Abstract: A method, computer program product, and apparatus for managing compliance to security policy by measuring it and enforcing security policy compliance based on the measurement for software under development.

Abstract: SAS topology is managed. Internally within a SAS device on a SAS network, a performance characteristic of a PHY of the SAS device is monitored. Internally within the SAS device, it is determined, based on the performance characteristic, that the PHY has a problem, and, based on the determination, the PHY is affected to help prevent the PHY from adversely affecting communications on the SAS network.

Abstract: A method and apparatus for operating on a system containing a plurality of components in communication using multicast communication protocol is disclosed. The method comprises the steps of representing selected ones of the plurality of components, the relationship among the components and the associated with the communication protocols, determining a mapping between a plurality of events and a plurality of observable events occurring among the components and among the communication protocols, wherein the mapping is represented as a value associating each event with each observable event, and performing the system operation in conjunction with the relationship between the events and observable events. The operations may be selected from the group of monitoring, discovering, managing, analyzing and displaying the components associated with the multicast protocols.

Abstract: An architecture including a model-based management layer for managing resources and applications, and a method of software and resource management enabled by such an architecture.

Abstract: Aspects of the invention relate to sharing content stored on an object addressable storage (OAS) system among a plurality of users of the OAS system and authenticating users to an OAS system. In some embodiments, a user may store content units on the OAS system and control access by other users to these content units. In some embodiments, when a user grants one or more other users access to a content unit stored on the OAS system, the OAS system may send a notification of grant of access to the other user(s).

Abstract: In a storage area network (SAN), a SAN management application provides a security audit log of security sensitive user actions performed across the storage area network. In a SAN, multiple services operate to perform requested user actions. Configurations herein substantially overcome the shortcomings of conventional SAN security event logging by providing a comprehensive security audit mechanism operable to identify and record user actions. An event normalizer disposed in each of the services identifies requested user actions, creates a uniform user action object, and sends the user action object to a coalescer operable to receive user action objects from the plurality of services in the SAN. The user action object provides a generic template responsive to each of the event normalizers in the services. The event normalizers normalize event properties and attributes concerning a user action into the generic user action object, and employs preexisting conduits for gathering and recording events.

Abstract: A method, system, and program product for reserving resources in a networked environment, e.g. a storage area network. A resource is some object that a user must use or change to complete a task. When a user plans a task, the user selects some high-level resources and properties to reserve and a Reservation Service embodiment creates reservations for them. Accordingly, the method system and program product embodiments overcome inefficiencies in reserving resources in a data storage environment while still allowing such reservations to occur. The method includes reserving portions of properties for resources from more than one available choice.

Abstract: A method and apparatus for performing incremental file system checks is described which uses file system information to identify changes that have occurred to a file system between checkpoints. The set of changes can be represented by bitmaps and data structures which may be used by file system check utilities to identify potential errors and to remedy these errors if appropriate. Verifying only file system changes greatly reduces the processing overhead associated with typical backup and recovery mechanisms.

Abstract: A SAN management agent performs hierarchical based partitioning. Partitions expressed as a hierarchy of related manageable entities allow partitioning based on the relations in the hierarchy. Related manageable entities often trigger updates to database elements common to both of the related manageable entities. The related manageable entities often take the form of a hierarchy (tree) indicative of these relations. Grouping the updates affecting related manageable entities together in the same partition allows the database elements affected by the related updates to occur from a single retrieval of the common database element. By partitioning updates of related manageable entities together, the common database elements are more likely to be paged or cached in memory at the time the update processing updates the common database element. Accordingly, tree-based partitioning identifies relations between manageable entities, and designates related manageable entities by traversing the relations.

Abstract: A method is used in tracking use of interface and online assistance. A first set of a user's user interface activity is tracked. The user's online assistance activity subsequent to the user's user interface activity is tracked. A second set of the user's user interface activity is tracked. The second set occurs subsequent to the user's online assistance activity. A description of the first and second sets of the user's user interface activity and the user's online assistance activity are recorded together.

