公开(公告)号：US12021981B2

公开(公告)日：2024-06-25

申请号：US17684432

申请日：2022-03-02

Applicant: VMware, Inc.

Inventor： Wenguang Wang ,  Abhay Kuamr Jain ,  Ruiling Dou ,  Tao Xie ,  Xin Li ,  Chandrakanth Gadhiraju ,  Kevin Rayfeng Li ,  Satish Pudi

IPC: H04L9/08 ,  G06F21/60

CPC classification number: H04L9/0891 ,  G06F21/602

Abstract: An example method for a first host, being an owner of an object stored in a virtual storage area network (vSAN) cluster, to perform encryption and decryption operations during a rekey in the vSAN cluster is disclosed. The method includes obtaining a first encryption key and a first key identifier (ID) of the first encryption key; transmitting the first key ID and an active key index to a second host; using the first encryption key to perform encryption and decryption operations; and in response to a determination of receiving a key change notification from a master node of the vSAN cluster, terminating a connection with the second host.

公开(公告)号：US10901649B2

公开(公告)日：2021-01-26

申请号：US16254604

申请日：2019-01-23

Applicant: VMware, Inc.

Inventor： Xin Li

IPC: G06F12/00 ,  G06F3/06 ,  G06F11/10

Abstract: Example methods and systems are provided for storage reclamation from a distributed storage system in a virtualized computing environment. The method may comprise: detecting a request to reclaim a target address range associated with the distributed storage system; and mapping the target address range to multiple data chunks. The method may also comprise: in response to identifying a fully-reclaimable stripe spanning across the multiple storage resources, reclaiming particular data chunks associated with the fully-reclaimable stripe, and parity chunk(s) associated with the fully-reclaimable stripe.

公开(公告)号：US20190215155A1

公开(公告)日：2019-07-11

申请号：US15866278

申请日：2018-01-09

Applicant: VMware, Inc.

Inventor： Wenguang Wang ,  Jin Zhang ,  Haoran Zheng ,  Eric Knauft ,  Xin Li ,  Pascal Renauld ,  Bryan Fink

IPC: H04L9/08 ,  G06F17/30 ,  H03M7/30 ,  H04L9/32 ,  H04L9/14 ,  G06F12/14

Abstract: A tenant's clear text data in a multi-tenant storage system can be encrypted using the tenant's cryptographic key to produce encrypted yet compressible data (“cryptographic data”). The cryptographic data can be encrypted using a system cryptographic key that is managed by the multi-tenant storage system and then stored. Use of the system cryptographic key allows for subsequent maintenance activities such as deduplication and compression to be performed on data stored in the multi-tenant storage system without having to access any of the tenants' cryptographic keys.

公开(公告)号：US20180225171A1

公开(公告)日：2018-08-09

申请号：US15943293

申请日：2018-04-02

Applicant: VMware, Inc.

Inventor： Enning Xiang ,  Eric Knauft ,  Pascal Renauld ,  Xin Li

IPC: G06F11/10 ,  G06F3/06

CPC classification number: G06F11/1004 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/0683

Abstract: Systems and techniques are described for transferring data. A described technique includes receiving a request to transmit a data block from a first data storage device to a second data storage device. An attempt to read the data block from the first data storage device is made. A media error resulting from the attempt to read the data block from the first data storage device is detected. In response to detecting the media error, a new data block is generated and includes mismatched checksum data that causes a checksum mismatched error when the new data block is accessed. The new data block is transmitted for storage at the second data storage device in place of the data block.

公开(公告)号：US09952923B2

公开(公告)日：2018-04-24

申请号：US15199128

申请日：2016-06-30

Applicant: VMware, Inc.

Inventor： Enning Xiang ,  Eric Knauft ,  Pascal Renauld ,  Xin Li

IPC: G06F11/00 ,  G06F11/10 ,  G06F3/06

CPC classification number: G06F11/1004 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/0683

Abstract: Systems and techniques are described for transferring data. A described technique includes receiving a request to transmit a data block from a first data storage device to a second data storage device. An attempt to read the data block from the first data storage device is made. A media error resulting from the attempt to read the data block from the first data storage device is detected. In response to detecting the media error, a new data block is generated and includes mismatched checksum data that causes a checksum mismatched error when the new data block is accessed. The new data block is transmitted for storage at the second data storage device in place of the data block.

公开(公告)号：US10666435B2

公开(公告)日：2020-05-26

申请号：US15866278

申请日：2018-01-09

Applicant: VMware, Inc.

