Abstract: Managing a lifecycle of data by identifying data objects that are subject to same control rules in each stage of the lifecycle as grouped data, where the control rules allow only authorized access to or authorized operations on the grouped data based on a current stage of the lifecycle. A dataset is generated for the grouped data by identifying metadata of the grouped data to be processed similarly within the lifecycle, and storing the metadata in the dataset. The control rules associated with the grouped data as stage tags for the dataset. Actions performed on the data referenced by the dataset are monitored to ensure that the monitored actions comply with control rules using the stage tags of the dataset.

Abstract: Embodiments are described for a method and system of applying data protection software mechanisms to network devices to auto-discover the networking equipment, save changes from memory (TCAM) to local storage, backup changes to protection storage, provide auditing and tracking history of changes, and provide the ability to deploy test/development copies of changes using software defined networking techniques. Embodiments include an efficient visual mapping aspect provided through a GUI to display the topography and backup/protection configuration of network devices in a system.

Abstract: Embodiments of monitoring data assets in a system to apply rules to optimize storage and access of the data assets based on data content rather than data location, by defining rules based on the monitoring attributes, wherein a rule dictates a storage location of selected data or access permissions to the data by one or more persons or groups in the system. The selected data is tagged with a defined metadata tag, and a dataset is created by running a query against a data catalog to derive the dataset. A component monitors data usage and access of data elements referenced by the dataset to detect any violations of the defined rules, and provides a notification of any violation to facilitate remedial action by a user or process. The dataset can span multiple storage devices of different types to define a single processing unit for the monitoring attributes.

Abstract: Embodiments automate the timely remediation of issues by matching failed operations to a script or set of scripts that is configured to fix the problem. A method detects a backup operation alert message sent from a data manager or storage system that encodes one or more attributes affected by the backup operation, wherein the attributes are weighted to reflect a percentage importance of the a corresponding script to fix the problem. A script library is scanned to identify scripts that match the alert message. A component generates a score for each script, where the score factors the relevance of the script to the backup operation based on the weighted attributes. Scores for each single script each possible combination of multiple scripts are computed and compared, and the script or script combination with the highest score is executed by the self-healing process.

Abstract: Optimizing data movement from a source data center to a target data center by grouping metadata of data objects into a dataset that encompasses data processed identically by a data processing operation, where the dataset defines a single data access unit for these data objects, and the data processing operation processes them as a single unit based on data content rather than physical or logical data location of the data objects. A mobility process correlates an increase in a number of metadata elements in the dataset with a growth rate of the dataset, and compares the dataset growth rate with historical or similar dataset growth rate data. The comparison is used to determine when and where to move data from the source to the target data center based on a forecast of accelerated growth indicated by the comparing step, and a consideration of target data center resources, data move costs, and streaming data effects.

Abstract: One example method includes defining object groups by classifying each object in a backup saveset based on respective object types of the objects such that all objects in an object group are the same object type, assigning a different respective storage media type to each of the object groups, storing each object group at a respective storage target, representing each object group with a respective Merkle tree that includes a base hash, and mapping each base hash to the storage target where the object group associated with the Merkle tree that includes the base hash is stored.

Abstract: Embodiments for a method performing data migration such as backups and restores in a network by identifying characteristics of data in a data saveset to separate the data into defined types based on respective characteristics, assigning a data label to each defined type by receiving user selection or automatically merging or selecting a priority label, from among many labels associated with a file, defining migration rules for each data label, discovering assigned labels during a migration operation; and applying respective migration rules to labeled data in the data saveset. The migration rules can dictate storage location, access rights, replication periods, retention periods, and similar parameters.

Abstract: Embodiments are described for preventing undesired data deletion on protection storage by using delete restrictions. A delete restriction component prevents data from being staged for permanent erasure, such as by preventing files from being moved to a trash folder. A well-known process (WKP), such as a backup or migration operation that is known to request data expiration, is used to validate data deletions. The WKP identifies data that is no longer to be retained. The WKP uses a well-known process expiration list (WEL) that holds hashes of the data. A bucket confirmation count indicates candidates for data deletion. Separately, Garbage Collection maintains another list of hashes that are deletion candidates. A separate process finds common hashes between the WKP and GC hashes, and then removes the data pointed to by the common hashes.

Abstract: Providing content based data protection for data stored in a large-scale data storage system by creating a dataset by grouping metadata for unstructured data objects that are grouped together by one or more filters. The dataset can span multiple storage devices of different types, so that it defines a single data protection unit for the corresponding content data. A user initiated query input through a search engine interface generates the one or more filters, and a protection policy is defined that protects the dataset as the single unit based on data content rather than data location. Datasets are stored in a catalog, and are generated by running queries on the catalog, where a query comprises metadata selectors as tags applied to the catalog, where the tags define at least one of a file type, name, location, creation time, or file characteristic.

Abstract: Embodiments automate the timely remediation of issues by matching failed operations to a script that is configured to fix the problem or problems without causing additional side effects, thus minimizing unavailability of services and loss of data. A method detects a backup operation alert message sent from a data manager or storage system that encodes one or more attributes affected by the backup operation, wherein the attributes are weighted to reflect a percentage importance of the a corresponding script to fix the problem. A script library is scanned to identify scripts that match the alert message. A component generates a score for each script, where the score factors the relevance of the script to the backup operation based on the weighted attributes, and executes the script with the highest score, as the script most likely to fix the issue causing the alert message.

