Abstract: Technology described herein can be employed to automatically recommend a tiering policy for data storage of data at a data storage system, such as a cloud storage system. An example method can comprise determining, by a system comprising a processor, context information defining a data storage attribute applicable to data at a cloud storage system. The method can comprise, in response to determining the context information, generating, by the system, a tiering policy defining an element of tiering storage of data at the cloud storage system, wherein the tiering policy is based on the data storage attribute defined by the context information. The method also can comprise, in response to generating the tiering policy, outputting, by the system, the tiering policy to a storage device associated with a customer. The analysis can be performed using an artificial intelligence process, machine learning process or a combination thereof.

Abstract: Two-way secure channels are provided between multiple services across service groups, where the certification is performed by a certificate authority associated with one of the service groups. One method comprises a first service providing a first handshake communication with a first token to a second service, wherein the first service obtains the first token by authenticating with an identity and access management service having a first certificate signed by a certificate authority, wherein the first handshake communication succeeds when the second service has a second certificate signed by the certificate authority, and wherein the second service obtains a second token by authenticating with the identity and access management service. The first service receives a second handshake communication from the second service with the second token.

Abstract: Technology described herein can be employed to automatically recommend a tiering policy for data storage of data at a data storage system, such as a cloud storage system. An example method can comprise determining, by a system comprising a processor, context information defining a data storage attribute applicable to data at a cloud storage system. The method can comprise, in response to determining the context information, generating, by the system, a tiering policy defining an element of tiering storage of data at the cloud storage system, wherein the tiering policy is based on the data storage attribute defined by the context information. The method also can comprise, in response to generating the tiering policy, outputting, by the system, the tiering policy to a storage device associated with a customer. The analysis can be performed using an artificial intelligence process, machine learning process or a combination thereof.

Abstract: Two-way secure channels are provided between two parties to a communication with certification being provided by one party. One method comprises providing, by a first entity that provides a certificate authority, a first signed certificate to a second entity, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first request to sign a second certificate generated by the second entity, wherein the first request is generated by the second entity using a first credential generated by the second entity; receiving, from the second entity, (i) the first request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel.

Abstract: Two-way secure channels are provided between multiple services across service groups, where the certification is performed by a certificate authority associated with one of the service groups. One method comprises a first service providing a first handshake communication with a first token to a second service, wherein the first service obtains the first token by authenticating with an identity and access management service having a first certificate signed by a certificate authority, wherein the first handshake communication succeeds when the second service has a second certificate signed by the certificate authority, and wherein the second service obtains a second token by authenticating with the identity and access management service. The first service receives a second handshake communication from the second service with the second token.

Abstract: Two-way secure channels are provided between two parties to a communication with certification being provided by one party. One method comprises providing, by a first entity that provides a certificate authority, a first signed certificate to a second entity, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first request to sign a second certificate generated by the second entity, wherein the first request is generated by the second entity using a first credential generated by the second entity; receiving, from the second entity, (i) the first request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel.

Abstract: Techniques for managing snapshots of a storage object in a data storage system based on the data churn delta between the latest snapshot and the current data of the storage object. The techniques include, having specified minimum and maximum data loss tolerances for a parent object, creating successive snapshots of the parent object, each snapshot being created at a scheduled time interval or a time when the minimum data loss tolerance has been reached/exceeded. The techniques include obtaining the total data churn between the latest snapshot and the parent data, and determining whether the total data churn has reached or exceeded the maximum data loss tolerance. The techniques include, having determined that the total data churn has reached or exceeded the maximum data loss tolerance, retaining only those snapshots that have not exceeded the maximum data loss tolerance, and discarding all snapshots that have exceeded the maximum data loss tolerance.

Abstract: Techniques for managing snapshots of a storage object in a data storage system based on the data churn delta between the latest snapshot and the current data of the storage object. The techniques include, having specified minimum and maximum data loss tolerances for a parent object, creating successive snapshots of the parent object, each snapshot being created at a scheduled time interval or a time when the minimum data loss tolerance has been reached/exceeded. The techniques include obtaining the total data churn between the latest snapshot and the parent data, and determining whether the total data churn has reached or exceeded the maximum data loss tolerance. The techniques include, having determined that the total data churn has reached or exceeded the maximum data loss tolerance, retaining only those snapshots that have not exceeded the maximum data loss tolerance, and discarding all snapshots that have exceeded the maximum data loss tolerance.