Abstract: A first set of storage accesses of a storage system are identified. The first set of storage accesses are associated with a first user. A first plurality of storage access notifications is sent to a first message queue associated with the first user based on the first set of storage accesses. A first message queue timeout value of the first message queue is set based on at least one characteristic associated with the first set of storage accesses.

Abstract: Systems and methods providing object storage gateway for a client device with intermittent connectivity. In one implementation, data objects stored locally on the client device are identified. The data objects are associated with an application running on the client device. Filtered data are produced by filtering the data objects in view of a set of rules. Responsive to determining that a connection between the client device and the server device satisfies a quality condition, the filtered data are synchronized with the server device.

Abstract: Energy consumption associated with users of a distributed computing system can be monitored using tracing according to some examples described herein. In one such example, a system can execute tracing software configured to track usage of a software service and generate tracing information. The tracing information cant attribute the usage of the software service to a group of users. The system can analyze the tracing information to determine a portion of the usage to attribute to a given user. The system can then determine an energy consumption estimate for the user, for example based on the portion of the usage associated with the user and an energy consumption amount associated with the software service. A graphical user interface can be generated indicating the energy consumption estimate for the user.

Abstract: Methods, systems, and computer program products herein provide operations or techniques for managing resource allocation in a data storage environment. According to aspects of the present disclosure, one or more storage nodes of hierarchy on a common hierarchy level are identified as a management group. For example, the one or more storage nodes of hierarchy may include one or more object storage daemons (OSDs) of a controlled replication under scalable hashing (CRUSH) group or the like. The resource utilization in a subset of the one or more storage nodes in the management group are monitored. Based on the monitored resource utilization, a processing device may determine respective scaling factors for allocating resources to the one or more storage nodes in the management group. The processing device may then adjust the resource allocation using the respective scaling factors in the one or more storage nodes.

Abstract: A first data object is received for storing in an object repository of a storage platform. An encryption value of the object repository is increased responsive to identifying that a current entropy level of the first data object exceeds a prior entropy level of the first data object by more than a first threshold value. Remediation is performed by a processing device on the object repository responsive to determining that the encryption value of the object repository exceeds a second threshold value.

Abstract: Methods, systems, and computer program products provide a hybrid data scan pipeline or detector that reduces (as compared to conventional storage operations) response latency and increases scanning accuracy of encryption attacks such as ransomware attacks. For example, a frontend of a storage platform receiving an incoming data object may scan a portion of the data object for a change of an entropy level. The portion scanned may be insignificant relative to the overall size of the data object. As such, the operations of the frontend would place an insignificant delay to the overall storage processing. Other portions of the data object will be processed at a backend of the storage platform. For example, subsequent to receiving the data object, a change of entropy level of the other portions is scanned for detecting ransomware attacks.

Abstract: A method includes generating a container networking configuration in view of the network information associated with the virtual machine, the container networking configuration to provide network access to processes of a virtual machine migrated to a container, wherein the container comprises an isolated execution environment managed by a container orchestration system, and wherein the container networking configuration defines networking rules between containers and processes within the container orchestration system. The method further includes updating the container networking configuration in view of the updated network information after migration of the virtual machine to the container to maintain network access to the virtual machine through the container as the virtual machine continues to execute within the container.

Abstract: A method includes receiving data uploaded to a storage system from a client device and in response to receiving the data, instantiating a serverless function for anonymizing the data uploaded to the storage system. The method further includes retrieving, by the serverless function, an anonymization model to anonymize the data uploaded to the storage system and applying the anonymization model to the data uploaded to the storage system to generate anonymized data.

Abstract: Data can be automatically anonymized in a distributed storage system. For example, a system can receive a notification indicating that an object is stored in a non-persistent bucket of a distributed storage system. The system can read the object from the non-persistent bucket in response to receiving the notification. The system can generate an anonymized version of the object by performing one or more anonymization operations with respect to the object. The system can store the anonymized version of the object in a persistent bucket of the distributed storage system. The system can then transmit a command for causing the object to be removed from the non-persistent bucket.

Abstract: A first set of storage accesses of a storage system are identified. The first set of storage accesses are associated with a first user. A first plurality of storage access notifications is sent to a first message queue associated with the first user based on the first set of storage accesses. A first message queue timeout value of the first message queue is set based on at least one characteristic associated with the first set of storage accesses.

