Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

Abstract: Systems and methods are provided for sharing ephemeral storage of a virtual machine (VM) for use as victim caches for virtual storage appliances running on the VM. According to one embodiment, a central service may run within the VM and be responsible for managing allocation and reclamation of ephemeral storage space of the VM to/from the virtual storage appliances. Responsive to startup of a new virtual storage appliance on the VM, the new virtual storage appliance may request space from the central service to inform creation of its victim cache. In connection with servicing the request, the central service may take into consideration various factors including one or more of the total aggregate size of multiple local ephemeral drives associated with the VM, remaining available ephemeral storage space, the number of active virtual storage appliances, and the SLO of the virtual storage appliance seeking to establish its victim cache.

Abstract: Systems and methods are described for managing ephemeral storage of a virtual machine (VM) to provide victim caches for virtual storage appliances running on the VM. According to one embodiment, a central service may run within the VM and be responsible for managing allocation and reclamation of ephemeral storage space of the VM to/from the virtual storage appliances. Responsive to startup of a new virtual storage appliance on the VM, the new virtual storage appliance may request space from the central service to inform creation of its victim cache. In connection with servicing the request, the central service may take into consideration various factors including one or more of the total aggregate size of multiple local ephemeral drives associated with the VM, remaining available ephemeral storage space, the number of active virtual storage appliances, and the SLO of the virtual storage appliance seeking to establish its victim cache.

Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file.

Abstract: Systems and methods are described for managing ephemeral storage of a virtual machine (VM) to provide victim caches for virtual storage appliances running on the VM. According to one embodiment, a central service may run within the VM and be responsible for managing allocation and reclamation of ephemeral storage space of the VM to/from the virtual storage appliances. Responsive to startup of a new virtual storage appliance on the VM, the new virtual storage appliance may request space from the central service to inform creation of its victim cache. In connection with servicing the request, the central service may take into consideration various factors including one or more of the total aggregate size of multiple local ephemeral drives associated with the VM, remaining available ephemeral storage space, the number of active virtual storage appliances, and the SLO of the virtual storage appliance seeking to establish its victim cache.

Abstract: Systems and methods for performing single I/O writes are provided. According to one embodiment, responsive to receipt of a write operation from a client by a file system layer of a node of a distributed storage system and a data payload of the operation having been determined to meet a compressibility threshold, an intermediate storage layer of the node logically interposed between the file system layer and a block storage media is caused to perform a single input/output (I/O) write operation that persists the compressed data payload and corresponding metadata to support asynchronous journaling of the write operation. The single I/O write operation coupled with the use of a new pool file that maintains a list of available blocks for single I/O write operations and a modified node crash recovery approach allows the write operation to be acknowledged to the client while the journaling is performed asynchronously.

Abstract: Systems and methods for supporting dynamic disk growth within a virtual storage appliance are provided. According to one embodiment, a portion of a logical size of respective hyperscale disks provided by a hyperscaler are provisioned for use by a virtual storage system as backing for respective file system disks. To accommodate growth, block numbers for the file system disks are pre-allocated within a sparse space of a contiguous sequence of block numbers corresponding to a number of blocks represented by the logical size. Metadata is maintained for the file system disks regarding a range of the pre-allocated block numbers that are available for use. Responsive to a triggering condition, the provisioned portion of a hyperscale disk is increased and subsequently, responsive to detecting a change in a size of the hyperscale disk by the virtual storage system, a size of the corresponding file system disk is updated within the metadata.

Abstract: A method, computing device, and non-transitory machine-readable medium for detecting malware attacks and mitigating data loss. In various embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file is associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

Abstract: Techniques are provided for selectively storing data into allocation areas using streams. A set of allocation areas (e.g., ranges of block numbers such as virtual block numbers) are defined for a storage device. Data having particular characteristics (e.g., user data, metadata, hot data, cold data, randomly accessed data, sequentially accessed data, etc.) will be sent to the storage device for selective storage in corresponding allocation areas. For example, when a file system receives a write stream of hot data, the hot data may be assigned to a stream. The stream will be tagged using a stream identifier that is used as an indicator to the storage device to process data of the stream using an allocation area defined for hot data. In this way, data having different characteristics will be stored/confined within particular allocation areas of the storage device to reduce fragmentation and write amplification.

Abstract: A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks (e.g., ransomware attacks) and mitigating data loss. In one or more embodiments, an agent is implemented in the operating system of a storage node to provide protection at the bottommost level in a data write path. The agent intercepts write requests and observes file events over time to detect anomalous behavior. For example, the agent may monitor incoming write requests and, when an incoming write request is detected, determine whether the file is associated with a malware attack risk based on an analysis of an encryption state of data in the file. If the file associated with a malware attack risk, an entry for the file is added to a file log. The agent may analyze the chi-square values for data written to the files, the file log, and the file format to determine whether a malware attack is underway.

