Patents by Inventor Dileep Dixith
Dileep Dixith has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12634351Abstract: An approach is provided for multi-layer access control policy enforcement in a multi-tenant cloud environment. An advanced policy service is defined in a data container The advanced policy service provides management and validation of an access control policy at multiple levels including an application layer and a low layer, which is at a level lower than the application layer. Using the advanced policy service, a policy definition of the application layer is mapped to an access validation and authorization policy of the low layer. Rules are generated using an analysis of data packets by an eBPF program Using the eBPF program, the policy definition and the rules are applied to a request received from a SaaS application to access a data source. Based on the application of the policy definition and the rules, a data vulnerability is identified and the request is rejected.Type: GrantFiled: June 21, 2024Date of Patent: May 19, 2026Assignee: International Business Machines CorporationInventors: Peng Hui Jiang, Qi Feng Huo, Subramaniyan Nallasivam, Dileep Dixith, Abhiram Kulkarni
-
Publication number: 20260106731Abstract: A method, according to one embodiment, includes generating an encryption key pair within a secure execution virtual machine, where the encryption key pair includes a private key and a public key. The method further includes storing the private key within the secure execution virtual machine, and determining whether any layers of a first container image contain sensitive data. In response to a determination that a first of the layers of the first container image includes the sensitive data, the public key is used to encrypt the first layer. In response to receiving a request for the first container image, the private key is used to decrypt the first layer in the secure execution virtual machine. A computer program product, according to another embodiment, includes one or more computer-readable storage media, and program instructions stored on the one or more storage media to perform the foregoing method.Type: ApplicationFiled: October 14, 2024Publication date: April 16, 2026Inventors: Peng Hui Jiang, Prabhat Ranjan, Dileep Dixith, Abhiram Kulkarni, Sainath Sativar, Sowmya Parvathi
-
Patent number: 12547505Abstract: According to one embodiment, a method, computer system, and computer program product for data restoration is provided. The present invention may include categorizing one or more workloads within an organization; determining a restoration priority of the affected one or more tasks based on the categorizing responsive to identifying actual or predicted data loss affecting one or more tasks comprising one of the one or more workloads; selecting one or more restore scenarios for the affected one or more tasks based on the restoration priority; and executing a plurality of actions comprising the one or more selected restore scenarios responsive to selecting the one or more restore scenarios.Type: GrantFiled: December 12, 2023Date of Patent: February 10, 2026Assignee: International Business Machines CorporationInventors: Peng Hui Jiang, Jun Su, Qi Feng Huo, Dileep Dixith, Subramaniyan Nallasivam, Abhiram Kulkarni
-
Publication number: 20250392624Abstract: An approach is provided for multi-layer access control policy enforcement in a multi-tenant cloud environment. An advanced policy service is defined in a data container The advanced policy service provides management and validation of an access control policy at multiple levels including an application layer and a low layer, which is at a level lower than the application layer. Using the advanced policy service, a policy definition of the application layer is mapped to an access validation and authorization policy of the low layer. Rules are generated using an analysis of data packets by an eBPF program Using the eBPF program, the policy definition and the rules are applied to a request received from a SaaS application to access a data source. Based on the application of the policy definition and the rules, a data vulnerability is identified and the request is rejected.Type: ApplicationFiled: June 21, 2024Publication date: December 25, 2025Inventors: Peng Hui Jiang, Qi Feng Huo, Subramaniyan Nallasivam, Dileep Dixith, Abhiram Kulkarni
-
Publication number: 20250362970Abstract: Adaptive provisioning of cloud storage volumes includes building a vector database having properties of storage devices of a cloud environment, associating storage devices with storage classes based on the properties of the storage devices, each storage device of the storage devices being associated with a storage class of the storage classes, receiving a request for provisioning a storage volume to support a workload, where the request indicates application requirements associated with servicing the workload, performing a semantic search on the vector database and determining, based on the semantic search, a storage class for the requested storage volume, and provisioning the storage volume on a storage device, of the storage devices, associated with the determined storage class.Type: ApplicationFiled: May 22, 2024Publication date: November 27, 2025Inventors: Subramaniyan Nallasivam, Peng Hui Jiang, Dileep Dixith, Abhiram Kulkarni, Varchaswini R
