Abstract: A method, system, and apparatus to encapsulate one or more file systems in a union of file systems without modifying or copying information in each file directory entry in each file system are presented. In one embodiment, this is accomplished in part by linking an inode list file from the file system to be encapsulated with an inode list file of the union of file systems, and merging a free extent map of the to-be-encapsulated file system with the free extent map file of the union file system.

Abstract: In one embodiment, a computer accessible medium stores a plurality of instructions including instructions which, when executed: track dependencies among a plurality of assets; and responsive to an identification of an asset for potential recovery (the “selected asset”), identify an asset dependency set corresponding to the selected asset. The asset dependency set comprises at least a subset of the plurality of assets, wherein each asset in the subset has a dependency with the selected asset. In some embodiments, one or more of the following may be provided: tracking asset dependencies and presenting the asset dependency set to the user; pruning the asset dependency set to a recovery set identifying the asset dependency set; generating the recovery order (optionally optimized); initiating the recovery according to the recovery order; performing recovery steps; generating the recovery plan and/or executing recovery plans.

Abstract: Systems and methods are disclosed for performing cache and I/O management in a multi-layer storage virtualization environment. Block virtualization may be implemented at various layers, each with one or more storage entities. One storage entity may coordinate and leverage the cache and the caching mechanism available with another storage entity. The storage entities may be at the same layer (horizontal cache coordination) or at different layers (vertical cache coordination). Cache coordination may include application-assisted read-ahead.

Abstract: Disclosed is a method and apparatus for reading mirrored data. In one embodiment, a node receives a read request for data, identical copies of which are maintained on a primary storage device and any number of corresponding mirrors. A read generator coupled to the node generates a number of read operations for smaller portions of the data. Preferably, the read generator then transmits the read operations in parallel to at least two storage devices on which identical copies of the data are maintained (e.g., a primary storage device and a corresponding mirror, two mirrors of a primary storage device, etc.). The read operations may then be processed in parallel by the storage devices to which the read operations were transmitted.

Abstract: Disclosed is an apparatus or method performed by a computer system for creating a hierarchy of data volumes. Each data volume in the hierarchy is a point-in-time (PIT) copy of another data volume in the hierarchy or a PIT copy of a data volume V. In one embodiment of the apparatus or method, the contents of a first data volume in the hierarchy can be refreshed to the contents of a second data volume in the hierarchy such that the first data volume becomes a PIT copy of the second data volume. Before the first data volume is fully refreshed to the contents of the second data volume, data of the first data volume can be read or modified.

Abstract: Embodiments of the present invention are directed to the running of a virtual machine directly from a physical machine using snapshots of the physical machine. In one example, a computer system performs a method for running a virtual machine directly from a physical machine using snapshots of the physical machine. A snapshot component takes a snapshot of the physical system volume while the physical system volume is in an operational state. The virtual machine initializes using the physical system volume snapshot thereby allowing the physical system volume snapshot to be a virtual system volume snapshot representing an initial state of a virtual system volume. The physical system volume snapshot includes instances of all the files within the physical system volume at the time the snapshot was taken.

Abstract: In one embodiment, a method is contemplated. The method includes creating a copy of a volume, wherein the copy corresponds to a first point in time. Write operations to the volume are logged separate from the volume. The method also includes recovering a state of the volume to a second point in time subsequent to the first point in time using the copy of the volume from the first point in time and at least a subset of the write operations from the log. The subset of write operations occurs subsequent to the first point in time and prior to the second point in time. In some embodiments, an end marker may be included in the log, and recovery to a write operation that is indicated as the end of a transaction (by the end marker) may be performed.

Abstract: A system includes a security management system for a plurality of managed products. The security management system stores configuration data for managed products and managed nodes in a directory. Configuration data is stored in the directory in the form of configuration objects and setting objects. A revision history of a configuration object and/or a setting object can be maintained. Inheritance between configuration objects is supported so that a configuration inheritance chain is available. To determine an effective configuration at a point in time, a parent-child inheritance merge process is used. To assist the parent-child inheritance process, name attributes and collision resolution mode attributes are used.

Abstract: A method, system, and language to express storage requirements. The language provides keywords and rules corresponding to commands for configuring a set of storage devices to provide requested capabilities of a logical volume. The language also has keywords and constructs for defining capabilities. The language supports direct inheritance of a capability, where a template specifies another template that contains rules to be used to provide a given capability. The language also supports indirect inheritance of a capability, where a template requires a capability but does not provide an implementation of the capability. In addition, the language is processed to “merge” rules by selecting a single storage device that conforms to more than one rule when possible. Merging rules enables a minimum number of storage devices to be used to meet a given logical volume configuration and set of capabilities.

Abstract: A method, system, and computer-readable medium for maintaining up-to-date, consistent backup copies of primary data that are immune to corruption even when security of the primary data is breached. Independent security domains are established for primary and secondary data, such that access to each security domain must be obtained independently of access to the other security domains. For example, a host computer system having access to data storage in the primary security domain does not have access to data storage in the secondary security domain, and vice versa. Changes to primary data are synchronously replicated over a tightly controlled replication link from primary data storage in the primary security domain to secondary data storage in the secondary security domain. A change to the data is completed in the primary security domain when an acknowledgement is received that the change to the data has been stored in secondary data storage.

