Abstract: A technique for data sharing among multiple filers that share a volume in a private or public cloud object store is implemented. In this approach, a mechanism is provided to enable a local filer to determine whether other filers that are sharing the volume have a consistent view of new data being written to the cloud object store by the local filer. The begins by associating together a collection of one or more files in a “push class.” On demand, a push operation for the push class is initiated on the local filer. Preferably, the push is managed according to one or more push criteria associated with the push class. Typically, the push operation pushes file data and metadata associated with the one or more files of the push class in respective phases, with the file data being pushed to the cloud during a first phase and the metadata associated with that file data being pushed during a second phase that follows the first phase.

Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include a reshapable caching scheme for the local filer. Like striped caches, the approach uses a stripe, but the striping is implemented via a true RAID 0 (disk striping) rather than as a striped LV (logical volume) device. This approach allows for a “reshape” operation to convert from a n-way stripe set to a n+-way stripe set. Preferably, a reshape involves redistributing each block on disk to its new calculated home. For example, going from a single disk to a two disk set would move every other block from disk 1 to disk 2, and rearrange the blocks on disk 1 to fill in the “holes”. Performance after the reshape matches that of a striped cache. In one embodiment, the cache is structured as a “degraded” RAID 4.

Abstract: A versioned file storage system (VFS) and method for operating and using the same is disclosed. In an aspect, a mechanism is provided wherein a first VFS interface unit coupling the VFS to a local data storage system is replaced with a second VFS interface unit in a coordinated procedure for taking the first unit offline, making a reliable snapshot of its data and cache structure in the VFS, and loading the same data and cache structure into the second VFS interface brought online. The first and second VFS interfaces transfer the necessary data to achieve the switch through respective side-loading daemons running in each interface. Clients in the local data storage system experience minimal interruption of services in the VFS.

Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include constant-time rekeying (CTR). At volume creation time on the filer, a random Intermediate Key (IK) is generated. The IK is encrypted using one or more public key(s) for the volume in question, and then stored in encrypted form in a volume metadata file (e.g., cloudvolume.xml) alongside the other volume information. Once created, the IK is treated like any other volume metadata. During startup of a volume manager on the filer, the one or more per-volume IK blobs (present) are decrypted using an appropriate secret key, and then cached in memory. All objects sent to the cloud are then symmetrically encrypted to the current IK for that volume. All objects read from the cloud are decrypted using the locally-cached IK.

Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include constant-time rekeying (CTR). At volume creation time on the filer, a random Intermediate Key (IK) is generated. The IK is encrypted using one or more public key(s) for the volume in question, and then stored in encrypted form in a volume metadata file (e.g., cloudvolume.xml) alongside the other volume information. Once created, the IK is treated like any other volume metadata. During startup of a volume manager on the filer, the one or more per-volume IK blobs (present) are decrypted using an appropriate secret key, and then cached in memory. All objects sent to the cloud are then symmetrically encrypted to the current IK for that volume. All objects read from the cloud are decrypted using the locally-cached IK.

Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include a reshapable caching scheme for the local filer. Like striped caches, the approach uses a stripe, but the striping is implemented via a true RAID 0 (disk striping) rather than as a striped LV (logical volume) device. This approach allows for a “reshape” operation to convert from a n-way stripe set to a n+1-way stripe set. Preferably, a reshape involves redistributing each block on disk to its new calculated home. For example, going from a single disk to a two disk set would move every other block from disk 1 to disk 2, and rearrange the blocks on disk 1 to fill in the “holes”. Performance after the reshape matches that of a striped cache. In one embodiment, the cache is structured as a “degraded” RAID 4.

Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include constant-time rekeying (CTR). At volume creation time on the filer, a random Intermediate Key (IK) is generated. The IK is encrypted using one or more public key(s) for the volume in question, and then stored in encrypted form in a volume metadata file (e.g., cloudvolume.xml) alongside the other volume information. Once created, the IK is treated like any other volume metadata. During startup of a volume manager on the filer, the one or more per-volume IK blobs (present) are decrypted using an appropriate secret key, and then cached in memory. All objects sent to the cloud are then symmetrically encrypted to the current IK for that volume. All objects read from the cloud are decrypted using the locally-cached IK.

Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include a reshapable caching scheme for the local filer. Like striped caches, the approach uses a stripe, but the striping is implemented via a true RAID 0 (disk striping) rather than as a striped LV (logical volume) device. This approach allows for a “reshape” operation to convert from a n-way stripe set to a n+1-way stripe set. Preferably, a reshape involves redistributing each block on disk to its new calculated home. For example, going from a single disk to a two disk set would move every other block from disk 1 to disk 2, and rearrange the blocks on disk 1 to fill in the “holes”. Performance after the reshape matches that of a striped cache. In one embodiment, the cache is structured as a “degraded” RAID 4.

Abstract: A versioned file storage system (VFS) and method for operating and using the same is disclosed. In an aspect, a mechanism is provided wherein a first VFS interface unit coupling the VFS to a local data storage system is replaced with a second VFS interface unit in a coordinated procedure for taking the first unit offline, making a reliable snapshot of its data and cache structure in the VFS, and loading the same data and cache structure into the second VFS interface brought online. The first and second VFS interfaces transfer the necessary data to achieve the switch through respective side-loading daemons running in each interface. Clients in the local data storage system experience minimal interruption of services in the VFS.

Abstract: A versioned file system comprising network accessible storage is provided. Aspects of the system include globally locking files or groups of files so as to better control the stored files in the file system and to avoid problems associated with simultaneous remote access or conflicting multiple access requests for the same files. A method for operating, creating and using the global locks is also disclosed. A multiprotocol global lock can be provided for filing nodes that have multiple network protocols for generating local lock requests.

