A patching operation on an availability group cluster having a plurality of nodes is disclosed. The patching operation is performed in a plurality of iterations, each including determining a current state of each of the plurality of nodes, selecting a next node based on the current state, and patching the next node. A secondary replica node is selected as the next node before the a primary replica node. Each secondary replica node is patched in accordance with a first priority, upon patching each of the secondary replica node, a failover target node for patching the primary replica node is selected, the failover target node is selected based on a second priority, and according to the second priority, a healthy synchronous secondary replica node of the plurality of nodes is selected as the failover target node before an unhealthy synchronous secondary replica node of the plurality of nodes.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]
G06F 11/07 - Responding to the occurrence of a fault, e.g. fault tolerance
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
A multi-cluster configuration of a database management system in a virtual computing system includes a server that defines a first policy for a source database on a first cluster of a plurality of clusters. Each of the plurality of clusters is registered with the server and the first policy defines capture of snapshots and/or transactional logs from the source database on the first cluster. The server defines a second policy for the source database to replicate at least some of the snapshots and/or transactional logs from the first cluster to a second cluster of the plurality of clusters, captures a first snapshot and/or a first transactional log from the source database in accordance with the first policy, and replicates the first snapshot and/or the first transactional log to the second cluster in accordance with the second policy.
Data analytics systems are described herein which may provide requests for file tiering to one or more file servers. The data analytics systems may receive metadata and/or event data from one or more file servers and may utilize the metadata and/or event data to select files for tiering. In some examples, files may be selected using a sliding window methodology. In some examples, files may be selected in part based on user behavior with the files in the file system. In some examples, file analytics systems may send requests to retry tiering operations which failed. The retry requests may be sent in a manner that is based on the error which caused the failure.
Examples of analytics systems are described which may receive metadata and event data from a file system. The metadata may include object IDs and parent object IDs for objects in the file system. Examples of analytics systems described herein may construct paths for directories in the file system based on the metadata and/or event data. Accordingly, analytics systems may store a path table including a complete path name for each directory. In this manner, path names may be returned along with analytics data to users in a user interface.
Examples of systems described herein include a virtualized file servers. Examples of virtualized file servers described herein may support disaster recovery of the virtualized file server. Accordingly, examples of virtualized file servers may support metadata fixing procedures to update metadata in a recovery setting. Examples of virtualized file servers may support hypervisor-agnostic disaster recovery.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 3/06 - Digital input from, or digital output to, record carriers
In some aspects, an apparatus includes a processor and a memory. In some embodiments, the memory includes programmed instructions that, when executed by the processor, cause the apparatus to receive a request to create a bucket. In some embodiments, the memory includes programmed instructions that, when executed by the processor, cause the apparatus to, in response to receiving the request to create the bucket, write, to a first object store, a first mapping that maps an identifier of global metadata to an identifier of a second object store where the bucket is to be created, write, to the second object store, a second mapping that maps the identifier of global metadata to local metadata, and replicate, to the second object store, the first mapping.
In accordance with some aspects of the present disclosure, a non-transitory computer readable medium is disclosed. In some embodiments, the non-transitory computer readable medium includes instructions that, when executed by a processor, cause the processor to receive, from a workload hosted on a host of a cluster, first I/O traffic programmed according to a first I/O traffic protocol supported by a cluster-wide storage fabric exposed to the workload as being hosted on the same host. In some embodiments, the workload is recovered by a hypervisor hosted on the same host. In some embodiments, the non-transitory computer readable medium includes the instructions that, when executed by the processor, cause the processor to adapt the first I/O traffic to generate second I/O traffic programmed according to a second I/O traffic protocol supported by a repository external to the storage fabric and forward the second I/O traffic to the repository.
Examples of systems described herein may allow users to change from an application level disaster recovery system (e.g., an application level replication policy) to a share level disaster recovery system (e.g., a share level replication policy). The change may be made such that a base snapshot need not again be taken when beginning operation under the share level replication policy—rather, the base snapshot previously taken during application level replication may be used in some examples. That base snapshot may be leveraged, an initial set of common share snapshots established, and protection maintained going forward on a share level basis.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
9.
CONFIGURING VIRTUALIZATION SYSTEM IMAGES FOR A COMPUTING CLUSTER
A plurality of different virtualization system images are configured for deployment to a plurality of nodes in heterogeneous environments. Individual ones of the virtualization system images are configured such that once deployed, the nodes form a computer cluster having a storage pool that is shared across the nodes. When configuring the virtualization system images, information that describes the heterogeneous computing environments is accessed, and constraints pertaining the heterogeneous computing environments are reconciled in advance of configuring the different virtualization system images. A common subnet across the heterogeneous environments is established. The plurality of different virtualization system images are configured to access the common subnet once deployed. The common subnet serves as a storage I/O communication path over which a cluster-wide storage pool is implemented. The virtualization system images are configured to correspond to address portions of a contiguous address space that is used to access data in the storage pool.
A system and method include receiving, by a database engine of a database system associated with a virtual computing system, a user request via a dashboard for provisioning a source database with the database system, receiving, by the database engine via the dashboard, selection of a database engine type, and receiving, by the database engine via the dashboard, selection of a Service Level Agreement (“SLA”) and a protection schedule. The system and method also include provisioning, by the database engine, the source database based upon the database engine type, creating, by the database engine, an instance of a database protection system based upon the SLA and the protection schedule, including associating the instance of the database protection system with the source database, and displaying, by the database engine, the source database within the dashboard.
G06F 16/11 - File system administration, e.g. details of archiving or snapshots
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
11.
SYSTEM AND METHOD FOR PROTECTING DATABASES IN A HYPERCONVERGED INFRASTRUCTURE SYSTEM
A system and method include associating, by a database system of a virtual computing system, a protection schedule with each source database provisioned in the database system, the protection schedule defining a frequency of capturing snapshots and a frequency of capturing transactional logs, capturing, by the database system for each of the source databases, snapshots and transactional logs based upon the frequency of capturing snapshots and the frequency of capturing transactional logs, respectively, and receiving, by the database system, a request identifying a point in time for creating a cloned database from a first source database. The system and method also include retrieving, by the database system, the snapshots and the transactional logs corresponding to the point in time and creating, by the database system, the cloned database by combining data in storage locations identified in the transactional logs and the data in remaining storage locations identified in the snapshots.
G06F 16/11 - File system administration, e.g. details of archiving or snapshots
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
12.
SELF-SERVICE RESTORE (SSR) SNAPSHOT REPLICATION WITH SHARE-LEVEL FILE SYSTEM DISASTER RECOVERY ON VIRTUALIZED FILE SERVERS
Examples of systems described herein provide for share-level disaster recovery on, for example, virtualized file servers by enabling additional snapshots, including self-service recovery (SSR) snapshot migration in addition to replication snapshot migration to a disaster recovery location. In examples, a disaster recovery location may receive a replication of a share of a file system, the snapshot configured for recovery of the share at the disaster recovery location. The replication snapshot may include one or more additional snapshots, each taken since a time of a previous replication snapshot. At least one of the one or more additional snapshots may include an SSR snapshot, identifiable based at least on a tag associated with a process used to create the SSR snapshot at a primary location. The at least one additional snapshot may be extracted for use by another instance of the process at the disaster recovery location.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
A database system associated with a plurality of source databases in a virtual computing system includes a dashboard having a main menu for providing a plurality of control functions and a body that dynamically changes based upon the plurality of control functions that are selected. The dashboard includes a homepage for displaying a plurality of cells in the body, including a first cell for displaying a list of the plurality of source databases. The main menu includes a first control function, the selection of which triggers a database provisioning service by presenting options to either create a new source database or register an existing database within the body and a second control function, the selection of which triggers a copy data management service by presenting an option to create a new cloned database.
