Abstract:
A tenant's clear text data in a multi-tenant storage system can be encrypted using the tenant's cryptographic key to produce encrypted yet compressible data (“cryptographic data”). The cryptographic data can be encrypted using a system cryptographic key that is managed by the multi-tenant storage system and then stored. Use of the system cryptographic key allows for subsequent maintenance activities such as deduplication and compression to be performed on data stored in the multi-tenant storage system without having to access any of the tenants' cryptographic keys.
Abstract:
Distributed storage system and method for transmitting storage-related messages between host computers in a distributed storage system uses a handshake operation of a first-type communication connection between a source data transport daemon of a source host computer and a target data transport daemon of a target host computer to derive a symmetric key at each of the source and target data transport daemons. The two symmetric keys are sent to a source data transport manager of the source host computer and to a target data transport manager of the target host computer. The source and target data transport managers then use the same symmetric keys to encrypt and decrypt storage-related messages that are transmitted from the source data transport manager to the target data transport manager through multiple second-type communication connections between the source and target data transport managers.
Abstract:
A multi-tenant storage system can store clear text data and associated clear text checksum received from a storage tenant using their associated cryptographic key (“cryptokey”). When the clear text data is compressible, cryptographic data (“cryptodata”) is generated from a concatenation of the clear text checksum and compressed clear text data using the cryptokey. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. When the clear text data is uncompressible, cryptographic data (“cryptodata”) is generated by encrypting the clear text data using the cryptokey with an extra verification step to make sure the clear text checksum can be rebuilt during the read request. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. The cryptodata and associated cryptochecksum are stored in the multi-tenant storage system, so that repairs to damaged cryptodata can be made using the associated cryptochecksum.
Abstract:
A multi-tenant storage system can store clear text data and associated clear text checksum received from a storage tenant using their associated cryptographic key (“cryptokey”). When the clear text data is compressible, cryptographic data (“cryptodata”) is generated from a concatenation of the clear text checksum and compressed clear text data using the cryptokey. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. When the clear text data is uncompressible, cryptographic data (“cryptodata”) is generated by encrypting the clear text data using the cryptokey with an extra verification step to make sure the clear text checksum can be rebuilt during the read request. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. The cryptodata and associated cryptochecksum are stored in the multi-tenant storage system, so that repairs to damaged cryptodata can be made using the associated cryptochecksum.
Abstract:
Systems and methods for managing Software-as-a-Service (SaaS) provided by a virtual machine are described. The system may include a management application, and may receive a feature package from the virtual machine. The feature package may be associated with a function supported by the virtual machine. The system may integrate the feature package into the management application, and transmit a first command to the virtual machine for executing the function at the virtual machine. The first command may be generated by the management application based on the feature package.
Abstract:
A tenant's clear text data in a multi-tenant storage system can be encrypted using the tenant's cryptographic key to produce encrypted yet compressible data (“cryptographic data”). The cryptographic data can be encrypted using a system cryptographic key that is managed by the multi-tenant storage system and then stored. Use of the system cryptographic key allows for subsequent maintenance activities such as deduplication and compression to be performed on data stored in the multi-tenant storage system without having to access any of the tenants' cryptographic keys.
Abstract:
Systems and methods for managing Software-as-a-Service (SaaS) provided by a virtual machine are described. The system may include a management application, and may receive a feature package from the virtual machine. The feature package may be associated with a function supported by the virtual machine. The system may integrate the feature package into the management application, and transmit a first command to the virtual machine for executing the function at the virtual machine. The first command may be generated by the management application based on the feature package.
Abstract:
Systems and methods for managing Software-as-a-Service (SaaS) provided by a virtual machine are described. The system may include a management application, and may receive a feature package from the virtual machine. The feature package may be associated with a function supported by the virtual machine. The system may integrate the feature package into the management application, and transmit a first command to the virtual machine for executing the function at the virtual machine. The first command may be generated by the management application based on the feature package.
Abstract:
A distributed system, such as a distributed storage system in a virtualized computing environment and having storage nodes arranged in a cluster, is provided by management server with a transition period between non-encryption and encryption modes of operation. The transition period enables all of the nodes to complete a transition from the non-encryption mode of operation to the encryption mode of operation, without loss of data-in-transit (DIT). An auto-remediation feature is provided by the management server to the cluster, so as to fix inconsistent state(s) of one or more nodes in the cluster.
Abstract:
Distributed storage system and method for transmitting storage-related messages between host computers in a distributed storage system uses a handshake operation of a first-type communication connection between a source data transport daemon of a source host computer and a target data transport daemon of a target host computer to derive a symmetric key at each of the source and target data transport daemons. The two symmetric keys are sent to a source data transport manager of the source host computer and to a target data transport manager of the target host computer. The source and target data transport managers then use the same symmetric keys to encrypt and decrypt storage-related messages that are transmitted from the source data transport manager to the target data transport manager through multiple second-type communication connections between the source and target data transport managers.