-
Publication number: 20250298651Abstract: Virtual data volume management is provided. A smart contract is received that includes a plurality of volume identifiers, a plurality of mount point information, and a plurality of API keys corresponding to a plurality virtual data volumes to be mounted on a plurality of disc devices. A plurality of device identifiers corresponding to the plurality of disc devices where a plurality of virtual data volumes will be mounted is retrieved using the plurality of API keys that correspond to the plurality of volume identifiers included in the smart contract. The plurality of virtual data volumes is mounted on the plurality of disc devices based on the plurality of device identifiers corresponding to the plurality of disc devices and the plurality of mount point information corresponding to the plurality of volume identifiers included in the smart contract.Type: ApplicationFiled: March 21, 2024Publication date: September 25, 2025Inventors: Asha Shekharappa, Peng Hui Jiang, Anbazhagan Mani, Abhiram Kulkarni, Dileep Dixith
-
Patent number: 12367112Abstract: Computer-implemented methods for prioritization of data restoration based on recovery time objectives are provided. Aspects include receiving a request to store an object in a primary data volume, the object being associated with an application operating on a virtual server instance, appending an extended attribute to the object, and storing the object with the extended attribute appended in a primary storage device. Aspects also include periodically backing up the primary storage device to a cloud object storage device and transmitting a restore request to the cloud object storage device based on a determination that the primary storage device has become unresponsive. The restore request causes sequentially restoring a plurality of objects corresponding to primary data volume in an order based on the extended attribute appended to each of the plurality of objects.Type: GrantFiled: July 27, 2023Date of Patent: July 22, 2025Assignee: International Business Machines CorporationInventors: Subramaniyan Nallasivam, Dileep Dixith, Siddaraju G C, Ankitha S
-
Publication number: 20250190316Abstract: According to one embodiment, a method, computer system, and computer program product for data restoration is provided. The present invention may include categorizing one or more workloads within an organization; determining a restoration priority of the affected one or more tasks based on the categorizing responsive to identifying actual or predicted data loss affecting one or more tasks comprising one of the one or more workloads; selecting one or more restore scenarios for the affected one or more tasks based on the restoration priority; and executing a plurality of actions comprising the one or more selected restore scenarios responsive to selecting the one or more restore scenarios.Type: ApplicationFiled: December 12, 2023Publication date: June 12, 2025Inventors: Peng Hui Jiang, Jun Su, Qi Feng Huo, Dileep Dixith, Subramaniyan Nallasivam, Abhiram Kulkarni
-
Publication number: 20250138855Abstract: Validating a distributed computing storage platform with zero-touch storage node containers includes creating a container image having a tools repository. The image is pushed to a repository and the container image is pulled from the repository a local folder. The container image is saved in the local folder. A container is created to import the container image as well as tools repository into storage nodes. An ansible inventory configured to group the plurality of storage nodes is created and an alias for each group in the plurality of storage nodes is created. The container is extracted and the tarball is copied from the container into the storage nodes. The tarball is unzipped on each of the storage nodes in the plurality of storage nodes, and the storage operations are executed. The results of the storage operation are stored. The results of each executed storage operation are collected.Type: ApplicationFiled: October 25, 2023Publication date: May 1, 2025Inventors: Angel Nunez Mencias, Anbazhagan Mani, Subramaniyan Nallasivam, Dileep Dixith
-