G06F 3/04847 - Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
G06F 3/0482 - Interaction with lists of selectable items, e.g. menus
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
G06F 16/25 - Integrating or interfacing systems involving database management systems
14.
REPAIRING HIGH-AVAILABILITY VIRTUAL MACHINE PLACEMENTS IN A COMPUTING CLUSTER
Placement scenario optimization mechanisms for automatic placement of computing entities onto nodes of a running multi-node computing cluster. A set of failure mode parameters define a high-availability requirement of the multi-node computing cluster. In advance of a failure event, and responsive to a determination that a then-current computing entity placement does not satisfy the high-availability requirement, the cluster is analyzed and a plurality of feasible placement scenarios are generated. Optimization criteria are applied to the feasible placement scenarios such that a best choice from among the feasible placement scenarios is identified and applied to the virtual machine placements over the cluster. A change monitoring and detection facility continually observes the multi-node computing cluster to detect a change of a failure mode parameter or to detect a change to the configuration of the virtual machines. Certain of such changes cause feasible placement scenarios to be generated, evaluated, selected, and applied.
A recovery orchestration pipeline has stages configured to control efficient failover and recovery of applications in a multi-site disaster recovery (DR) environment. The applications run on user virtual machines (UVMs) at a primary site of the DR environment and connect to block storage devices (BSDs) that export virtual disks over a storage protocol to consume data including a recovery plan for disaster recovery. The recovery plan includes a recovery configuration whose generation is triggered by a user via a graphical user interface (GUI) and specifies resource requirements needed to recover the applications at a secondary site in the event of a disaster. The orchestration pipeline is initiated via single click of the GUI and completion of the stages of the pipeline is displayed as progress via the GUI to allow recovery of the applications without user intervention.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
Role-based access controls (RBAC) are extended to include multi-party authorizations for certain computing cluster operations or data items. Upon receiving a request to perform an operation over a computing cluster or its data, a check is carried out to determine if the operation (e.g., READ, WRITE, EXECUTE, DELETE, etc.) is subject to both a role-based access control as well as a multi-party authorization (MPA) consensus protocol. The determination to allow or deny the request includes (1) accessing a role-based access control record corresponding to the operation or data item, and (2) invoking the multi-party authorization consensus protocol. Prior to performance of the operation, a computer program collects “approve” or “deny” responses from individual ones of the multiple parties. When approval consensus is reached, the operation is performed. If approval is denied, or if an approval consensus is not reached within a time limit, then the operation is not performed.
Methods, systems, and computer program products for thwarting a malware attack. A data storage system stores data items, some of which data items correspond to snapshots. Upon identification of a possible ransomware attack on a data item, the system identifies a version of the snapshot that is not subject to the ransomware attack and seeks to protect the data state of the system from further damage (e.g., due to performance of unauthorized operations on the version of the snapshot that is not subject to the ransomware attack) by requiring consensus from a multi-party authorization (MPA) consensus regime before carrying out requested operations over the snapshot. The MPA consensus regime operates by determining that the operation is subject to a role-based access control (RBAC) as well as a multi-party authorization (MPA) consensus protocol, and then allowing or denying execution of the requested operations based on achieving consensus from among candidate approvers.
Placement scenario optimization mechanisms for automatic placement of computing entities onto nodes of a running multi-node computing cluster. A set of failure mode parameters define a high-availability requirement of the multi-node computing cluster. In advance of a failure event, and responsive to a determination that a then-current computing entity placement does not satisfy the high-availability requirement, the cluster is analyzed and a plurality of feasible placement scenarios are generated. Optimization criteria are applied to the feasible placement scenarios such that a best choice from among the feasible placement scenarios is identified and applied to the virtual machine placements over the cluster. A change monitoring and detection facility continually observes the multi-node computing cluster to detect a change of a failure mode parameter or to detect a change to the configuration of the virtual machines. Certain of such changes cause feasible placement scenarios to be generated, evaluated, selected, and applied.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
19.
PROVIDING SERVICE TIER INFORMATION WHEN VALIDATING API REQUESTS
In various embodiments, one or more non-transitory computer-readable media storing program instructions that, when executed by one or more processors, cause the one or more processors to perform a method comprising receiving, from an API server, a request to access a service, the request including an API authorization identifier; validating the API authorization identifier to generate a validation result; determining a service tier of the service based on the request; and transmitting, to the API server, a response including the validation result and an indicator of the service tier based on the request.
Various embodiments set forth techniques for managing metadata for a vblock include dynamically normalizing and denormalizing vblock metadata associated with an extent. Vblock metadata associated with an extent is normalized when the extent is migrated to a different extent group by having the vblock metadata to a mapping between the extent identifier and an extent group identifier in a metadata map separate from the vblock metadata. Vblock metadata associated with an extent is denormalized whenever the number of vblock metadata associated with an extent drops below a threshold. Vblock metadata is denormalized by updating the vblock metadata to include a mapping to an extent group, based on a mapping of the extent to the extent group in a separate metadata map, and then removing the mapping in the separate metadata map.
Methods, systems, and computer program products for selection of a witness during virtualization system recovery after a disaster event. A recovery plan is configured to identify a witness that is then used to elect a leader to implement the recovery. Various system, and/or network, and/or component failures and/or various loss of function of components of the virtualization system can trigger initiation of the recovery plan. Based on the particular recovery plan that is invoked upon a determination of a network outage, or component failure or loss of function of a component of the virtualization system, a particular witness corresponding to a subset of entities of the particular recovery plan is selected. The witness is used to elect the leader, and the leader initiates actions of the recovery plan. The implementation of the recovery plan includes consideration of the health of components that would potentially be involved in the recovery actions.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
A system may include a memory having computer-readable instructions stored thereon and a processor of a control plane that executes the computer-readable instructions to receive a request from a tenant to update a portion of a database, determine an individual tenant identifier of the tenant, determine whether the portion of the database is associated with the individual tenant identifier or a global tenant identifier, and allow the tenant to update the portion of the database in response to determining that the portion of the database is associated with the global tenant identifier or the individual tenant identifier or restrict the tenant from updating the portion of the database in response to determining that the portion of the database is associated with neither the global tenant identifier nor the individual tenant identifier.
A database management system may include a control plane comprising a memory having computer-readable instructions stored thereon and processor that executes computer-readable instructions to execute one or more services running on the control plane, the control plane connected to a plurality of database servers, wherein each of the plurality of database servers is connected to the control plane via a communication channel, wherein the control plane comprises a plurality of data streams, each of the plurality of data streams configured to communicate messages of a designated type, and wherein the control plane is configured to communicate with a database server of the plurality of database servers using the plurality of data streams and the communication channel associated with the database server and the control plane.