Abstract: A method includes receiving, from an agent executing in a virtual machine, network information associated with the virtual machine, the virtual machine to be migrated to a container. The method further includes generating a container networking configuration based on the network information. The container networking configuration is to provide network access to processes migrated from the virtual machine to the container. The method further includes providing the container networking configuration to a container orchestration system. The container orchestration system is to use the container networking configuration to provide network access to the container.

Abstract: Data can be automatically anonymized in a distributed storage system. For example, a system can receive a notification indicating that an object is stored in a non-persistent bucket of a distributed storage system. The system can read the object from the non-persistent bucket in response to receiving the notification. The system can generate an anonymized version of the object by performing one or more anonymization operations with respect to the object. The system can store the anonymized version of the object in a persistent bucket of the distributed storage system. The system can then transmit a command for causing the object to be removed from the non-persistent bucket.

Abstract: Data can be automatically anonymized in a distributed storage system. For example, a system can receive a notification indicating that an object is stored in a non-persistent bucket of a distributed storage system. The system can read the object from the non-persistent bucket in response to receiving the notification. The system can generate an anonymized version of the object by performing one or more anonymization operations with respect to the object. The system can store the anonymized version of the object in a persistent bucket of the distributed storage system. The system can then transmit a command for causing the object to be removed from the non-persistent bucket.

Abstract: A notification configuration associated with an object is received by a first host system from a client device. The notification configuration causes host systems to generate notifications for the client device upon storing the object at the host systems. The object is stored in a first memory of the first host system. The notification configuration is transmitted by the first host system to a second host system. The object is provided to the second host system, wherein the second host system is to transmit a notification to the client device upon storing the object at a second memory of the second host system.

Abstract: A notification configuration associated with an object is received by a first host system from a client device. The notification configuration causes host systems to generate notifications for the client device upon storing the object at the host systems. The object is stored in a first memory of the first host system. The notification configuration is transmitted by the first host system to a second host system. The object is provided to the second host system, wherein the second host system is to transmit a notification to the client device upon storing the object at a second memory of the second host system.

Abstract: An asymmetric proxy receives a request from a source network, where the source network sends the request at a first networking layer, and determines a destination network associated with the request, where the destination network communicates at a second networking layer, and where the second networking layer is different than the first networking layer. The asymmetric proxy removes information associated with the source network from one or more networking layers of the request, stores the information associated with the source network in a memory space, translates the one or more networking layers of the request to include information associated with the destination network, and provides the request to the destination network at the second networking layer.

Abstract: A method includes receiving, from an agent executing in a virtual machine, network information associated with the virtual machine, the virtual machine to be migrated to a container. The method further includes generating a container networking configuration based on the network information. The container networking configuration is to provide network access to processes migrated from the virtual machine to the container. The method further includes providing the container networking configuration to a container orchestration system. The container orchestration system is to use the container networking configuration to provide network access to the container.

Abstract: An asymmetric proxy receives a request from a source network, where the source network sends the request at a first networking layer, and determines a destination network associated with the request, where the destination network communicates at a second networking layer, and where the second networking layer is different than the first networking layer. The asymmetric proxy removes information associated with the source network from one or more networking layers of the request, stores the information associated with the source network in a memory space, translates the one or more networking layers of the request to include information associated with the destination network, and provides the request to the destination network at the second networking layer.

Abstract: A method and system for managing online charging sessions is provided. The method includes: establishing a subscriber data session on a network; establishing a connection with an initial online charging system; detecting a condition change in the subscriber data session; determining whether the condition change is associated with a change in the online charging system; if the condition change is associated with a change in the online charging system, determining a new online charging system; terminating the connection to the initial online charging system while maintaining the subscriber data session; and establishing a connection with the new online charging system; otherwise continuing the session with the initial online charging system. The system includes a control plane engine and is operatively connected to a policy charging enforcement function.

Abstract: A method for managing traffic detection including: receiving predetermined traffic monitoring conditions; processing at least one packet to determine packet properties; determining an application identifier to associate with the traffic flow based on the packet properties; determining at least one policy to apply to the traffic flow based on the traffic monitoring conditions, packet properties and the application identifier; and communicating the at least one policy to be applied to the traffic flow.