Abstract: Techniques are provided for selectively storing data into allocation areas using streams. A set of allocation areas (e.g., ranges of block numbers such as virtual block numbers) are defined for a storage device. Data having particular characteristics (e.g., user data, metadata, hot data, cold data, randomly accessed data, sequentially accessed data, etc.) will be sent to the storage device for selective storage in corresponding allocation areas. For example, when a file system receives a write stream of hot data, the hot data may be assigned to a stream. The stream will be tagged using a stream identifier that is used as an indicator to the storage device to process data of the stream using an allocation area defined for hot data. In this way, data having different characteristics will be stored/confined within particular allocation areas of the storage device to reduce fragmentation and write amplification.

Abstract: Techniques are provided for selectively storing data into allocation areas using streams. A set of allocation areas (e.g., ranges of block numbers such as virtual block numbers) are defined for a storage device. Data having particular characteristics (e.g., user data, metadata, hot data, cold data, randomly accessed data, sequentially accessed data, etc.) will be sent to the storage device for selective storage in corresponding allocation areas. For example, when a file system receives a write stream of hot data, the hot data may be assigned to a stream. The stream will be tagged using a stream identifier that is used as an indicator to the storage device to process data of the stream using an allocation area defined for hot data. In this way, data having different characteristics will be stored/confined within particular allocation areas of the storage device to reduce fragmentation and write amplification.

Abstract: Techniques are provided for selectively storing data into allocation areas using streams. A set of allocation areas (e.g., ranges of block numbers such as virtual block numbers) are defined for a storage device. Data having particular characteristics (e.g., user data, metadata, hot data, cold data, randomly accessed data, sequentially accessed data, etc.) will be sent to the storage device for selective storage in corresponding allocation areas. For example, when a file system receives a write stream of hot data, the hot data may be assigned to a stream. The stream will be tagged using a stream identifier that is used as an indicator to the storage device to process data of the stream using an allocation area defined for hot data. In this way, data having different characteristics will be stored/confined within particular allocation areas of the storage device to reduce fragmentation and write amplification.

Abstract: Presented herein are methods, non-transitory computer readable media, and devices for allocating resources to a particular volume and triggering a consistency point based on the amount given to each volume, thus providing dynamic consistency point triggers. Methods for providing dynamic consistency point triggers are disclosed which include: determining a volume's capacity to utilize resources based on the volume's performance; receiving an allocation of the divided resources based on total system resources available within the storage system and the volume's performance; and triggering a consistency point upon exhausting a threshold percentage of the received/allocated resources.

Abstract: Presented herein are methods, non-transitory computer readable media, and devices for allocating resources to a particular volume and triggering a consistency point based on the amount given to each volume, thus providing dynamic consistency point triggers. Methods for providing dynamic consistency point triggers are disclosed which include: determining a volume's capacity to utilize resources based on the volume's performance; receiving an allocation of the divided resources based on total system resources available within the storage system and the volume's performance; and triggering a consistency point upon exhausting a threshold percentage of the received/allocated resources.

Abstract: A modular block allocator receives a cleaner message requesting dirty buffers associated with an inode be cleaned. The modular block allocator provides at least one bucket cache comprising a plurality of buckets, wherein each bucket represents a plurality of free data blocks. The dirty buffers are cleaned by allocating the data blocks of one of the buckets to the dirty buffers. The allocated data blocks are mapped to a stripe set and when the stripe set is full, the stripe set is sent to a storage system. In one embodiment of the invention, a modular block allocator includes a front end module and a back end module communicating with each other via an application programming interface (API). The front end module contains write allocation policies that define how blocks are laid out on disk. The back end module creates data structures for execution of the policies.

Abstract: A modular block allocator receives a cleaner message requesting dirty buffers associated with an Mode be cleaned. The modular block allocator provides at least one bucket cache comprising a plurality of buckets, wherein each bucket represents a plurality of free data blocks. The dirty buffers are cleaned by allocating the data blocks of one of the buckets to the dirty buffers. The allocated data blocks are mapped to a stripe set and when the stripe set is full, the stripe set is sent to a storage system. In one embodiment of the invention, a modular block allocator includes a front end module and a back end module communicating with each other via an application programming interface (API). The front end module contains write allocation policies that define how blocks are laid out on disk. The back end module creates data structures for execution of the policies.

Abstract: A modular block allocator receives a cleaner message requesting dirty buffers associated with an inode be cleaned. The modular block allocator provides at least one bucket cache comprising a plurality of buckets, wherein each bucket represents a plurality of free data blocks. The dirty buffers are cleaned by allocating the data blocks of one of the buckets to the dirty buffers. The allocated data blocks are mapped to a stripe set and when the stripe set is full, the stripe set is sent to a storage system. In one embodiment of the invention, a modular block allocator includes a front end module and a back end module communicating with each other via an application programming interface (API). The front end module contains write allocation policies that define how blocks are laid out on disk. The back end module creates data structures for execution of the policies.