Abstract: Examples described herein generally relate to maintaining a snapshot of a multitier distributed file system. A snapshot directory volume of a directory volume can be created at least in part by copying, to the snapshot directory volume, metadata of the directory volume. Based on a file access request, it can be determined whether the file has not been snapshotted. If not, a snapshot file record of the file, and associated with the snapshot directory volume.

Abstract: Examples described herein generally relate to maintaining a snapshot of a multitier distributed file system. A snapshot directory volume of a directory volume can be created at least in part by copying, to the snapshot directory volume, metadata of the directory volume. Based on a file access request, it can be determined whether the file has not been snapshotted. If not, a snapshot file record of the file, and associated with the snapshot directory volume.

Abstract: Examples described herein generally relate to maintaining a snapshot of a multitier distributed file system. A snapshot directory volume of a directory volume can be created at least in part by copying, to the snapshot directory volume, metadata of the directory volume. Based on a file access request, it can be determined whether the file has not been snapshotted. If not, a snapshot file record of the file, and associated with the snapshot directory volume.

Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.

Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.

Abstract: Examples described herein generally relate to maintaining a snapshot of a multitier distributed file system. A snapshot directory volume of a directory volume can be created at least in part by copying, to the snapshot directory volume, metadata of the directory volume. Based on a file access request, it can be determined whether the file has not been snapshotted. If not, a snapshot file record of the file, and associated with the snapshot directory volume.

Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.

Abstract: Embodiments provide a method and system for transferring data between different computing devices. Specifically, a communication session is established between a first computing device and a second computing device. The communication session may be established using a first communication protocol. The first computing device creates a virtual memory object which is bound to one or more memory blocks of the first computing device. A path to the virtual memory object is generated and the path is transmitted to the second computing device using the communication session. The second computing device may then read or write data directly into/from the virtual memory object using a second communication protocol that is different from the first communication protocol. The data is written into and read from the virtual memory object using file system commands.

Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.

Abstract: The embodiments described herein generally relate to a protocol for implementing data operations, e.g., a version of SMB, atop RDMA transports. In embodiments, systems and methods use the protocol definition, which specifies new messages for negotiating an RDMA connection and for transferring SMB2 data using the negotiated communication. A new protocol message may include new header information to determine message size, number of messages, and other information for sending the SMB2 data over RDMA. The header information is used to accommodate differences in message size requirements between RDMA and SMB2. The SMB Direct protocol allows SMB2 data to be fragmented into multiple individual RDMA messages that a receiver may then logically concatenate into a single SMB2 request or SMB2 response. The SMB Direct protocol also may allow SMB2 to transfer application data via efficient RDMA direct placement and to signal the application data's availability when the transfer is complete.

Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.

Abstract: Described are embodiments for providing unique identifiers for files or objects across servers in a server cluster. Embodiments include generating a unique identifier that includes at least three portions. The first portion includes a node identifier which identifies the particular server in a cluster which created the unique identifier. The second portion includes a major sequence number that is incremented when a server is rebooted or otherwise taken off-line and then brought back online. Additionally, the major sequence number is incremented when all of the minor sequence numbers, which are included in a third portion of the unique identifier, have been used. The minor sequence numbers in the third portion are incremented for every unique file or object requested.

Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.

Abstract: A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.

Abstract: The embodiments described herein generally relate to a protocol for implementing data operations, e.g., a version of SMB, atop RDMA transports. In embodiments, systems and methods use the protocol definition, which specifies new messages for negotiating an RDMA connection and for transferring SMB2 data using the negotiated communication. A new protocol message may include new header information to determine message size, number of messages, and other information for sending the SMB2 data over RDMA. The header information is used to accommodate differences in message size requirements between RDMA and SMB2. The SMB Direct protocol allows SMB2 data to be fragmented into multiple individual RDMA messages that a receiver may then logically concatenate into a single SMB2 request or SMB2 response. The SMB Direct protocol also may allow SMB2 to transfer application data via efficient RDMA direct placement and to signal the application data's availability when the transfer is complete.

Abstract: The embodiments described herein generally relate to a protocol for implementing data operations, e.g., a version of SMB, atop RDMA transports. In embodiments, systems and methods use the protocol definition, which specifies new messages for negotiating an RDMA connection and for transferring SMB2 data using the negotiated communication. A new protocol message may include new header information to determine message size, number of messages, and other information for sending the SMB2 data over RDMA. The header information is used to accommodate differences in message size requirements between RDMA and SMB2. The SMB Direct protocol allows SMB2 data to be fragmented into multiple individual RDMA messages that a receiver may then logically concatenate into a single SMB2 request or SMB2 response. The SMB Direct protocol also may allow SMB2 to transfer application data via efficient RDMA direct placement and to signal the application data's availability when the transfer is complete.

Abstract: Described are embodiments for allowing clients that access a distributed file system to locally cache directory metadata. The client may request a read lease which allows the client to cache the directory metadata locally and service requests received from the same application which originally requested the directory metadata using the cache. In addition, the client may also request a handle lease which allows a client to delay the closing of a directory handle and allow the handle to be reused to service subsequent directory metadata requests from the same or a different application. A client may also request a write lease which allows an application on the client to modify the directory metadata, such as by creating or deleting new files in the directory, or changing their attributes, and cache those changes.

Abstract: Aspects of the subject matter described herein relate to client-side caching. In aspects, when a client receives a request for data that is located on a remote server, the client first checks a local cache to see if the data is stored in the local cache. If the data is not stored in the local cache, the client may check a peer cache to see if the data is stored in the peer cache. If the data is not stored in the peer cache, the client obtains the data from the remote server, caches it locally, and publishes to the peer cache that the client has a copy of the data.

Abstract: Embodiments of the present disclosure provide for establishing an authenticated session between a client computing device and a remote computing device. In certain embodiments, a connection is established between the client computing device and the remote computing device. Once the connection is established, the client computing device sends a number of requests to the client computing device including a negotiate request, a setup request, and a validation request. In response to the requests, the client computing device receives a number of responses from the remote computing device including a negotiate response, setup response and a validation response. Once the responses have been received, a determination is made as to whether information contained in the validation response matches information contained in the negotiate response. If the information matches, an authenticated session is established between the remote computing device and the client computing device.

Abstract: Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.