Abstract: A SAN activity scheduler provides an integrated view of various types of scheduled activities, provides a summary report of multiple scheduled activities, and provides a seamless interface to drill down into specific details of scheduled activities. The scheduler provides a layout view of the scheduled activities arranged according to activity type (tasks, data collection, or retention) or status (success or failure), a detailed layout of activities scheduled within a particular day or other time interval, and a drill down detail which provides activity specific reports such as logs and collection details about the scheduled activities. In this manner, the scheduler provides the SAN operator with an integrated, all-inclusive interface for directing scheduled activities, presents a unified cohesive interface for quickly assessing the current state of scheduled activities, and drilling down into details on an activity specific basis without leaving the integrated scheduler application.

Abstract: A method is used in handling SAS topology problems. It is detected that a chain of SAS expanders has a bad expander that prevents communicating normal SAS data streams along the chain. Expanders are disabled in the chain, and are enabled in turn while updating a flag indicating the most recently enabled good expander, until the chain fails. Expanders are disabled in the chain, and are enabled in turn but the enabling stops after enabling the expander indicated by the flag.

Abstract: Compliance rules are created that can be used to help detect violations of compliance policies imposed on an IT infrastructure. Each of one or more compliance rules associated with a respective IT-infrastructure compliance policy is defined by specifying three items: 1) the type of configuration items to which the rule is to be applied, 2) the rule scope that determines which configuration items of the configuration type are to be checked for compliance, and 3) a desired state that each configuration item checked must satisfy in order to be considered in compliance.

Abstract: In response to a user selection of a management function to configure a storage area network, a resource manager application generates a graphical user interface that displays a list including at least initial process steps requiring selection of resources in the storage area network to execute the management function. Based on input from a user such as selection of resources for a given process step in the list, the resource manager application dynamically selects further process steps in addition to the list of initial process steps for display in the list. In this way, a user can i) view a changing list of process steps and ii) identify which additional process steps are required to perform a respective management function as a result of making a selection of storage area network resources for the given process step.

Abstract: A method is used in managing metadata. Data of an object is stored in a magnetic hard disk set in an object addressable data storage system. Metadata for the object is stored in an SSD set in the object addressable data storage system. The metadata includes information necessary for determining the location of the data of the object in the magnetic hard disk set.

Abstract: A method is used in powering disk drive spinup. A disk drive is powered with a primary power source and is temporarily powered with a secondary power source in addition to the primary power source. The secondary power source powers the disk drive when the disk drive is spinning up.

Abstract: This invention is a system and method for managing data in a secure manner in a data storage environment that is in communication with a network including an internet-based network. The system includes logic for securely managing internet client's access to data volumes stored on a data storage system, and may also include logic operating with a file server for providing dynamic access of data available to such clients in a secure fashion.

Abstract: A system identifies at least one VSAN, and analyzes a configuration of the VSAN by applying a policy to the configuration of the VSAN. The system then outputs a result of the policy applied to the VSAN.

Abstract: Access to data storage is enhanced. A logical volume defines a set of block based data storage resources and is presented as a first volume. A virtual LUN portal mechanism serves as an alias for the first volume and is presented as a second volume. A block based data manipulation mechanism is configured to apply to a first I/O request directed to the second volume and not to a second I/O request directed to the first volume.

Abstract: A method and apparatus for operating on a system containing a plurality of components in communication using at least one communication protocol is disclosed. The method comprises the steps of representing selected ones of the plurality of components, the relationship among the components and the associated communication protocols, determining a mapping between a plurality of events and a plurality of observable events occurring among the components and among the communication protocols, wherein the mapping is represented as a value associating each event with each observable event, and performing the operation in conjunction with the events and observable events, wherein events associated with the communication protocols are distinguished from events associated with the components. The operations may be selected from the group of monitoring, discovering, managing, analyzing and displaying the components associated with the multicast protocols.