Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: Implementing a high availability mode. A distributed computing environment includes a plurality of nodes. Each of the nodes has an instance of a particular storage service. One or more of the instances have one or more cluster shared filesystems coupled to them. A method includes monitoring arrivals and departures of cluster shared file systems. The method further includes identifying the arrival of one or more clustered shared file systems previously attached to a different instance of the storage service on a different node and being accessible by following one or more namespace partitions located in that clustered shared file system. As a result, the method further includes connecting the instance of the storage service to the one or more arriving clustered shared file systems and exposing the one or more namespace partitions located in that clustered shared file system.

Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: Implementing a high availability mode. A distributed computing environment includes a plurality of nodes. Each of the nodes has an instance of a particular storage service. One or more of the instances have one or more cluster shared filesystems coupled to them. A method includes monitoring arrivals and departures of cluster shared file systems. The method further includes identifying the arrival of one or more clustered shared file systems previously attached to a different instance of the storage service on a different node and being accessible by following one or more namespace partitions located in that clustered shared file system. As a result, the method further includes connecting the instance of the storage service to the one or more arriving clustered shared file systems and exposing the one or more namespace partitions located in that clustered shared file system.

Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.

Abstract: Defining a storage topology of a distributed computing system including a set of machine nodes. A method includes dynamically receiving from a number of nodes in the distributed computing system information about storage devices. Each node sends information about storage devices connected to that particular node. The information is sent dynamically from each node as conditions related to storage change and as a result of conditions related to storage changing. From the received information, the method includes dynamically constructing a storage topology representation of the distributed computed system.

Abstract: The present invention extends to methods, systems, and computer program products for implementing persistent reservation techniques for establishing ownership of one or more physical disks. These persistent reservation techniques can be employed to determine ownership of physical disks in a storage pool as well as in any other storage configuration. Using the persistent reservation techniques of the present invention, when a network partition occurs, a defender of a physical disk does not remove a challenger's registration key until the defender receives notification that the challenger is no longer in the defender's partition. In this way, pending I/O from applications executing on the challenger will not fail due to the challenger's key being removed until the proper ownership of the physical disk can be resolved.

Abstract: Aspects of the subject matter described herein relate to a distributed network name. In aspects, computers of a cluster have components of a distributed network name service. The network name service has a leader and clones that are hosted on the computers of the cluster. The leader is responsible for updating a name server with network names and addresses of the computers. The leader is also responsible for configuring a security server that allows clients to securely access the computers. The network name service provides credentials to local security authorities of the computers so that a client that attempts to access a service of the computers can be authenticated.

Abstract: The present invention extends to methods, systems, and computer program products for implementing persistent reservation techniques for establishing ownership of one or more physical disks. These persistent reservation techniques can be employed to determine ownership of physical disks in a storage pool as well as in any other storage configuration. Using the persistent reservation techniques of the present invention, when a network partition occurs, a defender of a physical disk does not remove a challenger's registration key until the defender receives notification that the challenger is no longer in the defender's partition. In this way, pending I/O from applications executing on the challenger will not fail due to the challenger's key being removed until the proper ownership of the physical disk can be resolved.

Abstract: Aspects of the subject matter described herein relate to a distributed network name. In aspects, computers of a cluster have components of a distributed network name service. The network name service has a leader and clones that are hosted on the computers of the cluster. The leader is responsible for updating a name server with network names and addresses of the computers. The leader is also responsible for configuring a security server that allows clients to securely access the computers. The network name service provides credentials to local security authorities of the computers so that a client that attempts to access a service of the computers can be authenticated.

Abstract: Defining a storage topology of a distributed computing system including a set of machine nodes. A method includes dynamically receiving from a number of nodes in the distributed computing system information about storage devices. Each node sends information about storage devices connected to that particular node. The information is sent dynamically from each node as conditions related to storage change and as a result of conditions related to storage changing. From the received information, the method includes dynamically constructing a storage topology representation of the distributed computed system.