Abstract: The disclosed computer-implemented method for performing node failovers may include: (1) initiating, during a failover of a first node to a second node, a grace period for the first node and the second node; (2) writing a new lock, indicating an internet protocol (IP) address, to a memory device of the second node, while maintaining: (A) an old lock of the IP address in a memory device of the first node, and (B) locks of nodes other than the first and second nodes; (3) transferring the old lock from the first node to the new lock of the second node, where requests to change the locks of nodes other than the first and second nodes are denied during transferring; and (4) stopping the grace period. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for performing secure backup operations may include (i) identifying a backup server that has been designated to perform a backup task for a backup client, (ii) prior to facilitating the backup task on the backup client (a) identifying both a trust level of the designated backup server and a sensitivity level of the backup task and (b) determining whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task, and (iii) facilitating the backup task on the backup client based on the determination of whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for performing secure backup operations may include (i) identifying a group of backup servers with heterogeneous computing environments that provide backup services for a backup client, (ii) determining, for each backup server within the group, a trust level of the backup server by identifying at least one security characteristic of the backup server, (iii) deploying, on each of the backup servers, a signed certificate that enables the backup server to transfer backup data with a security level that corresponds to the trust level of the backup server, and (iv) performing secure backup operations for the backup client by (a) identifying a sensitivity level of a backup task initiated by the backup client and (b) assigning the backup task to a backup server within the group of backup servers that has a signed certificate with a security level appropriate for the sensitivity level of the backup task.

Abstract: The disclosed computer-implemented method for scalable network buffer management may include (1) receiving, via a connection to a client, data to be transmitted to a cloud service, (2) buffering the data in at least one data buffer, (3) determining that the data will not be transmitted to the cloud service within a timeout period for the client connection, (4) delaying reception of additional data from the client connection for a portion of the timeout period, and (5) before the timeout period has elapsed, buffering data from the client connection in at least one secondary data buffer, wherein the secondary data buffer is smaller in size than the data buffer. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for performing secure backup operations may include (i) identifying a group of backup servers with heterogeneous computing environments that provide backup services for a backup client, (ii) determining, for each backup server within the group, a trust level of the backup server by identifying at least one security characteristic of the backup server, (iii) deploying, on each of the backup servers, a signed certificate that enables the backup server to transfer backup data with a security level that corresponds to the trust level of the backup server, and (iv) performing secure backup operations for the backup client by (a) identifying a sensitivity level of a backup task initiated by the backup client and (b) assigning the backup task to a backup server within the group of backup servers that has a signed certificate with a security level appropriate for the sensitivity level of the backup task.

Abstract: The disclosed computer-implemented method for performing secure backup operations may include (i) identifying a backup server that has been designated to perform a backup task for a backup client, (ii) prior to facilitating the backup task on the backup client (a) identifying both a trust level of the designated backup server and a sensitivity level of the backup task and (b) determining whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task, and (iii) facilitating the backup task on the backup client based on the determination of whether the trust level of the designated backup server is appropriate for the sensitivity level of the backup task. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Storage systems and methods are presented. A method can include: accessing virtual machine image information; performing an examination process on the virtual machine image information to determine characteristics of the virtual machine image information including temporary attributes of the virtual machine image information; performing an exclusion block identification process based upon results of the examination process to identify exclusion blocks, wherein exclusion blocks are identified for exclusion from a subsequent operation; and forwarding an indication of the exclusion blocks to the subsequent operation. In one embodiment the method is performed within a File Server.

Abstract: Techniques for file system recovery are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for file system recovery comprising starting a recovery process for a failed node, utilizing the recovery process to read one or more committed but un-applied transactions from storage associated with the failed node, and recreating the one or more committed but un-applied transactions in memory associated with the recovery process.

Abstract: The disclosed computer-implemented method for scalable network buffer management may include (1) receiving, via a connection to a client, data to be transmitted to a cloud service, (2) buffering the data in at least one data buffer, (3) determining that the data will not be transmitted to the cloud service within a timeout period for the client connection, (4) delaying reception of additional data from the client connection for a portion of the timeout period, and (5) before the timeout period has elapsed, buffering data from the client connection in at least one secondary data buffer, wherein the secondary data buffer is smaller in size than the data buffer. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for performing storage system de-duplication. The method includes accessing a plurality of initial partitions of files of a storage system and performing a de-duplication on each of the initial partitions. For each duplicate found, an indicator comprising the metadata that is similar across said each duplicate is determined. For each indicator, indicators are determined that infer a likelihood that data objects with said indicators contain duplicate data is high. Optimized partitions are generated in accordance with the chosen indicators. A de-duplication process is subsequently performed on each of the optimized partitions.

