会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明授权
    • Access control to block storage devices for a shared disk based file system
    • 访问控制以阻止基于共享磁盘的文件系统的存储设备
    • US08086585B1
    • 2011-12-27
    • US12242618
    • 2008-09-30
    • Per BrashersSorin FaibishJason GlasgowXiaoye JiangMario Wurzl
    • Per BrashersSorin FaibishJason GlasgowXiaoye JiangMario Wurzl
    • G06F17/30
    • G06F17/30097G06F17/30171
    • For enhanced access control, a client includes a token in each read or write command sent to a block storage device. The block storage device evaluates the token to determine whether or not read or write access is permitted at a specified logical block address. For example, the token is included in the logical block address field of a SCSI read or write command. The client may compute the token as a function of the logical block address of a data block to be accessed, or a metadata server may include the token in each block address of each extent reported to the client in response to a metadata request. For enhanced security, the token also is a function of a client identifier, a logical unit number, and access rights of the client to a particular extent of file system data blocks.
    • 对于增强的访问控制,客户端在发送到块存储设备的每个读取或写入命令中包含令牌。 块存储设备评估令牌以确定在指定的逻辑块地址是否允许读取或写入访问。 例如,令牌包含在SCSI读或写命令的逻辑块地址字段中。 客户端可以根据要访问的数据块的逻辑块地址来计算令牌,或者元数据服务器可以响应于元​​数据请求向客户端报告的每个区段的每个块地址中包括令牌。 为了增强安全性,令牌还是客户端标识符,逻辑单元号以及客户端对文件系统数据块的特定范围的访问权限的函数。
    • 3. 发明授权
    • Selection of a data path based on operation type
    • 基于操作类型选择数据路径
    • US07962657B1
    • 2011-06-14
    • US11966615
    • 2007-12-28
    • Eyal ZimranSorin FaibishJason Glasgow
    • Eyal ZimranSorin FaibishJason Glasgow
    • G06F15/16
    • G06F3/061G06F3/0635G06F3/067
    • Embodiments of the present invention are directed to techniques for selecting a data path over which to exchange information between a client device and a storage system by making a selection between a file system server (NAS) data path type (a first data path type) and a direct (SAN) data path type (a second data path type) based on one or more adjustable path selection factors and/or information regarding components of the computer system. For example, a data path may be selected based on a type of an input/output operation to be executed (i.e., whether the operation is a read operation or write operation) and/or any other suitable path selection factor.
    • 本发明的实施例涉及用于通过在文件系统服务器(NAS)数据路径类型(第一数据路径类型)和第二数据路径类型之间进行选择来选择在客户端设备和存储系统之间交换信息的数据路径的技术 基于一个或多个可调节路径选择因素的直接(SAN)数据路径类型(第二数据路径类型)和/或关于计算机系统的组件的信息。 例如,可以基于要执行的输入/输出操作的类型(即,操作是读操作还是写操作)和/或任何其他合适的路径选择因素来选择数据路径。
    • 4. 发明授权
    • Shared storage access load balancing for a large number of hosts
    • 为大量主机共享存储访问负载平衡
    • US08819344B1
    • 2014-08-26
    • US11836735
    • 2007-08-09
    • Sorin FaibishPer BrashersJames PedoneJason GlasgowXiaoye Jiang
    • Sorin FaibishPer BrashersJames PedoneJason GlasgowXiaoye Jiang
    • G06F12/10
    • G06F3/0689G06F3/061G06F3/064G06F3/0659G06F3/067G06F11/1076
    • A data processing system includes host data processors, a data storage system including data storage shared among the host data processors, and a data switch coupling the host data processors to the data storage system. The data storage system has host adapter ports coupled to the data switch. The data switch is programmed for distributing block I/O requests from the host data processors over the operable host adapter ports for load balancing of the block I/O requests among the operable host adapter ports. The shared data storage can be a file system striped across RAID sets of disk drives for load balancing upon disk director ports of the data storage system. The data processing system can be expanded by adding more data storage systems, switches for the additional data storage systems, and switches for routing block I/O requests from the host processors to the data storage systems.
    • 数据处理系统包括主机数据处理器,包括在主机数据处理器之间共享的数据存储器的数据存储系统以及将主机数据处理器耦合到数据存储系统的数据交换机。 数据存储系统具有耦合到数据交换机的主机适配器端口。 数据交换机被编程为通过可操作的主机适配器端口从主机数据处理器分发块I / O请求,以便在可操作的主机适配器端口之间进行块I / O请求的负载平衡。 共享数据存储可以是跨RAID磁盘阵列分割的文件系统,用于在数据存储系统的磁盘导向器端口上进行负载平衡。 可以通过添加更多的数据存储系统,用于附加数据存储系统的交换机和用于将块I / O请求从主机处理器路由到数据存储系统的交换机来扩展数据处理系统。
    • 5. 发明授权
    • System and method for providing access control to raw shared devices
    • 为原始共享设备提供访问控制的系统和方法
    • US07930487B1
    • 2011-04-19
    • US11854616
    • 2007-09-13
    • Sorin FaibishPer BrashersJason Glasgow
    • Sorin FaibishPer BrashersJason Glasgow
    • G06F12/00
    • G06F21/805
    • An access control agent is advantageously deployed at a host device to prevent malicious use of a storage system by unauthorized hosts and users. In one embodiment the access control agent is disposed in a processing path between the application and the storage device. An application is mounted as an image file by a loop device to provide a virtual file system. The virtual file system is populated with access control information for each block of the file. Application I/O requests are mapped to physical blocks of the storage by the loop device, and the access control information is used to filter the access requests to preclude unauthorized requests from being forwarded to the storage client (and consequently the storage devices). With such an arrangement, access rights can be determined at I/O accesses, file and block granularity for each user.
    • 访问控制代理有利地部署在主机设备中,以防止未经授权的主机和用户恶意使用存储系统。 在一个实施例中,访问控制代理被布置在应用程序和存储设备之间的处理路径中。 应用程序通过循环设备作为映像文件安装,以提供虚拟文件系统。 虚拟文件系统填充有文件的每个块的访问控制信息。 应用程序I / O请求被环路设备映射到存储的物理块,并且访问控制信息用于过滤访问请求,以防止未经授权的请求被转发到存储客户端(以及因此存储设备)。 通过这样的安排,可以在I / O访问,每个用户的文件和块粒度上确定访问权限。