Abstract: A computer-implemented method according to one embodiment includes identifying a creation of a container within a system, selecting a security policy for the container, based on one or more attributes, identifying a key label associated with the security policy for the container, retrieving a data encryption key, utilizing the key label, and encrypting the container, utilizing the data encryption key. This may enable a highly granular level of automatic container-level security within the system that may be transparently implemented within the system, which may streamline container security and reduce an amount of stored data and processing necessary for implementing container security, and may thereby improve the performance of the system.

Abstract: A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.

Abstract: A computer-implemented method according to one embodiment includes establishing a predetermined checkpoint and storing a log of duplicate read data in association with the predetermined checkpoint during a running of an application that is processing at least one data set, the duplicate read data including an image of all data retrieved from the at least one data set in response to a plurality of data reads made by the application before the predetermined checkpoint; identifying a first failure of the application; and restarting the application and performing a first replay of the application in response to the first failure.

Abstract: A computer-implemented method according to one embodiment includes establishing a predetermined checkpoint and storing a log of duplicate read data in association with the predetermined checkpoint during a running of an application that is processing at least one data set, the duplicate read data including an image of all data retrieved from the at least one data set in response to a plurality of data reads made by the application before the predetermined checkpoint; identifying a first failure of the application; and restarting the application and performing a first replay of the application in response to the first failure.

Abstract: A computer-implemented method according to one embodiment includes restarting an application at a second system in response to a failure of the application at a first system, receiving replicated logged data from the first system at the second system, updating a second data set at the second system to reflect a first data set at the first system, utilizing the replicated logged data, identifying a first plurality of data reads from the restarted application at the second system, where the first plurality of data reads occur before a predetermined checkpoint, and in response to the first plurality of data reads, retrieving the replicated logged data from the second system, and returning the replicated logged data to the restarted application at the second system.

Abstract: A computer-implemented method according to one embodiment includes identifying a creation of a container within a system, selecting a security policy for the container, based on one or more attributes, identifying a key label associated with the security policy for the container, retrieving a data encryption key, utilizing the key label, and encrypting the container, utilizing the data encryption key. This may enable a highly granular level of automatic container-level security within the system that may be transparently implemented within the system, which may streamline container security and reduce an amount of stored data and processing necessary for implementing container security, and may thereby improve the performance of the system.

Abstract: A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.

Abstract: A computer-implemented method according to one embodiment includes restarting an application at a second system in response to a failure of the application at a first system, receiving replicated logged data from the first system at the second system, updating a second data set at the second system to reflect a first data set at the first system, utilizing the replicated logged data, identifying a first plurality of data reads from the restarted application at the second system, where the first plurality of data reads occur before a predetermined checkpoint, and in response to the first plurality of data reads, retrieving the replicated logged data from the second system, and returning the replicated logged data to the restarted application at the second system.

Abstract: A computer-implemented method according to one embodiment includes establishing a predetermined checkpoint and storing duplicate read data in association with the predetermined checkpoint during a running of an application that is processing at least one data set, identifying a failure of the application, restarting the application in response to the failure, and enabling a replay of the processing of the at least one data set by the restarted application, utilizing the predetermined checkpoint and the duplicate read data.

Abstract: A method, system, and computer program product for managing a storage facility are disclosed. A potential file overlay may be detected when performing a file transfer. When a file is common to multiple systems and resides on a shared system storage volume, potential file corruption due to a data transfer request is detected and then able to be prevented. Hardware identifiers such as Universal Unique Identifiers (UUIDs) are used in managing a write of a file to shared system storage. By comparing multiple hardware identifiers, a determination is made as to whether to process the write of the file. If the hardware identifiers mismatch, the write is processed. If the hardware identifiers match, a potential file overlay is detected. Because of the potential file overlay, the write is aborted and a failure notification is returned. A successful overwrite prevention notification may also be returned.

Abstract: A method, system, and computer program product for managing a storage facility is disclosed. The methodology detects a potential file overlay when performing a file transfer. When a file is common to multiple systems and resides on a shared system storage volume, potential file corruption due to a data transfer request is detected and then able to be prevented. Hardware identifiers such as Universal Unique Identifiers (UUIDs) are used in managing a write of a file to shared system storage. By comparing multiple hardware identifiers, a determination is made as to whether to process the write of the file. If the hardware identifiers mismatch, the write is processed. If the hardware identifiers match, a potential file overlay is detected. Because of the potential file overlay, the write is stopped or a failure notification is returned.

Abstract: A method, system and program are provided for enabling access to encrypted data in a storage cartridge by wrapping the data key used to encrypt the data with one or more encryption keys (e.g., a public key from a public/private key pair) to form one or more encryption encapsulated data keys (EEDKs) and then storing the EEDK(s) on the storage cartridge along with the encrypted data. The encrypted data may be decoded by retrieving the EEDK from the storage cartridge, decrypting the EEDK with a decryption key (e.g., the private key from the public/private key pair) to extract the underlying data key, and then using the extracted data key to decrypt the encrypted data.

Abstract: An adaptive data transfer channel providing means for a data management access method (AM) to define the channel subsystem data block transfer size and to transfer an extended data block (EDB) by a single channel transfer command to avoid repeated channel command word (CCW) command decode and status presentation operations. The adaptive scheme of this invention is transparent to the user and downwardly compatible with existing data record storage formats because it is independent of the user application program. The host software in the central processing complex (CPC) tests the peripheral data storage device (PDSD) to ensure compatibility with the EDB CCWs before selecting the channel program (CP) to be used for data block transfer in the subchannel. In the EDB format, the PDSD microcode permits the accumulation of logical data blocks (LDBs) from storage to form a single large EDB before transfer to the CPC responsive to a single transfer command.

Abstract: An adaptive data transfer channel providing means for a data management access method (AM) to define the channel subsystem data block transfer size and to transfer an extended data block (EDB) by a single channel transfer command to avoid repeated channel command word (CCW) command decode and status presentation operations. The adaptive scheme of this invention is transparent to the user and downwardly compatible with existing data record storage formats because it is independent of the user application program. The host software in the central processing complex (CPC) tests the peripheral data storage device (PDSD) to ensure compatibility with the EDB CCWs before selecting the channel program (CP) to be used for data block transfer in the subchannel. In the EDB format, the PDSD microcode permits the accumulation of logical data blocks (LDBs) from storage to form a single large EDB before transfer to the CPC responsive to a single transfer command.