Abstract: A method and system for securing network communications are provided. In a network a Secure Reverse Proxy (“SRP”) is placed among a server and a client where the client and SRP establish a secure connection using TLS protocol. Upon receiving a request from the client for a secure HTTP page, the SRP determines if the secure page is maintained in its cache. If the page is present, the SRP responds to the client by sending the requested secure HTTP page without contacting the server. If the page is not contained within the SRP's cache, the SRP establishes secure TLS connection with the server and forwards the request for the HTTP page. Receiving the HTTP page from the server, the SRP places it in its cache for future use. Having the page in its cache the SRP retrieves the page, encrypts it, and sends it to the requesting client. Subsequent requests for the same page do not involve the server enhancing the efficiency of network operations.

Abstract: A transparent proxy server is implemented by directing particular client packets to a proxy server that handles communications between the client and an origin server. When a client sends a packet to an origin server, a router transparently redirects the packet to the proxy server by storing the proxy server address in the destination field and the origin server address in the record route options field. The proxy server sends connection setup requests to the origin server and forwards acknowledgement packets to the client. For other requests, the proxy server determines whether the requested information is stored in the proxy server cache. If so, the information is retrieved from the cache; if not, the information is retrieved from the origin server. All acknowledgement and information packets are sent to the client with the origin server address in the source field, making it appear that the origin server sent the packets.

Abstract: A NAS switch provides mirroring in a NAS storage network that is transparent to client. A source file server exports an original NAS file handles indicative of object locations on the source file server to the NAS switch. The NAS switch modifies the original NAS file handles to an internal file system and maps the original NAS file handles to a switch file handles independent of location. The NAS switch exports the switch file handles to a client. The client looks-up objects and makes NAS requests to the source file server using switch file handles. The NAS switch performs mirroring of a namespace when during processes such as data migration, data replication, and data snapshot.

Abstract: A NAS switch provides extended storage capacity to a file server in a decentralized storage network such as a NAS (Network Attached Storage) storage network. The NAS switch sits in the data path of a client on the front end and a directory file server and shadow file servers on the back end. A segregation module in the NAS switch replicates data from the directory file server to a shadow file server, and then replaces the data in the directory file server with holey files. Holey files, which store a range of consecutive values such as zero with negligible storage space, retain the attributes of the data without retaining its storage consumption. Thus, the directory file server can server as a single directory hierarchy for several shadow file servers containing data beyond a capacity of the directory file server. When the NAS switch receives operations from the client, an association module forwards directory operations to the directory file server and data operations to the shadow file server.

Abstract: The present invention provides selective migration in a storage network in accordance with a policy. The policy can include rules that establish which objects are migrated from a source file server to a destination file server based on file attributes (e.g., file type, file size, last access time, frequency of access). For example, large multimedia files that consume I/O bandwidth on expensive or critical file servers, without adding much value to enterprise productivity, can be migrated to a commodity or less critical file server.

Abstract: A NAS (Network Attaches Storage) switch authenticates a client on multiple file servers for proxy services. The NAS switch enables proxy services by successively authenticating the client on the file servers using referrals. The NAS switch further comprises a connection manager to establish connections to the client and the file servers, a referral manager to redirect the client for successive authentications, and a transaction manager to perform data transfers with the file servers on behalf of the client. The system components support DFS (Distributed File System), and communicate using a protocol dialect that supports referral mechanisms such as NFSv4 (Network File Server version 4) or CIFS (Common Internet File System). The transaction manager also performs a protocol dialect translation service when the connection manager negotiates one protocol dialect with the client, and a different protocol dialect with the file server.

Abstract: Methods and systems are provided for processing a cache. A candidate object is identified for updating. A fresh object corresponding to the candidate object is obtained if it is determined that a newer version of the candidate object is available. A destination buffer is selected from a group of primary and non-primary buffers based on an amount of available space in a primary buffer. The fresh object is stored in the destination buffer.

Abstract: A NAS switch provides file migrations in a NAS storage network that are transparent to the clients. A source file server exports an original NAS file handles indicative of object locations on the source file server to the NAS switch. The NAS switch modifies the original NAS file handles to an internal file system and maps the original NAS file handles to a switch file handles independent of location. The NAS switch exports the switch file handles to a client. The client looks-up objects and makes NAS requests to the source file server using switch file handles. The NAS switch performs file migration by first replicating the namespace containing data to be migrated from source file server to a destination file server. Separately, the NAS replicates data which is a relatively longer process than the namespace replication. During data replication, namespace access requests for objects are directed to the replicated namespace.

Abstract: A NAS switch provides extended storage capacity to a file server in a decentralized storage network such as a NAS (Network Attached Storage) storage network. The NAS switch sits in the data path of a client on the front end and a directory file server and shadow file servers on the back end. A segregation module in the NAS switch replicates data from the directory file server to a shadow file server, and then replaces the data in the directory file server with holey files. Holey files, which store a range of consecutive values such as zero with negligible storage space, retain the attributes of the data without retaining its storage consumption. Thus, the directory file server can server as a single directory hierarchy for several shadow file servers containing data beyond a capacity of the directory file server. When the NAS switch receives operations from the client, an association module forwards directory operations to the directory file server and data operations to the shadow file server.

Abstract: A NAS switch, in the data path of a client and a NAS file server on the storage network, provides a centralized point of reconfiguration after a network change that alleviates the need for reconfiguration of each connected client. The client uses a NAS request to access a storage object to the NAS switch using a switch file handle that is independent of object location and that can be used to locate the primary and its replica storage objects if the object is subsequently replicated. A replication module replicates a namespace separately from data contained therein. Afterwards, synchronicity module looks-up the switch file handle in a file handle replication table to determine if the object has been replicated and, if so, sends one of the replica NAS file handles. The synchronicity module also maintains synchronicity between the primary and replica file servers through critical NAS requests that modify objects such as create, delete, and the like.

