Abstract: A computer-implemented method for facilitating long-distance live migrations of virtual machines may include: 1) identifying a request for a live migration of a virtual machine from a primary site to a secondary site, the primary site including a primary storage device used for storage by the virtual machine being configured for active-passive replication to a secondary storage device at the secondary site, 2) initiating a failover of the active-passive replication from the primary storage device to the secondary storage device in response to the request, 3) intercepting each write attempt made by the virtual machine at the secondary site to the secondary storage device before completion of the failover, 4) buffering each intercepted write attempt, 5) determining that the failover is complete, and 6) applying each buffered write attempt to the secondary storage after determining that the failover is complete. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for implementing network security access control is provided, including: receiving and decrypting terminal identity information that is encrypted in a bi-directional encryption mode and forwarded by a switch, and authenticating the decrypted terminal identity information; returning an authentication result to the switch so that the switch controls access of a terminal to a network according to the authentication result; encrypting the decrypted terminal identity information in a solo-directional encryption mode and authenticating the encrypted terminal identity information; returning an authentication result to a security access control gateway so that the security access control gateway controls access of the terminal to network resources according to the authentication result; delivering a security policy to a security control module on the terminal so that the security control module controls the terminal according to the security policy.

Abstract: A method and apparatus for dynamically and automatically optimizing multiple filter/stage security systems whereby a multiple filter/stage security system is provided that includes two or more filters or “stages” and is initially implemented such that the two or more filters/stages are used in an initial order, i.e., in a defined initial sequence. At least two of the two or more filters/stages are then monitored to determine the composite “cost” and/or effectiveness of each filter/stage. Data representing the results of the monitoring of the at least two of the two or more filters/stages is then analyzed to determine a cost/use profile for each filter/stage and the cost/use profile for each filter/stage is then analyzed to determine an optimal order of the at least two of the two or more filters/stages, i.e., an optimal filter/stage sequence, based on actual filter/stage use, actual composite filter/stage cost, and/or user and/or system defined priorities.

Abstract: A computer-implemented method may include identifying first and second sublayers of a virtualized application. The first and/or second virtualization sublayers may include a read-write sublayer, a read-only sublayer, a virtual-reset-point sublayer, and/or a patch sublayer. The computer-implemented method may also include merging an instance of the first virtualization sublayer with an instance of the second virtualization sublayer. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for managing virtual disk data storage may include: 1) identifying first and second virtual storage disks on a physical storage system; 2) identifying relocatable data in the first and second virtual storage disks; 3) comparing the relocatable data from the first and second virtual storage disks to identify one or more data objects in the first virtual storage disk that are identical to one or more data objects in the second virtual storage disk; 4) physically relocating the data objects from the first virtual storage disk to create a first chunk of data without changing a logical state of data in the first virtual storage disk; and 5) physically relocating the data objects from the second virtual storage disk to create a second chunk of data that is identical to the first chunk of data without changing a logical state of data in the second virtual storage disk.

Abstract: A system and method of transmitting an authentication code includes automatically calculating a security code on a device executing a security program. The security program may periodically calculate a respective unique security code. In response to a user requesting the security code, the device automatically vibrates according to a pattern representing the security code. The pattern tactilely communicates the security code to the user.

Abstract: Storage management systems and methods are presented. In one embodiment, a method comprises: performing a hierarchical configuration information process, including accessing information regarding hierarchical relationships of components associated with a storage environment; performing a storage resource consumption detection process, including detecting consumption of storage resources included in the storage environment; and performing a coordinated consumption analysis process in which at least part of an analysis of the consumption of the storage resources is coordinated across multiple levels of an active spindle hierarchy. In one embodiment, a reaction process is performed. The reaction process can include performing an automated consumption notification process and an automated reclamation process based upon results of the storage resource consumption detection process.

Abstract: Storage systems and methods are presented. In one embodiment, a variable length segment storage method comprises: receiving a data stream; performing a tailored segment process on the data stream, wherein at least one of a plurality of tailored segments include corresponding data of at least one of a plurality of variable length segments and alignment padding to align with boundaries of a fixed length de-duplication scheme; performing a de-duplication process on the plurality of tailored segments; and storing information corresponding to the result of the de-duplication process. In one embodiment, the tailored segment process includes adjusting the alignment padding of the at least one of a plurality of tailored segments, wherein an adjustment in the alignment padding of the at least one of a plurality of tailored segments corresponds to a modification in the at least one of the plurality of variable length segments.