Aspects of the present disclosure are directed to a system comprising a memory having computer-readable instructions stored thereon, and a processor of a database server, the processor executing the computer-readable instructions to generate a request to a control plane for an operation to be performed on the database server, wherein the control plane is configured to communicate with a plurality of database servers having a plurality of agents running thereon, and wherein each of the plurality of agents has a dedicated communication connection with the control plane, publish the request on the dedicated communication connection associated with the agent to send the request to the control plane, receive, on the dedicated communication connection, a response from the control plane, the response comprising a response to the request from a service of the control plane, and execute the operation on the database server based on the response.
H04L 67/60 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
A system may include a memory having computer-readable instructions stored thereon, and a processor of a control plane that executes the computer-readable instructions to receive from a database server, over a first connection, a request for credentials, in response to the request for credentials, generate credentials for the database server, transmit the credentials to the database server over a second connection specific to the database server, receive, over the second connection, from the database server, a request for registering the database server, the request for registering the database server comprising the credentials, in response to the request for registering the database server, register the database server with a database management system associated with the control plane.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
A system may include a memory having computer-readable instructions stored thereon, and a processor that executes the computer-readable instructions to determine a plurality of scheduled events to be executed in a time period, determine a number of buckets in the time period based on a predetermined permissible interval, generate a plurality of buckets equal to the number of buckets in the time period, wherein each of the plurality of buckets is associated with a time interval, and schedule each of the plurality of scheduled events in one of the plurality of buckets, wherein execution of each of the plurality of scheduled events is delayed or advanced from an original scheduled time based on the predetermined permissible interval.
A system may include a memory having computer-readable instructions stored thereon and a processor that executes the computer-readable instructions to receive, from a user, a first login credential associated with an organization on a database management service. The system may receive, from the user, a selection of the first cloud account, retrieve a second login credential for the first cloud account based on the selection, automatically log in to the first cloud account using the second login credential, receive, from the user, input to perform an operation on data in the first database on the first cloud, and transmit, to the first cloud, using the second login credential for the first cloud account, a signal to perform the operation based on the input.
Bootstrapping a microservices container registry. A computing system node receives an installation package. The receiving computing system node bootstraps an initial invocation of the microservice by first installing a local container registry from the installation package and then by installing the microservice from the installation package. The installation package contains additional components that can be extracted, installed and invoked by executing the microservice at the computing system node after extracting from the local container registry. The installation package is generated by any node of the computing system and contains code corresponding to infrastructure microservices that are installed before invoking microservices that depend on the infrastructure. Temporary domain name services are installed from the installation package at a node-local IP address. The temporary domain name services are switched over to a different domain name service at a different IP address. A second computing system node is designated as a failover node.
An illustrative embodiment disclosed herein is an apparatus including a processor and a memory. In some embodiments, the memory includes programmed instructions that, when executed by the processor, cause the apparatus to upload an object to a source bucket in an object store and create a lambda bucket in the object store that is symlinked to the source bucket. In some embodiments, the lambda bucket is associated with a predefined transformation. In some embodiments, the memory includes the programmed instructions that, when executed by the processor, cause the apparatus to receive a request to download the object from the lambda bucket, detect that the object is in the source bucket, fetch the object from the source bucket, transform the object, by compute resources of the object store, using the predefined transformation, and download the transformed object.
An illustrative embodiment disclosed herein is a computer-implemented method. In some embodiments, the method includes uploading, by a processor, an object to a source bucket in an object store and creating, by the processor, a lambda bucket in the object store that is symlinked to the source bucket. In some embodiments, the lambda bucket is associated with a transformation function. In some embodiments, the method includes associating, by the processor, a lambda function with the object in the source bucket, receiving, by the processor, a request to download the object from the lambda bucket, detecting, by the processor, that the object is in the source bucket and associated with the lambda function, fetching, by the processor, the object from the source bucket, generating, by the processor, a transformed object by invoking the lambda function and the transformation function on the object, and downloading, by the processor, the transformed object.
A database system associated with a plurality of source databases in a virtual computing system includes a dashboard having a main menu for providing a plurality of control functions and a body that dynamically changes based upon the plurality of control functions that are selected. The dashboard includes a homepage for displaying a plurality of cells in the body, including a first cell for displaying a list of the plurality of source databases. The main menu includes a first control function, the selection of which triggers a database provisioning service by presenting options to either create a new source database or register an existing database within the body and a second control function, the selection of which triggers a copy data management service by presenting an option to create a new cloned database.
G06F 3/04847 - Interaction techniques to control parameter settings, e.g. interaction with sliders or dials
G06F 3/0482 - Interaction with lists of selectable items, e.g. menus
G06F 16/25 - Integrating or interfacing systems involving database management systems
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
32.
ELASTIC REQUEST HANDLING TECHNIQUE FOR OPTIMIZING WORKLOAD PERFORMANCE
An elastic request handling technique limits a number of threads used to service input/output (I/O) requests of a low-latency I/O workload received by a file system server executing on a cluster having a plurality of nodes deployed in a virtualization environment. The limited number of threads (server threads) is constantly maintained as “active” and running on virtual central processing units (vCPUs) of a node. The file system server spawns and organizes the active server threads as one or more pools of threads. The server prioritizes the low-latency I/O requests by loading them onto the active threads and allowing the requests to run on those active threads to completion, thereby obviating overhead associated with lock contention and vCPU migration after a context switch (i.e., to avoid rescheduling a thread on a different vCPU after execution of the thread was suspended).
A cluster configuration request to form a hyperconverged computing infrastructure (HCI) cluster in a cloud computing environment is processed. Based on the cluster configuration request and any other cluster specifications, a plurality of bare metal computing nodes of the cloud computing environment are configured to operate as an HCI cluster. First, a tenant-specific secure network overlay is formed on a first set of tenant-specific networking hardware resources. Then, the tenant-specific secure network overlay is used by an orchestrator to provision a second set of tenant-specific networking hardware resources. The second set of tenant-specific networking hardware resources are configured to interconnect node-local storage devices into a shared storage pool having a contiguous address space. Top-of-rack switches are configured to form a network overlay on the first set of tenant-specific networking hardware resources. Then, top-of-rack switches are configured to form a layer-2 subnet on the second set of tenant-specific networking hardware resources.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
H04L 49/354 - Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
H04L 49/351 - Switches specially adapted for specific applications for local area network [LAN], e.g. Ethernet switches
In one embodiment, a system for managing a virtualization environment includes a plurality of host machines, wherein each of the host machines comprises a hypervisor and one or more user virtual machines (user VMs), and a virtual machine controller, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines. The VFS may be configured to receive a request for storage system information from a user and generate and send a response to the request, wherein the response is customized according to configuration information of the VFS that is specific to the user. The storage system information requested may include a total size of storage available to the user, and the user may have an associated storage quota limit.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
G06F 11/07 - Responding to the occurrence of a fault, e.g. fault tolerance
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
H04L 41/06 - Management of faults, events, alarms or notifications
G06F 3/06 - Digital input from, or digital output to, record carriers
H04L 67/1095 - Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
A unified namespace technique provides coherent access to unstructured data across different data access protocols having different logical constructs that are stored and managed on a storage system. A control plane infrastructure operates in connection with storage services to provide support for a vast array of storage platforms including file servers of a file system and object storage servers of an object store. Metadata associated with a data access transaction is processed separately and natively by a protocol stack of a particular storage service according to a particular data access protocol. The processed metadata is stored native to the access protocol in a metadata store associated with the particular storage service and is made available to the protocol stacks of the other storage services. Processed metadata is made available to the protocol stacks via an event notification logging service implemented as a message bus. A single canonical instance of the data is maintained for all of the logical constructs served by the storage system.
