Abstract: Methods and systems for providing computer implemented services are disclosed. To provide the services, requests for access to resources may be sent. Prior to servicing requests that are received, the requests may be evaluated using a distributed consensus analysis process. The distributed consensus analysis process may take into account views of multiple devices regarding whether the requests can be validated. Requests that are validated via the distributed consensus analysis process may be honored.

Abstract: A network storage array may detect a malware infection and report the detected infection to a monitoring system, which may monitor more than one storage array at one or more data centers via one or more array management host computing systems. Storage arrays may report to the monitoring system replication information regarding data replication operations among the arrays. The monitoring system may receive access information regarding access of the storage arrays by server host computing systems. Based on the access and replication information the monitoring system may determine, or infer, an infection of an array, or a volume of an array, which array or volume may not be capable of self-determining an infection. The monitoring system may cause a mitigation action with respect to an infected array or with respect to a server host computing system that may have accessed an infected array.

Abstract: Methods and system for managing data in a distributed system are disclosed. To manage data in the distributed system, a host system may initiate an input-output (IO) transaction based on an occurrence of an IO transaction event being identified. The IO transaction may include storage commands to manage the data stored in a destination and/or to store the data in the destination. The IO transaction may have a dynamic timeout that defines a duration of time to receive confirmation of the IO transaction being processed by the destination prior to performing remedial processes by the host system.

Abstract: Electronic hardware components include integrated near field communications (NFC) modules configured to respond to authentication messages sent by a baseboard management controller (BMC). The authentication messages include cryptographic authentication challenges. The hardware component NFC modules are configured with private keys to decrypt messages sent by the BMC and digitally sign information such as VPD and SN that identify the hardware component. Secure component verification using NFC helps to detect component substitution attacks.

Abstract: An identifier, such as a worldwide name, corresponding to a host computing device, or corresponding to a host bus adapter corresponding to the host computing device, may be transmitted to a storage array to configure the storage array to be accessed by the host computing device. The host may request a token from the array. The host may embed the token into a token block of a command message that is transmitted to the storage array requesting access to the array. Before performing an action corresponding to the command message, the storage array may verify that the token is a valid token and thus that the host computing device that transmitted the command message is a host computing device that has been authorized to access the storage array. If the storage array determines that the token is valid the storage array may perform an action corresponding to the command message.

Abstract: Different management applications corresponding to different private computing systems that are untrusted with respect to each other reciprocally agree to store for each other replicated versions of logical volumes of storage arrays as backups. A management server corresponding to one or more storage arrays at a local one of the computing systems encrypts a volume to be backed up at the other remote computing system and transmits the encrypted version to the remote computing system. The remote computing system cannot modify or delete a portion of an array that has stored thereon the encrypted version of the logical volume without having a configuration-change key generated by the local management server, which may generate the configuration-change key to facilitate mirroring at the remote storage array a modification made to the local storage array.

Abstract: Electronic hardware components include integrated near field communications (NFC) modules configured to respond to authentication messages sent by a baseboard management controller (BMC). The authentication messages include cryptographic authentication challenges. The hardware component NFC modules are configured with private keys to decrypt messages sent by the BMC and digitally sign information such as VPD and SN that identify the hardware component. Secure component verification using NFC helps to detect component substitution attacks.

Abstract: Methods and systems for managing storage services provided by storage arrays are disclosed. The storage services may be managed by proactively identifying and remediating malicious activity that may impact the storage services. The malicious activity may be identified by monitoring activity of adapters used by host devices to communicate with the storage arrays. The activity may be monitored to identify patterns of reset commands that are likely to negatively impact storage services provided by the storage arrays.

Abstract: A storage array is configured with an allowed process configuration. An allowed process may correspond to an application or process executed by a host computing system that may seek to access a volume of the storage array via a command descriptor block message or a corresponding block command message, which may comprise a data field and a metadata field. The host may embed a process identifier corresponding to a process seeking to access the storage array in the metadata field. The storage array may receive the block command message and determine whether the metadata field comprises a process identifier that is included in the allowed process configuration. If so, the storage array may perform the access command corresponding to the block command message. If not, the storage array may reject performing the access command. The storage array may report access commands that were performed or rejected.

