公开(公告)号：US20170318093A1

公开(公告)日：2017-11-02

申请号：US15142305

申请日：2016-04-29

Applicant: NetApp, Inc.

Inventor： Mark Muhlestein ,  Chinmoy Dey

IPC: H04L29/08 ,  H04L12/24

CPC classification number: H04L67/1097 ,  H04L41/0604 ,  H04L67/06

Abstract: Systems, devices, methods, and computer program products are provided for implementing customizable notification filters within a storage system to fine tune the types of storage access notifications that are transmitted to external computing agents. A storage system receives a set of notification rules from a partner computing system. The set of notification rules define a notification filter that specify which of a plurality of storage access requests from one or more client computing devices to forward to the partner computing system. The storage system stores the notification filter within a notification filter repository accessible by the storage system. Upon receiving a storage access request from an external client computing system, the storage system compares the storage access request against the notification filter to transmit a notification regarding the storage access request to the partner computing system or allow the storage access request without requiring transmission of notification.

公开(公告)号：US20160241572A1

公开(公告)日：2016-08-18

申请号：US14620711

申请日：2015-02-12

Applicant: NETAPP, INC.

Inventor： Mark Muhlestein ,  Rajesh Jaiswal ,  Sunil Bhargo ,  Mankawaldeep Singh

IPC: H04L29/06

CPC classification number: H04L63/145 ,  G06F21/57

Abstract: Techniques for maintaining dynamic configuration information of a multi-host off-cluster service on a cluster are described. An apparatus may comprise a dynamic configuration validation service component to execute to execute a dynamic configuration validation service for scanning files in a cluster of nodes. The dynamic configuration validation service component operative to validate a scanner version for each one of multiple scanners for scanning a file in a cluster of nodes, maintain the scanner version in a list of valid scanner versions for the multiple scanners, and scan the file by one of the one of multiple scanners having the scanner version contained in the list of the valid scanner versions.

Abstract translation: 描述了在群集上维护多主机离群外服务的动态配置信息的技术。 一种装置可以包括动态配置验证服务组件来执行以执行用于扫描节点簇中的文件的动态配置验证服务。 动态配置验证服务组件可用于验证多个扫描仪中的每一个扫描器的扫描仪版本，以扫描节点群集中的文件，将扫描仪版本保留在多个扫描仪的有效扫描器版本列表中，并将文件扫描一个 具有扫描器版本的多个扫描仪之一包含在有效扫描器版本的列表中。

公开(公告)号：US20160139845A1

公开(公告)日：2016-05-19

申请号：US14550276

申请日：2014-11-21

Applicant: NetApp Inc.

Inventor： Mark Muhlestein ,  Amit Aggarwal ,  Amrutha KS

IPC: G06F3/06

Abstract: One or more techniques and/or systems are provided for implementing storage level access control for data grouping structures. For example, a storage level access guard may be defined for a data grouping structure (e.g., a Qtree, a portion of a volume, etc.) of a storage device. The storage level access guard may be defined at a storage level of the storage device such that clients and/or certain administrators such as domain administrators may be restricted from accessing and/or changing the storage level access guard, which may increase data security. A hidden and unmodifiable property may be applied to the storage level access guard, which may be stored in a directory associated with the data grouping structure so that a logical replication of the data grouping structure may also replicate the storage level access guard.

Abstract translation: 提供一个或多个技术和/或系统用于实现数据分组结构的存储级访问控制。 例如，可以为存储设备的数据分组结构（例如，Qtree，卷的一部分等）定义存储级访问保护。 可以在存储设备的存储级别定义存储级别访问保护，使得可以限制客户端和/或诸如域管理员的某些管理员访问和/或改变存储级别访问保护，这可能增加数据安全性。 可以将隐藏和不可修改的属性应用于存储级访问保护，存储级别访问保护可以存储在与数据分组结构相关联的目录中，使得数据分组结构的逻辑复制也可以复制存储级访问保护。

公开(公告)号：US20170316222A1

公开(公告)日：2017-11-02

申请号：US15142444

申请日：2016-04-29

Applicant: NetApp, Inc.