In some embodiments, a method includes processing, by a machine learning model, a natural-language expression to generate one or more rules, each rule including a trigger and one or more actions; monitoring a deployed infrastructure to detect an occurrence of at least one of the one or more triggers of a first rule of the one or more rules; and performing at least one of the one or more actions of the first rule based on the occurrence of at least one of the one or more triggers.
Various embodiments disclosed herein are related to an apparatus. In some embodiments, the apparatus includes a processor and a memory. In some embodiments, the memory includes programmed instructions that, when executed by the processor, cause the apparatus to receive an indication that an entity state of an entity has been updated, and, in response to receiving the indication that the entity has been updated, determine that the number of updates of the entity within a time period exceeds a threshold. In some embodiments, the memory includes the programmed instructions that, when executed by the processor, cause the apparatus to determine that the time period has expired, and, in response to determining that the time period has expired, collect the entity state of the entity.
H04L 43/0817 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
38.
MALICIOUS ACTIVITY DETECTION, VALIDATION, AND REMEDIATION IN VIRTUALIZED FILE SERVERS
Examples of file analytics systems are described that may obtain metadata data and events data from a virtualized file server. The file analytics systems may detect one or more events from the events data matching a criteria indicating malicious activity. The file analytics systems may validate the detection of malicious activity. The validation may be performed by comparing the file type, such as the MIME type, of sample files before and after the suspected malicious activity. The systems may recover a share of the distributed file server including the one or more affected files by replacing the one or more affected files with stored versions of the one or more affected files from a snapshot of the share taken prior to the detected malicious activity.
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
39.
VIRTUALIZED FILE SERVER DISTRIBUTION ACROSS CLUSTERS
In one embodiment, a system for managing a virtualization environment includes host machines implementing a virtualization environment, a plurality of clusters of the host machines, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), and a VFS cluster manager (CM) configured to distribute storage items among the clusters and receive cluster storage statistics for one or more shares of the VFS. The CM is further configured to, in response to a request from a first FSVM to identify a storage location for a storage item, identify a cluster at which the storage item is to be located based on the cluster storage statistics, identify a second FSVM at which the storage item is to be located based on compute usage statistics of one or more FSVMs in the identified cluster, and send an address of the second FSVM to the first FSVM.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
G06F 11/07 - Responding to the occurrence of a fault, e.g. fault tolerance
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
H04L 41/06 - Management of faults, events, alarms or notifications
G06F 3/06 - Digital input from, or digital output to, record carriers
H04L 67/1095 - Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
A scalable Internet of Things (IoT) system may include multiple instances of an IoT manager, each instance respectively configured to connect to a respective edge system of multiple edge systems. The IoT system may further include a containerized system configured to allow any instance of the IoT manager to deploy data pipelines to any edge system of the multiple edge systems in delta communications. Any instance of the IoT manager may send a change message to any edge system via a publish/subscribe notification method. In some examples, a centralized IoT manager may form a secure communication with an edge system, synchronize an object model with an edge object model for the edge system, and maintain the edge system using delta change communications. The IoT system may facilitate any instance of the IoT manager to subscribe a communication channel with an associated edge system for receiving update notification.
G06F 9/38 - Concurrent instruction execution, e.g. pipeline, look ahead
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
In one embodiment, a system for managing a virtualization environment comprises a plurality of host machines, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines and conducts I/O transactions with the one or more virtual disks, and a virtualized file server self-healing system configured to identify one or more corrupt units of stored data at one or more levels of a storage hierarchy associated with the storage devices, wherein the levels comprise one or more of file level, filesystem level, and storage level, and when data corruption is detected, cause each FSVM on which at least a portion of the unit of stored data is located to recover the unit of stored data.
G06F 3/06 - Digital input from, or digital output to, record carriers
G06F 11/07 - Responding to the occurrence of a fault, e.g. fault tolerance
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
H04L 41/06 - Management of faults, events, alarms or notifications
H04L 67/1095 - Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
G06F 16/176 - Support for shared access to files; File sharing support
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 67/00 - Network arrangements or protocols for supporting network services or applications
H04L 41/5009 - Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
H04L 41/0859 - Retrieval of network configuration; Tracking network configuration history by keeping history of different configuration generations or by rolling back to previous configuration versions
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
Methods, systems, and computer program products for moving a container-based application from a source HCI cluster to a target HCI cluster. An HCI storage cluster data replication mechanism operates to copy data and metadata from a plurality of storage devices that constitute a storage pool of the source HCI cluster. A container-based application replication mechanism operates to copy data and metadata from an executable container that is running on a node of the source HCI cluster. Periodically (1) the state of the container-based application is saved using the container-based application replication mechanism, and (2) the state of the storage cluster data of the HCI storage cluster is saved using the HCI storage cluster data replication mechanism. The saved state of the container-based application including its application data and metadata are combined with the saved state of the storage cluster data to bring-up the container-based application at the target HCI cluster.
Various embodiments disclosed herein are related to a non-transitory computer readable storage medium. In some embodiments, the medium includes instructions stored thereon that, when executed by a processor, cause the processor to determine, in a cluster of host machines, a priority level of telemetry data collected in the cluster, at least based on a data type of the telemetry data and a tag and store the telemetry data in a storage in the cluster. In some embodiments, a quality-of-service (QoS) is associated with the priority level. In some embodiments, the storage is associated with the priority level. In some embodiments, the medium includes the instructions stored thereon that, when executed by the processor, cause the processor to send the telemetry data from the storage to a server in accordance with the QoS, wherein the server is separate from the cluster.
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
H04Q 9/00 - Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
44.
SYSTEM AND METHOD FOR CLONING AS SQL SERVER AG DATABASES IN A HYPERCONVERGED SYSTEM
A system and method include creating, by an Availability Group (“AG”) controller in a virtual computing system, a first AG clone from a source database. The source database is stored on a primary replica node of an AG of the virtual computing system. The system and method also include creating, by the Controller, a second AG clone from the first AG clone and storing, by the Controller, the second AG clone on a secondary replica node of the AG. The second AG clone has a size of substantially zero
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Upon receiving a request to hibernate a hypervisor of a virtualization system running on a first computer, acts are carried out to capture a state of the hypervisor, where the state of the hypervisor comprises hypervisor logical resource parameters and an execution state of the hypervisor. After hibernating the hypervisor by quiescing the hypervisor and storing the state of the hypervisor into a data structure, the data structure is moved to a different location. At a later moment in time, the data structure is loaded onto a second computing machine and restored. The restore operation restores the hypervisor and all of its state, including all of the virtual machines of the hypervisor as well as all of the virtual disks and other virtual devices of the virtual machines. Differences between the first computing machine and the second computing machine are reconciled before execution of the hypervisor on the second machine.
