Abstract: Various methods and systems for protecting against chosen plaintext attacks when encrypting data for storage on an untrusted storage system are disclosed. One method involves generating an encryption key for use in encrypting data and generating an identifier for the data. Generation of the encryption key is based upon a hash of the data to be encrypted. The method also involves detecting whether an encrypted copy of the data is already stored by a storage system, based upon the identifier. The method also modifies the data to be encrypted or the encryption key, based upon a client-specific value, prior to generating the identifier.

Abstract: Various systems and methods for exchanging communications between devices coupled by an address translation device are disclosed. These techniques can be used to facilitate automatic relationship discovery. One method involves extracting a sequence number from a TCP acknowledgment message being conveyed from a network interface to a TCP stack, and then sending a new TCP message, which includes the sequence number.

Abstract: System and method for tracking statistics at the subfile level and transparently placing or migrating inactive or less active blocks of data to other storage devices. Embodiments may provide mechanisms to track statistics at the subfile level of files including, but not limited to, database files, and to transparently place or migrate inactive or less active blocks of data of the files from higher-performing, typically more expensive, storage to lower-performing, typically less expensive, storage, while placing or migrating active blocks of data of the files to higher-performing storage, based on the subfile-level statistics rather than on file-level timestamps. In some embodiments, knowledge of file structure (e.g., database file structure), for example knowledge of database partitions with header blocks and data blocks in databases using data partitioning, may be used to separate more active and less active blocks of data of files onto storage with different performance and/or other characteristics.

Abstract: Systems and methods for detecting content similarity in email documents are disclosed. In one embodiment, a method comprises generating a first token value for each of a plurality of character sequences of a first email document, selecting a first subset of the plurality of character sequences based on the first token values, and generating one or more hash values corresponding to the selected first subset of character sequences. The method further comprises generating a second token value for each of a plurality of character sequences of a second email document, selecting a second subset of the plurality of character sequences based on the second token values, and generating one or more hash values corresponding to the selected second subset of character sequences. The method additionally comprises comparing the one or more hash values corresponding to the selected first subset with the one or more hash values corresponding to the selected second subset.

Abstract: A first node in the network may broadcast a recovery request via one or more links to one or more other nodes. The recovery request may specify a first address, where the first address is associated with one or more nodes in the network. Nodes may receive and forward the recovery request until every node with which the first address is associated receives the recovery request and returns a recovery response. The recovery responses may be used to create route information for routing a message to each node with which the first address is associated.

Abstract: A system and method for backing up data from a client computer system are described. The system may include the client computer system, a primary backup server computer system, and an alternate backup server computer system. The primary backup server computer system may be privately accessible to the client computer system via a virtual private network (VPN). The alternate backup server computer system may be accessible to the client computer system via a public or open network such as the Internet. The client computer system may be configured to backup a first set of data to the alternate backup server computer system at a particular time via the Internet in response to determining that the client computer system is not connected to the VPN at the particular time.

Abstract: In some embodiments, a method is provided and a computer accessible medium comprising instructions which, when executed, implement the method is also provided. A recovery time for recovery of at least one asset is estimated responsive to at least one metric represented in metric data. The metric data is accumulated prior to the estimation. In various embodiments, data protection operations may include one or more of asset copy operations, recovery operations, etc. The estimated recovery time may be reported to a user. In other embodiments, metric data may be used to validate recoverability. In still other embodiments, recovery metrics may be calculated and displayed to the user along with corresponding recovery targets and objectives.

Abstract: The present invention provides a method and system for automated management of information technology. A computer-implemented method according to the present invention includes detecting a condition in an infrastructure, automatically determining an action to be taken and automatically performing the action. The automatically determining is performed in response to the detecting, and the action is in response to the condition.

Abstract: Configuration data, such as options a file system accessed by a host system, may be stored on the storage device storing the file system. File system configuration data may be stored in a file of the file system or in a private storage area configured for storing file system configuration data. A host may access the file system configuration data and subsequently may access the file system according to the file system configuration data. Additionally, different versions of file system configuration data may be stored and different hosts accessing the file system may read and use different versions of the file system configuration data based upon the type or context of the host accessing the file system. Storing file system configuration data with the file system data, or on the same storage device, may allow context dependent options to be provided to various hosts accessing the file system data.

Abstract: A local host computer system creates a full backup image and one or more incremental backup images. The local host computer system transmits data from the full backup image and the one or more incremental backup images to a remote host computer system. The remote host computer system receives the data from the full backup image and the one or more incremental backup images from the local host computer system, and creates a synthetic backup image using the data from the full backup image and the one or more incremental backup images. In some embodiments, complete copies of the full backup image and the one or more incremental backup images may be transmitted to the remote host computer system. In other embodiments only the portions of the incremental backup images that are actually needed to create the synthetic backup image may be transmitted to the remote host computer system, and unneeded portions may not be transmitted.