Abstract: A method includes defining areas of ownership for users of a computer system; receiving a proposed modification from a first user of the users, the first user being an owner of the proposed modification, wherein a set of the users are stakeholders in the proposed modification; and receiving decisions from a selected set of the stakeholders on approval of the proposed modification. Upon receiving the approvals from all of the selected stakeholders, the owner is granted permission to implement the proposed modification.

Abstract: A system and method for providing highly-available volume mount points is disclosed. According to one embodiment, in a system including a shared storage resource coupled to a server cluster and accessible by a node of said server cluster, a volume mount point is provided within the shared storage resource. According to another embodiment, the shared storage resource includes a base volume and a target volume and a volume mount point corresponding to the target volume is provided within the base volume. A first mount is configured corresponding to the target volume and a mount order dependency relationship is defined between the first mount and a second mount corresponding to the base volume. Embodiments of the present invention may be used to ensure that a new (secondary) node accesses a shared disk or volume in the same way it was accessed before a transition event (e.g., failover or switchover).

Abstract: Computer-implemented methods, systems, and computer-readable media for detecting the presence of malicious computer code in an e-mail sent from a client computer (1) to an e-mail server (2). An embodiment of the inventive method comprises the steps of: interposing (41) an e-mail proxy server (31) between the client computer (1) and the e-mail server (2); allowing (42) the proxy server (31) to intercept e-mails sent from the client computer (1) to the e-mail server (2); enabling (43) the proxy server (31) to determine when a file (30) is attempting to send itself (30) as part of an e-mail; and declaring (44) a suspicion of malicious computer code when the proxy server (31) determines that a file (30) is attempting to send itself (30) as part of an e-mail.

Abstract: Remote activation of covert service channels is provided. A remote host can initiate and establish a connection with a target host without exposing a service channel or communications port to an unauthenticated host. Triggers can be received by and sent to a host and an associated operating system, under direction of a stealth listener. The stealth listener provides can control and direct an operating system to respond to incoming data packets, but can also open and close ports to enable access to services on a host. Using a variety of transport mechanisms, protocols, and triggers to covertly enable a connection to be established between a service and a remote client, the disclosed techniques also enable reduction of processing and storage resources by reducing the amount of host or client-installed software.

Abstract: Prior to a modification of an executable computer file (101), a modification analysis manager (111) stores (1101) content concerning a specified number of specified sized blocks (115) of a specified section of the executable file (101). After the modification of the executable file (101), the modification analysis manager (111) compares (1103), for each block (115), the content at the location of the block (115) after the modification of the executable file (101) with the content of the block (115) prior to the modification. The modification analysis manager (101) determines (1105) the status of the modification, responsive to a result of the comparison.

Abstract: Computer implement methods, apparati, and computer-readable media for enabling a first computer (12) to determine that it is safe to communicate with a second computer (10) coupled to the first computer (12) over a network (15). In a method embodiment of the present invention, the first computer (12) detects (21) that the second computer (10) has initiated a test open of a file (14) associated with the first computer (12). When the test open is followed by an actual open command by which the second computer (10) seeks to actually open the same file (14), the first computer (12) determines (23) that it is safe to communicate with the second computer (10).

Abstract: Methods, apparati, and computer-readable media for detecting the presence of malicious computer code in a plurality of e-mails. In a method embodiment of the present invention, the following steps are performed for each e-mail: calculating a feature vector (80), said feature vector (80) being representative of a presence of at least one preselected feature in the e-mail; calculating at least one score (S) based upon said feature vector (80), each said score (S) being representative of a frequency of occurrence of an instance of a feature; determining whether any score (S) exceeds a preselected malicious threshold representative of malicious computer code; and when a score (S) exceeds a preselected malicious threshold, blocking said e-mail.

Abstract: A method and mechanism for generating object signatures within a file system. A file system is configured to generate signatures for objects such as files. The file system periodically scans objects to identify those which require computation of a new signature. Upon identifying such an object, the file system divides the object into partitions. A transient signature value is then generated for each partition of the object and stored. Upon a subsequent access to the object, a determination may be made as to whether or not a valid signature exists for the object. If a valid signature does not exist for the object, a new signature may be generated for the object by using one or more previously stored valid transient signature values which correspond to particular partitions of the object. The transient signature values which are used may serve as a seed for computation of those transient signature values for object partitions which follow the particular partition.

Abstract: A control facility that allows a non-programmer to use and manipulate replicated data without disrupting replication of the data itself. The control facility can be used and customized for a variety of software applications and storage platforms. These customized control facilities can enable a system administrator without application- or storage system-specific knowledge to perform off-host processing of the replicated data, such as taking snapshots of the data and running Decision Support System reports. In response to a single user command during replication of data from a primary node to a secondary node, the following steps are performed: obtaining a control message from the primary node, wherein the control message is associated with a control command for execution on the secondary node; and automatically executing the control command on the secondary node.

Abstract: Methods and systems for protecting the computer network against unauthorized access are disclosed. Information is reported about each network device connected to the network and/or one or more corresponding users. The reported information is correlated to determine if any unauthorized devices are connected to the network. To report the desired information, each device authorized to use the network may be provided with an agent configured to report information about the device to which it corresponds and information about one or more neighboring devices. A “reporting your neighbor” method may be used wherein each network device report its address and the address of its neighbors may be used to determine if any device is not reporting its address. Alternatively, each agent may report information about its device's physical location, e.g., by global positioning satellite (GPS). A door badge system may be used to provide user location information.