Abstract: Embodiments of the present invention are directed to the running of a virtual machine directly from a physical machine using snapshots of the physical machine. In one example, a computer system performs a method for running a virtual machine directly from a physical machine using snapshots of the physical machine. A snapshot component takes a snapshot of the physical system volume while the physical system volume is in an operational state. The virtual machine initializes using the physical system volume snapshot thereby allowing the physical system volume snapshot to be a virtual system volume snapshot representing an initial state of a virtual system volume. The physical system volume snapshot includes instances of all the files within the physical system volume at the time the snapshot was taken.

Abstract: Policy-based performance of continuous data protection on protected data. A write request targeted to a portion of the protected data is detected. In addition, a journaling policy data structure(s) is accessed. The journaling policy data structure represents policy for how frequently to journal write request to a backup medium and/or what backup medium to journal write requests to depending on one or more characteristics of write request targets. The journaling policy data structure is then used to determine whether the write request should be presently journaled and/or to identify the backup medium that the write request should be journaled to based on the one or more characteristics of the portion of the protected data targeted by the write request. The journaling policy may, but need not, be selected so as to preserve storage and/or network bandwidth associated with the journaling process.

Abstract: Method, apparatus, and computer readable medium for classifying a file of interest in a computer network is described. File statistics are received over the network for a plurality of users and a plurality of files. The file statistics are processed to identify: (i) a set of users that received the file of interest; (ii) a group of shared files each of which was received by at least two users; and (iii) numbers of infected files received by respective users. An average ratio of a number of infected files to a total number of files in the group of shared files is computed using a Monte Carlo process constrained by: (i) indications of which users in received which files; and (ii) the numbers of infected files received by the respective users. A probability of infection is assigned to the file of interest based on the average ratio.

Abstract: Embodiments of a SAN simulator that may be used with SAN management systems to create a virtual SAN with a configurable number of various types of virtual SAN objects. The virtual SAN may be accessed in performing various SAN management tasks in a virtual environment. In one embodiment, the virtual SAN objects may be generated in accordance with SAN simulator configuration information describing the types and numbers of virtual SAN objects to be generated. In one embodiment, to enter a virtual SAN object in the virtual SAN data representation, each virtual SAN object's object type and attributes may be checked in an object schema table to verify that the specified type of virtual SAN object is supported by the SAN simulator. One embodiment may include a SAN simulator explorer that serves as an interface between a SAN management server and the virtual SAN when performing SAN management tasks.

Abstract: A technique is disclosed for tracking a virus. For each of at least a subset of received network packets it is determined whether the packet comprises an open packet. Information usable to determine a sender of the packet in the event the a virus associated with a network transmission with which the packet is associated is determined to have been received is copied from each packet determined to be an open packet, but not from at least a subset of packets not determined to be open packets.

Abstract: Systems and methods are provided for upgrading a software artifact having accumulated data flaws. The software artifact may be accessible, for example, by a plurality of software components for backend services. Issues that cause the data flaws and corresponding fixes are tracked and evaluated to determine dependencies, if any, between the fixes. The fixes are applied to the software artifact as individual transactions. If there are no dependencies among a subset of fixes, the fixes in the subset are applied regardless of whether the other fixes in the subset were successfully applied. For subsets having dependencies between fixes, the fixes that depend from a prior unsuccessfully applied fix are discarded. The software artifact is rolled back to remove unsuccessfully applied fixes.

Abstract: An incident managing module aggregates related database intrusion incidents and presents them in a manageable manner. A receiving module receives an anomalous query requesting data from a database and a type-identification module identifies anomaly type for the query received. A conversion module converts the anomalous query into a characteristic representation. In some embodiments, this is done by replacing literal field values in the query with representative values. In other embodiments, this is done by creating a tuple describing anomaly parameters for the anomalous query. In still other embodiments, the query is converted into a characteristic representation that distinguishes between injected and non-injected portions of the query. An aggregation module then aggregates into a group the anomalous queries with substantially similar characteristic representations according to anomaly type and a generation module generates a database intrusion incident report describing the group of anomalous queries.

Abstract: Various systems and methods for performing coordinated distributed write logging are provided. A method may involve one of several hosts, each of which has an associated log, requesting permission to perform a write to data in a storage volume from a coordinator. The coordinator coordinates access to the storage volume between the hosts. Prior to receipt of a response from the coordinator granting permission to perform the write to the storage volume, the host may initiate logging the write data for the write to a respective log. The host may signal completion of the write to an application that initiated the write in response to both logging the write data to the respective log and receiving the response from the coordinator. The host may perform one or more underlying block operations to update the storage volume according to the write subsequent to signaling completion of the write to the application that initiated the write.

Abstract: Methods, systems, and computer program products to provide temporal storage in a fabric-based virtualization environment are presented. Such capacity is provided through the association of a temporal storage appliance, which is configured as a member of a linked VLUN with a non-temporal disk volume. The linked VLUN is provided by a virtualizing fabric switch to a network node such as a network node.

Abstract: Systems, methods, and computer-readable memory media for performing various computer configuration tasks are disclosed. One such configuration task is dissimilar system restore (DSR). Another such task is software deployment. In various embodiments, these configuration tasks operate on a target computer system using a utility operating system to perform detection of certain target system devices, determination of critical device classes on the source computer system, and updating of target computer configuration settings. Other tasks may be performed upon a computer system such as a backup server. These tasks include locating device drivers for the target operating systems and the installing utility operating system, as well as creating device driver packages that are usable to install device drivers for a plurality of devices.