Publication number: 20250036534Abstract: Computer-implemented methods for prioritization of data restoration based on recovery time objectives are provided. Aspects include receiving a request to store an object in a primary data volume, the object being associated with an application operating on a virtual server instance, appending an extended attribute to the object, and storing the object with the extended attribute appended in a primary storage device. Aspects also include periodically backing up the primary storage device to a cloud object storage device and transmitting a restore request to the cloud object storage device based on a determination that the primary storage device has become unresponsive. The restore request causes sequentially restoring a plurality of objects corresponding to primary data volume in an order based on the extended attribute appended to each of the plurality of objects.Type: ApplicationFiled: July 27, 2023Publication date: January 30, 2025Inventors: Subramaniyan Nallasivam, Dileep Dixith, Siddaraju G C, Ankitha S
-
Publication number: 20240378321Abstract: Systems and Methods for creating an immutable snapshot of a data volume and restoring the data volume from the immutable snapshot. A snapshot is created. For each file, a checksum is calculated. A string is created by concatenating the checksums in ascending order. That string is input to a linear aggregation method to create an aggregation checksum signature. The aggregation checksum signature, and each checksum along with and its associated file are stored as metadata in the snapshot.Type: ApplicationFiled: May 10, 2023Publication date: November 14, 2024Inventors: Angel Nunez Mencias, ANBAZHAGAN Mani, Subramaniyan Nallasivam, Dileep Dixith
-
Patent number: 11995479Abstract: A computer-implemented method according to one aspect includes determining and storing characteristics of a plurality of cloud vendors; dividing a workload into a plurality of logical stages; determining characteristics of each of the plurality of logical stages; and for each of the plurality of logical stages, assigning the logical stage to one of the plurality of cloud vendors, based on a comparison of the characteristics of the plurality of cloud vendors to the characteristics of the logical stage. Data migration between the cloud vendors is performed during an implementation of the workload to ensure data is located at necessary cloud vendors during the corresponding tasks of the workload.Type: GrantFiled: January 2, 2020Date of Patent: May 28, 2024Assignee: International Business Machines CorporationInventors: Abhishek Jain, Sasikanth Eda, Dileep Dixith, Sandeep Ramesh Patil, Anbazhagan Mani
-
Patent number: 11968210Abstract: A computer-implemented to control access to data on an off-premises storage system. The method includes defining an access policy for a plurality of files in a file system stored in an on-premises storage system. The method further includes registering the access policy with a first off-premises storage system. The method also includes creating a resource-based cloud access policy based on an on-premise access policy. The method includes determining a set of files from the plurality of files to migrate to the off-premises storage. The method also includes obtaining, for the set of files, an access policy as access metadata. The method further includes migrating the set of files and the access metadata to the off-premises storage.Type: GrantFiled: May 19, 2021Date of Patent: April 23, 2024Assignee: International Business Machines CorporationInventors: Amey Gokhale, Dileep Dixith, Abhishek Jain, Subramaniyan Nallasivam
-
Patent number: 11768740Abstract: A computer-implemented method, according to one embodiment, is for restoring operation of a data storage system at a disaster recovery site. The computer-implemented method includes: in response to a disaster event occurring at a primary site, receiving an inode list from a cloud storage site, and receiving configuration information from the cloud storage site. The cloud storage site includes a backup copy of data that is stored at the primary site. Moreover, the inode list and the configuration information are used to construct a filesystem at the disaster recovery site. The filesystem at the disaster recovery site does not include a copy of the data that is stored at the primary site, but rather the filesystem includes a plurality of metadata stubs. The filesystem is further used to satisfy I/O commands that are received.Type: GrantFiled: March 29, 2019Date of Patent: September 26, 2023Assignee: International Business Machines CorporationInventors: Dileep Dixith, Subramaniyan Nallasivam, Amey Gokhale, Satishreddy Konala
-
Patent number: 11726953Abstract: One or more computer processors to receive an object to store in a cloud storage environment, wherein the cloud storage environment includes a default storage policy. The one or more processors determine whether the object includes a foreign policy as an attribute of metadata associated with the object. The one or more processors, responsive to determining the object includes the foreign policy as an attribute of the metadata associated with the object, determine whether the foreign policy includes storage rules that differ from the default storage policy of the cloud storage environment, and the one or more processors, responsive to determining the storage rules included in the foreign policy of the metadata of the object differ from the default storage policy of the cloud storage environment, store the object based on the storage rules of the foreign policy, and ignore the default storage policy of the cloud storage environment.Type: GrantFiled: July 15, 2020Date of Patent: August 15, 2023Assignee: International Business Machines CorporationInventors: Dileep Dixith, Chhavi Agarwal, Anbazhagan Mani, Abhishek Jain
