Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: Systems and methods for supporting dynamic disk growth within a storage appliance are provided. According to one embodiment, a portion of a logical size of each of multiple disks (e.g., hyperscale disks or Logical Unit Numbers (LUNs)) are provisioned for use by a storage system as backing for respective file system disks. To accommodate growth, block numbers for the file system disks are pre-allocated within a sparse space of a contiguous sequence of block numbers corresponding to a number of blocks represented by the logical size. Metadata is maintained for the file system disks regarding a range of the pre-allocated block numbers that are available for use. Responsive to a triggering condition, the provisioned portion of a disk is increased and subsequently, responsive to detecting a change in a size of the disk by the storage system, a size of the corresponding file system disk is updated within the metadata.

Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: Systems and methods for supporting dynamic disk growth within a virtual storage appliance are provided. According to one embodiment, a portion of a logical size of respective hyperscale disks provided by a hyperscaler are provisioned for use by a virtual storage system as backing for respective file system disks. To accommodate growth, block numbers for the file system disks are pre-allocated within a sparse space of a contiguous sequence of block numbers corresponding to a number of blocks represented by the logical size. Metadata is maintained for the file system disks regarding a range of the pre-allocated block numbers that are available for use. Responsive to a triggering condition, the provisioned portion of a hyperscale disk is increased and subsequently, responsive to detecting a change in a size of the hyperscale disk by the virtual storage system, a size of the corresponding file system disk is updated within the metadata.

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

Abstract: Systems and methods for reducing the provisioned storage capacity of a disk or aggregate of disks of a storage appliance while the storage appliance continues to serve clients are provided. According to one embodiment, the size of the aggregate may be reduced by shrinking the file system of the storage appliance and removing a selected disk from the aggregate. When an identified shrink region includes the entire addressable PVBN space of the selected disk, the file system may be shrunk by relocating valid data from the selected disk elsewhere within the aggregate. After the valid data is relocated, the selected disk may be removed from the aggregate, thereby reducing the provisioned storage capacity of the aggregate by the size of the selected disk.

Abstract: Systems and methods for reducing the provisioned storage capacity of a disk or aggregate of disks of a storage appliance while the storage appliance continues to serve clients are provided. According to one embodiment, the size of the aggregate may be reduced by shrinking the file system of the storage appliance and removing a selected disk from the aggregate. When an identified shrink region is less than the entire addressable PVBN space of the selected disk, the file system may be shrunk by relocating valid data from the shrink region of the selected disk to one or more regions outside of the shrink region, mirroring data of the selected disk from outside of the shrink region to a smaller disk added to the aggregate, and then removing the selected disk after the mirrors are in sync, thereby reducing the provisioned storage capacity of the aggregate by the difference in size between the selected disk and the smaller disk.

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: Systems and methods are provided for sharing ephemeral storage of a virtual machine (VM) for use as victim caches for virtual storage appliances running on the VM. According to one embodiment, a central service may run within the VM and be responsible for managing allocation and reclamation of ephemeral storage space of the VM to/from the virtual storage appliances. Responsive to startup of a new virtual storage appliance on the VM, the new virtual storage appliance may request space from the central service to inform creation of its victim cache. In connection with servicing the request, the central service may take into consideration various factors including one or more of the total aggregate size of multiple local ephemeral drives associated with the VM, remaining available ephemeral storage space, the number of active virtual storage appliances, and the SLO of the virtual storage appliance seeking to establish its victim cache.

Abstract: Systems and methods are described for managing ephemeral storage of a virtual machine (VM) to provide victim caches for virtual storage appliances running on the VM. According to one embodiment, a central service may run within the VM and be responsible for managing allocation and reclamation of ephemeral storage space of the VM to/from the virtual storage appliances. Responsive to startup of a new virtual storage appliance on the VM, the new virtual storage appliance may request space from the central service to inform creation of its victim cache. In connection with servicing the request, the central service may take into consideration various factors including one or more of the total aggregate size of multiple local ephemeral drives associated with the VM, remaining available ephemeral storage space, the number of active virtual storage appliances, and the SLO of the virtual storage appliance seeking to establish its victim cache.

Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

Abstract: Systems and methods are described for managing ephemeral storage of a virtual machine (VM) to provide victim caches for virtual storage appliances running on the VM. According to one embodiment, a central service may run within the VM and be responsible for managing allocation and reclamation of ephemeral storage space of the VM to/from the virtual storage appliances. Responsive to startup of a new virtual storage appliance on the VM, the new virtual storage appliance may request space from the central service to inform creation of its victim cache. In connection with servicing the request, the central service may take into consideration various factors including one or more of the total aggregate size of multiple local ephemeral drives associated with the VM, remaining available ephemeral storage space, the number of active virtual storage appliances, and the SLO of the virtual storage appliance seeking to establish its victim cache.

Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: Systems and methods for supporting dynamic disk growth within a virtual storage appliance are provided. According to one embodiment, a portion of a logical size of respective hyperscale disks provided by a hyperscaler are provisioned for use by a virtual storage system as backing for respective file system disks. To accommodate growth, block numbers for the file system disks are pre-allocated within a sparse space of a contiguous sequence of block numbers corresponding to a number of blocks represented by the logical size. Metadata is maintained for the file system disks regarding a range of the pre-allocated block numbers that are available for use. Responsive to a triggering condition, the provisioned portion of a hyperscale disk is increased and subsequently, responsive to detecting a change in a size of the hyperscale disk by the virtual storage system, a size of the corresponding file system disk is updated within the metadata.

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file is associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

Abstract: Techniques are provided for selectively storing data into allocation areas using streams. A set of allocation areas (e.g., ranges of block numbers such as virtual block numbers) are defined for a storage device. Data having particular characteristics (e.g., user data, metadata, hot data, cold data, randomly accessed data, sequentially accessed data, etc.) will be sent to the storage device for selective storage in corresponding allocation areas. For example, when a file system receives a write stream of hot data, the hot data may be assigned to a stream. The stream will be tagged using a stream identifier that is used as an indicator to the storage device to process data of the stream using an allocation area defined for hot data. In this way, data having different characteristics will be stored/confined within particular allocation areas of the storage device to reduce fragmentation and write amplification.

Abstract: A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks (e.g., ransomware attacks) and mitigating data loss. In one or more embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

Abstract: Techniques are provided for selectively storing data into allocation areas using streams. A set of allocation areas (e.g., ranges of block numbers such as virtual block numbers) are defined for a storage device. Data having particular characteristics (e.g., user data, metadata, hot data, cold data, randomly accessed data, sequentially accessed data, etc.) will be sent to the storage device for selective storage in corresponding allocation areas. For example, when a file system receives a write stream of hot data, the hot data may be assigned to a stream. The stream will be tagged using a stream identifier that is used as an indicator to the storage device to process data of the stream using an allocation area defined for hot data. In this way, data having different characteristics will be stored/confined within particular allocation areas of the storage device to reduce fragmentation and write amplification.