Abstract: Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include defining, for an entity, a policy access control list including one or more access rules, each of the access rules including one or more user conditions and one or more entity conditions. Upon receiving a request from a user to access a given entity, one or more user attributes associated with the user and one or more entity attributes associated with the given entity are identified. For each of the access rules, the one or more user conditions are applied to the one or more user attributes, the one or more entity conditions are applied to the one or more entity attributes. Access to the given content entity is granted to the user upon determining that a minimum threshold of the one or more user conditions and the one or more entity conditions are met.

Abstract: Machines, systems and methods for processing a request in a client-server computing environment are provided. In one embodiment, the method comprises receiving from a client a request submitted to a server for purpose of synchronous processing by the server; assigning the request to a first thread for processing; registering the request with a request registration system, wherein the request is assigned to the first thread for processing, in response to determining that the request is acceptable and may be processed synchronously, wherein the request is unregistered from the request registration system, in response to determining that the first thread completed processing of the request within a first timeline, and wherein an alternative thread is assigned for processing the request asynchronously, in response to determining that the first thread did not complete processing of the request within the first timeline.

Abstract: Machines, systems and methods for enhancing data recovery in a data storage system, the method comprising determining whether one or more data storage mediums in a data storage system are unavailable; determining data that are at a risk of loss, due to said one or more data storage mediums being unavailable; from among the data that is determined to be at the risk of loss, identifying data that is highly vulnerable to loss; and creating one or more temporary replicas of the data that is highly vulnerable to loss.

Abstract: Machines, systems and methods for enhancing data recovery in a data storage system, the method comprising determining whether one or more data storage mediums in a data storage system are unavailable; determining data that are at a risk of loss, due to said one or more data storage mediums being unavailable; from among the data that is determined to be at the risk of loss, identifying data that is highly vulnerable to loss; and creating one or more temporary replicas of the data that is highly vulnerable to loss.

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include defining, for an entity, a policy access control list including one or more access rules, each of the access rules including one or more user conditions and one or more entity conditions. Upon receiving a request from a user to access a given entity, one or more user attributes associated with the user and one or more entity attributes associated with the given entity are identified. For each of the access rules, the one or more user conditions are applied to the one or more user attributes, the one or more entity conditions are applied to the one or more entity attributes. Access to the given content entity is granted to the user upon determining that a minimum threshold of the one or more user conditions and the one or more entity conditions are met.

Abstract: Machines, systems and methods for recovering data objects in a distributed data storage system, the method comprising storing one or more replicas of a first data object on one or more clusters in one or more data centers connected over a data communications network; recording health information about said one or more replicas, wherein the health information comprises data about availability of a replica to participate in a restoration process; calculating a query-priority for the first data object; querying, based on the calculated query-priority, the health information for the one or more replicas to determine which of the one or more replicas is available for restoration of the object data; calculating a restoration-priority for the first data object based on the health information for the one or more replicas; and restoring the first data object from the one or more of the available replicas, based on the calculated restoration-priority.

Abstract: Machines, systems and methods for recovering data objects in a distributed data storage system, the method comprising storing one or more replicas of a first data object on one or more clusters in one or more data centers connected over a data communications network; recording health information about said one or more replicas, wherein the health information comprises data about availability of a replica to participate in a restoration process; calculating a query-priority for the first data object; querying, based on the calculated query-priority, the health information for the one or more replicas to determine which of the one or more replicas is available for restoration of the object data; calculating a restoration-priority for the first data object based on the health information for the one or more replicas; and restoring the first data object from the one or more of the available replicas, based on the calculated restoration-priority.

Abstract: Machines, systems and methods for recovering data objects in a distributed data storage system, the method comprising storing one or more replicas of a first data object on one or more clusters in one or more data centers connected over a data communications network; recording health information about said one or more replicas, wherein the health information comprises data about availability of a replica to participate in a restoration process; calculating a query-priority for the first data object; querying, based on the calculated query-priority, the health information for the one or more replicas to determine which of the one or more replicas is available for restoration of the object data; calculating a restoration-priority for the first data object based on the health information for the one or more replicas; and restoring the first data object from the one or more of the available replicas, based on the calculated restoration-priority.

Abstract: Machines, systems and methods for recovering data objects in a distributed data storage system, the method comprising storing one or more replicas of a first data object on one or more clusters in one or more data centers connected over a data communications network; recording health information about said one or more replicas, wherein the health information comprises data about availability of a replica to participate in a restoration process; calculating a query-priority for the first data object; querying, based on the calculated query-priority, the health information for the one or more replicas to determine which of the one or more replicas is available for restoration of the object data; calculating a restoration-priority for the first data object based on the health information for the one or more replicas; and restoring the first data object from the one or more of the available replicas, based on the calculated restoration-priority.

