metadata may be used to implement deduplication for subsequent requests, to store data within the remote data store, with respect to the encrypted data.

公开(公告)号：US10452477B2

公开(公告)日：2019-10-22

申请号：US15248047

申请日：2016-08-26

Applicant: NetApp, Inc.

Inventor： Syed Abid Hussain ,  Srinivasan Narayanamurthy

IPC: G06F11/10 ,  H03M13/15 ,  G06F3/06 ,  H03M13/03 ,  H03M13/13 ,  H03M13/37

Abstract: A distributed storage system can use a high rate MSR erasure code to repair multiple nodes when multiple node failures occur. An encoder constructs m r-ary trees to determine the symbol arrays for the parity nodes. These symbol arrays are used to generate the parity data according to parity definitions or parity equations. The m r-ary trees are also used to identify a set of recovery rows across helper nodes for repairing a systematic node. When failed systematic nodes correspond to different ones of the m r-ary trees, a decoder may select additional recovery rows. The decoder selects additional recovery rows when the parity definitions do not provide a sufficient number of independent linear equations to solve the unknown symbols of the failed nodes. The decoder can select recovery rows contiguous to the already identified recovery rows for access efficiency.

公开(公告)号：US20160077977A1

公开(公告)日：2016-03-17

申请号：US14491750

申请日：2014-09-19

Applicant: NetApp, Inc.

Inventor： Srinivasan Narayanamurthy

IPC: G06F12/14 ,  H04L9/32

CPC classification number: H04L9/3242 ,  G06F3/06 ,  G06F21/6218 ,  G06F21/64 ,  H04L9/0891 ,  H04L9/3239 ,  H04L63/123 ,  H04L67/1097 ,  H04L2209/24

Abstract: Storage providers can securely store data and avoid data duplication with secure derivative data and offload the responsibility of generating the secure derivative data to the data owners. Initially, a data source will provide an encrypted version of data and the secure derivative data to a remote storage provider. The secure derivative data can include a hash of the data, a hash of the encrypted version of the data, a hash tree generated from the data, and an encrypted version of the key used to encrypt the data. When the remote storage provider later receives a request to store the same data, the remote storage provider uses the secure derivative data for secure proofs of storage and for proof of data possession.

Abstract translation: 存储提供商可以安全地存储数据，避免数据与安全的衍生数据重复，并将生成安全派生数据的责任卸载给数据所有者。 最初，数据源将向远程存储提供商提供数据的加密版本和安全派生数据。 安全派生数据可以包括数据的散列，数据的加密版本的散列，从数据生成的散列树，以及用于加密数据的密钥的加密版本。 当远程存储提供商稍后接收到存储相同数据的请求时，远程存储提供商使用安全派生数据进行安全的存储证明和数据拥有证明。

公开(公告)号：US11210007B2

公开(公告)日：2021-12-28

申请号：US16386803

申请日：2019-04-17

Applicant: NetApp Inc.

Inventor： Srinivasan Narayanamurthy ,  Parag Deshmukh

IPC: G06F17/00 ,  G06F3/06 ,  H04L9/06 ,  G06F17/18 ,  H04L9/08 ,  G06F16/215 ,  G06F16/901 ,  G06F21/60

Abstract: Techniques are provided for deduplicating encrypted data. For example, a device has data to store in an encrypted state within a remote data store. A key is used to encrypt the data to create encrypted data. The data is hashed to create hashed data and the encrypted data is hashed to create hashed encrypted data. A probabilistic data structure of the data is generated. The key is encrypted based upon the data to create an encrypted key. The encrypted data is transmitted to the remote data store, along with metadata comprising the hashed data, the hashed encrypted data, the probabilistic data structure, and the encrypted key. The metadata may be used to implement deduplication for subsequent requests, to store data within the remote data store, with respect to the encrypted data.

公开(公告)号：US09946716B2

公开(公告)日：2018-04-17

申请号：US15097034

申请日：2016-04-12

Applicant: NETAPP, INC.

Inventor： Gaurav Makkar ,  Srinivasan Narayanamurthy ,  Kartheek Muthyala

IPC: G06F7/02 ,  G06F17/30

CPC classification number: G06F17/30088 ,  G06F17/302 ,  G06F17/30203 ,  G06F17/30212 ,  G06F17/30312 ,  G06F17/30327

Abstract: Technology is disclosed for managing data in a distributed file system (“the technology”). The technology can gather metadata information associated with the data stored within the distributed file system, create a secondary namespace within a local file system of a local host using the gathered metadata information and store the gathered metadata information as files within the secondary namespace. Further, when a request to create a PPI of the distributed file system is received, the technology can create a PPI of the secondary namespace using a PPI creation feature of the local file system.

公开(公告)号：US09336219B2

公开(公告)日：2016-05-10

申请号：US14195752

申请日：2014-03-03

Applicant: NetApp, Inc.

Inventor： Gaurav Makkar ,  Srinivasan Narayanamurthy ,  Kartheek Muthyala

IPC: G06F7/02 ,  G06F17/30

CPC classification number: G06F17/30088 ,  G06F17/302 ,  G06F17/30203 ,  G06F17/30212 ,  G06F17/30312 ,  G06F17/30327

Abstract: Technology is disclosed for managing data in a distributed file system (“the technology”). The technology can gather metadata information associated with the data stored within the distributed file system, create a secondary namespace within a local file system of a local host using the gathered metadata information and store the gathered metadata information as files within the secondary namespace. Further, when a request to create a PPI of the distributed file system is received, the technology can create a PPI of the secondary namespace using a PPI creation feature of the local file system.