A system and method includes a plurality of nodes distributed between a first cluster and a second cluster, each of the plurality of nodes storing a copy of a source database and a processor executing computer-readable instructions stored on a memory to designate a first node of the plurality of nodes as a primary node, designate remaining ones of the plurality of nodes as secondary nodes to take over from the primary node upon failure of the primary node, designate a second node of the plurality of nodes as an initial active node, backup the source database from the initial active node, automatically designate, based on a switch over policy, a third node of the plurality of nodes as a next active node upon the initial active node becoming unavailable, and continue backups of the source database from the next active node upon the initial active node becoming unavailable.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
47.
MANUAL SNAPSHOT AND RESTORE OF USER APPLICATIONS HOSTED ON CLOUD INFRASTRUCTURES
An aspect of the present disclosure facilitates manual snapshot and restore of user applications hosted on cloud infrastructures. In one embodiment, a system receives setup data specifying a first set of actions (such as shutting off and restarting related services, etc.) to be performed upon receipt of a manual snapshot command with respect to a component of a user application hosted on a cloud infrastructure. Upon receiving the manual snapshot command to capture a current state of the component, the system performs the first set of actions along with capturing the current state of the component.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 16/11 - File system administration, e.g. details of archiving or snapshots
Label-based replication of data between two computing clusters. A replication session is established between a source cluster and a target cluster. After making a data item status inquiry originating from the source cluster, the target cluster assesses its then-current status of the data item. Based at least in part on the target cluster's then-current status of the data item, the source cluster determines that at least a portion of the data item can be streamed from the source cluster to the target cluster. As such, rather than making further inquiries to the target cluster as pertains to constituent contents of the data item, the constituent contents of the data item are sent to the target without incurring the protocol costs of making further inquiries. The target cluster determines its then-current status of the data item based on a data item label taken from an entry of a cluster data manifest.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
49.
CONSISTENT ACCESS CONTROL LISTS ACROSS FILE SERVERS FOR LOCAL USERS IN A DISTRIBUTED FILE SERVER ENVIRONMENT
Examples described herein are generally directed towards file server access controls, and more specifically towards a mechanism to create consistent access control lists for local users across different file servers in a distributed file server environment. In operation, a local user system SID (e.g., external SID) may be generated for a first user of a first file server. A global ID based on attributes associated with the user of the first file server may also be generated. The global ID for the user may be stored in metadata associated with an access control list (ACL) for a file accessible through the first file server. Data, including the file may be migrated to a second file server. Based on receiving an access request at the second file server associated with the user based on the external ID, the external ID for the user may be translated into the global ID, and used to determine access to the file.
Examples of systems described herein include a virtualized file server including a first file server virtual machine and a second file server virtual machine configured to manage a distributed file share of storage items. The second file server virtual machine is configured to manage a particular storage item of the distributed file share of storage items. The first file server virtual machine is configured to, in response to receipt of a referral request for a file share path for the particular storage item from a client, look up a file share path for the particular storage item in a map of at least a portion of the distributed file share of storage items, and provide a referral with the file share path that identifies the second file server virtual machine.
In some aspects, an apparatus includes a processor and a memory. In some embodiments, the memory includes programmed instructions that, when executed by the processor, cause the apparatus to intercept an I/O transaction between a virtual machine and an I/O device, determine whether data in the I/O transaction indicates a security misconfiguration, and perform a remedial action in response to identifying the security misconfiguration.
Examples described herein are generally directed towards file share access, and more specifically towards a mechanism to connect file shares at the protocol level in a distributed file server environment. In operation, a first FSVM hosting a first file share may receive a request by a client to access a location in a name space. The first FSVM may determine the location is at a second file share linked to the first file share. The first FSVM may provide access to the second file share to the client. In some examples, the first file share and the second file share may be linked at the directory level.
Examples of systems are described herein which may dynamically allocate compute resources to recovery clusters. Accordingly, a recovery site may utilize fewer compute resources in maintaining recovery clusters for multiple associate clusters, while ensuring that, during use, compute resources are allocated to a particular cluster. This may reduce and/or avoid vulnerabilities arising from a use of shared resources in a virtualized and/or cloud environment.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
54.
ORCHESTRATION OF TASKS IN TENANT CLOUDS SPANNING MULTIPLE CLOUD INFRASTRUCTURES
Aspects of the present disclosure are directed to orchestration of tasks in tenant clouds. In an embodiment, an orchestrator receives a task-group and a condition, with the task-group specifying multiple tasks. The orchestrator selects a group of resources satisfying the condition, with the group of resources being of a tenant cloud spanning multiple cloud infrastructures. The orchestrator invokes the task-group on the group of resources to cause each of the multiple tasks to be executed on each of the group of resources.
A framework is described that improves resource utilization during operations executing within workflows of the distributed data processing system (e.g., having a plurality of interconnected nodes) in a disaster recovery (DR) environment configured to support synchronous and asynchronous (i.e., heterogeneous) DR workflows (e.g., generating snapshots and replicating data) that include synchronous replication, asynchronous replication, nearsync (i.e., short duration snapshots of metadata) replication and migration of data objects associated with the workflows for failover (e.g., replication and/or migration) to a secondary site in the event of failure of the primary site. The framework meters (regulates) execution of the operations directed to the workloads so as to efficiently use the resources in a manner that allows timely progress (completion) of certain (e.g., high-frequency) operations and reduction in blocking (stalling) of other (e.g., low-frequency) operations by avoiding unnecessary resource hoarding/consumption and contention. Notably, the framework also provides metering and tuning of properties during execution of the workflows and maintains their state to provide for recovery.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
A database management system receives a user request for provisioning a database, autonomously selects a datacenter for provisioning the database based at least on a first pre-defined rule, autonomously selects at least one cluster in the datacenter based at least on a second pre-defined rule, determines a network location of each of the at least one cluster, and provisions the database on each of the at least one cluster using the network location of each of the at least one cluster.
A system and method include receiving, by a database engine of a database system associated with a virtual computing system, a user request via a dashboard for provisioning a source database with the database system, receiving, by the database engine via the dashboard, selection of a database engine type, and receiving, by the database engine via the dashboard, selection of a Service Level Agreement (“SLA”) and a protection schedule. The system and method also include provisioning, by the database engine, the source database based upon the database engine type, creating, by the database engine, an instance of a database protection system based upon the SLA and the protection schedule, including associating the instance of the database protection system with the source database, and displaying, by the database engine, the source database within the dashboard.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 16/11 - File system administration, e.g. details of archiving or snapshots
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
An illustrative embodiment disclosed herein is an apparatus comprising a processor and a memory. In some embodiments, the memory includes programmed instructions that, when executed by the processor, cause the apparatus to receive a first object request to execute an input/output (I/O) on an object stored in an on-premises object store, select a target cloud object store of a plurality of cloud object stores, translate the first object request to a second object request to execute the I/O on the object, and send the second object request to the target cloud object store. In some embodiments, the first object request is in accordance with a first protocol of the on-premises object store. In some embodiments, the plurality of object stores is coupled to the on-premises object store. In some embodiments, the second object request is in accordance with a second protocol of the target cloud object store.
Examples of systems described herein include a file server virtual machine of a virtualized file server configured to manage storage of a plurality of storage items. The file server virtual machine including a file system configured to receive an access request directed to a storage item of the plurality of storage items and associated with a user. The file system is further configured to retrieve an access control list having permissions information associated with the storage item, and to cache a permissions profile for the user including all permissions pertaining to the user for the storage item. The file system is further configured to determine whether the access request is permissible based on the cached permissions profile.