Abstract: A cloud-native global file system used to provide primary file storage for enterprise data is augmented to provide “direct-to-cloud” (D2C) migration of an initial data set. In addition to providing a filer, the service provider configures a direct-to-cloud migration tool, typically as a downloadable virtual machine (VM), that is executed in association with the hardware of the enterprise filesystem whose data set is being migrated. The migration tool reads the existing filesystem, transforms the data into a format consistent with that done by a filer, and pushes the result (a single version) directly to an object store in the cloud. In a first pass (run), typically a large bulk of the data is moved and, depending on how the migration tool is configured, one or more additional passes may then be carried out. When migration is complete (or substantially complete), the filer then is activated to complete the migration (if need be) and take over the go-forward operations.

Abstract: A cloud-based write-once object store is configured to store inode-based data exported to the store from an enterprise file system. For each version of data (e.g., a file) exported to the store, there is a version of the inode corresponding to that data. As versions of the data are exported to the cloud, the system creates multiple versions of the inode. The set of inode versions corresponding to the versions of the file have a pointer associated therewith that specifies the latest version of the data associated with the inode. The inode versions in the set share the same pointer. The inode versions represent a revision history for the inode. For each inode version corresponding to a version of the data, information is received and stored in a new portion of the object store. The inode version for a file version comprises a list of data chunks for the file.

Abstract: A cloud-based write-once object store is configured to store inode-based data exported to the store from an enterprise file system. For each version of data (e.g., a file) exported to the store, there is a version of the inode corresponding to that data. As versions of the data are exported to the cloud, the system creates multiple versions of the inode. The set of inode versions corresponding to the versions of the file have a pointer associated therewith that specifies the latest version of the data associated with the inode. The inode versions in the set share the same pointer. The inode versions represent a revision history for the inode. For each inode version corresponding to a version of the data, information is received and stored in a new portion of the object store. The inode version for a file version comprises a list of data chunks for the file.

Abstract: A technique for data sharing among multiple filers that share a volume in a private or public cloud object store is implemented. In this approach, a mechanism is provided to enable a local filer to determine whether other filers that are sharing the volume have a consistent view of new data being written to the cloud object store by the local filer. The begins by associating together a collection of one or more files in a “push class.” On demand, a push operation for the push class is initiated on the local filer. Preferably, the push is managed according to one or more push criteria associated with the push class. Typically, the push operation pushes file data and metadata associated with the one or more files of the push class in respective phases, with the file data being pushed to the cloud during a first phase and the metadata associated with that file data being pushed during a second phase that follows the first phase.

Abstract: A cloud-native global file system used to provide primary file storage for enterprise data is augmented to provide “direct-to-cloud” (D2C) migration of an initial data set. In addition to providing a filer, the service provider configures a direct-to-cloud migration tool, typically as a downloadable virtual machine (VM), that is executed in association with the hardware of the enterprise filesystem whose data set is being migrated. The migration tool reads the existing filesystem, transforms the data into a format consistent with that done by a filer, and pushes the result (a single version) directly to an object store in the cloud. In a first pass (run), typically a large bulk of the data is moved and, depending on how the migration tool is configured, one or more additional passes may then be carried out. When migration is complete (or substantially complete), the filer then is activated to complete the migration (if need be) and take over the go-forward operations.

Abstract: A technique for data sharing among multiple filers that share a volume in a private or public cloud object store is implemented. In this approach, a mechanism is provided to enable a local filer to determine whether other filers that are sharing the volume have a consistent view of new data being written to the cloud object store by the local filer. The begins by associating together a collection of one or more files in a “push class.” On demand, a push operation for the push class is initiated on the local filer. Preferably, the push is managed according to one or more push criteria associated with the push class. Typically, the push operation pushes file data and metadata associated with the one or more files of the push class in respective phases, with the file data being pushed to the cloud during a first phase and the metadata associated with that file data being pushed during a second phase that follows the first phase.

Abstract: A versioned file system comprising network accessible storage is provided. Aspects of the system include globally locking files or groups of files so as to better control the stored files in the file system and to avoid problems associated with simultaneous remote access or conflicting multiple access requests for the same files. A method for operating, creating and using the global locks is also disclosed. A multiprotocol global lock can be provided for filing nodes that have multiple network protocols for generating local lock requests.

Abstract: A cloud-based write-once object store is configured to store inode-based data exported to the store from an enterprise file system. For each version of data (e.g., a file) exported to the store, there is a version of the inode corresponding to that data. As versions of the data are exported to the cloud, the system creates multiple versions of the inode. The set of inode versions corresponding to the versions of the file have a pointer associated therewith that specifies the latest version of the data associated with the inode. The inode versions in the set share the same pointer. The inode versions represent a revision history for the inode. For each inode version corresponding to a version of the data, information is received and stored in a new portion of the object store. The inode version for a file version comprises a list of data chunks for the file.

Abstract: An operations server synchronizes updates to a cloud-based shared versioned file system. The shared versioned file system includes directories and sub-directories that are divided into shards. The operations server coordinates requests from local filer servers, each running a respective local version of the shared versioned file system, to update a shard in the cloud-based shared versioned file system. The operations server can provide a global lock on the shard to a local filer server before it updates the shard in the cloud-based shared versioned file system.

Abstract: A storage cluster of symmetric nodes includes a data privacy scheme that implements key management through secret sharing. The protection scheme preferably is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen. Due to the secret sharing, any t of the n nodes must be present before the cluster can mount the drives. To un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.