Abstract: Methods and systems for managing operation of endpoint devices are disclosed. To manage the operation of endpoint devices, clusters of endpoint devices may be established. The members of the cluster may utilize synchronized data across the cluster to provide various computer implemented services. To synchronize the synchronized data, updates made to local copies of the synchronized data may be distributed to maintain synchronization of other copies of the synchronized data. By doing so, different members of the cluster may have access to synchronized data.

Abstract: Techniques are provided for cluster-based automated identification of software application test cases for testing microservices. One method comprises, in response to a modification of software code of a given microservice of multiple microservices of an application: identifying, from multiple clusters of microservices, one or more clusters each comprising the given microservice; for one or more microservices in the identified clusters, identifying, using information characterizing microservices tested by each test case, test cases that test the respective microservice in the identified clusters; and initiating an execution of the identified test cases that test the one or more microservices in the identified clusters. The clusters of microservices may be generated using a feature vector representation of the endpoints associated with each microservice.

Abstract: Methods and systems for securing data are disclosed. To secure data, signed tokens may be used to authenticate operations to be performed by storage arrays. The operations may modify data stored in the storage array and/or provide copies of stored data. The signed token may specify limits on the authority of various entities to invoke various functions of storage arrays, and include cryptographic data usable by the storage arrays to authenticate the tokens. By requiring that tokens be included with operations to be performed by storage arrays, the storage arrays may be less likely to perform undesired operations.

Abstract: Methods and systems for managing operation of endpoint devices are disclosed. The operation of the endpoint devices may be managed by requiring that the endpoint devices use a communication management framework to selective send communications via network and audio interfaces. Additionally, the communication management framework may cause the endpoint devices to update the manner in which audio communications are used over time to distribute data. The updates to the manner in which the audio communications are used over time may reduce the likelihood of a malicious entity from injecting malicious communications and/or snooping audio communications between endpoint devices.

Abstract: Methods and systems for managing operation of endpoint devices are disclosed. To manage the operation of endpoint devices, clusters of endpoint devices may be established. The members of the cluster may utilize synchronized data across the cluster to provide various computer implemented services. To synchronize the synchronized data, updates made to local copies of the synchronized data may be distributed to maintain synchronization of other copies of the synchronized data. By doing so, different members of the cluster may have access to synchronized data.

Abstract: Methods and systems for securing access of storage array services are disclosed. The storage array services may be secured by responding to an inquiry from the host bus adapter of a host with a payload. The contents of the payload may require authentication by the host to enable access to the storage array. The contents of the payload may include one or more messages and a digital signature. The digital signature may be signed with a private key from the storage array and verified with a public key from the host. The messages may be authenticated using the digital signature and/or other messages in the payload. Should the any of the contents of the payload be unable to be authenticated by the host, the host bus adapter may be remediated for hardware errors of malicious activity.

Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads and keys. The payloads and integrity verification data may be directed to storage along a storage pipeline. The integrity of the payloads may be verified along the storage pipeline. Once received, the storage may perform the checks using the integrity verification data as a final check before storage.

Abstract: Methods and systems for managing storage services provided by storage arrays are disclosed. The storage services may be managed by proactively identifying and remediating malicious activity that may impact the storage services. The malicious activity may be identified by monitoring activity of adapters used by host devices to communicate with the storage arrays. The activity may be monitored to identify patterns of reset commands that are likely to negatively impact storage services provided by the storage arrays.

Abstract: Methods and systems for securing data are disclosed. To secure data, signed tokens may be used to authenticate operations to be performed by storage arrays. The operations may modify data stored in the storage array and/or provide copies of stored data. The signed token may specify limits on the authority of various entities to invoke various functions of storage arrays, and include cryptographic data usable by the storage arrays to authenticate the tokens. By requiring that tokens be included with operations to be performed by storage arrays, the storage arrays may be less likely to perform undesired operations.

Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads. The payloads and integrity verification data may be generated by an application, and both may be directed to storage. Once received, the storage may perform the checks using the integrity verification data.

Abstract: Methods and systems for managing data storage are disclosed. The storage of data may be managed by implementing a framework for checking whether payloads requested for storage have been modified prior to storage. The checks may be performed using integrity verification data that is based on corresponding payloads. The payloads and integrity verification data may be generated by an application, and both may be directed to storage. Once received, the storage may perform the checks using the integrity verification data.