Abstract: A NAS switch provides large file support to a file server in a decentralized storage network such as a NAS (Network Attached Storage) storage network. For example, files greater than 2-GB can be stored on a 32-bit commodity file server. The NAS switch sits in the data path of a client on the front end and a commodity NAS file server on the back end. A segmentation module in the NAS switch stores large files as separate data chunks in the file server. To do so, the segmentation module stores a directory file handle, which points to a directory containing the data chunks, in place of the large file. The segmentation module can also store a large file/chunk directory association in a migration cache. A reconstruction module processes client requests concerning large files by issuing requests to specific data chunks. For example, in a read operation, the reconstruction module calculates chunk numbers to determine which file to read and offsets to determine which byte to read within a chunk.

Abstract: An apparatus and method for creating and maintaining a cyclic or circular buffer are implemented using logical blocks corresponding to the physical blocks of the buffer. The logical blocks are mapped to the physical blocks of the cyclic buffer, and are used to create an index table for the buffer. Each entry in the index table corresponds to one or more blocks in the buffer, and has a logical block number respectively associated with a buffer block. When information from the buffer is accessed, the index table is consulted to determine if the requested information is stored in the buffer. If the information is stored in the buffer, the logical block number corresponding to the information is retrieved from the entry and translated into a corresponding physical block number. Using logical block numbers allows simple determination of whether the buffer block is valid, and how new or fresh the buffer block is without requiring a generation or cycle number.

Abstract: Systems and methods are disclosed in which a computer system having main memory and persistent memory is caused to perform a method for caching related objects. The computer system receives a plurality of objects from an origin server and computes a hash value based on source information about an object. Then the computer system stores the object based on the hash value with other related objects. Additionally, a computer system consistent with the present invention may retrieve related objects from the cache by performing a batch read of related objects.

Abstract: An object cache stores objects in a cyclic buffer to provide highly efficient creation of cache entries. The cache efficiently manages storage of a large number of small objects because the cache does not write objects into a file system as individual files, rather the cache utilizes cyclical buffers in which to store objects as they are added to the cache. Because of the use of a cyclic buffer, the high-overhead process of purging cache entries never needs to be performed. Cache entries are automatically purged as they are overwritten when the cyclic buffer becomes full and the input pointer wraps around from the end of a cyclic buffer to the beginning of a cyclic buffer. Additionally, in the event of a system crash or disk subsystem malfunction, inspect and repair time is independent of the size of the cache, as opposed to conventional file systems in which the time is proportional to the size of the file system.

Abstract: Methods and systems are provided for processing a cache. A candidate object is identified for updating. A fresh object corresponding to the candidate object is obtained if it is determined that a newer version of the candidate object is available. A destination buffer is selected from a group of primary and non-primary buffers based on an amount of available space in a primary buffer. The fresh object is stored in the destination buffer.

Abstract: Systems and methods are disclosed in which a computer system having main memory and persistent memory is caused to perform a method for caching related objects. The computer system receives a plurality of objects from an origin server and computes a hash value based on source information about an object. Then the computer system stores the object based on the hash value with other related objects. Additionally, a computer system consistent with the present invention may retrieve related objects from the cache by performing a batch read of related objects.

Abstract: An object cache stores objects in a cyclic buffer to provide highly efficient creation of cache entries. The cache efficiently manages storage of a large number of small objects because the cache does not write objects into a file system as individual files, rather the cache utilizes cyclical buffers in which to store objects as they are added to the cache. Because of the use of a cyclic buffer, the high-overhead process of purging cache entries never needs to be performed. Cache entries are automatically purged as they are overwritten when the cyclic buffer becomes full and the input pointer wraps around from the end of a cyclic buffer to the beginning of a cyclic buffer. Additionally, in the event of a system crash or disk subsystem malfunction, inspect and repair time is independent of the size of the cache, as opposed to conventional file systems in which the time is proportional to the size of the file system.

Abstract: A method and apparatus are provided for protecting sensitive information within server or other computing environments. Numerous electronic requests addressed to a server system are received over network couplings and evaluated. The evaluation scans for sensitive information including credit card information and private user information. Upon detecting sensitive data, cryptographic operations are applied to the sensitive data. When the sensitive data is being transferred to the server system, the cryptographic operations encrypt the sensitive data prior to transfer among components of the server system. When sensitive data is being transferred from the server system, the cryptographic operations decrypt the sensitive data prior to transfer among the network couplings. The cryptographic operations also include hash, and keyed hash operations.

Abstract: A covert channel is established between a network service and one or more service monitors in a service group. The covert channel minimizes overhead by providing an indication of the status of the service through use of operating system utilities rather than conventional remote procedure calls (RPCs) or posting methods. The covert channel relies on one or more communication files established and updated by the service and having attributes which are in proportion to the workload of the service. By monitoring these attributes, the service monitor is able to determine the status of the service, including its workload and availability, without incurring costly operational overhead.

Abstract: A method and system for securing network communications are provided. In a network a Secure Reverse Proxy (“SRP”) is placed among a server and a client where the client and SRP establish a secure connection using TLS protocol. Upon receiving a request from the client for a secure HTTP page, the SRP determines if the secure page is maintained in its cache. If the page is present, the SRP responds to the client by sending the requested secure HTTP page without contacting the server. If the page is not contained within the SRP's cache, the SRP establishes secure TLS connection with the server and forwards the request for the HTTP page. Receiving the HTTP page from the server, the SRP places it in its cache for future use. Having the page in its cache the SRP retrieves the page, encrypts it, and sends it to the requesting client. Subsequent requests for the same page do not involve the server enhancing the efficiency of network operations.