Inventor： Mark Muhlestein ,  Chinmoy Dey

IPC: G06F21/62 ,  G06F17/30

CPC classification number: G06F21/6218 ,  G06F16/122 ,  G06F16/13 ,  G06F16/16

Abstract: Systems, devices, methods, and computer program products are provided for temporarily implementing storage access policies within a storage system on behalf of an external computing agent while the external computing agent is offline or otherwise unable to receive and process storage access requests. A storage system receives a set of storage rules from a partner computing system. The set of storage rules define a storage access policy that allows specific users or user groups to perform storage access operations within a file system hosted by the storage system. The set of storage rules also include a time to live (TTL) instruction defining a period of time for which to enable the storage access policy. Upon receiving a storage access request from an external client computing system, the storage system compares the storage access request against the storage access policy to allow or deny the storage access request.

公开(公告)号：US20170315934A1

公开(公告)日：2017-11-02

申请号：US15142217

申请日：2016-04-29

Applicant: NetApp, Inc.

Inventor： Mark Muhlestein ,  Chinmoy Dey

IPC: G06F12/14 ,  G06F3/06

CPC classification number: G06F3/0622 ,  G06F3/0637 ,  G06F3/0659 ,  G06F3/067 ,  G06F21/604

Abstract: Systems, devices, methods, and computer program products are provided for implementing storage access policies within a storage system on behalf of external computing agents. A storage system receives a set of storage rules from a partner computing system. The set of storage rules define a storage access policy that allows specific users or user groups to perform storage access operations within a file system hosted by the storage system. The storage system stores the storage access policy on behalf of the partner computing system. Upon receiving a storage access request from an external client computing system, the storage system compares the storage access request against the storage access policy to allow the storage access request or transmit an event notification of the storage access request to the partner computing system.

公开(公告)号：US20150381727A1

公开(公告)日：2015-12-31

申请号：US14319495

申请日：2014-06-30

Applicant: NetApp Inc.

Inventor： Mark Muhlestein ,  Chinmoy Dey ,  Mankawaldeep Singh

IPC: H04L29/08 ,  G06F17/30

CPC classification number: H04L67/1097 ,  G06F16/122 ,  H04L67/1095

Abstract: One or more techniques and/or systems are provided for storage functionality rule implementation on behalf of external client agents. For example, a network storage controller may be configured to perform storage operations on behalf of clients, such as providing read/write access to storage devices. The network storage controller may receive a storage functionality rule (e.g., a rule that tracing is to be enabled for write operations by user (B)) from an external client agent hosted on a client device. Responsive to identify a storage operation context that corresponds to the storage functionality rule (e.g., user (B) may attempt to perform a write operation), the network storage controller may implement the storage functionality rule for the storage operation context on behalf of the external client agent. In this way, network bandwidth and/or processing latency otherwise associated with obtaining storage operation processing instructions from the external client agent may be mitigated.

Abstract translation: 提供代表外部客户端代理的存储功能规则实现的一个或多个技术和/或系统。 例如，网络存储控制器可以被配置为代表客户端执行存储操作，诸如向存储设备提供读/写访问。 网络存储控制器可以从托管在客户端设备上的外部客户端代理接收存储功能规则（例如，跟踪被启用以用于用户（B）的写入操作的规则）。 响应于识别对应于存储功能规则（例如，用户（B）可能尝试执行写入操作）的存储操作上下文，网络存储控制器可以代表外部实现存储操作上下文的存储功能规则 客户代理。 以这种方式，可以减轻与外部客户端代理获得存储操作处理指令相关联的网络带宽和/或处理延迟。

公开(公告)号：US20150261811A1

公开(公告)日：2015-09-17

申请号：US14212752

申请日：2014-03-14

Applicant: NETAPP, INC.

