Patents by Inventor Alexander SNAST
Alexander SNAST has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11349643Abstract: A data security technique for a data storage system includes in response to connection of an external storage device to a port of the data storage system, retrieving an authentication key encryption key (AKEK) for the data storage system from the external storage device to the data storage system. A random wrapper key (RWK) is generated based on the AKEK and an encrypted random wrapper key (ERWK) for the data storage system (retrieved from a first key repository of the data storage system). The ERWK is retrieved from a first key repository of the data storage system. A master key (retrieved from a second key repository of the data storage system) is decrypted for the data storage system using the RWK. A device access key (DAK) is derived based on the master key. The DAK is used to encrypt/decrypt data for a drive associated with the DAK.Type: GrantFiled: November 9, 2018Date of Patent: May 31, 2022Assignee: International Business Machines CorporationInventors: Eyal Rahamim, Alexander Snast
-
Patent number: 11256584Abstract: Embodiments for disaster recovery (DR) configuration management. An orchestration mechanism is used to automate a deployment and/or a configuring of two or more storage clusters for DR by arranging, in one step, a mirroring session between the two or more storage clusters. The two or more storage clusters are existing clusters, and the orchestration mechanism locates each of the existing storage clusters and establishes the mirroring session between the two.Type: GrantFiled: October 23, 2019Date of Patent: February 22, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Zah Barzik, Lior Chen, Eli Koren, Rivka M. Matosevich, Alexander Snast
-
Patent number: 11243899Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a device context device driver for forced detaching of an application from mapped devices. The device context device driver receives a command to detach an application, wherein the command specifies a process descriptor associated with the application. The device context device driver identifies a plurality of matching device context entries in a list of open device contexts maintained by the device context device driver that match the process descriptor. The device context device driver marks the plurality of matching device context entries as detached. The device context device driver invalidates mapped memory areas associated with the plurality of matching device context entries.Type: GrantFiled: April 28, 2017Date of Patent: February 8, 2022Assignee: International Business Machines CorporationInventors: Lior Chen, Constantine Gavrilov, Alexander Snast
-
Publication number: 20200213102Abstract: A technique for providing data security for a data storage system using local key management includes in response to connection of an external storage device to a port of the data storage system, retrieving an authentication key encryption key (AKEK) for the data storage system from the external storage device to the data storage system. A random wrapper key (RWK) is generated based on the AKEK and an encrypted random wrapper key (ERWK) for the data storage system (retrieved from a first key repository of the data storage system). The ERWK is retrieved from a first key repository of the data storage system. A master key (retrieved from a second key repository of the data processing system) is decrypted for the data storage system using the RWK. A device access key (DAK) is derived based on the master key. The DAK is used to encrypt/decrypt data for a drive associated with the DAK.Type: ApplicationFiled: November 9, 2018Publication date: July 2, 2020Inventors: Eyal Rahamim, Alexander Snast
-
Patent number: 10664386Abstract: Remotely debugging a non-responsive operating system (OS) of a computer system. Central processing units (CPUs) in a computer system are bound to receive queues of a network adapter. Interrupts for a CPU is disabled, wherein the CPU is not available to process hardware interrupt requests queued in the bound receive queues. A debugging message including debugging commands is received by the network adapter, wherein the debugging message is stored in a first receive queue of the network adapter bound to a first CPU. If the first CPU is available, the debugging commands in the debugging message stored in the first of the one or more receive queues of the network adapter are identified by a debugger of the computer system. The identified debugging commands are executed by the CPU to debug the non-responsive OS of the computer system.Type: GrantFiled: September 17, 2018Date of Patent: May 26, 2020Assignee: International Business Machines CorporationInventors: Gregory Etelson, Constantine Gavrilov, Alexander Snast
-
Patent number: 10599856Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.Type: GrantFiled: June 7, 2017Date of Patent: March 24, 2020Assignee: International Business Machines CorporationInventors: Zah Barzik, Maxim Kalaev, Alexander Snast
-
