Abstract: A data security technique for a data storage system includes in response to connection of an external storage device to a port of the data storage system, retrieving an authentication key encryption key (AKEK) for the data storage system from the external storage device to the data storage system. A random wrapper key (RWK) is generated based on the AKEK and an encrypted random wrapper key (ERWK) for the data storage system (retrieved from a first key repository of the data storage system). The ERWK is retrieved from a first key repository of the data storage system. A master key (retrieved from a second key repository of the data storage system) is decrypted for the data storage system using the RWK. A device access key (DAK) is derived based on the master key. The DAK is used to encrypt/decrypt data for a drive associated with the DAK.

Abstract: Embodiments for disaster recovery (DR) configuration management. An orchestration mechanism is used to automate a deployment and/or a configuring of two or more storage clusters for DR by arranging, in one step, a mirroring session between the two or more storage clusters. The two or more storage clusters are existing clusters, and the orchestration mechanism locates each of the existing storage clusters and establishes the mirroring session between the two.

Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a device context device driver for forced detaching of an application from mapped devices. The device context device driver receives a command to detach an application, wherein the command specifies a process descriptor associated with the application. The device context device driver identifies a plurality of matching device context entries in a list of open device contexts maintained by the device context device driver that match the process descriptor. The device context device driver marks the plurality of matching device context entries as detached. The device context device driver invalidates mapped memory areas associated with the plurality of matching device context entries.

Abstract: A technique for providing data security for a data storage system using local key management includes in response to connection of an external storage device to a port of the data storage system, retrieving an authentication key encryption key (AKEK) for the data storage system from the external storage device to the data storage system. A random wrapper key (RWK) is generated based on the AKEK and an encrypted random wrapper key (ERWK) for the data storage system (retrieved from a first key repository of the data storage system). The ERWK is retrieved from a first key repository of the data storage system. A master key (retrieved from a second key repository of the data processing system) is decrypted for the data storage system using the RWK. A device access key (DAK) is derived based on the master key. The DAK is used to encrypt/decrypt data for a drive associated with the DAK.

Abstract: Remotely debugging a non-responsive operating system (OS) of a computer system. Central processing units (CPUs) in a computer system are bound to receive queues of a network adapter. Interrupts for a CPU is disabled, wherein the CPU is not available to process hardware interrupt requests queued in the bound receive queues. A debugging message including debugging commands is received by the network adapter, wherein the debugging message is stored in a first receive queue of the network adapter bound to a first CPU. If the first CPU is available, the debugging commands in the debugging message stored in the first of the one or more receive queues of the network adapter are identified by a debugger of the computer system. The identified debugging commands are executed by the CPU to debug the non-responsive OS of the computer system.

Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.

Abstract: Embodiments for disaster recovery (DR) configuration management. An orchestration mechanism is used to automate a deployment and/or a configuring of two or more storage clusters for DR by arranging, in one step, a mirroring session between the two or more storage clusters. The two or more storage clusters are existing clusters, and the orchestration mechanism locates each of the existing storage clusters and establishes the mirroring session between the two.

Abstract: Embodiments for disaster recovery (DR) configuration management in a Software-defined Storage (SDS) environment. An orchestration mechanism is used to automate a deployment and/or a configuring of two or more storage clusters for DR by arranging, in one step, a mirroring session between the two or more storage clusters in the SDS environment.

Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a path query cache. Responsive to receiving a path query from a process executing in the data processing system, the path query cache performs a lookup of the path query in the path query cache. The path query identifies a source port, a source address and a destination address. The path query cache stores a plurality of entries, each entry comprising a source port, a source address, a destination address, the source and destination global identifiers, and good/bad flag indicating whether a path associated with the entry is available or not. Responsive to the path query cache determining the path query matches a valid entry in the plurality of entries, the path query cache returns a result to the process.

Abstract: Remotely debugging a non-responsive operating system (OS) of a computer system. Central processing units (CPUs) in a computer system are bound to receive queues of a network adapter. Interrupts for a CPU is disabled, wherein the CPU is not available to process hardware interrupt requests queued in the bound receive queues. A debugging message including debugging commands is received by the network adapter, wherein the debugging message is stored in a first receive queue of the network adapter bound to a first CPU. If the first CPU is available, the debugging commands in the debugging message stored in the first of the one or more receive queues of the network adapter are identified by a debugger of the computer system. The identified debugging commands are executed by the CPU to debug the non-responsive OS of the computer system.

Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.

Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.

Abstract: In one embodiment of the present invention, a server is created, and a computer readable storage media is included in the server. An adapter is connected to the server, a set of packets is received by the adapter from a network, and the network and a repository are interfaced by the adapter. A firmware is stored on the adapter, and the adapter is controlled by the firmware. A management component is stored on the computer readable storage media, and the server is managed by the management component. A driver is stored on the management component, and the driver communicates with the adapter. A set of filters that controls transmission of the set of packets is created, and each filter in the set of filters has a set of filter rules. The set of filters is stored on the server.

Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a path query cache. Responsive to receiving a path query from a process executing in the data processing system, the path query cache performs a lookup of the path query in the path query cache. The path query identifies a source port, a source address and a destination address. The path query cache stores a plurality of entries, each entry comprising a source port, a source address, a destination address, the source and destination global identifiers, and good/bad flag indicating whether a path associated with the entry is available or not. Responsive to the path query cache determining the path query matches a valid entry in the plurality of entries, the path query cache returns a result to the process.

Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions that are executed by the at least one processor and configure the at least one processor to implement a device context device driver for forced detaching of an application from mapped devices. The device context device driver receives a command to detach an application, wherein the command specifies a process descriptor associated with the application. The device context device driver identifies a plurality of matching device context entries in a list of open device contexts maintained by the device context device driver that match the process descriptor. The device context device driver marks the plurality of matching device context entries as detached. The device context device driver invalidates mapped memory areas associated with the plurality of matching device context entries.

Abstract: Remotely debugging a non-responsive operating system (OS) of a computer system. Central processing units (CPUs) in a computer system are bound to receive queues of a network adapter. Interrupts for a CPU is disabled, wherein the CPU is not available to process hardware interrupt requests queued in the bound receive queues. A debugging message including debugging commands is received by the network adapter, wherein the debugging message is stored in a first receive queue of the network adapter bound to a first CPU. If the first CPU is available, the debugging commands in the debugging message stored in the first of the one or more receive queues of the network adapter are identified by a debugger of the computer system. The identified debugging commands are executed by the CPU to debug the non-responsive OS of the computer system.

Abstract: A method, computer program product and computer system achieves full-mesh connectivity between any two domains in a multi-domain computing environment such as an Infiniband or Converged Ethernet environment. A connection between two domains is established using a single connection management identifier, and private payloads in connection management datagrams, to drive full-duplex connectivity over a pair of half-duplex connections. The half-duplex connections are established using one connection request, and one connection ID object. A connection management object interfaces between the two connected domains. The connection management object handles communications across the half-duplex connections while the connected applications operate as if they are communicating over a full-duplex connection.

Abstract: A method, computer program product and computer system achieves full-mesh connectivity between any two domains in a multi-domain computing environment such as an Infiniband or Converged Ethernet environment. A connection between two domains is established using a single connection management identifier, and private payloads in connection management datagrams, to drive full-duplex connectivity over a pair of half-duplex connections. The half-duplex connections are established using one connection request, and one connection ID object. A connection management object interfaces between the two connected domains. The connection management object handles communications across the half-duplex connections while the connected applications operate as if they are communicating over a full-duplex connection.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include identifying a first number of processors in a computer, and identifying a second number of interrupt request (IRQ) lines on a hardware acceleration device in the computer and coupled to the processors, the second number greater than or equal to the first number. Each of the IRQ lines is associated with one of the processors, and upon selecting a given IRQ line for an application thread, a given processor associated with the given IRQ line is identified. Execution of the application thread is initiated on the given processor, and using the given IRQ line, a completion queue is configured for the application thread. If the thread is executing on a different processor than the one managing the completion queue, then the management of the completion queue can be migrated to the processor executing the thread.

Abstract: A method, computer program product and computer system achieves full-mesh connectivity between any two domains in a multi-domain computing environment such as an Infiniband or Converged Ethernet environment. A connection between two domains is established using a single connection management identifier, and private payloads in connection management datagrams, to drive full-duplex connectivity over a pair of half-duplex connections. The half-duplex connections are established using one connection request, and one connection ID object. A connection management object interfaces between the two connected domains. The connection management object handles communications across the half-duplex connections while the connected applications operate as if they are communicating over a full-duplex connection.