Abstract: Data protection systems and methods may be used to automatically gather and assemble configuration information needed for the successful recovery of distributed applications running on several servers. In one implementation, a data protection system includes a collection module and a recovery report generation module. The collection module may gather configuration information regarding several servers used by a distributed application. The configuration information may include information regarding data archived from the servers and information for restoring the archived data, such as hardware configurations and path locations of original data stored on the servers and of archived data. The recovery report generation module may assemble recovery instructions based on the configuration information. The recovery instructions may be usable for restoring the distributed computing system in the event of a disaster or other failure involving one or more of the servers.

Abstract: Various embodiments of a system and method related to a topology and routing model for a peer-to-peer network are disclosed. A plurality of nodes may be coupled to each other to form a peer-to-peer network. A routing table may be created on each node in the peer-to-peer network. Each node may be operable to route messages to other nodes in the peer-to-peer network using information stored in the routing table. Messages may be propagated among nodes in the peer-to-peer network in a decentralized manner. For example, the peer-to-peer network may not utilize centralized servers of any kind. Each node in the peer-to-peer network may perform substantially the same routing functionality.

Abstract: Enhancing security capability of a network is described. In some embodiments, the method comprises detecting a security threat, sending a request to a networked device on the network to perform a deputized function that is not ordinarily performed by the networked device, receiving response data from the networked device and processing the response data. In some embodiments, the method comprises receiving a request from a security authority on the network to perform a deputized function that is not ordinarily performed, performing the deputized function as requested and sending response data to the security authority to be further processed.

Abstract: A technique for disaster rehearsal testing in storage area network (SAN) utilizing a replication appliance is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for disaster rehearsal testing of a secondary storage area network utilizing a replication appliance comprising the steps of stopping data writes to one or more logical unit numbers associated with the secondary storage area network, accumulating the data writes from a primary storage area network in one or more journals associated with the secondary storage area network, redirecting one or more data input/output requests, wherein data writes generated by testing of the secondary storage area network are redirected to replication appliance associated with the secondary storage area network and read requests for data written by test data writes are redirected to the replication appliance and testing the secondary storage area network.

Abstract: A method and system for describing, extracting and migrating application information from a first personal computer to one or more other computers. This method and system provides a means for selecting and translating the information useful in transferring application programs, settings and files while maintaining the preferred preferences and directories of the users. Using a standard INI file format, this method makes use of Application Information Files (AIFs) containing tags. The tags provide identification of multiple versions of the application and conversion information for settings, registry information and files.

Abstract: A system for bulk network transmissions using multiple connections primed to optimize transfer parameters includes one or more processors and memory coupled to the processors. The memory stores program instructions executable by the processors to establish a plurality of network connections designated to be used for a single bulk data transfer. The instructions are further executable to adjust the values of one or more configuration parameters of each of the connections. The adjusting includes sending one or more priming packets over each of the connections. The instructions are also executable to perform the bulk transfer as a sequence of sub-transfers. Each sub-transfer includes a transmission of a predetermined amount of application data over each connection of a selected subset of the plurality of network connections.

Abstract: A method for secure restoration of data selected based on user-specified search criteria includes maintaining one or more backup versions of a plurality of storage objects and initiating the generation of a plurality of database entries, wherein each database entry corresponds to a backup version of a storage object and includes an encoding of a security descriptor associated with the storage object. The method may further include, in response to a backup version search request from a user, using contents of the search request and encodings of security descriptors stored in the plurality of database entries to identify one or more backup versions of a particular storage object that the user is authorized to access.

Abstract: A system and method for data backup. A computer system includes clients coupled to backup server and single instance store via a network. Prior to requesting an initial data backup, a new client segments and fingerprints the data to be backed up. The new client creates a sorted list of hash values and removes duplicate values in the list. In response to receiving the sorted list, a backup server may further reduce the sorted list to a unique list by removing hash values corresponding to data segments already residing on the single instance store. In response to receiving the unique list, the new client may transmit corresponding data segments to the backup server via the network. The transmitted data segments are added to a single instance store.

Abstract: In one embodiment, a virtual NUMA machine is formed from multiple computers coupled to a network. Each computer includes a memory and a hardware device coupled to the memory. The hardware device is configured to communicate on the network, and more particularly is configured to perform remote direct memory access (RDMA) communications on the network to access the memory in other computers. A guest physical address space of the virtual NUMA machine spans a portion of the memories in each of the computers, and each computer serves as a home node for at least one respective portion of the guest physical address space. A software module on a first computer uses RDMA to coherently access data on a home node of the data without interrupting execution in the home node.

Abstract: Methods and systems for automatically discovering information about a domain of a computing device are disclosed. In certain embodiments, the method may comprise receiving connection-characteristic information from at least one common-domain computing device located within the domain of the computing device, identifying, based on the connection-characteristic information received from the at least one common-domain computing device, at least one characteristic of the domain computing device, transmitting domain-characteristic information to a source computing device, the domain-characteristic information comprising the at least one characteristic of the domain of the computing device, and receiving domain-characteristic-dependent data from a source computing device. Corresponding systems and computer-readable media are also disclosed.