Securely moving data across boundaries

US 10,261,943 B2
Filed: 09/15/2015
Issued: 04/16/2019
Est. Priority Date: 05/01/2015
Status: Active Grant

First Claim

Patent Images

1. A computing system, comprising:

at least one processor; and

memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide;

a first computing instance that has first access rights that enables the first computing instance to enumerate data items in a source data container but not access data in the data items,the first computing instance being configured to enumerate the source data container to obtain a first enumeration list enumerating the data items in the source data container;

a second computing instance that has second access rights that enables the second computing instance to read data in the data items in the source data container and to write to a target data container that is remote from the source data container,the second computing instance being configured to copy data, in a set of the data items, from the source data container to the target data container, based on the first enumeration list; and

a third computing instance that is configured to;

after the set of data items are copied by the second computing instance, compare data in the target data container to data in the source data container to determine whether any data items are still to be moved; and

obtain a second enumeration list indicative of the data items still to be moved,the second computing instance being configured to copy the data items still to be moved from the source data container to the target data container, based on the second enumeration list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data to be moved from a source system to a target system, for a set of tenants, is first identified. The data is enumerated by a first computing instance in the source system to obtain an enumeration list. Data is copied from the source system to the target system based on the enumeration list by a second computing instance. The data in the source and target systems is then enumerated by a third computing instance to determine whether any data is still to be moved and another enumeration list is generated. The data still to be moved is then moved based on the other enumeration list.

84 Citations

View as Search Results

20 Claims

1. A computing system, comprising:
- at least one processor; and
  
  memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide;
  
  a first computing instance that has first access rights that enables the first computing instance to enumerate data items in a source data container but not access data in the data items,the first computing instance being configured to enumerate the source data container to obtain a first enumeration list enumerating the data items in the source data container;
  
  a second computing instance that has second access rights that enables the second computing instance to read data in the data items in the source data container and to write to a target data container that is remote from the source data container,the second computing instance being configured to copy data, in a set of the data items, from the source data container to the target data container, based on the first enumeration list; and
  
  a third computing instance that is configured to;
  
  after the set of data items are copied by the second computing instance, compare data in the target data container to data in the source data container to determine whether any data items are still to be moved; and
  
  obtain a second enumeration list indicative of the data items still to be moved,the second computing instance being configured to copy the data items still to be moved from the source data container to the target data container, based on the second enumeration list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computing system of claim 1 wherein the first computing instance, stores the first enumeration list in a temporary, remote storage system that is remote from a running environment of a source computing system where the data item is in the source data container.
  - 3. The computing system of claim 2, whereinthe third computing instance has third access rights that enables the third computing instance to enumerate data items in the source data container and enumerate data items in the target data container, andand wherein the instructions, when executed, provide:
    - a computing instance generator configured to launch the first, second and third computing instances.
  - 4. The computing system of claim 1, wherein one or more of the first, second, and third computing instances are executed on different hardware.
  - 5. The computing system of claim 4, wherein the enumeration list does not indicate a relation to the source data container, and the first, second, and third computing instances each comprise different virtual machines.
  - 6. The computing system of claim 1 wherein the third computing instancehas third access rights that enables the third computing instance to enumerate data items in both the source data container and the target data container, but not access data in the data items in either the source data container or the target data container,compares data items in the source data container with data items in the target data container by:
    - enumerating both the source data container and the target data container, andgenerating, as the second enumeration list, a difference list indicative of differences between the enumeration of the source data container and the enumeration of the target data container, andstores the second enumeration list in the temporary, remote storage system.
  - 7. The computing system of claim 6 wherein the instructions, when executed, provide:
    - a difference volume identifier that is configured to determine whether a volume of data in the second enumeration list meets a threshold amount, and if not, places the source data container in read only mode and copies the data still to be moved from the source data container to the target data container.
  - 8. The computing system of claim 7 wherein the third computing instance is configured to perform a final enumeration of the data items still to be moved to obtain a final enumeration list and store the final enumeration list in the temporary, remote storage system, and wherein the second computing instance is configured to copy the data items still to be moved from the source data container to the target data container, based on the final enumeration list.
  - 9. The computing system of claim 8 wherein the source data container is in a source computing system that runs an application, and wherein the instructions, when executed, provide:
    - a user re-direction system that configures the application to point to the target data container; and
      
      a data destruction component configured to destroy the data items in the source data container that was copied to the target data container.

