Abstract: A backup manager backups file systems of virtual machines running on a base computer. In order to backup a virtual machine, the backup manager identifies the file on the base machine that represents the virtual machine, freezes the virtual machine, and creates a snapshot thereof. The backup manager restarts the frozen machine, and starts the snapshot. The files of the file system of the snapshot are mapped at a virtual machine level, and the resulting file mapping information is used to backup the files of the virtual machine at a base machine level. The mapping information is current as of the instant the snapshot was taken. The backup manager can backup one, multiple or all virtual machine(s) running on the base computer, in conjunction with a full or incremental backup of the base computer, or independently.

Abstract: An integrity verification manager (101) verifies the integrity of a backup (102) of a computer (103). The integrity verification manager (101) audits the computer (103), and stores information (107) concerning items of interest such as executing processes (109, 111) and open listening ports (113). The integrity verification manager (101) restores a backup (102) of the computer (103) to a virtual machine environment. The integrity verification manager (101) audits the restoration of the backup (102) in the virtual machine environment, and compares audit information (107) concerning the restoration to the stored audit information (107). Responsive to the results of the comparison, the integrity verification manager (101) determines whether the restoration succeeded or failed.

Abstract: A system and method for providing access to replicated data is disclosed. Embodiments of the present invention utilize a remote access file system to provide access to replicated data concurrently with replication. According to one embodiment including unidirectional replication, access to a replicated target volume is provided using a remote access file system to perform reads locally or “directly” and to perform writes indirectly to a replication source volume which are subsequently replicated to the replication target volume. According to another embodiment, bidirectional replication is provided and access to both replication source and replication target volumes are provided locally and subsequently replicated as necessary.

Abstract: A method for efficiently performing range deletions in a B+ tree. The method operates to delete all keys within a range in a plurality of iterations. Each iteration may comprise: 1) deleting all of the keys in one or more leaf-nodes that lie within the range of keys; and 2) adjusting entries in the node and its neighbors to perform any required rebalancing of the tree after the deletion. Each iteration of the deletion may comprise a Walk phase identifies nodes in the range of keys to be deleted; a Prepare phase which determines operations (delete and/or node adjust operations) to be performed at one or more levels in the B+ tree based on the identified nodes; and a Delete phase which performs the operations to delete keys in the range of keys in the B+ tree.

Abstract: Computer implemented methods, apparati, and computer-readable media for detecting suspected spam in e-mail (24) originating from a sending computer (21). A method embodiment comprises the steps of determining (11) the actual IP address (23) of the sending computer (21); converting (12) the actual IP address (23) into geo-location data; and, using the geo-location data, ascertaining (13) whether the e-mail (24) contains suspected spam.

Abstract: A system for distributed discovery and management of frozen images includes a first and a second computer host, a first and a second frozen image agent and a frozen image server. Each of the first and second frozen image agents may be configured to identify one or more storage hierarchies hosted at a respective computer host, and to provide an encoding representing the identified storage hierarchies to the frozen image server. The frozen image server may be configured to aggregate the encodings provided by the frozen image agents into a system-level storage hierarchy catalog.

Abstract: Methods, apparati, and computer-readable media for countering malicious code infections to computer files (20). A preferred embodiment comprises selecting (40) an invariant section of each file (20), wherein said invariant section is invariant to malicious code infections and to repair thereof; for each of a set of known malicious code files, using an algorithm to generate (41) a template corresponding to the invariant section; using said algorithm to define a target (29), corresponding to said invariant section, within a test file (20); comparing (46) the target (29) with the templates; and declaring (48) the presence of malicious code in the test file (20) when the target (29) matches a template.

Abstract: When the user works at home on his home computer, a work monitor logs his file activities on all the drives of his home computer in a work monitor log, which can be displayed in a work monitor window. The user can choose to update from the work monitor window. When update is selected, the files in the work monitor log are selected for file synchronization. When file synchronization is performed, files on the user's home computer are synchronized with corresponding files on the user's office computer. Preferably, the date and time of a file on the home computer selected for file synchronization are compared to the corresponding date and time of the corresponding file on the office computer to determine the direction of file synchronization. The newer version of the file overwrites the older version of the file on either the home or office computer.

Abstract: Systems, methods, apparatus and software can utilize an extent guard to prevent modification (including relocation) of data in the storage resource while a third-party copy operation directed at the storage resource is occurring. A data transport mechanism such as a data restore application provides an extent list to the extent guard, which monitors read and/or write activity to storage resources described by the extent list. The data transport mechanism requests a data mover to perform a third-party copy operation whereby data is moved from a data source to the storage resource. If a modification attempt is made on the portion of the storage resource described by the extent list, the extent guard stalls the modification attempt until the third-party copy operation is aborted.

Abstract: In one embodiment, a method is contemplated. The method includes exposing at least three dimensions of a protection system to a user. The three dimensions are interrelated. The method further includes receiving user input indicating a modification in a first dimension of the at least three dimensions; and determining an effect of the modification in each other dimension of the at least three dimensions. A computer accessible medium comprising a plurality of instructions which, when executed, implement the method and a system implementing the method are also contemplated.