Inventor： Wenguang Wang ,  Jin Zhang ,  Haoran Zheng ,  Eric Knauft ,  Xin Li ,  Pascal Renauld ,  Bryan Fink

IPC: H04L29/06 ,  H04L9/08 ,  H03M7/30 ,  H04L9/14 ,  H04L9/32 ,  G06F12/14 ,  G06F16/23

Abstract: A tenant's clear text data in a multi-tenant storage system can be encrypted using the tenant's cryptographic key to produce encrypted yet compressible data (“cryptographic data”). The cryptographic data can be encrypted using a system cryptographic key that is managed by the multi-tenant storage system and then stored. Use of the system cryptographic key allows for subsequent maintenance activities such as deduplication and compression to be performed on data stored in the multi-tenant storage system without having to access any of the tenants' cryptographic keys.

公开(公告)号：US11599554B2

公开(公告)日：2023-03-07

申请号：US16888527

申请日：2020-05-29

Applicant: VMware, Inc.

Inventor： Enning Xiang ,  Pascal Renauld ,  Sandeep Rangaswamy ,  Xin Li ,  Yiqi Xu ,  Venkata Ramanan

IPC: G06F16/27 ,  G06F11/14

Abstract: The disclosure herein describes tracking changes to a stale component using a synchronization bitmap. A first component of a plurality of mirrored components of the distributed data object becomes available from an unavailable state, and a stale log sequence number (LSN) and a last committed LSN are identified. A synchronization bitmap of the first component associated with a range of LSNs (e.g., from the stale LSN to the last committed LSN) is created and configured to track changes to data blocks of the first component. A second component is identified based on the second component including a tracking bitmap associated with an LSN that matches the stale LSN of the first component. The first component is synchronized with data from the second component based on, wherein the synchronizing includes updating the synchronization bitmap to track changes made to data blocks of the first component.

公开(公告)号：US10581602B2

公开(公告)日：2020-03-03

申请号：US15866185

申请日：2018-01-09

Applicant: VMware, Inc.

Inventor： Wenguang Wang ,  Xin Li ,  Haoran Zheng ,  Eric Knauft ,  Jin Zhang ,  Pascal Renauld ,  Bryan Fink

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/64 ,  H04L29/08

Abstract: A multi-tenant storage system can store clear text data and associated clear text checksum received from a storage tenant using their associated cryptographic key (“cryptokey”). When the clear text data is compressible, cryptographic data (“cryptodata”) is generated from a concatenation of the clear text checksum and compressed clear text data using the cryptokey. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. When the clear text data is uncompressible, cryptographic data (“cryptodata”) is generated by encrypting the clear text data using the cryptokey with an extra verification step to make sure the clear text checksum can be rebuilt during the read request. A cryptographic checksum (“cryptochecksum”) is generated from the cryptodata. The cryptodata and associated cryptochecksum are stored in the multi-tenant storage system, so that repairs to damaged cryptodata can be made using the associated cryptochecksum.

公开(公告)号：US20180004593A1

公开(公告)日：2018-01-04

申请号：US15199128

申请日：2016-06-30

Applicant: VMware, Inc.

Inventor： Enning Xiang ,  Eric Knauft ,  Pascal Renauld ,  Xin Li

IPC: G06F11/10 ,  G06F3/06

CPC classification number: G06F11/1004 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/0683

Abstract: Systems and techniques are described for transferring data. A described technique includes receiving a request to transmit a data block from a first data storage device to a second data storage device. An attempt to read the data block from the first data storage device is made. A media error resulting from the attempt to read the data block from the first data storage device is detected. In response to detecting the media error, a new data block is generated and includes mismatched checksum data that causes a checksum mismatched error when the new data block is accessed. The new data block is transmitted for storage at the second data storage device in place of the data block.

公开(公告)号：US11561957B2

公开(公告)日：2023-01-24

申请号：US16875640

申请日：2020-05-15

Applicant: VMware, Inc.

Inventor： Maithem Munshed ,  Xin Li ,  Wenbin Zhu ,  Anny Martinez Manzanilla ,  Michael Wei

IPC: G06F16/00 ,  G06F16/23 ,  G06F12/02

Abstract: Garbage collection processing in a distributed shared log system includes a client identifying obsoleted log entries for a shared data object. The client sends information associated with the identified obsoleted log entries to a shared log server. The shared log server receives information associated with obsoleted log entries from all clients in the distributed shared log system and uses the information to delete the obsoleted log entries. The shared log server can update a snapshot mark to indicate the earliest time that a snapshot of the shared log can be taken. The snapshot mark can be updated based on the information associated with obsoleted log entries.