Inventor： Mark Muhlestein

IPC: G06F17/30

CPC classification number: G06F16/137 ,  G06F16/2358

Abstract: Methods and system for determining if a data container has been modified are provided. A first data container signature and a second data signature are generated by a storage operating system based on metadata information for the data container. The second data container signature is compared with the first data container signature to determine if the data container has been modified since the first data container signature was generated.

Abstract translation: 提供了用于确定数据容器是否已被修改的方法和系统。 第一数据容器签名和第二数据签名由存储操作系统基于数据容器的元数据信息生成。 将第二数据容器签名与第一数据容器签名进行比较，以确定自生成第一个数据容器签名以来数据容器是否已被修改。

公开(公告)号：US20140259123A1

公开(公告)日：2014-09-11

申请号：US14286645

申请日：2014-05-23

Applicant: NetApp, Inc.

Inventor： Thomas D. Haynes ,  Mark Muhlestein ,  David B. Noveck

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F3/067 ,  G06F16/13

Abstract: A request is received, by a storage server, to access a resource based on a filehandle for the resource. A determination is made of whether an entry of a plurality of entries in an exports table has a filehandle that matches the filehandle for the resource. The entry includes a physical path of the resource that is different than an advertised path of the resource, in response to the filehandle in the entry retrieved using the physical path. In response to determining that the filehandle in the entry matches the filehandle for the resource, a determination is made of whether a pathname in the entry matches a pathname for the resource. In response to determining that the pathname in the entry matches the pathname for the resource, a determination is made of whether the client has permission to access the resource. The request to access the resource is executed.

Abstract translation: 由存储服务器接收到基于资源的文件句柄访问资源的请求。 确定导出表中的多个条目的条目是否具有与资源的文件句柄匹配的文件句柄。 响应于使用物理路径检索的条目中的文件句柄，条目包括与资源的通告路径不同的资源的物理路径。 响应于确定条目中的文件句柄与资源的文件句柄匹配，确定条目中的路径名是否与资源的路径名匹配。 响应于确定条目中的路径名与资源的路径名匹配，确定客户端是否具有访问资源的权限。 执行访问资源的请求。

公开(公告)号：US09832224B2

公开(公告)日：2017-11-28

申请号：US14728564

申请日：2015-06-02

Applicant: NETAPP, INC.

Inventor： Kumar Murugesan ,  Mankawal Deep Singh ,  Mark Muhlestein

IPC: G06F11/00 ,  H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1425

Abstract: Techniques for dynamic throttling of scan requests for multiple scanners in a cluster of nodes are described. An apparatus may comprise a dynamic throttling service component for executing the dynamic throttling of scan requests for the multiple scanners in the cluster of nodes. The dynamic throttling service component operative to estimate, by the scanner proxy, a resource limit count value representative of resource capacity for servicing scan requests for each one of the multiple scanners in the cluster of nodes; detect a first scan request exceeds the resource limit count value for a first scanner; dynamically throttle each subsequent scan request for the first scanner in response to the first scan request exceeding the resource limit count value; and revise the resource limit count value, by the scanner proxy, for the first scanner.

公开(公告)号：US10558375B2

公开(公告)日：2020-02-11

申请号：US14550276

申请日：2014-11-21

Applicant: NetApp Inc.

Inventor： Mark Muhlestein ,  Amit Aggarwal ,  Amrutha Ks

IPC: G06F3/06

Abstract: One or more techniques and/or systems are provided for implementing storage level access control for data grouping structures. For example, a storage level access guard may be defined for a data grouping structure (e.g., a Qtree, a portion of a volume, etc.) of a storage device. The storage level access guard may be defined at a storage level of the storage device such that clients and/or certain administrators such as domain administrators may be restricted from accessing and/or changing the storage level access guard, which may increase data security. A hidden and unmodifiable property may be applied to the storage level access guard, which may be stored in a directory associated with the data grouping structure so that a logical replication of the data grouping structure may also replicate the storage level access guard.