Abstract: A data storage array may be made up of several storage devices, each of which may contain array metadata that may allow portions of the storage array to be used. A system may have a file system manager that may receive and respond to file system commands and a storage device manager that may store data on the several storage devices. Array metadata defining where data is stored within the storage array is stored on each device within the array. A policy engine may identify data to be stored on the array and determine if the data contains array metadata or other types of data and may store the data on every device, devices having specific characteristics, two or more devices, or one device.

Abstract: A data storage array may be made up of several storage devices, each of which may contain array metadata that may allow portions of the storage array to be used. A system may have a file system manager that may receive and respond to file system commands and a storage device manager that may store data on the several storage devices. Array metadata defining where data is stored within the storage array is stored on each device within the array. A policy engine may identify data to be stored on the array and determine if the data contains array metadata or other types of data and may store the data on every device, devices having specific characteristics, two or more devices, or one device.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: A data storage array may be made up of several storage devices, each of which may contain array metadata that may allow portions of the storage array to be used. A system may have a file system manager that may receive and respond to file system commands and a storage device manager that may store data on the several storage devices. Array metadata defining where data is stored within the storage array is stored on each device within the array. A policy engine may identify data to be stored on the array and determine if the data contains array metadata or other types of data and may store the data on every device, devices having specific characteristics, two or more devices, or one device.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: A storage monitoring system may reside between a file system and a storage system in a thin provisioned storage system. The storage monitoring system may create space holder files within a volume, where the space holder files contain an address space not backed up with physical storage. As requests for storage space are received from a file system, the storage monitoring system may allocate physical space to the volume by provisioning portions of the physical storage device to the volume and by removing one of the space holder files. The storage monitoring system may present alerts when physical storage space is low, as well as return an amount of physical space available to a volume size request.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.

Abstract: A thin provisioned storage system may have a file system manager that presents a logical storage system to a user and a storage management system that manages physical storage devices. When a block of data is freed at the logical layer, the file system manager may identify the freed block and send a command to the physical layer. The physical layer may identify the corresponding physical block or blocks and free those blocks on the physical layer. The storage management system may use a table to manage the location of blocks of data across multiple physical storage devices.

Abstract: A storage monitoring system may reside between a file system and a storage system in a thin provisioned storage system. The storage monitoring system may create space holder files within a volume, where the space holder files contain an address space not backed up with physical storage. As requests for storage space are received from a file system, the storage monitoring system may allocate physical space to the volume by provisioning portions of the physical storage device to the volume and by removing one of the space holder files. The storage monitoring system may present alerts when physical storage space is low, as well as return an amount of physical space available to a volume size request.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image's integrity prior to extracting the embedded policy.

Abstract: A facility for providing access authorization is provided. The facility initially enforces a first, less restrictive policy when making its access control decisions. Subsequent to detecting an anomaly, the facility enforces a second, more restrictive policy when making its access control decisions. The facility returns to enforcing the first, less restrictive policy when the anomaly no longer exists. In another embodiment, the facility enforces a policy after detecting an anomaly and until the anomaly has ended.

Abstract: A facility for performing an access control check as an integral component of an operating system and utilizing a centralized policy store is provided. The facility executes as an integral part of an operating system executing on a computer and receives an authorization query to determine whether a principal has authorization to access a resource. The facility applies a policy maintained in a centralized policy store that is applicable to the principal to determine whether authorization exists to access the resource. If authorization does not exist, the facility denies the authorization query and records an indication of the denial of the authorization in an audit log. The facility may trigger events based on the auditing of authorization queries. The facility may also record an indication of authorization to access the resource in the audit log.

Abstract: A data storage array may be made up of several storage devices, each of which may contain array metadata that may allow portions of the storage array to be used. A system may have a file system manager that may receive and respond to file system commands and a storage device manager that may store data on the several storage devices. Array metadata defining where data is stored within the storage array is stored on each device within the array. A policy engine may identify data to be stored on the array and determine if the data contains array metadata or other types of data and may store the data on every device, devices having specific characteristics, two or more devices, or one device.

Abstract: A facility for setting and revoking policies is provided. The facility receives a request from a controlling process a request to set a policy on a controlled process, and determines whether the controlling process has privilege to set the policy on the controlled process. If the facility determines that the controlling process has privilege to set the policy on the controlled process, the facility sets the policy on the controlled process, which causes the policy to be applied to the controlled process to determine whether the controlled process has authorization to access one or more resources.

Abstract: A thin provisioned storage system may have a file system manager that presents a logical storage system to a user and a storage management system that manages physical storage devices. When a block of data is freed at the logical layer, the file system manager may identify the freed block and send a command to the physical layer. The physical layer may identify the corresponding physical block or blocks and free those blocks on the physical layer. The storage management system may use a table to manage the location of blocks of data across multiple physical storage devices.