Anomaly detection includes receiving, for one or more data points of a data set, an anomaly label indicating whether the one or more data points is an anomaly; generating, using a first machine learning model, one or more hyperparameters based on the one or more data points and the anomaly label; and training a second machine learning model to determine anomalies in the data set, wherein the training is based on the one or more hyperparameters.
Various embodiments set forth techniques for managing devices in a virtual environment. The techniques include mapping a virtual device of a virtual computing instance to a first device implementation. The techniques further include, in response to a trigger condition, remapping the virtual device to a second device implementation. The remapping is transparent to the virtual computing instance.
Systems for distributed data storage. A method commences upon accessing a set of data items that describe computing nodes to be organized into a ring topology. The ring topology and distributed data storage policies are characterized by quantitative failure-resilient characteristics such as a replication factor. Various characteristics of the topology serve to bound two or more availability domains of the ring into which the computing nodes can be mapped. A set of quantitative values pertaining to respective quantitative failure-resilient characteristics are used for enumerating candidate ring topologies where the computing nodes are mapped into the availability domains. Using the quantitative failure-resilient characteristics, alternative candidate ring topologies are evaluated so as to determine a configuration score for candidate ring topologies. A candidate ring topology is configured based on a computed configuration score surpassing a threshold score. When a failure event is detected, the ring is reevaluated, remapped, and considered for reconfiguration.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 3/06 - Digital input from, or digital output to, record carriers
An illustrative embodiment disclosed herein is an apparatus including a processor having programmed instructions to create a global region that is associated with a first bucket partition and a second bucket partition different from the first bucket partition, provide, to the global region, region information of a source region in which a source object is stored, create a destination region in which a destination object is stored, and provide, to the destination region, from the global region, the region information of the source region. In some embodiments, the source region is in the first bucket partition and the destination region is in the second bucket partition.
An illustrative embodiment disclosed herein is an apparatus including a processor and a memory. In some embodiments, the memory includes programmed instructions that, when executed by the processor, cause the apparatus to apply a category to a first virtual machine (VM) and a second VM, schedule the first VM and the second VM to be placed on a host at least based on the first VM and the second VM including the category, and apply a security policy to the first VM and the second VM at least based on the first VM and the second VM including the category.
An illustrative embodiment disclosed herein is an apparatus including a processor having programmed instructions to place a first compute resource in a storage node of an object storage platform and to place a second compute resource in a compute node in a client coupled to the object storage platform via a public network. In some embodiments, unstructured data is stored in the storage node. In some embodiments, the first compute resource of the storage node preprocesses the unstructured data. In some embodiments, the preprocessed unstructured data is sent to the compute node. In some embodiments, the second compute resource trains a machine learning (ML) model using the preprocessed unstructured data.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
Methods, systems and computer program products for intra-footprint computing cluster bring-up within a virtual private cloud. A network connection is established between an initiating module and a virtual private cloud (VPC). An initiating module allocates resources of the virtual private cloud including a plurality of nodes that correspond to members of a to-be-configured computing cluster. A cluster management module having coded therein an intended computing cluster configuration is configured into at least one of the plurality of nodes. The members of the to-be-configured computing cluster interoperate from within the VPC to accomplish a set of computing cluster bring-up operations that configure the plurality of members into the intended computing cluster configuration. Execution of bring-up instructions of the management module serve to allocate networking IP addresses of the virtual private cloud. The allocated networking IP addresses of the virtual private cloud are assigned to networking interfaces of the plurality of nodes.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
A platform-as-a-service infrastructure and application lifecycle manager is configured to implement a common services model to deploy selected services from a common set of services to service domains hosted on multiple different cloud platforms by abstracting dependence on availability of various additional supporting services, such as services that are platform-specific. The platform-as-a-service infrastructure and application lifecycle manager may also manage a lifecycle of available services, such as managing upgrades and/or patches to services.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
Methods, systems, and computer program products for flexible virtualization system deployment into different cloud computing environments. A set of floating licenses to virtualization system software components is established. The set of floating licenses are configured to permit usage of the virtualization system software components on different cloud computing infrastructures. Workload parameters of a workload to be deployed to one of the different cloud computing infrastructures is considered with respect to cloud attributes corresponding to the different cloud computing infrastructures. One or more candidate target cloud computing infrastructures are selected based upon a comparison between workload attributes of a computing workload and cloud attributes of the candidate target cloud computing infrastructures. Virtualization system software components are deployed into the selected target cloud computing infrastructures. Licenses to the virtualization system software components can float between any combination of different cloud computing infrastructures, including floating the licenses between private clouds and public clouds.
One embodiment of the present invention facilitates address resolution protocol (ARP) resolution in an extended subnet. A gateway of a first segment of the extended subnet can determine that a layer-2 address corresponding to a layer-3 destination address of a packet is locally unavailable. The gateway can then determine whether a respective egress interface of an ARP request for the layer-3 destination address is associated with a layer-2 subnet extension from the first segment to a second segment of the extended subnet. The extension can provide a common layer-2 broadcast domain comprising the first and second segments with a same default gateway layer-3 address. If the egress interface is associated with the extension, the gateway can insert a layer-3 address of a first endpoint associated with the extension as a source protocol address in the ARP request. The gateway can send the modified ARP request via the egress interface.
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Methods, systems, and computer program products for importing a workload from an external system into a virtualization system. A virtual disk (vDisk) is created based on analysis of the data layout of the workload. The vDisk is sharded into a plurality of non-overlapping shards. Independently executing shard controllers are assigned to the non-overlapping shards. On an ongoing basis, the plurality of shard controllers manage respective shards of the plurality of shards. I/O activity on at least some individual ones of the plurality of shard controllers is monitored on an ongoing basis. Two or more shard controllers can be merged into a single shard controller when the I/O activity on the two or more shard controllers is measured to be below a threshold. A single shard controller can be split into two or more shard controllers when I/O activity on the single shard controller is measured to be above a threshold.
Disclosed is an approach for implementing a metadata cache in a virtualization system. A self-adaptive approach is provided to keep compressed and uncompressed entries together in cache. Along with adaptive nature, disclosed is an approach to prioritize critical workloads for the cache.
One embodiment of the present invention provides a system for facilitating layer-2 subnet extension. During operation, the system can query, from a first administrative domain, a remote database of a second administrative domain for configuration information associated with one or more remote network segments. The system can obtain, from a user interface of the first administrative domain, an instruction for performing layer-2 subnet extension from a first network segment under the first administrative domain to a second network segment of the one or more remote network segments for providing a common layer-2 broadcast domain. The system can then send a remote instruction executable in the second administrative domain for configuring a remote endpoint for the extension. The system can also configure a local endpoint in the first network segment for the extension. Subsequently, the system can establish a data connection between the local and remote endpoints for the extension.
A system and method include providing a user interface for provisioning of the database using a selectable one of a plurality of database engines supported by the database management system, each of the supported ones of the plurality of database engines having a software profile, receiving a request via the user interface to create a new database for a first database engine not supported by the database management system, requesting and receiving a first binary for a database software for the first database engine and a second binary for an operating system software for the first database engine, and creating a first software profile from the first binary and the second binary, said first software profile usable by the database management system to create the new database using the first software profile.
