BLOCK-LEVEL DATA STORAGE USING AN OUTSTANDING WRITE LIST
First Claim
1. A method for securely writing and reading data, the method comprising:
- receiving, at a secure storage appliance, a primary read request for a primary data block at a primary storage location of a volume provided by the secure storage appliance;
in response to receiving the primary read request, determining, at the secure storage appliance, whether the primary storage location is locked;
when the primary storage location is locked, retrieving the primary data block from an outstanding write list that stores primary write requests that could not be completed when the primary write requests were received by the secure storage appliance;
when the primary storage location is not locked,sending, from the secure storage appliance to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than N;
receiving, at the secure storage appliance, secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and
reconstructing, at the secure storage appliance, the primary data block using the secondary data blocks contained in the secondary read responses; and
sending, from the secure storage appliance, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block.
10 Assignments
0 Petitions
Accused Products
Abstract
A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.
-
Citations
20 Claims
-
1. A method for securely writing and reading data, the method comprising:
-
receiving, at a secure storage appliance, a primary read request for a primary data block at a primary storage location of a volume provided by the secure storage appliance; in response to receiving the primary read request, determining, at the secure storage appliance, whether the primary storage location is locked; when the primary storage location is locked, retrieving the primary data block from an outstanding write list that stores primary write requests that could not be completed when the primary write requests were received by the secure storage appliance; when the primary storage location is not locked, sending, from the secure storage appliance to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than N; receiving, at the secure storage appliance, secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and reconstructing, at the secure storage appliance, the primary data block using the secondary data blocks contained in the secondary read responses; and sending, from the secure storage appliance, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An electronic computing device comprising:
-
a processing unit; a primary interface; a secondary interface; and a system memory comprising instructions that, when executed by the processing unit, cause the processing unit to; receive a primary read request for a primary data block at a primary storage location of a volume provided by the electronic computing device; in response to receiving the primary read request, determine whether the primary storage location is locked; when the primary storage location is locked, retrieve the primary data block from an outstanding write list that stores primary write requests that could not be completed when the primary write requests were received by the secure storage appliance; when the primary storage location is not locked, send, to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than N; receive secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and reconstruct the primary data block using the secondary data blocks contained in the secondary read responses; and send a primary read response that is responsive to the primary read request, the primary read response containing the primary data block. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer-readable storage medium comprising instructions that, when executed at an electronic computing device, cause the electronic computing device to:
-
receive a primary write request to store a primary data block at a primary storage location; in response to receiving the primary write request, determine whether the primary storage location is locked; in response to determining that the primary storage location is locked, write the primary write request to an outstanding write list; in response to determining that the primary storage location is not locked, determine whether the primary write request can be completed; when it is determined that the primary write request cannot be completed; lock the primary storage location; and write the primary write request to the outstanding write list; and when it is determined that the primary write request can be completed; cryptographically split the primary data block into the secondary data blocks; send, to the storage devices, secondary write requests to write the secondary data blocks; receive a primary read request for the primary data block at the primary storage location of a volume provided by the electronic computing device; in response to receiving the primary read request, determine whether the primary storage location is locked; when the primary storage location is locked, retrieve the primary data block from an outstanding write list that stores primary write requests that could not be completed at the time when the primary write requests were received by the secure storage appliance; when the primary storage location is not locked, send, to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than N; receive secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and reconstruct the primary data block using the secondary data blocks contained in the secondary read responses; and send a primary read response that is responsive to the primary read request, the primary read response containing the primary data block. - View Dependent Claims (19, 20)
-
Specification