Abstract: A blocking-scanning manager (101) detects (200) attempted malicious behavior of running code (120). In response to detection, the blocking-scanning manager (101) blocks (206) the attempted malicious behavior. The blocking-scanning manager (101) generates (208) a signature to identify the code that attempted the malicious behavior. The blocking-scanning manager (101) detects (506) code identified by the signature. Responsive to detection, the blocking-scanning manager (101) blocks (508) execution of the identified code (122).

Abstract: In one embodiment, a method is contemplated. A first parameterization is generated, which describes a desired result in at least a first dimension of a plurality of dimensions of a protection system. The first parameterization is evaluated over a plurality of parameterizations. Each of the plurality of parameterizations corresponds to a respective one of a plurality of instances of a second dimension of the plurality of dimensions. A computer readable medium comprising instructions that implement the method and a system implementing the method are also contemplated.

Abstract: A computer accessible medium may be encoded with a plurality of instructions which, when executed in a first node of a plurality of nodes in response to a fail over of a first service group of a plurality of service groups from a second node of the plurality of nodes, initiate lock recovery for locks on one or more filesystems included in the service group. Locks on one or more filesystems in a second service group of the plurality of service groups may be maintained during a time period that locks in the first service group are recovered. The lock recovery may be initiated using a first client list of a plurality of client lists, wherein the first client list is included in the first service group and identifies clients having at least one lock on a filesystem included in the first service group. During the fail over of a service group, lock services may not be interrupted for other service groups on any of the nodes.

Abstract: A system and method are disclosed for providing security for a computer network. Content is generated for a computer associated with the network. It is determined whether a user should be routed to the generated content. If it is determined that the user should be routed to the generated content, the user is so routed.

Abstract: Techniques are disclosed for protecting a computer environment. The technique comprises providing an index; comparing a first event with the index; determining whether the first event is unusual; and determining whether a security incident associated with the first event has occurred.

Abstract: Disclosed is a method and apparatus for optimizing memory space and improving the write performance in a data processing system having a data volume with multiple virtual copies thereof. In one embodiment of the method, a first virtual copy of a primary data volume is created. Thereafter, first data of the primary data volume is modified. A second virtual copy of the primary data volume is created after modification of the first data thereof. A write-data transaction for modifying second data of the modified primary data volume is generated after creation of the second virtual copy. The second data of the modified primary data volume is copied to memory allocated to store data of the second virtual copy. The second data of the modified primary data volume is modified after the second data is copied to the memory allocated to store data of the second virtual copy.

Abstract: Systems and methods for performing recoverable mirroring in a storage environment employing asymmetrically distributed block virtualization. In one embodiment, the system may include a volume server, a first and a second host computer system, and a plurality of physical block devices. The volume server may be configured to aggregate storage in the plurality of physical block devices into a plurality of logical volumes, where a particular logical volume includes storage from at least two physical block devices, to make a first subset of the logical volumes available to the first host computer system for input/output, and to make a second subset of the logical volumes available to the second host computer system for input/output. The first subset and the second subset may be at least partially nonoverlapping, a given logical volume may be configured as a mirrored logical volume including a plurality of copies of a given data block.

Abstract: To achieve the foregoing, and in accordance with the purpose of the present invention, a system or network is disclosed which provides for a dynamic symbolic link (DSL) and the resolution of that DSL. The invention provides a method and apparatus that renames a first pathname to a target pathname, determines a variable within the target pathname, defines the first pathname as a symbolic link and associates the symbolic link with a virtual pathname. The present invention further defines a specification associated with the virtual pathname including associating the variable with the virtual pathname. In associating the symbolic link with the virtual pathname, the present invention further define a declaration within the virtual pathname.

Abstract: A method, system, application programming interface, computer system, and computer program product to provide locks for controlling access to data by nodes in a multi-node environment while minimizing messages sent between nodes. Based upon knowledge of lock usage in the multi-node environment, a multi-node knowledge agent can determine when no other node is accessing data protected by a given lock, as well as when an event has occurred that precedes a request by another node to access data protected by the given lock. When no other node is accessing data and no such event has occurred, the multi-node knowledge agent can designate that given lock as “masterless.” A lock agent on the node hosting the multi-node knowledge agent is authorized to subsequently grant access to the data protected by the masterless lock to clients on that node without communicating with a lock master, which may reside at another node.

Abstract: Characteristics of a call module originating a critical operating system function call are analyzed for indications of suspicious content and a virus threshold counter is incremented appropriately. For example, the memory image to the file image of the call module are compared for indications of suspicious content. If a determination is made that the virus threshold counter exceeds a virus threshold, there is a significant probability that malicious code is executing on the host computer system. Thus, the user of the host computer system and/or an administrator are notified that malicious code is possibly executing on the host computer system.