A system and method include receiving request to create a database group, receiving selection of a database server virtual machine on which to create the database group, receiving selection of at least one database from a list of databases that are not part of another database group to add to the database group, receiving selection of a Service Level Agreement (“SLA”) and a protection schedule, and creating the database group on the database server virtual machine, including associating the database group with the SLA and the protection schedule and adding the at least one database to the database group. Each of the at least one database is protected using the same SLA and the protection schedule that is associated with the database group.
Techniques for migrating a virtual machine from a source node to a target node. A source node hosting a virtual machine is interconnected over a hardware-assisted interconnection fabric to a target node that is configured to receive all or portions of a to-be-migrated virtual machine. During migration, some portions of the virtual machine's memory contents might be at the source node, whereas other portions of the virtual machine's memory might be at the target node. When a CPU is processing a next instruction of a first virtual machine running on a source node, then rather than accessing physical memory of the source node, instead using the hardware-assisted interconnection fabric to fetch the next instruction from the target node. CPUs that are executing virtual machine code at either the source node or the target node can fetch instructions from memory at either node, or from memory of the hardware-assisted interconnection fabric.
Methods, systems, and computer code for CPU-oblivious replication of memory of a virtual machine from one computing node to another computing node over PCIe hardware. A source virtual machine is designated to be replicated from a source computing node of a multi-node computing cluster to a target computing node of the multi-node computing cluster. When a CPU of the source computing node decodes an instruction that causes a change to contents of a memory location of the source virtual machine, the changed contents of the memory location is copied into a memory address of a target virtual machine by using hardware capabilities of two or more PCIe devices to synchronously clone data from the source computing node to the target computing node. The CPU of the source computing node obliviously waits to execute a further instruction of the source virtual machine until accomplishment of the cloned memory WRITE transaction.
In some aspects, a non-transitory computer readable medium includes instructions when executed by a processor cause the processor to configure an object store, execute a pre-check of the configuration of the object store, provide an indication that the pre-check has passed, and responsive to providing the indication that the pre-check has passed, permit a selection to deploy the object store.
A system and method for updating a customer cluster includes receiving first data from a group of customers intended to receive an update, identifying a subset of customers from the group of customers based on the first data for receiving a canary version of the update, facilitating installation of the canary version of the update on each of the subset of customers, receiving second data from each of the subset of customers upon installation of the canary version of the update, predicting whether the subset of customers that receive the canary version is to increase or decrease based on the second data, and adjusting a number of customers in the subset of customers for receiving the canary version of the update based on the prediction.
In some embodiments, a method includes receiving a plurality of actions associated with a reinforcement learning model; generating a plurality of combinations of actions based on the plurality of actions; analyzing the plurality of combinations of actions; generating at least one subset of indispensable actions based on the analyzing; selecting a set of training actions from the plurality of actions based on the at least one subset of indispensable actions; and training the reinforcement learning model based on the set of training actions.
Methods, systems, and computer program products for executing trusted software components in public computing clouds. Verifiably authentic software components are installed into a tenant partition of a multi-tenant public cloud-based environment. To do so, a software component installer is configured to install registered software components into the tenant partition. Installer processing includes (1) obtaining a component-specific token for a software component wherein the component-specific token is specific to both the software component to be installed and a particular tenant, and (2) installing the software component on behalf of the given tenant in the multi-tenant public cloud-based environment. Prior to executing the underlying code of the tenant-specific software component, the software component is authenticated with a component registry using the component-specific token. Additional trusted components are installed based on demand from within the tenant partition. No user or administrator intervention is needed and no credentials are hard-coded into the software components.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
82.
Dynamically adaptive technique for reference snapshot selection
A reference snapshot selection technique is configured to select a reference snapshot resolution algorithm used to determine an appropriate reference snapshot that may be employed to perform incremental snapshot replication of workload data between primary and secondary sites in a data replication environment. A reference resolution procedure is configured to process a set of constraints from the data replication environment to dynamically select the reference snapshot resolution algorithm based on a figure of merit that satisfies administrative constraints to reduce or optimize resource utilization in the data replication environment.
A technique improves storage efficiency of an object store configured to maintain numerous snapshots for long-term storage in an archival storage system by efficiently determining data that is exclusively owned by an expiring snapshot to allow deletion of the expiring snapshot from the object store. The technique involves managing index data structures to enable efficient garbage collection across a very large number of data objects. When a snapshot expires, the technique obviates the need to scan the numerous snapshot data objects to determine which index structures are no longer needed and can be reclaimed (garbage collected). The technique is directed to management of underlying storage based on different sets of policies. When certain snapshots expire and are ready for deletion, the technique is directed to finding those data blocks that are no longer referenced (used) by any valid snapshots.
An example Internet of Things (IoT) sensor application hosted on a mobile device is configured to add the mobile device as a data sensor or source in the IoT system. The IoT sensor application is configured to provide an interface between an input or output component of the mobile device and a data pipeline or application and/or to cloud data storage associated with an IoT system. The loT sensor application is configured to connect to an edge device of the IoT system and search for a data source identifier associated with the type of data source component, and corresponding application(s) and/or data pipeline(s) to which the data source is connected. Once connected, the IoT sensor application provides captured data to or receives processed or playback data from the data source.
G06K 19/06 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
G16Y 40/35 - Management of things, i.e. controlling in accordance with a policy or in order to achieve specified objectives
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
85.
DISTRIBUTED PACKAGE MANAGEMENT USING META-SCHEDULING
A system for package management includes an interface and a processor. The interface is to receive an indication to install a package. The processor is to determine a configured package using a set local configuration properties and using the package and to launch, using a metascheduler, a set of subschedulers to install a plurality of applications of the configured package.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
H04L 67/00 - Network arrangements or protocols for supporting network services or applications
In some aspects, a non-transitory computer readable storage medium includes instructions stored thereon that, when executed by a processor, cause the processor to create a virtual swap space that is exposed to a core system software, intercept a first page selected by the core system software to be swapped out to the virtual swap space, map the virtual swap space to a physical swap space that is allocated to a type of page associated with first swap metadata, and write the first page to the physical swap space based on the first page having the first swap metadata. In some embodiments, the first page is associated with the first swap metadata.
A file server manager disclosed herein accesses information regarding a selected share of a source distributed file server for replication, where the selected share stores at least a portion of a namespace of storage items and is hosted by a first file server virtual machine of the source distributed file server. The file server manager accesses a mapping between virtual machines of the source distributed file server and virtual machines of the destination distributed file server and replicates the selected share to a second file server virtual machine of the destination distributed file server based on the mapping. The file server manager directs a request to read a first storage item to the destination distributed file server and directs a request to write to a second storage item to the source distributed file server while the destination distributed file server services the request to read the first storage item.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
An example file server manager provides a user interface for selection of a share of a source distributed file server to be replicated at a destination distributed file server, where the share of the source distributed file server is accessed using a first file server virtual machine at the source distributed file server. The file server manager configures a policy for replication of the share of the source distributed file server to the destination distributed file server based on input received at the user interface and displays, at the user interface, a replication status for the share of the source distributed file server. The replication status indicates that a share of the destination distributed file server corresponding to the share of the source distributed file server has been updated based on a snapshot of the source distributed file server.
