REPLICATION OF AN ENCRYPTED VOLUME
First Claim
1. A method comprising:
- setting up a replication partnership between a first storage node and a second storage node, wherein setting up the replication partnership comprises;
establishing a secure connection between the first storage node and the second storage node using a remote internet protocol address, a base port number, and an identifying key pair;
creating a port forwarding configuration relative to the secure connection, in part, by adding one of a set of pre-established port offsets to the base port number;
exchanging encryption keys between the first storage node and the second storage node using the port forwarding configuration; and
repeating creation of the port forwarding configuration for each remaining instance of the set of pre-established port offsets.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique includes setting up a replication partnership between a first storage node and a second storage node. The replication partnership includes establishment of a secure connection between the first storage node and the second storage node using a remote internet protocol address, a base port, and an identifying key pair. A port forwarding configuration may then be created, in part, by adding a pre-established port offset relative to a base port (e.g., a well-known TCP/IP port) for a first of a set of one or more pre-established port offsets. This process may be repeated for each remaining instance of the one or more pre-established port offsets. Encryption keys may be exchanged between the first storage node and the second storage node using at least one of the base port or the pre-established port offsets. Replication between the first storage node and the second storage node may be performed securely using the established communication channels.
5 Citations
20 Claims
-
1. A method comprising:
setting up a replication partnership between a first storage node and a second storage node, wherein setting up the replication partnership comprises; establishing a secure connection between the first storage node and the second storage node using a remote internet protocol address, a base port number, and an identifying key pair; creating a port forwarding configuration relative to the secure connection, in part, by adding one of a set of pre-established port offsets to the base port number; exchanging encryption keys between the first storage node and the second storage node using the port forwarding configuration; and repeating creation of the port forwarding configuration for each remaining instance of the set of pre-established port offsets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. An apparatus comprising:
-
at least one processor; and a memory that stores instructions that, when executed by the at least one processor, cause the at least one processor to; set up a replication partnership between a first storage node and a second storage node, wherein the instructions to cause that at least one processor to set up the replication partnership comprise instructions to cause the at least one processor to; establish a secure connection between the first storage node and the second storage node using a remote internet protocol address, a base port number, and an identifying key pair; create a port forwarding configuration, in part, by adding a pre-established port offset relative to the secure connection for a set of pre-established port offsets; repeat creation of the port forwarding configuration for each remaining instance of the set of pre-established port offsets; and exchange encryption keys between the first storage node and the second storage node using at least one communication channel associated with at least one pre-established port offset. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory storage medium storing instructions that, when executed by a machine, cause the machine to:
set up a replication partnership between a first storage node and a second storage node, wherein the instructions to set up the replication partnership comprise instructions to; establish a secure connection between the first storage node and the second storage node using a remote internet protocol address, a base port number, and an identifying key pair; create a port forwarding configuration, in part, by adding a pre-established port offset relative to the base port for a set of one or more pre-established port offsets; repeat creation of the port forwarding configuration for each remaining instance of the set; and exchange encryption keys between the first storage node and the second storage node using the port forwarding configuration. - View Dependent Claims (17, 18, 19, 20)
Specification