Abstract: A computer-implemented method for securely deduplicating data owned by multiple entities may include identifying a plurality of data segments to store on a third-party storage system and, for each data segment: 1) identifying a hash of the data segment, 2) transmitting the hash of the data segment to a central server, 3) receiving an encrypted string that is based on the hash of the data segment from the central server, 4) encrypting the data segment with the encrypted string, and 5) transferring the encrypted data segment to the third-party storage system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method may include receiving a request to convert a non-layered installation of a software application into a layered installation of the software application. The method may also include determining a base location of at least one file associated with the non-layered installation of the software application. The method may further include creating the layered installation of the software application by transitioning the at least one file from the base location to a virtualization layer. Various other methods, systems, and computer-readable-media are also disclosed.

Abstract: A computer is especially vulnerable when connected to a network while software on the computer is in an unpatched state. A portable firewall adapter is installed inline between the computer having the unpatched software and a network. A firewall within the adapter enforces a security policy that protects the computer from attack via the network. The adapter allows the computer to be connected to the network in order to download patches and/or other software that cure the vulnerabilities on the computer.

Abstract: Systems, methods, apparatus and software can utilize a markup language to import and export data that is archived using a backup and restore system. An export utility extracts data produced or processed by an application program, converts it into a markup language format, and provides it to a backup and restore system. An import utility extracts data in a markup language format, converts it to another format, and provides the data for use by the application program. In one example, the application program is a database management system.

Abstract: Applications executing on various nodes in a distributed storage environment may write data to primary storage and may also replicate the data to secondary storage via a replication target. An interval coordinator may coordinate the periodic saving of checkpoints or snapshots of the replicated data. The interval coordinator may determine the length of consistency intervals between the saving of each of the checkpoints. Writes to the replication target from each of the nodes may be associated with the current consistency interval and, in some embodiments, with a unique per-node sequence number. When transitioning between consistency intervals, each node may be configured to temporarily suspend completion of the writes and to send the replication target a consistency interval marker indicating that the node has completed all writes for the current consistency interval.

Abstract: A computer-implemented, server-side method for identifying unique malware variants may include (1) identifying the creation of a child object by a parent object on a client device, (2) determining that instances of both the parent object and the child object occur relatively infrequently within a user community, (3) classifying, based at least in part on the low prevalence of the parent and child objects within the user community, the child object as a potential security risk, and then (4) providing the child object's classification to at least one computing device in order to enable the computing device to evaluate the trustworthiness of the child object. Corresponding systems, encoded computer-readable media, and client-side methods are also disclosed.

Abstract: A method for detecting malware may include 1) receiving a request to determine whether a connection from a client device to a server is being blocked, 2) attempting to connect to the server from a kernel mode of the client device, 3) determining that the client device successfully connected to the server from the kernel mode, 4) attempting to connect to the server from a user mode of the client device, 5) determining that the client device did not successfully connect to the server from the user mode, 6) determining, based on the client device successfully connecting to the server from the kernel mode and failing to connect to the server from the user mode, that malware is blocking the connection from the client device to the server, and 7) in response to determining that the malware is blocking the connection, performing at least one security action.

Abstract: A method for maintaining applications may include: (1) receiving a request to recover a first application, (2) identifying a first production topology of the first application that identifies a set of resources upon which the application depends, (3) maintaining a template for transforming the first production topology of the first application into a first recovery topology for the first application, the template comprising information for mapping the first production topology to the first recovery topology, (4) applying the template to the first production topology at a first point in time to create the first recovery topology, and (5) recovering the first application to a first computing system using the first recovery topology. Various other methods, systems, and computer-readable media are also disclosed herein.

Abstract: A decision tree for classifying computer files is constructed. A set of training files known to be legitimate or malicious are executed and their runtime behaviors are monitored. When a behavior event is detected for one of the training file at a point in time, a feature vector is generated for that training file. Behavior sequencing and timing information for the training file at that point in time is identified and encoded in the feature vector. Feature vectors for each of the training files at various points in time are fed into a decision tree induction algorithm to construct a decision tree that takes into account of the sequencing and timing information.

Abstract: A computer-implemented method for off-host backups may include identifying a striped volume of data on which to perform an off-host backup. The computer-implemented method may also include generating stripe-aware extent metadata for the off-host backup operation. The computer-implemented method may further include performing the off-host backup operation using the stripe-aware extent metadata. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for filtering email spam using email noise reduction are described. In one embodiment, the method includes detecting, in an email message, data indicative of noise added to the email message to avoid spam filtering. The method further includes modifying the content of the email message to reduce the noise, and comparing the modified content of the email message with the content of a spam message.

Abstract: A method and apparatus for detecting a rootkit is described. In one embodiment, a method for detecting a rootkit comprises analyzing file system information associated with a plurality of files that form a volume, wherein a first portion of the file system information comprises metadata information for a master file table and a second portion comprises at least one master file table record and identifying an inconsistency within the file system information where the inconsistency indicates a modification to the file system information by a rootkit.