Abstract translation: 公开了用于管理分布式文件系统（“技术”）中的数据的技术。 该技术可以收集与分布式文件系统中存储的数据相关联的元数据信息，使用收集的元数据信息在本地主机的本地文件系统内创建辅助命名空间，并将收集的元数据信息作为文件存储在辅助命名空间中。 此外，当接收到创建分布式文件系统的PPI的请求时，该技术可以使用本地文件系统的PPI创建特征来创建二级命名空间的PPI。

公开(公告)号：US20160062694A1

公开(公告)日：2016-03-03

申请号：US14939760

申请日：2015-11-12

Applicant: NetApp, Inc.

Inventor： Gaurav Makkar ,  Srinivasan Narayanamurthy ,  Kartheek Muthyala ,  Stephen Daniel

IPC: G06F3/06

CPC classification number: G06F3/0629 ,  G06F3/0604 ,  G06F3/061 ,  G06F3/064 ,  G06F3/0643 ,  G06F3/067 ,  G06F3/0689 ,  G06F17/30165

Abstract: Embodiments described herein provide an object store that efficiently manages and services objects for use by clients of a distributed data processing system. Illustratively, the object store may be embodied as a quasi-shared storage system that interacts with nodes of the distributed data processing system to service the objects as blocks of data stored on a plurality of storage devices, such as disks, of the storage system. To that end, an architecture of the object store may include an on-disk layout, e.g., of the storage system, and an incore layout, e.g., of the nodes, that cooperate to illustratively convert the blocks to objects for access by the clients.

Abstract translation: 本文描述的实施例提供了有效地管理和服务对象以供分布式数据处理系统的客户端使用的对象存储。 示例性地，对象存储可以被体现为准共享存储系统，其与分布式数据处理系统的节点进行交互，以将对象作为存储在存储系统的多个存储设备（例如磁盘）上的数据块。 为此，对象商店的架构可以包括例如存储系统的磁盘布局，以及诸如节点之类的布局布局，这些布局协作以示意性地将块转换为对象以供客户端访问 。

公开(公告)号：US11106375B2

公开(公告)日：2021-08-31

申请号：US16374787

申请日：2019-04-04

Applicant: NetApp Inc.

Inventor： Srinivasan Narayanamurthy ,  Parag Deshmukh

IPC: G06F17/00 ,  G06F3/06 ,  H04L9/06 ,  G06F17/18 ,  H04L9/08 ,  G06F16/215 ,  G06F16/901 ,  G06F21/60

Abstract: Techniques are provided for deduplicating encrypted data. For example, a device has data to store in an encrypted state within a remote data store. A key is used to encrypt the data to create encrypted data. The data is hashed to create hashed data and the encrypted data is hashed to create hashed encrypted data. A probabilistic data structure of the data is generated. The key is encrypted based upon the data to create an encrypted key. The encrypted data is transmitted to the remote data store, along with metadata comprising the hashed data, the hashed encrypted data, the probabilistic data structure, and the encrypted key. The metadata may be used to implement deduplication for subsequent requests, to store data within the remote data store, with respect to the encrypted data.

公开(公告)号：US20200319810A1

公开(公告)日：2020-10-08

申请号：US16386803

申请日：2019-04-17

Applicant: NetApp Inc.

Inventor： Srinivasan Narayanamurthy ,  Parag Deshmukh

IPC: G06F3/06 ,  H04L9/06 ,  H04L9/08 ,  G06F17/18

Abstract: Techniques are provided for deduplicating encrypted data. For example, a device has data to store in an encrypted state within a remote data store. A key is used to encrypt the data to create encrypted data. The data is hashed to create hashed data and the encrypted data is hashed to create hashed encrypted data. A probabilistic data structure of the data is generated. The key is encrypted based upon the data to create an encrypted key. The encrypted data is transmitted to the remote data store, along with metadata comprising the hashed data, the hashed encrypted data, the probabilistic data structure, and the encrypted key. The metadata may be used to implement deduplication for subsequent requests, to store data within the remote data store, with respect to the encrypted data.

公开(公告)号：US20200293212A1

公开(公告)日：2020-09-17

申请号：US16354562

申请日：2019-03-15

Applicant: NetApp Inc.

Inventor： Srinivasan Narayanamurthy ,  Dnyaneshwar Nagorao Pawar ,  Jagadish Vasudeva ,  Parag Deshmukh ,  Siddhartha Nandi

IPC: G06F3/06 ,  H04L9/08

Abstract: Techniques are provided for aggregate inline deduplication and volume granularity encryption. For example, data that is exclusive to a volume of a tenant is encrypted using an exclusive encryption key accessible to the tenant. The exclusive encryption key of that tenant is inaccessible to other tenants. Shared data that has been deduplicated and shared between the volume and another volume of a different tenant is encrypted using a shared encryption key of the volume. The shared encryption key is made available to other tenants. In this way, data can be deduplicated across multiple volumes of different tenants of a storage environment, while maintaining security and data privacy at a volume level.