Abstract: Embodiments described herein enable a storage system configured with a cache, i.e., a caching storage system, to obtain soft locks on a plurality of files, including non-regular file types, supported by a plurality of file access protocols. The cache is illustratively embodied as a flexible volume configured to temporarily store information, such as contents of the files, through replication of attributes and data of the files from an origin storage system. The soft locks are illustratively implemented as delegations; a delegation on a file enables the caching storage system to serve the attributes and the data for the file without verifying validity of the data with the origin storage system.

Abstract: Described herein is a novel technique for implementing a policy-based caching engine in a storage system cluster (cluster) to automatically implement volume caching at select nodes of the cluster in optimizing cluster performance. The novel caching engine may be implemented in a management console of the cluster storing policy information related to volume caching operations requested by the caching engine. Policy information may include node or cluster attributes, operational events, and a pre-defined cached volume configuration of import to the user. Based on the stored policy information, the caching engine may determine a set of nodes on which to initiate a volume caching operation and generate a request for such operation to be performed on a particular node. Only select nodes in the cluster may thus implement volume caching to thereby conserve processing resources for more critical operations at other select nodes in the cluster.

Abstract: A system and method for securing data by receiving encrypted data at a security appliance transmitted from a client, wherein at least a portion of the encrypted data is encrypted according to a first encryption protocol, and wherein the encrypted data is transmitted to the security appliance according to a first data transfer protocol. The encrypted data is then decrypted at the security appliance, wherein at least a portion of the decrypted data is re-encrypted according to a second encryption protocol at the security appliance. The re-encrypted data is transmitted from the security appliance to a storage device, wherein the re-encrypted data is transmitted according to a second data transfer protocol that is different than the first data transfer protocol.

Abstract: A data security appliance intercepts out-of-band control traffic directed to a data storage device, wherein the out-of-band control traffic includes a command to change a configuration of the data storage device. The data security appliance is reconfigured in accordance with the command in order to conform with a new configuration of the data storage device.

Abstract: A security appliance that encrypts and decrypts information is installed in each of redundant multi-paths between a host system and a back up tape storage system. The host system is arranged to detect failures in a primary path to the tape system being used. When the failure is detected, the host system enables transfers to the same tape system through an alternative path. Encryption keys and host/tape designators (identifiers) are broadcast among the security appliances in the alternative data paths. When the host system switches from the primary path to the secondary path, even though the secondary security appliance did not generate the encryption keys, the secondary path security appliance will have such keys and will properly encrypt and transfer data from the host to the tape system. The secondary will also properly retrieve encrypted data from the tape system, decrypt it and deliver it to the host. All of these operations will be transparent (invisible) to a running application in the host.

Abstract: Embodiments of the present invention provide mechanisms for improving storage consumption on a sequential access medium, such as a physical tape, by preferably storing one instance of a data block of a backup data set on the tape media. When another instance of a data block is received having the same pattern as the stored data block, rather than storing the data block itself, a reference to the data block is stored on the sequential access medium. When data are restored, data blocks are cached at a block store on a storage device(s) having a faster seek time than the tape. When a reference to a previously stored data block is read from the tape, rather than re-winding the tape to search for the data block on the tape (which might take a long time to locate), the referenced data block can be found on the storage device having a faster seek time than the tape media.

Abstract: A security appliance that encrypts and decrypts information is installed in each of redundant multi-paths between a host system and a back up tape storage system. The host system is arranged to detect failures in a primary path to the tape system being used. When the failure is detected, the host system enables transfers to the same tape system through an alternative path. Encryption keys and host/tape designators (identifiers) are broadcast among the security appliances in the alternative data paths. When the host system switches from the primary path to the secondary path, even though the secondary security appliance did not generate the encryption keys, the secondary path security appliance will have such keys and will properly encrypt and transfer data from the host to the tape system. The secondary will also properly retrieve encrypted data from the tape system, decrypt it and deliver it to the host. All of these operations will be transparent (invisible) to a running application in the host.