Abstract: Systems and methods for information storage replication are presented. In one embodiment, a namespace conversion process is performed. Node information regarding a file systems operation change is received. A changed node to pathname object conversion process is performed. An unchanged node to pathname object conversion process is performed. In one exemplary implementation, the changed node to pathname object conversion process and the unchanged node to pathname object conversion process utilize data structures that return the object indications and parent node indications. An object indication is inserted in a pathname.

Abstract: A method and apparatus for detecting violations of data loss prevention (DLP) policies based on reputation scores. The DLP agent monitors outbound data transfers performed by a computing system. The DLP agent classifies the outbound data transfers based on data types. The DLP agent determines reputations source for the outbound data transfers to a destination entity based on the classifying and the destination entity, the first outbound data transfer being a first data type and the second outbound data transfer being a second data type. The DLP agent compares the first reputation score and the second reputation score against a reputation threshold to detect violations of a DLP policy. At least one of remedial operations or reporting operations is performed in response to the detected violations.

Abstract: A periodic checkpoint method for a file system replication source. The method comprises generating a first checkpoint at a first time on a file system replication source and identifying a set of data objects from the replication source that have been modified during a time period between the first time and a subsequent second time. A periodic checkpoint is then generated at the second time on the file system replication source by using the set of data objects.

Abstract: Data loss prevention systems and methods begin protecting data upon the creation of the data. One such method involves detecting a file system operation targeting data on a storage device. The file system operation creates or modifies the data or a set of permissions associated with the data. In response to detecting the file system operation, the method prevents unauthorized access to the data. The method begins preventing unauthorized access after the detection of the file system operation and before any subsequent read access to the data via the file system.

Abstract: A computer-implemented method for variable-length chunking may include 1) identifying a first data stream subject to deduplication, 2) identifying a predetermined chunk of the first data stream that starts at a first location and ends at a second location within the first data stream, 3) identifying a second data stream with a matching chunk for the predetermined chunk that starts at a third location and ends at a fourth location within the second data stream, 4) identifying a subsequent chunk within the second data stream that starts at the fourth location and ends at a fifth location within the second data stream, 5) calculating a candidate boundary offset within the first data stream based on exceeding the second location by a difference between the fifth location and the fourth location, and 6) performing a boundary test at the candidate boundary offset. Various other methods, systems, and computer-readable media are disclosed.

Abstract: Various systems and methods for placing a virtual machine on one of a plurality of candidate physical machines. For example, one method can involve generating a list that comprises entries for a virtual machine. Each entry in the list indicates a portion of data that is associated with the virtual machine. The method then involves calculating a number of common entries between the list and each of a plurality of candidate lists, where a common entry is an entry that is included in the respective candidate list and in the list. Each candidate list is associated with a computing device. In response to detecting which candidate list has the most common entries, the method involves assigning the virtual machine to the computing device associated with that candidate list.

Abstract: An access request that includes a combination of a file identifier and an offset value is received. If the page cache does not contain the page indexed by the combination, then the file system is accessed and the offset value is mapped to a disk location. The file system can access a block map to identify the location. A table (e.g., a shared location table) that includes entries (e.g., locations) for pages that are shared by multiple files is accessed. If the aforementioned disk location is in the table, then the requested page is in the page cache and it is not necessary to add the page to the page cache. Otherwise, the page is added to the page cache.

Abstract: An interface is disclosed that makes information obtained from a file deduplication process available to an application for the efficient operation thereof. A data deduplication repository is scanned to determine a plurality of file segments and respective checksum values associated with the segments. A data structure is generated that allows shared segments to be identified by indexing using a common checksum value. The segments also indicate the file to which they belong and may also include a timestamp value. This data structure is updated as files are modified, etc. The data structure is accessible to an application program so that the application program can readily determine which segments are shared between multiple files. With this information, the application can efficiently process the segment once rather than multiple times. Timestamps can be used by the application to efficiently identify only those segments that were accessed after a given time.

Abstract: A method and apparatus for detecting violations of data loss prevention (DLP) policies based on reputation scores. Using a DLP agent, monitors outbound data transfers performed by the computing system, and determines a reputation score for at least one of the data transfers to a destination entity specified to receive the at least one data transfer based on a data type of the data being transferred to the destination entity.

Abstract: A method and apparatus for determining whether a second computing system meets a minimum level of protection for a DLP policy of a first computing system are described. A DLP agent may monitor outbound data transfers performed by the first computing system, and determines a violation of a DLP policy in a current one of the outbound data transfers to a second computing system. The DLP agent initiates a handshake protocol with the second computing system to determine whether the second computing system meets a minimum protection level for the DLP policy. If the second computing system does not meet the minimum protection level for the DLP policy, the DLP agent prevents the current data transfer to the second computing system; otherwise, the DLP agent permits the current data transfer.