Publication number: 20200057700Abstract: Embodiments for disaster recovery (DR) configuration management. An orchestration mechanism is used to automate a deployment and/or a configuring of two or more storage clusters for DR by arranging, in one step, a mirroring session between the two or more storage clusters. The two or more storage clusters are existing clusters, and the orchestration mechanism locates each of the existing storage clusters and establishes the mirroring session between the two.Type: ApplicationFiled: October 23, 2019Publication date: February 20, 2020Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Zah BARZIK, Lior CHEN, Eli KOREN, Rivka M. MATOSEVICH, Alexander SNAST
-
Patent number: 10540245Abstract: Embodiments for disaster recovery (DR) configuration management in a Software-defined Storage (SDS) environment. An orchestration mechanism is used to automate a deployment and/or a configuring of two or more storage clusters for DR by arranging, in one step, a mirroring session between the two or more storage clusters in the SDS environment.Type: GrantFiled: November 22, 2016Date of Patent: January 21, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Zah Barzik, Lior Chen, Eli Koren, Rivka M. Matosevich, Alexander Snast
-
Patent number: 10397096Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a path query cache. Responsive to receiving a path query from a process executing in the data processing system, the path query cache performs a lookup of the path query in the path query cache. The path query identifies a source port, a source address and a destination address. The path query cache stores a plurality of entries, each entry comprising a source port, a source address, a destination address, the source and destination global identifiers, and good/bad flag indicating whether a path associated with the entry is available or not. Responsive to the path query cache determining the path query matches a valid entry in the plurality of entries, the path query cache returns a result to the process.Type: GrantFiled: April 28, 2017Date of Patent: August 27, 2019Assignee: International Business Machines CorporationInventors: Lior Chen, Constantine Gavrilov, Alexander Snast, Ari Zigler
-
Publication number: 20190018752Abstract: Remotely debugging a non-responsive operating system (OS) of a computer system. Central processing units (CPUs) in a computer system are bound to receive queues of a network adapter. Interrupts for a CPU is disabled, wherein the CPU is not available to process hardware interrupt requests queued in the bound receive queues. A debugging message including debugging commands is received by the network adapter, wherein the debugging message is stored in a first receive queue of the network adapter bound to a first CPU. If the first CPU is available, the debugging commands in the debugging message stored in the first of the one or more receive queues of the network adapter are identified by a debugger of the computer system. The identified debugging commands are executed by the CPU to debug the non-responsive OS of the computer system.Type: ApplicationFiled: September 17, 2018Publication date: January 17, 2019Inventors: Gregory Etelson, Constantine Gavrilov, Alexander Snast
-
Patent number: 10169594Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.Type: GrantFiled: September 27, 2017Date of Patent: January 1, 2019Assignee: International Business Machines CorporationInventors: Zah Barzik, Maxim Kalaev, Alexander Snast
-
Publication number: 20180357429Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.Type: ApplicationFiled: September 27, 2017Publication date: December 13, 2018Inventors: Zah Barzik, Maxim Kalaev, Alexander Snast
-
Publication number: 20180357428Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.Type: ApplicationFiled: June 7, 2017Publication date: December 13, 2018Inventors: Zah Barzik, Maxim Kalaev, Alexander Snast
-
Publication number: 20180316602Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a path query cache. Responsive to receiving a path query from a process executing in the data processing system, the path query cache performs a lookup of the path query in the path query cache. The path query identifies a source port, a source address and a destination address. The path query cache stores a plurality of entries, each entry comprising a source port, a source address, a destination address, the source and destination global identifiers, and good/bad flag indicating whether a path associated with the entry is available or not. Responsive to the path query cache determining the path query matches a valid entry in the plurality of entries, the path query cache returns a result to the process.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Lior Chen, Constantine Gavrilov, Alexander Snast, Ari Zigler
-
Publication number: 20180314657Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a device context device driver for forced detaching of an application from mapped devices. The device context device driver receives a command to detach an application, wherein the command specifies a process descriptor associated with the application. The device context device driver identifies a plurality of matching device context entries in a list of open device contexts maintained by the device context device driver that match the process descriptor. The device context device driver marks the plurality of matching device context entries as detached. The device context device driver invalidates mapped memory areas associated with the plurality of matching device context entries.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Lior Chen, Constantine Gavrilov, Alexander Snast
