Abstract: An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and signatures of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion. The signatures of the storage level logical unit include encoded data of files of the storage level logical unit that are monitored in the point-in-time copy.

Abstract: Methods and systems are provided. A method includes managing, by a software defined network (SDN) controller, OpenFlow rules stored on an OpenFlow network device having a ternary content addressable memory (TCAM). The OpenFlow rules include unreachable OpenFlow rules and reachable OpenFlow rules. The managing step includes querying at least one OpenFlow rule from among the unreachable OpenFlow rules and the reachable OpenFlow rules on the at least one OpenFlow network device. The managing step further includes determining whether any of the OpenFlow rules are reachable or unreachable from indicia used to mark the OpenFlow rules as reachable or unreachable. The managing step also includes causing a removal of the unreachable OpenFlow rules from the OpenFlow network device.

Abstract: A method for detecting Quality of Service degradation in a network flow includes collecting time series data representing statistical information pertaining to a network flow registered with a network flow monitoring service. The time series data is collected from at least two network elements on a path of the network flow configured to report the time series data. The method further includes indicating Quality of Service degradation in the network flow based on a similarity of the time series data to expected time series data being below a specified similarity threshold, and triggering at least one action to address the similarity being below the specified similarity threshold.

Abstract: An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and signatures of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion. The signatures of the storage level logical unit include encoded data of files of the storage level logical unit that are monitored in the point-in-time copy.

Abstract: An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and a signature of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion.

Abstract: A method, system and computer program product are disclosed for recovery in a virtualized environment using remote direct memory access (RDMA). In one embodiment, the method comprises operating a virtual computer system on a physical computer system, and the virtual system maintains in a memory area a record of a state of the virtual system. In this method, when defined error conditions occur on the virtual system, RDMA is used to pull the record of the state of the virtual system from that memory area onto a standby computer. This record on the standby computer is used to re-initialize the virtual computer. Embodiments of the invention provide methods that provide a very fast recovery from a virtual machine fault or error, while requiring much fewer resources than standard approaches. In embodiments of the invention, one spare real computer system can be used for backing up several virtual systems.

Abstract: Methods and systems are provided. A method includes managing, by a software defined network (SDN) controller, OpenFlow rules stored on an OpenFlow network device having a ternary content addressable memory (TCAM). The OpenFlow rules include unreachable OpenFlow rules and reachable OpenFlow rules. The managing step includes querying at least one OpenFlow rule from among the unreachable OpenFlow rules and the reachable OpenFlow rules on the at least one OpenFlow network device. The managing step further includes determining whether any of the OpenFlow rules are reachable or unreachable from indicia used to mark the OpenFlow rules as reachable or unreachable. The managing step also includes causing a removal of the unreachable OpenFlow rules from the OpenFlow network device.

Abstract: Methods and systems are provided. A method includes managing, by a software defined network (SDN) controller, OpenFlow rules stored on an OpenFlow network device having a ternary content addressable memory (TCAM). The OpenFlow rules include unreachable OpenFlow rules and reachable OpenFlow rules. The managing step includes querying at least one OpenFlow rule from among the unreachable OpenFlow rules and the reachable OpenFlow rules on the at least one OpenFlow network device. The managing step further includes determining whether any of the OpenFlow rules are reachable or unreachable from indicia used to mark the OpenFlow rules as reachable or unreachable. The managing step also includes causing a removal of the unreachable OpenFlow rules from the OpenFlow network device.

Abstract: An apparatus comprises a storage controller coupled to at least one multi-region storage device. The at least one multi-region storage device comprises two or more storage regions, the two or more storage regions comprising a first storage region associated with a first set of failure characteristics and at least a second storage region associated with a second set of failure characteristics different than the first set of failure characteristics. The storage controller is configured to replicate in the second storage region at least a portion of data that is stored in the first storage region.

Abstract: Methods and systems are provided. A method includes managing, by a software defined network (SDN) controller, OpenFlow rules stored on an OpenFlow network device having a ternary content addressable memory (TCAM). The OpenFlow rules include unreachable OpenFlow rules and reachable OpenFlow rules. The managing step includes querying at least one OpenFlow rule from among the unreachable OpenFlow rules and the reachable OpenFlow rules on the at least one OpenFlow network device. The managing step further includes determining whether any of the OpenFlow rules are reachable or unreachable from indicia used to mark the OpenFlow rules as reachable or unreachable. The managing step also includes causing a removal of the unreachable OpenFlow rules from the OpenFlow network device.

