Abstract: Embodiments of monitoring data assets in a system to apply rules to optimize storage and access of the data assets based on data content rather than data location, by defining rules based on the monitoring attributes, wherein a rule dictates a storage location of selected data or access permissions to the data by one or more persons or groups in the system. The selected data is tagged with a defined metadata tag, and a dataset is created by running a query against a data catalog to derive the dataset. A component monitors data usage and access of data elements referenced by the dataset to detect any violations of the defined rules, and provides a notification of any violation to facilitate remedial action by a user or process. The dataset can span multiple storage devices of different types to define a single processing unit for the monitoring attributes.

Abstract: Managing a lifecycle of data by identifying data objects that are subject to same control rules in each stage of the lifecycle as grouped data, where the control rules allow only authorized access to or authorized operations on the grouped data based on a current stage of the lifecycle. A dataset is generated for the grouped data by identifying metadata of the grouped data to be processed similarly within the lifecycle, and storing the metadata in the dataset. The control rules associated with the grouped data as stage tags for the dataset. Actions performed on the data referenced by the dataset are monitored to ensure that the monitored actions comply with control rules using the stage tags of the dataset.

Abstract: Providing content based data access protection for data stored in a system by creating a dataset by grouping metadata for data objects that are grouped together by one or more filters. The dataset can span multiple storage devices of different types to define a single data access protection unit for the corresponding content data. A user query generates the one or more filters, and an access rule is defined that allows or denies access to the dataset by users or processes as the single unit based on data content rather than location. The access rule can comprise at least one of an Access Control List (ACL) rule or a Role-Based Access Control (RBAC) rule, where the ACL lists permissions associated with certain data elements that grant access to specific users or processes, and the RBAC rules allow or deny access on the basis of role-permissions within the system.

Abstract: Classifying data objects for the content-based protection and process control in a system and modifying a classification based on evolving data. Data objects stored in the system are scanned to identify data objects to be processed similarly with respect to data protection or access control. A dataset comprising metadata for corresponding data objects is generated, and a classifier labels the dataset with a classifier tag to indicate an ownership group. Data objects that belong to the dataset are similarly tagged with the classifier so that the same operations are performed on this data regardless of location. A monitor tracks changes in the dataset based system evolution to determine a change in the classifier for the dataset based on the change. A classifier behavior tag is appended to the dataset specify an operation of the classifier to accommodate the tracked change.

Abstract: Optimizing data movement from a source data center to a target data center by grouping metadata of data objects into a dataset that encompasses data processed identically by a data processing operation, where the dataset defines a single data access unit for these data objects, and the data processing operation processes them as a single unit based on data content rather than physical or logical data location of the data objects. A mobility process correlates an increase in a number of metadata elements in the dataset with a growth rate of the dataset, and compares the dataset growth rate with historical or similar dataset growth rate data. The comparison is used to determine when and where to move data from the source to the target data center based on a forecast of accelerated growth indicated by the comparing step, and a consideration of target data center resources, data move costs, and streaming data effects.

Abstract: Providing content-based encryption to content data in a data processing system by creating datasets by grouping metadata for data objects that are intended to be encrypted with a common encryption key, where each dataset spans multiple storage devices of different storage types, and defines a single data encryption unit for the data objects referenced by a respective dataset. Each dataset is tagged with an encryption tag to enable or disable use of a self-selected encryption key. Encryption keys stored in or made available to the system are accessed for encrypting the data objects using an encryption process. A key management component maps each dataset to a corresponding encryption key of the encryption keys, and an encryption component encrypts, for each dataset, referenced data objects using a corresponding mapped encryption key.

Abstract: Providing content-based protection and process control to data objects in a multi-network system, by scanning content data to identify metadata associated with data objects to be protected by a defined protection policy. The content data is stored in storage devices comprising network attached storage (NAS), object storage, local storage, or cloud networks, and where the storage devices are deployed in different networks including core networks, edge networks, and cloud networks. The gathered metadata is stored in a catalog, and a user entered query is executed against the catalog to generate a dataset. The defined protection policy is then applied to the dataset to operate on the corresponding data objects referenced by the dataset as a single unit based on data content rather than data location in a file directory or physical location within the multi-network system.

Abstract: Providing content-based sensitivity classification to content data in a data processing system, by defining sensitivity designations for data objects stored in the system, and creating datasets by grouping metadata for data objects that are intended to classified with a same sensitivity designation, wherein each dataset spans multiple storage devices of different storage types, and wherein each dataset defines a single data sensitivity unit for the data objects referenced by a respective dataset. A sensitivity classifier component tags each dataset with a sensitivity tag to specify a protection or control operation on the data objects referenced by the respective dataset, and a processing component then processes data objects for each tagged dataset in accordance with the specified protection or control operation.

Abstract: Managing versioning of data objects for a project revised from a first version to a revised version by producing a dataset representing the data objects as a group by scanning the data objects to identify metadata of the grouped data to be processed similarly within a current version of the lifecycle, and storing the identified metadata in the dataset. Data object changed from the first version to the revised version are identified, and the corresponding metadata for changed data objects in the dataset is updated. A version control operation is then performed on the dataset to update all data objects referenced by the dataset from the first version to the revised version. A commit-map and commit-tree are stored in a repository, and version control operations including commit, checkout, merge, branch and merge-branch are performed on the dataset snapshot.