-
Patent number: 10078576Abstract: Remotely debugging a non-responsive operating system (OS) of a computer system. Central processing units (CPUs) in a computer system are bound to receive queues of a network adapter. Interrupts for a CPU is disabled, wherein the CPU is not available to process hardware interrupt requests queued in the bound receive queues. A debugging message including debugging commands is received by the network adapter, wherein the debugging message is stored in a first receive queue of the network adapter bound to a first CPU. If the first CPU is available, the debugging commands in the debugging message stored in the first of the one or more receive queues of the network adapter are identified by a debugger of the computer system. The identified debugging commands are executed by the CPU to debug the non-responsive OS of the computer system.Type: GrantFiled: March 29, 2016Date of Patent: September 18, 2018Assignee: International Business Machines CorporationInventors: Gregory Etelson, Constantine Gavrilov, Alexander Snast
-
Patent number: 10057045Abstract: A method, computer program product and computer system achieves full-mesh connectivity between any two domains in a multi-domain computing environment such as an Infiniband or Converged Ethernet environment. A connection between two domains is established using a single connection management identifier, and private payloads in connection management datagrams, to drive full-duplex connectivity over a pair of half-duplex connections. The half-duplex connections are established using one connection request, and one connection ID object. A connection management object interfaces between the two connected domains. The connection management object handles communications across the half-duplex connections while the connected applications operate as if they are communicating over a full-duplex connection.Type: GrantFiled: November 21, 2017Date of Patent: August 21, 2018Assignee: International Business Machines CorporationInventors: Lior Chen, Constantine Gavrilov, Alexander Snast, Ari Zigler
-
Patent number: 10033516Abstract: A method, computer program product and computer system achieves full-mesh connectivity between any two domains in a multi-domain computing environment such as an Infiniband or Converged Ethernet environment. A connection between two domains is established using a single connection management identifier, and private payloads in connection management datagrams, to drive full-duplex connectivity over a pair of half-duplex connections. The half-duplex connections are established using one connection request, and one connection ID object. A connection management object interfaces between the two connected domains. The connection management object handles communications across the half-duplex connections while the connected applications operate as if they are communicating over a full-duplex connection.Type: GrantFiled: November 30, 2016Date of Patent: July 24, 2018Assignee: International Business Machines CorporationInventors: Lior Chen, Constantine Gavrilov, Alexander Snast, Ari Zigler
-
Patent number: 10031786Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include identifying a first number of processors in a computer, and identifying a second number of interrupt request (IRQ) lines on a hardware acceleration device in the computer and coupled to the processors, the second number greater than or equal to the first number. Each of the IRQ lines is associated with one of the processors, and upon selecting a given IRQ line for an application thread, a given processor associated with the given IRQ line is identified. Execution of the application thread is initiated on the given processor, and using the given IRQ line, a completion queue is configured for the application thread. If the thread is executing on a different processor than the one managing the completion queue, then the management of the completion queue can be migrated to the processor executing the thread.Type: GrantFiled: January 13, 2016Date of Patent: July 24, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Lior Chen, Constantine Gavrilov, Alexander Snast
-
Publication number: 20180152278Abstract: A method, computer program product and computer system achieves full-mesh connectivity between any two domains in a multi-domain computing environment such as an Infiniband or Converged Ethernet environment. A connection between two domains is established using a single connection management identifier, and private payloads in connection management datagrams, to drive full-duplex connectivity over a pair of half-duplex connections. The half-duplex connections are established using one connection request, and one connection ID object. A connection management object interfaces between the two connected domains. The connection management object handles communications across the half-duplex connections while the connected applications operate as if they are communicating over a full-duplex connection.Type: ApplicationFiled: November 21, 2017Publication date: May 31, 2018Inventors: Lior Chen, Constantine Gavrilov, Alexander Snast, Ari Zigler