An example file server manager updates a selected share of a destination distributed file server based on a snapshot of at least a portion of a selected share of a source distributed file server. The selected share of the destination distributed file server is updated while the source distributed file server serves client requests for storage items of the selected share of the source distributed file server. The file server manager receives a request to failover from the source distributed file server to the destination distributed file server and configures the destination distributed file server to service read and write requests for storage items of the selected share of the destination distributed file server. The file server manager further redirects client requests for storage items of the selected share of the source distributed file server to the destination distributed file server by updating active directory information.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
H04L 67/563 - Data redirection of data network streams
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
90.
FILE SERVER MANAGERS AND SYSTEMS FOR MANAGING VIRTUALIZED FILE SERVERS
An example file server manager disclosed herein receives a registration for a distributed file server, where the distributed file server is hosted in a virtualization environment and includes a cluster of file server virtual machines configured to provide access to a file system. The file server manager further synchronizes metadata with the distributed file server, the metadata including identification of each of the file server virtual machines of the cluster of file server virtual machines, the metadata including information regarding the file system and receiving a management request for the distributed file server. The file server manager further formats the management request for the virtualization environment based on the metadata and utilizing information from the registration to access the distributed file server with the formatted management request.
Methods, systems and computer program products for bringing-up a computing cluster on a public cloud infrastructure with techniques utilizing expressed intents (high level descriptions of desired configuration) and asynchronously receiving configuration status messages from the public cloud infrastructure. The method includes a cloud management computing system transmitting to the public cloud infrastructure a first expressed intent for bringing-up a computing cluster. The cloud management computing system asynchronously receiving periodic status messages comprising cluster status data from the public cloud infrastructure reflecting a current configuration state of the computing cluster. The system determines, based on the cluster status data, whether the first expressed intent for the computing cluster has been achieved.
An indexing technique provides an index data structure for efficient retrieval of a snapshot from a long-term storage service (LTSS) of an archival storage system. The snapshot is generated from typed data of a logical entity, such as a virtual disk (vdisk). The data of the snapshot is replicated to a frontend data service of the LTSS sequentially and organized as one or more data objects for storage by a backend data service of LTSS in an object store of the archival storage system. Metadata associated with the snapshot (i.e., snapshot metadata) is recorded as a log and persistently stored on storage media local to the frontend data service. The snapshot metadata includes information describing the snapshot data, e.g., a logical offset range of a snapshot of the vdisk and, thus, is used to construct the index data structure. Notably, construction of the index data structure is deferred until after the entirety of the snapshot data has been replicated and received by the frontend data service.
A technique efficiently migrates a live virtual disk (vdisk) across storage containers of a cluster having a plurality of nodes deployed in a virtualization environment. Each node is embodied as a physical computer with hardware resources, such as processor, memory, network and storage resources, that are virtualized to provide support for one or more user virtual machines (UVM) executing on the node. The storage resources include storage devices embodied as a storage pool that is logically segmented into the storage containers configured to store one or more vdisks. The storage containers include a source container having associated storage policies and a destination container having different (new) storage policies. The technique enables migration of the live vdisk from the source container to the destination container without powering down the UVM and halting input/output accesses to the vdisk, and while maintaining uninterrupted servicing of data from the live vdisk during the migration transparent to the executing UVM.
Methods, systems and computer program products for bringing-up a computing cluster on a public cloud infrastructure. The method includes using a multicloud management system which is configured to bring-up a computing cluster on any one of a plurality of different public cloud infrastructures to bring-up the cluster in a user's account on the public cloud infrastructure, allowing the user to directly utilize tools and features of the public cloud infrastructure and/or computer security of the user's choice.
A highly available database system includes a first instance of a database server on a first cluster of a virtual computing system, a second instance of the database server on a second cluster of the virtual computing system, a first instance of an administration database on the first cluster, and a second instance of the administration database on the second cluster. The first instance of the database server and the second instance of the database server form a highly available database server, the first instance of the administration database and the second instance of the administration database form a highly available administration database, and the first instance of the database server, the second instance of the database server, the first instance of the administration database, and the second instance of the administration database are configured to manage at least one customer database.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
96.
ARCHITECTURE FOR MANAGING I/O AND STORAGE FOR A VIRTUALIZATION ENVIRONMENT USING EXECUTABLE CONTAINERS AND VIRTUAL MACHINES
Systems for high-performance computing. A storage control architecture is implemented by a plurality of nodes, where a node comprises combinations of executable containers that execute in cooperation with virtual machines running above a hypervisor. The containers run in a virtual machine above a hypervisor, and/or can be integrated directly into the operating system of a host node. Sensitive information such as credit card information may be isolated from the containers in a separate virtual machine that is configured to be threat resistant, and which can be accessed through a threat resistant interface module. One of the virtual machines of the node may be a node-specific control virtual machine that is configured to operate as a dedicated storage controller for a node. One of the virtual machines of the node may be a node-specific container service machine that is configured to provide storage-related and other support to a hosted executable container.
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
97.
Independent encoding and transformation of related data replicas and localized background data management in a distributed file system
Various embodiments set forth techniques for maintaining replicas of a data set. The techniques include storing, by a first node, a first replica of the data set on the first node; storing, by a second node, a second replica of the data set on the second node; and performing, by the first node and based on first metadata associated with the first replica, a first data management activity on the first replica that changes a first format of the first replica so that the first format of the first replica is different from a second format of the second replica.
A high frequency snapshot technique improves data replication in a disaster recovery (DR) environment. A base snapshot is generated from failover data at a primary site and replicated to a placeholder file at a secondary site. Upon commencement of the base snapshot generation and replication, incremental light weight snapshots (LWSs) of the failover data are captured and replicated to the secondary site. A staging file at the secondary site accumulates the replicated LWSs (“high-frequency snapshots”). The staging file is populated with the LWSs in parallel with the replication of the base snapshot at the placeholder file. At a subsequent predetermined time interval, the accumulated LWSs are synthesized to capture a “checkpoint” snapshot by applying and pruning the accumulated LWSs at the staging file. Once the base snapshot is fully replicated, the pruned LWSs are merged to the base snapshot to synchronize the replicated failover data.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
G06F 7/14 - Merging, i.e. combining at least two sets of record carriers each arranged in the same ordered sequence to produce a single set having the same ordered sequence
G06F 16/215 - Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
A system for resolving interference on a cluster computing system includes a processor. The processor is configured to determine whether a second worker system has resources available to run the first or second task; in response to determining that the second worker system has the resources available to run the second task, move the second task from the first to the second worker system; in response to determining that the second worker system has the resources available to run the first task and does not have resources available to run the second task, move the first task from the first to the second worker system; and in response to determining that the second worker system does not have the resources available to run the first or second task, limit a resource allocation of the first or second task.
One or more non-transitory computer-readable media can store program instructions that, when executed by one or more processors, cause the one or more processors to perform steps of organizing storage as a set of storage regions, each storage region having a fixed size; and for each storage region, storing a storage allocation structure of the storage region formatted in a first format selected from a format set including at least two formats, determining a change of an allocation feature of the storage region, based on the allocation feature of the storage region, selecting, from the format set, a second format of the storage allocation structure, and reformatting the storage allocation structure in the second format.