Abstract: A method and system are provided. The method includes automatically transferring configuration information from at least one network device to at least one software defined networking controller. The automatically transferring step includes retrieving configuration information associated with the at least one network device, converting the configuration information into a format usable by the at least one software defined networking controller, and configuring the at least one software defined networking controller with the converted configuration information.

Abstract: A method for detecting Quality of Service degradation in a network flow includes collecting time series data representing statistical information pertaining to a network flow registered with a network flow monitoring service. The time series data is collected from at least two network elements on a path of the network flow configured to report the time series data. The method further includes indicating Quality of Service degradation in the network flow based on a similarity of the time series data to expected time series data being below a specified similarity threshold, and triggering at least one action to address the similarity being below the specified similarity threshold.

Abstract: Methods and a system are provided for detecting a Quality of Service degradation in a network flow. A method includes configuring, by a monitoring element, at least two network elements on a path of a network flow to report statistical information pertaining to the network flow as time series data. The method further includes collecting, by the monitoring element, the time series data from the network elements. The method also includes computing, by the monitoring element, a similarity of the time series data. The method additionally includes indicating, by the monitoring element, the Quality of Service degradation when the similarity is below a specified similarity threshold.

Abstract: An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and a signature of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion.

Abstract: A method for detecting a modification to stored data includes continuously creating a point-in-time copy of a storage level logical unit, the point-in-time copy comprising a volume copy of the storage level logical unit and a signature of the storage level logical unit, comparing at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, and monitoring, based on the comparing, changes on certain logical blocks of the stored data, using the signature of the storage level logical unit.

Abstract: A method, system and computer program product are disclosed for recovery in a virtualized environment using remote direct memory access (RDMA). In one embodiment, the method comprises operating a virtual computer system on a physical computer system, and the virtual system maintains in a memory area a record of a state of the virtual system. In this method, when defined error conditions occur on the virtual system, RDMA is used to pull the record of the state of the virtual system from that memory area onto a standby computer. This record on the standby computer is used to re-initialize the virtual computer. Embodiments of the invention provide methods that provide a very fast recovery from a virtual machine fault or error, while requiring much fewer resources than standard approaches. In embodiments of the invention, one spare real computer system can be used for backing up several virtual systems.

Abstract: A method, system and computer program product are disclosed for recovery in a virtualized environment using remote direct memory access (RDMA). In one embodiment, the method comprises operating a virtual computer system on a physical computer system, and the virtual system maintains in a memory area a record of a state of the virtual system. In this method, when defined error conditions occur on the virtual system, RDMA is used to pull the record of the state of the virtual system from that memory area onto a standby computer. This record on the standby computer is used to re-initialize the virtual computer. Embodiments of the invention provide methods that provide a very fast recovery from a virtual machine fault or error, while requiring much fewer resources than standard approaches. In embodiments of the invention, one spare real computer system can be used for backing up several virtual systems.

Abstract: A method for detecting a modification to stored data includes continuously creating a point-in-time copy of a storage level logical unit, the point-in-time copy comprising a volume copy of the storage level logical unit and a signature of the storage level logical unit, comparing at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, and monitoring, based on the comparing, changes on certain logical blocks of the stored data, using the signature of the storage level logical unit.

Abstract: A method (and system) for detecting intrusions to stored data includes creating a point-time-copy of a logical unit, and comparing at least a portion of the point-time-copy with a previous copy of the logical unit. The method (and system) monitors access to a data storage system and detects an intrusion or any other intentional or unintentional, unwanted modification to data stored in the data storage system. The method (and system) also recovers data once an intrusion or other unwanted modification is detected.

Abstract: An apparatus comprises a storage controller coupled to at least one multi-region storage device. The at least one multi-region storage device comprises two or more storage regions, the two or more storage regions comprising a first storage region associated with a first set of failure characteristics and at least a second storage region associated with a second set of failure characteristics different than the first set of failure characteristics. The storage controller is configured to replicate in the second storage region at least a portion of data that is stored in the first storage region.