Abstract: Performing charge/showback operations in a large-scale data system by scanning multiple data sources to identify data objects for processing as a unitary group with respect to common characteristics that have an impact on finances within the system. Metadata of the identified data objects are stored in a dynamic dataset that defines a single data access unit for the referenced data objects. The system processes a user query regarding cost allocations, cost forecasts, and resource usage of respective groups within an organization. The query initiates a charge-back or show-back operation that allocates costs associated with each respective usage of resources by a department or cost center, and accesses the referenced data objects through the dataset as a single unit based on data content rather than data location in a file directory of the system.

Abstract: Embodiments applying data protection and control policies using content-based datasets by scanning data objects stored in the system to determine grouped data that is processed similarly with respect to data protection and access control operations defined by a policy. A dataset is produced comprising metadata the scanned data objects of the grouped data. The actions performed on the dataset will affect only the corresponding data objects referenced by the metadata. A policy attribute derivation (PAD) process determines a change in the policy affecting a subset of data objects of the dataset and dictating changed data protection and access control operations applied to this subset, and tags the change in the policy as a PAD tag to the dataset to affect the application of the changed data protection and access control operations only to the subset and not any remaining data objects of the dataset.

Abstract: Enforcing a legal hold procedure in a system by scanning multiple data sources to identify data objects for processing as a unitary group with respect to common access and control processes of the legal hold to preserve the data for a defined period of time and protected against modification and unauthorized access. The metadata is stored in a static dataset that defines a single data access unit for the referenced data. A user query regarding a referenced data object is processed, and accesses the data through the dataset as a single unit based on data content rather than data location in a file directory of the system. The data may be sensitive data and the legal hold procedure may be implemented as court rules in accordance with Federal Rules of Civil Procedure.

Abstract: Any point in time backups for distributed consistency is disclosed. IOs from a consistency group are received by multiple aggregators and stored in corresponding journals. In response to a bookmark, the multiple journals are synthesized to create a do stream or to add the multiple journals to the do stream. A full synchronization operation can be performed simultaneously with replication operations.

Abstract: A system is provided that includes one or more hardware processors, and a non-transitory storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations including: gathering information concerning thin journal space usage, in a thin journal, by each of a plurality of consistency groups, and the thin journal space comprises a plurality of journal blocks; computing an ideal journal block state for each consistency group; computing an achievable journal block state for each consistency group; and computing a transition step from the achievable journal block state to the ideal journal block state.

Abstract: Generating any point in time backups without native snapshot generation. Production data is split such that a journal stream is sent to a data protection system, which may be local or remote. The journal stream includes a data stream and a metadata stream. Backups are synthesized at the data protection system by rolling at least a portion of the journal. A backup for any point in time represented in the journal can be synthesized.

Abstract: A system is provided that includes multiple different consistency groups, a respective thin journal included in each of the consistency groups, and each thin journal includes a respective thin VMDK, a thin journal space that is shared by all of the consistency groups, and the journal space includes a plurality of journal blocks, and a datastore that stores blocks allocated to the thin journals, and datastore space is dynamically allocated in journal blocks to each of the respective consistency groups.

Abstract: One example method includes intercepting an IO that is directed to a volume, writing the IO to a grid-CG that is one of a plurality of grid-CGs that collectively form a distributed CG, adding the IO to a stream journal associated with the grid-CG, receiving a bookmark request, in response to the bookmark request, inserting a bookmark in the stream journal, incrementing a splitter counter and broadcasting a splitter counter value to the grid-CGs in the distributed CG, and inserting the bookmark in respective stream journals of the grid-CGs in the distributed CG.

Abstract: A system can determine timeseries telemetry data of resource utilization of respective data centers of a group of data centers maintained by the system. The system can predict respective hardware requests based on future resource utilization based on the timeseries telemetry data, the hardware requests comprising respective hardware requests at respective data centers of the group of data centers. The system can predict respective future times at which the respective hardware requests will occur. The system can determine respective physical location sources of hardware, respective physical location destinations of hardware, and respective amounts of hardware based on the respective hardware requests and the respective future times. The system can store an indication of the respective physical location sources of hardware, respective physical location destinations of hardware, and respective amounts of hardware.

Abstract: A system can maintain a first data center that comprises a virtualized overlay network and virtualized volume identifiers, and store data comprising virtualized workloads. The system can determine a service level agreement associated with providing a second data center as a backup to the first data center. The system can, based on the service level agreement, divide, into a first portion of tasks and a second portion of tasks deploying the data to a secondary storage of the second data center, deploying the data to a primary storage of the second data center, and configuring the second data center with the virtualized overlay network and the virtualized volume identifiers. The system can perform the first portion of tasks before determining to restore the first data center to the second data center. The system can perform the second portion of tasks in response to determining to restore the first data center.

Abstract: A system can maintain a first data center in a first physical location that comprises first compute hardware, and a second data center in a second physical location that comprises second compute hardware. The system can establish an overlay network that spans the first data center and the second data center. The system can establish a group of virtualized volume identifiers that spans the first data center and the second data center, and that virtualizes physical storage volumes. The system can determine whether to process a customer virtualized workload on the first data center or on the second data center to produce a selected location, wherein the customer virtualized workload is configured to be processed on the first data center and to be processed on the second data center. The system can process the customer virtualized workload at the selected location.