Abstract: Machines, systems and methods for recovering data objects in a distributed data storage system, the method comprising storing one or more replicas of a first data object on one or more clusters in one or more data centers connected over a data communications network; recording health information about said one or more replicas, wherein the health information comprises data about availability of a replica to participate in a restoration process; calculating a query-priority for the first data object; querying, based on the calculated query-priority, the health information for the one or more replicas to determine which of the one or more replicas is available for restoration of the object data; calculating a restoration-priority for the first data object based on the health information for the one or more replicas; and restoring the first data object from the one or more of the available replicas, based on the calculated restoration-priority.

Abstract: Machines, systems and methods of uploading data files, the method comprising a first client machine dividing a first file into N data chunks to be uploaded to a server, wherein the N data chunks are of size kX, where k is an integer and X is size of a minimal size data chunk, wherein X is known by the server and by at least a second client machine used for uploading a second file to the server in data chunks of size k?X; and uploading the first file to the server, wherein a first unique signature is calculated for the first file based on applying a signature function to a collection of signatures calculated for the minimal size data chunks of size X that make up the data chunks of size kX in the first file, wherein the uploading of the first file is accomplished by uploading the data chunks of size kX to the server in any order.

Abstract: Machines, systems and methods for task management in a computer implemented system. The method comprises registering a task with brokers residing on one or more nodes to manage the execution of a task to completion, wherein a first broker is accompanied by a first set of worker threads co-located on the node on which the first broker is executed, wherein the first broker assigns responsibility of execution for the task to the one or more worker threads in the first set of co-located worker threads, wherein in response to a failure associated with a first worker thread in the first set, the first broker reassigns the responsibility of execution for the task to a second worker thread in the first set, wherein in response to a failure associated with the first broker, a second broker assigns responsibility of execution for the task to one or more co-located worker threads.

Abstract: Machines, systems and methods for enhancing data recovery in a data storage system, the method comprising determining whether one or more data storage mediums in a data storage system are unavailable; determining data that are at a risk of loss, due to said one or more data storage mediums being unavailable; from among the data that is determined to be at the risk of loss, identifying data that is highly vulnerable to loss; and creating one or more temporary replicas of the data that is highly vulnerable to loss.

Abstract: Machines, systems and methods for recovering data objects in a distributed data storage system, the method comprising storing one or more replicas of a first data object on one or more clusters in one or more data centers connected over a data communications network; recording health information about said one or more replicas, wherein the health information comprises data about availability of a replica to participate in a restoration process; calculating a query-priority for the first data object; querying, based on the calculated query-priority, the health information for the one or more replicas to determine which of the one or more replicas is available for restoration of the object data; calculating a restoration-priority for the first data object based on the health information for the one or more replicas; and restoring the first data object from the one or more of the available replicas, based on the calculated restoration-priority.

Abstract: Machines, systems and methods of uploading data files, the method comprising a first client machine dividing a first file into N data chunks to be uploaded to a server, wherein the N data chunks are of size kX, where k is an integer and X is size of a minimal size data chunk, wherein X is known by the server and by at least a second client machine used for uploading a second file to the server in data chunks of size k?X; and uploading the first file to the server, wherein a first unique signature is calculated for the first file based on applying a signature function to a collection of signatures calculated for the minimal size data chunks of size X that make up the data chunks of size kX in the first file, wherein the uploading of the first file is accomplished by uploading the data chunks of size kX to the server in any order.

Abstract: Machines, systems and methods for processing a request in a client-server computing environment are provided. In one embodiment, the method comprises receiving from a client a request submitted to a server for purpose of synchronous processing by the server; assigning the request to a first thread for processing; registering the request with a request registration system, wherein the request is assigned to the first thread for processing, in response to determining that the request is acceptable and may be processed synchronously, wherein the request is unregistered from the request registration system, in response to determining that the first thread completed processing of the request within a first timeline, and wherein an alternative thread is assigned for processing the request asynchronously, in response to determining that the first thread did not complete processing of the request within the first timeline.

Abstract: Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.

Abstract: Machines, systems and methods for controlling access to data stored on shared storage, servicing a plurality of tenants, the method comprising receiving a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, and providing access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant.

Abstract: A distributed system, machine and method in which execution of a client request is performed by entities located on multiple server nodes, the system comprising a proxy and guard component serving as sole communication exit and entry points on a source node and a target nodes respectively, wherein the source node hands off a request to the target node to service via the proxy and guard component; a mechanism via which the proxy locally extracts a set of tenant-related privileges associated with a client submitting the request for service; wherein the proxy sends the request to the guard via a secured network while attaching a description of the sender's set of tenant privileges to the request.