公开(公告)号：US08705538B1

公开(公告)日：2014-04-22

申请号：US13096397

申请日：2011-04-28

申请人： Yechiel Yochai ,  Helen Raizen ,  Harold M. Sandstrom ,  Edith Epstein

发明人： Yechiel Yochai ,  Helen Raizen ,  Harold M. Sandstrom ,  Edith Epstein

IPC分类号： H04L12/28

CPC分类号： G06F13/385 ,  G06F3/0613 ,  G06F3/0635 ,  G06F3/0683 ,  G06F13/102 ,  G06F2213/3802 ,  H04L45/00 ,  H04L47/10 ,  H04L49/90

摘要： Methods and systems are disclosed that relate to selecting a path for sending an I/O request from a host to a data storage subsystem from among a plurality of paths from the host to the subsystem. An exemplary method includes identifying a limitation on the traffic level for the plurality of paths, tracking a first metric corresponding to the limitation on the traffic level for each path, and transmitting a first I/O request having an urgency level other than the highest urgency level by one of the plurality of paths whose first metric does not exceed its limitation on the traffic level.

摘要翻译： 公开了涉及从从主机到子系统的多个路径中选择用于从主机向数据存储子系统发送I / O请求的路径的方法和系统。 一种示例性方法包括识别针对多个路径的业务级别的限制，跟踪与每个路径的业务级别的限制相对应的第一度量，以及发送具有紧急度级别而不是最高紧急度的第一I / O请求 通过其第一度量不超过其对业务量的限制的多个路径中的一个路由。

公开(公告)号：US08751828B1

公开(公告)日：2014-06-10

申请号：US12977789

申请日：2010-12-23

申请人： Helen Raizen ,  Michael Emerald Bappe ,  Edith Epstein ,  Atul Kabra ,  Cesareo Contreras ,  Assaf Natanzon ,  Harold Martin Sandstrom

发明人： Helen Raizen ,  Michael Emerald Bappe ,  Edith Epstein ,  Atul Kabra ,  Cesareo Contreras ,  Assaf Natanzon ,  Harold Martin Sandstrom

IPC分类号： G06F12/14

CPC分类号： H04L9/08 ,  G06F21/6218

摘要： A host in an encrypted data storage system sends encryption metadata associated with an encrypted logical volume (LV) from a key controller module to an encryption endpoint via a storage I/O stack. The encryption metadata identifies an encryption key and encrypted regions of the LV, and the sending results in establishment of one or more shared associations between the key controller module and the encryption endpoint which associates the encrypted LV with the encryption metadata for the encrypted LV. A data storage operation is performed on the encrypted LV by sending a data storage command from the key controller module to an encrypted region of the encryption endpoint via the storage I/O stack. The encryption endpoint uses the encryption metadata associated with the encrypted LV to cryptographically process data of the data storage operation.

摘要翻译： 加密数据存储系统中的主机经由存储I / O堆栈将与加密的逻辑卷（LV）相关联的加密元数据从密钥控制器模块发送到加密端点。 加密元数据识别LV的加密密钥和加密区域，并且发送结果建立密钥控制器模块和加密端点之间的一个或多个共享关联，其将加密的LV与加密的LV的加密元数据相关联。 通过经由存储I / O堆栈将数据存储命令从密钥控制器模块发送到加密端点的加密区域，对加密的LV进行数据存储操作。 加密端点使用与加密的LV相关联的加密元数据来密码地处理数据存储操作的数据。

公开(公告)号：US08798262B1

公开(公告)日：2014-08-05

申请号：US12977971

申请日：2010-12-23

申请人： Helen Raizen ,  Atul Kabra

发明人： Helen Raizen ,  Atul Kabra

IPC分类号： G06F21/00 ,  G06F21/60

CPC分类号： G06F21/78 ,  G06F2221/2107

摘要： An encryption endpoint (EE) receives, via a storage I/O stack (having a key controller module (KCM)), encryption metadata identifying an encryption key and a set of region entries. Each region entry includes an identification of a region within a storage device subject to encryption with the encryption key and an identification of a correlation between the region and a corresponding region on a logical volume (LV) managed by the KCM. The EE receives, via the stack, a storage command to process a block having a first address on the storage device. It corresponds to a second address located within the corresponding region of the LV. The EE determines the second address within the LV and then cryptographically processes the block using an address-dependent cryptographic algorithm and (a) data of the block, (b) the determined second address, and (c) the encryption key.

摘要翻译： 加密端点（EE）通过存储I / O堆栈（具有密钥控制器模块（KCM）），加密元数据来识别加密密钥和一组区域条目。 每个区域条目包括使用加密密钥进行加密的存储设备内的区域的标识以及该区域与由KCM管理的逻辑卷（LV）上的对应区域之间的相关性的识别。 EE经由堆栈接收存储命令以处理在存储设备上具有第一地址的块。 它对应于位于LV的对应区域内的第二地址。 EE确定LV内的第二个地址，然后使用地址相关的加密算法对密码进行加密处理，（a）块的数据，（b）确定的第二个地址，和（c）加密密钥。

公开(公告)号：US09229656B1

公开(公告)日：2016-01-05

申请号：US13535851

申请日：2012-06-28

申请人： Cesareo Contreras ,  Helen Raizen ,  Michael E. Bappe ,  Xunce Zhou

发明人： Cesareo Contreras ,  Helen Raizen ,  Michael E. Bappe ,  Xunce Zhou

IPC分类号： G06F13/14 ,  G06F3/06

CPC分类号： G06F3/067 ,  G06F3/0604 ,  G06F3/0647 ,  G06F3/0659

摘要： An improved technique migrating data from a source LUN (logical unit) to a target LUN manages control I/O's in a manner that depends on the current state of data migration and on whether the control I/O's specify that reservation information for a LUN is to be set or queried. Control I/O's specifying reservation settings during the different states of migration are treated the same way as data WRITEs during those respective states, and control I/O's specifying reservation queries during different migration states are treated the same way as data READs during those respective states.

摘要翻译： 将数据从源LUN（逻辑单元）迁移到目标LUN的改进技术以取决于当前数据迁移状态的方式管理控制I / O以及控制I / O是否指定LUN的预留信息 被设置或查询。 在不同迁移状态期间，控制I / O指定预留设置的处理方法与在这些状态期间的数据写入相同，并且在不同的迁移状态期间控制I / O指定预约查询的处理方法与在各个状态期间的数据读取相同 。