STORAGE AVAILABILITY USING CRYPTOGRAPHIC SPLITTING
First Claim
1. A method of maintaining data connectivity in a secure data storage network, the method comprising:
- assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems;
storing data, by the primary secure storage appliance, in the volume as blocks spread across the plurality of storage systems, the data stored across the plurality of storage systems cryptography splits the data into a plurality of secondary data blocks that are stored into the separate volumes;
detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance;
upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance;
wherein in cryptographically splitting the data into the plurality of secondary data blocks utilizes a plurality of encryption keys to create a plurality of separate community of interest data sets in which the data and corresponding plurality of secondary data blocks are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for maintaining data connectivity in a secure data storage network are disclosed. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems. The method further includes detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance. The method also includes, upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance.
31 Citations
21 Claims
-
1. A method of maintaining data connectivity in a secure data storage network, the method comprising:
-
assigning a volume to a primary secure storage appliance located in a secure data storage network the primary secure storage appliance selected from among a plurality of secure storage appliances located in the secure data storage network, the volume presented as a virtual disk to a client device and mapped to physical storage at each of a plurality of storage systems; storing data, by the primary secure storage appliance, in the volume as blocks spread across the plurality of storage systems, the data stored across the plurality of storage systems cryptography splits the data into a plurality of secondary data blocks that are stored into the separate volumes; detecting at one of the plurality of secure storage appliances a failure of the primary secure storage appliance; upon detecting the failure of the primary secure storage appliance, reassigning the volume to a second secure storage appliance from among the plurality of secure storage appliances, thereby rendering the second secure storage appliance a new primary secure storage appliance; wherein in cryptographically splitting the data into the plurality of secondary data blocks utilizes a plurality of encryption keys to create a plurality of separate community of interest data sets in which the data and corresponding plurality of secondary data blocks are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. (canceled)
-
14. (canceled)
-
15. (canceled)
-
16. (canceled)
-
17. (canceled)
-
18. A secure data storage network comprising:
-
a client device; a plurality of storage systems; a plurality of secure storage appliances interconnected between the client device and the plurality of storage systems, the plurality of secure storage appliances including a primary secure storage appliance associated with a volume, the volume presented as a virtual disk to the client device and mapped to physical storage at each of the plurality of storage systems; wherein each of the plurality of secure storage appliances includes a common set of administrative information, and each of the plurality of secure storage appliances monitors operational status of one or more of a different secure storage appliance among the plurality of secure storage appliances; wherein data is stored in the volume as blocks spread across the plurality of storage systems by the primary secure storage appliance and the data stored across virtual disk being cryptography split into a plurality of secondary data blocks that are stored into the separate volumes of the virtual disk; and the cryptographically splitting the data into the plurality of secondary data blocks utilizes a plurality of encryption keys to create a plurality of separate community of interest data sets in which the data and corresponding plurality of secondary data blocks are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests. - View Dependent Claims (19, 20, 21)
-
Specification