Abstract: A system and method for compiling part of the bytecode for a software application into native code at install time when the software application is installed on a particular computer are described. According to one embodiment of the method, usage information for the software application may be received. The usage information may indicate how frequently or commonly each of a plurality of features of the software application is used. The usage information may be analyzed to determine a rank ordering of the features. The method may further comprise installing the software application on the particular computer. Installing the software application may comprise compiling one or more bytecode modules of the software application into native code, where the one or more bytecode modules are selected from a plurality of bytecode modules depending upon the rank ordering of the features.

Abstract: A method, system and apparatus for assembling and publishing frequent malware signature definition updates through the use of additive or “streaming” definition packages is provided. Embodiments of the present invention provide such functionality by publishing not only full malware signature definition updates on a long periodicity but also streaming malware signature definition updates containing newly certified signature definitions on a short periodicity. As newly-certified malware signature definitions are received, those newly-certified signature definitions are incorporated not only in the full signature definition file but also in a streaming signature definition update that contains only newly-certified signature definitions received during a streaming update period. At the end of the streaming update period, a streaming signature definition file is made available by publication to anti-malware clients.

Abstract: A method and apparatus of uniquely tagging a computer system that is provisioned using a provisioning server. The unique tag is hidden within the computer system by exploiting select characteristics of the computer system to ensure that the tag is both hidden and semi-immutable. The tag may be embedded by manipulating such characteristics as the INODE differentials, the disk sector differentials, or the directory order. The tag may encode the unique identifier for the provisioned computer, as well as other information about the provisioning server, such as serial number, version number of the software, or any other information that is pertinent to identifying or monitoring the use of the software.

Abstract: A method and apparatus for scheduling a backup operation for a computer is described. The method includes searching a database for at least one record possessing an absence indicia. The method further includes scheduling an operation to be performed during a time period associated with the at least one record.

Abstract: Various embodiments of a system and method for providing protection against malicious software programs are disclosed. The system and method may be operable to detect that a first window of a legitimate software program has been replaced by a second window of a malicious software program, e.g., where the second window includes features to mimic the first window in an effort to fool the user into inputting sensitive information into the second window. The method may operate to alert the user when the window replacement is detected.

Abstract: A method and system for improving performance with single-instance-storage volumes by leveraging data locality is provided. A client provides a set of fingerprints generated from data segments to be saved to a single-instance storage volume and receives the information on whether a data segment exists on the single-instance storage volume and where it is stored if a data segment exists. Based on its received information, the client determines if a number of non-sequential accesses of a computer-readable medium for the set of segments from the single-instance-storage volume exceeds a predetermined threshold. If so, the client provides the whole set of data segments for storage within the single-instance storage volume regardless of whether or not the data segments are duplicate data segments. These sent data segments will be stored contiguously within the single-instance storage volume while the duplicates will be removed from their previous stored locations.

Abstract: A system and method for creating a backup image from a volume including a plurality of files are described. Information specifying a subset of the files, but not all of the files, to backup may be received. The volume may include a plurality of blocks, where the plurality of blocks includes a respective set of data blocks for each file of the volume and blocks of file system metadata structures for the volume. The method may comprise identifying a subset of, but not all of, the plurality of blocks to copy into the backup image. The subset of blocks may include each data block for each file of the subset of files, and may also include blocks of one or more file system metadata structures needed for accessing the subset of files. The method may further comprise copying each block of the subset of blocks into the backup image. In some embodiments the subset of blocks may be copied into the backup image without copying data blocks for files not in the specified subset of files.

Abstract: Various methods and systems for performing data deduplication when encrypting data for storage on an untrusted storage system are disclosed. One method involves generating an encryption key for use in encrypting data and generating an identifier for the data. Generation of the encryption key is based upon a hash of the data to be encrypted. Similarly, generation of the identifier is based upon the hash of the data to be generated. For example, the identifier can be generated by hashing the encryption key. The method then involves detecting whether an encrypted copy of the data is already stored by a storage system, based upon the identifier, and selectively encrypting the data, based upon whether the encrypted copy of the data is already stored by the storage system.

Abstract: A system and method for storing a data object in a single-instance storage system are described. The data object may be deconstructed into a template and one or more values. If the template is not already stored in the single-instance storage system then it may be stored. Otherwise an existing copy of the template may be referenced. Similarly, existing copies of the values may be referenced if they are already present, or otherwise the values may be stored. Reconstruction information useable to reconstruct the data object may also be stored. The reconstruction information may reference the template and the one or more values stored in the single-instance storage system.

Abstract: Various systems and methods for monitoring an application or service group within one cluster as a resource of another cluster are disclosed. In one embodiment, a method involves detecting an error indication generated by a first cluster (e.g., the error indication can be generated by a cluster controller or service group within the first cluster). The first cluster is implemented on a cluster resource (e.g., a virtual machine) of a second cluster. In response to detecting the error indication, restart of the cluster resource is initiated.