Abstract: Embodiments help timely remediation of issues in a data protection system by automatically evaluating scripts configured to address the issues. The system has a bounded list of possible attributes that are deemed important by system administrators. Each attribute is assigned a System Impact Score (SIS) along a defined scale. A self-healing processing component monitors the state of each attribute over time. The scripts are evaluated through repeated execution and use of the attribute monitoring to determine which attributes are affected by a script. Weights are assigned to each attribute affected by a script to aid in the selection of scripts most likely to remediate an actionable issue. Regularly performing script evaluation and attribute weighting allows for updating of scripts with an accurate list of attributes to overcome problems associated with manual updates.

Abstract: Tracking changes to a document by defining a document record having a unique document record and comprising an index and a file name of the document, and defining a backup record for the document in a series of backups, which includes a timestamp for each backup, and a bitmask for the document. The bitmask has a single bit position for each document in the container which is set to a first binary value to indicate that the corresponding document is unchanged and a second binary value to indicate whether the document is changed or deleted. A primary query is received and resolved for the document by analyzing the document record to find the file name. A secondary query using the document record ID is resolved to find all tracked versions of the document, and the results are returned to the user in the form of a version history list.

Abstract: Embodiments are described for preventing undesired data deletion on protection storage by using delete restrictions and issuing user alerts if an excessive number of deletions are requested within a period of time. The number of deletions per time period is recorded and stored as hash counts. Deletion of data is delayed until confirmation by the user is received. One or more metrics are computed from the recorded count data and corresponding deleted data sizes. The computed metrics are compared to defined corresponding threshold values, and if any of the metrics exceeds the corresponding threshold value, an alert is sent to the user. The user can then choose to stop or investigate the deletions, or acknowledge the deletions to provide the confirmation.

Abstract: Optimizing backups for a data protection system by determining a size of a dataset to be saved in each backup operation and an available bandwidth in each transfer window of transfer windows for data transfers between a source and destination. An order of the backup operations is defined based on first ordering the backups based on decreasing dataset size and second ordering the transfer windows in order of decreasing bandwidth, and matching the backups to the transfer windows in accordance with these orderings. A dynamic window sizing process determines an initial change between the minimum and maximum bandwidth utilization over a period of time and then iteratively split and consolidate the time blocks until optimal utilization over the time period is reached.

Abstract: Embodiments automate the timely remediation of issues by matching failed operations to a script that is configured to fix the problem or problems without causing additional side effects, thus minimizing unavailability of services/data and loss of data. A method detects a backup operation alert message sent from a data manager or storage system that encodes one or more attributes affected by the backup operation. A script library is scanned to identify scripts that match the alert message. A component generates a score for each script, where the score factors the relevance of the script to the backup operation, and executes the script with the highest score, as the script most likely to remediate the issue causing the alert message.

Abstract: Organizing data for data protection based on content data stored in a large-scale data storage system. Embodiments create a dataset by grouping metadata for unstructured data objects that are grouped together by one or more filters. Datasets can be static or dynamic and can span multiple storage devices of different types, so that it defines a single data protection unit for the corresponding content data. A user initiated query generates the one or more filters, and a protection policy is defined that protects the dataset as the single unit based on data content rather than data location. Datasets are stored in a catalog, and are generated by running queries on the catalog, where a query comprises metadata selectors as tags applied to the catalog, where the tags define at least one of a file type, name, location, creation time, or file characteristic.

Abstract: Providing content-based encryption to content data in a data processing system by creating datasets by grouping metadata for data objects that are intended to be encrypted with a common encryption key, where each dataset spans multiple storage devices of different storage types, and defines a single data encryption unit for the data objects referenced by a respective dataset. Each dataset is tagged with an encryption tag to enable or disable use of a self-selected encryption key. Encryption keys stored in or made available to the system are accessed for encrypting the data objects using an encryption process. A key management component maps each dataset to a corresponding encryption key of the encryption keys, and an encryption component encrypts, for each dataset, referenced data objects using a corresponding mapped encryption key.

Abstract: Enforcing a legal hold procedure in a system by scanning multiple data sources to identify data objects for processing as a unitary group with respect to common access and control processes of the legal hold to preserve the data for a defined period of time and protected against modification and unauthorized access. The metadata is stored in a static dataset that defines a single data access unit for the referenced data. A user query regarding a referenced data object is processed, and accesses the data through the dataset as a single unit based on data content rather than data location in a file directory of the system. The data may be sensitive data and the legal hold procedure may be implemented as court rules in accordance with Federal Rules of Civil Procedure.

Abstract: Providing content based data protection for data stored in a large-scale data storage system by scanning data stored in one or more databases for discovery of metadata, and extracting the discovered metadata, for storage in a data catalog, the data catalog having a scanning function performing the scanning step, and comprising a database storing the metadata in one or more tables. A protection policy is defined to commonly protect content data referenced by metadata in the data catalog, and applied to the referenced content data to perform a data protection operation the content data. Datasets stored in the catalog are generated by running queries on the catalog, where a query comprises metadata selectors as tags applied to the catalog, where the tags define at least one of a file type, name, location, creation time, or file characteristic.

Abstract: Performing charge/showback operations in a large-scale data system by scanning multiple data sources to identify data objects for processing as a unitary group with respect to common characteristics that have an impact on finances within the system. Metadata of the identified data objects are stored in a dynamic dataset that defines a single data access unit for the referenced data objects. The system processes a user query regarding cost allocations, cost forecasts, and resource usage of respective groups within an organization. The query initiates a charge-back or show-back operation that allocates costs associated with each respective usage of resources by a department or cost center, and accesses the referenced data objects through the dataset as a single unit based on data content rather than data location in a file directory of the system.