-
Publication number: 20220377077Abstract: A computer-implemented to control access to data on an off-premises storage system. The method includes defining an access policy for a plurality of files in a file system stored in an on-premises storage system. The method further includes registering the access policy with a first off-premises storage system. The method also includes creating a resource-based cloud access policy based on an on-premise access policy. The method includes determining a set of files from the plurality of files to migrate to the off-premises storage. The method also includes obtaining, for the set of files, an access policy as access metadata. The method further includes migrating the set of files and the access metadata to the off-premises storage.Type: ApplicationFiled: May 19, 2021Publication date: November 24, 2022Inventors: Amey Gokhale, Dileep Dixith, Abhishek Jain, Subramaniyan Nallasivam
-
Publication number: 20220019553Abstract: One or more computer processors to receive an object to store in a cloud storage environment, wherein the cloud storage environment includes a default storage policy. The one or more processors determine whether the object includes a foreign policy as an attribute of metadata associated with the object. The one or more processors, responsive to determining the object includes the foreign policy as an attribute of the metadata associated with the object, determine whether the foreign policy includes storage rules that differ from the default storage policy of the cloud storage environment, and the one or more processors, responsive to determining the storage rules included in the foreign policy of the metadata of the object differ from the default storage policy of the cloud storage environment, store the object based on the storage rules of the foreign policy, and ignore the default storage policy of the cloud storage environment.Type: ApplicationFiled: July 15, 2020Publication date: January 20, 2022Inventors: Dileep Dixith, Chhavi Agarwal, Anbazhagan Mani, Abhishek Jain
-
Publication number: 20210208952Abstract: A computer-implemented method according to one aspect includes determining and storing characteristics of a plurality of cloud vendors; dividing a workload into a plurality of logical stages; determining characteristics of each of the plurality of logical stages; and for each of the plurality of logical stages, assigning the logical stage to one of the plurality of cloud vendors, based on a comparison of the characteristics of the plurality of cloud vendors to the characteristics of the logical stage.Type: ApplicationFiled: January 2, 2020Publication date: July 8, 2021Inventors: Abhishek Jain, Sasikanth Eda, Dileep Dixith, Sandeep Ramesh Patil, Anbazhagan Mani
-
Patent number: 10831615Abstract: Methods and systems for automated regulation compliance for backing up and restoring in a storage environment are provided. A system for providing automated regulation compliance for backing up and restoring in a storage environment includes an analyzer module that determines if a storage system complies with regulations. The system includes a converter module that converts the storage system to comply with the regulations in response to determining that the storage system does not comply with the regulations. The system includes a validator module that validates that the converted storage system complies with the regulations.Type: GrantFiled: January 29, 2019Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Robert B. Basham, Anbazhagan Mani, Harold J. Roberson, II, Dileep Dixith
-
Publication number: 20200310922Abstract: A computer-implemented method, according to one embodiment, is for restoring operation of a data storage system at a disaster recovery site. The computer-implemented method includes: in response to a disaster event occurring at a primary site, receiving an inode list from a cloud storage site, and receiving configuration information from the cloud storage site. The cloud storage site includes a backup copy of data that is stored at the primary site. Moreover, the inode list and the configuration information are used to construct a filesystem at the disaster recovery site. The filesystem at the disaster recovery site does not include a copy of the data that is stored at the primary site, but rather the filesystem includes a plurality of metadata stubs. The filesystem is further used to satisfy I/O commands that are received.Type: ApplicationFiled: March 29, 2019Publication date: October 1, 2020Inventors: Dileep Dixith, Subramaniyan Nallasivam, Amey Gokhale, Satishreddy Konala