10. A computer implemented method of moving data from a source container to a target container, the method comprising:
- enumerating, by a first compute instance, data items in the source container to obtain a first enumeration list,wherein the first compute instance has first access rights that enables the first compute instance to enumerate the data items but not access data in the data items;
  
  copying, by a second compute instance, data, in a set of the data items, from the source container to the target container based on the first enumeration list,wherein the second compute instance has second access rights that enables the second compute instance to read data in the data items in the source container and to write to the target container; and
  
  after the set of data items are copied by the second computing instance,comparing, by a third compute instance, data in the target container to data in the source container to determine whether any data is still to be moved;
  
  based on the comparison, generating a second enumeration list indicative of the data items still to be moved;
  
  moving the data items still to be moved based on the second enumeration list.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer implemented method of claim 10 and further comprising:
    - storing the first enumeration list in a temporary, remote storage system, that is remote from a running environment of a source computing system where the data is in the source container.
  - 12. The computer implemented method of claim 11 wherein comparing data in the source container with data in the target container comprises:
    - enumerating both the source container and the target container;
      
      the third compute instance has third access rights that enables the third compute instance to enumerate data items in the source data container and enumerate data items in the target data container, andthe hardware comprises a processor and memory.
  - 13. The computer implemented method of claim 12 wherein comparing data comprises:
    - generating a difference list indicative of differences between the enumeration of the source container and the enumeration of the target container, as the second enumeration list; and
      
      storing the second enumeration list in the temporary, remote storage system.
  - 14. The computer implemented method of claim 13 wherein moving the data items still to be moved comprises:
    - moving the data items still to be moved with the second compute instance.
  - 15. The computer implemented method of claim 13 and further comprising:
    - determining whether a volume of data in the second enumeration list meets a threshold amount; and
      
      if not, placing the source container in read only mode and copying the data items still to be moved from the source container to the target container.
  - 16. The computer implemented method of claim 15 wherein copying the data items still to be moved comprises:
    - performing a final enumeration of the data items still to be moved to obtain a final enumeration list;
      
      storing the final enumeration list in the temporary, remote storage system; and
      
      copying the data items still to be moved from the source container to the target container, based on the final enumeration list, with the second compute instance.
  - 17. The computer implemented method of claim 16 wherein the source container is in a source computing system that runs an application, and further comprising:
    - configuring the application to point to the target container.
  - 18. The computer implemented method of claim 17 and further comprising:
    - destroying the data items in the source container that were copied to the target container.

19. A computing system, comprising:
- at least one processor; and
  
  memory storing instructions executable by the at least one processor, wherein the instructions, when executed, provide;
  
  a first computing instance that has only enumeration rights to a source data container, the first computing instance enumerating the source data container to obtain a first enumeration list enumerating data in the source data container, wherein the first compute instance, stores the first enumeration list in a temporary, remote storage system that is remote from a running environment of a source computing system where the data is in the source data container;
  
  a second computing instance that has read only access to the source data container and write access to a target data container, that is remote from the source data container, and that copies data from the source data container to the target data container, based on the first enumeration list;
  
  a third computing instance that compares data in the target data container to data in the source data container, after data is copied by the second computing instance, to determine whether any data is still to be moved and obtain a second enumeration list indicative of the data still to be moved, the second computing instance copying the data still to be moved from the source data container to the target data container, based on the second enumeration list; and
  
  a difference volume identifier that is configured to determine whether a volume of data in the second enumeration list meets a threshold amount, and if not, places the source data container in read only mode and copies the data still to be moved from the source data container to the target data container.
- View Dependent Claims (20)
- - 20. The computing system of claim 19 wherein the source data container is in a source computing system that runs an application, and wherein the instructions, when executed provide:
    - a user re-direction system that configures the application to point to the target data container; and
      
      a data destruction component configured to destroy the data in the source data container that was copied to the target data container.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Narayan, Shyam, Gopal, Burra, Fanaru, Adrian, Rupke, James, Oliver, David Charles, Winter, Daniel Keith, Manek, Parul
Primary Examiner(s)
Bowen, Richard L

Application Number

US14/854,761
Publication Number

US 20160321274A1
Time in Patent Office

1,309 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/119   Details of migration of fil...

G06F 16/162   Delete operations erasing i...

G06F 16/2365   Ensuring data consistency a...

G06F 16/27   Replication, distribution o...

Securely moving data across boundaries

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

84 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securely moving data across boundaries

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links