Synchronous replication for system and data security
First Claim
1. A method comprising:
- replicating an operation on data from first data storage in a first security domain to second data storage in a second security domain, whereinthe first security domain and the second security domain are independent of one another,the first security domain permits a first host in the first security domain to directly access the first data storage, andthe first security domain prohibits a second host in the second security domain from directly accessing the first data storage;
awaiting a receipt of an acknowledgement that the operation on the data has been completed in the second security domain; and
completing the operation on the data in the first security domain in response to the receipt of the acknowledgement that the operation on the data has been completed in the second security domain, wherein the completing the operation in the second security domain comprises completing the operation on the data in second data storage in the second security domain.
8 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and computer-readable medium for maintaining up-to-date, consistent backup copies of primary data that are immune to corruption even when security of the primary data is breached. Independent security domains are established for primary and secondary data, such that access to each security domain must be obtained independently of access to the other security domains. For example, a host computer system having access to data storage in the primary security domain does not have access to data storage in the secondary security domain, and vice versa. Changes to primary data are synchronously replicated over a tightly controlled replication link from primary data storage in the primary security domain to secondary data storage in the secondary security domain. A change to the data is completed in the primary security domain when an acknowledgement is received that the change to the data has been stored in secondary data storage.
-
Citations
53 Claims
-
1. A method comprising:
-
replicating an operation on data from first data storage in a first security domain to second data storage in a second security domain, wherein the first security domain and the second security domain are independent of one another, the first security domain permits a first host in the first security domain to directly access the first data storage, and the first security domain prohibits a second host in the second security domain from directly accessing the first data storage; awaiting a receipt of an acknowledgement that the operation on the data has been completed in the second security domain; and completing the operation on the data in the first security domain in response to the receipt of the acknowledgement that the operation on the data has been completed in the second security domain, wherein the completing the operation in the second security domain comprises completing the operation on the data in second data storage in the second security domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A system comprising:
-
means for replicating an operation on data from first data storage in a first security domain to second data storage in a second security domain, wherein the first security domain and the second security domain are independent of one another, the first security domain permits a first host in the first security domain to directly access the first data storage, and the first security domain prohibits a second host in the second security domain from directly accessing the first data storage; means for awaiting a receipt of an acknowledgement that the operation on the data has been completed in the second security domain; and means for completing the operation on the data in the first security domain in response to the receipt of the acknowledgement that the operation on the data has been completed in the second security domain, wherein the completing the operation in the second security domain comprises completing the operation on the data in second data storage in the second security domain. - View Dependent Claims (43)
-
-
44. A system comprising:
-
a replication module configured to replicate an operation on data from first data storage in a first security domain to second data storage in a second security domain, wherein the first security domain and the second security domain are independent of one another, the first security domain permits a first host in the first security domain to directly access the first data storage, and the first security domain prohibits a second host in the second security domain from directly accessing the first data storage; a receiving module configured to await a receipt of an acknowledgement that the operation on the data has been completed in the second security domain; and a completion module configured to complete the operation on the data in the first security domain in response to the receipt of the acknowledgement that the operation on the data has been completed in the second security domain, wherein the completing the operation in the second security domain comprises completing the operation on the data in second data storage in the second security domain. - View Dependent Claims (45, 46, 47, 48)
-
-
49. A computer-readable medium comprising:
-
replicating instructions configured to replicate an operation on data from first data storage in a first security domain to second data storage in a second security domain, wherein the first security domain and the second security domain are independent of one another, the first security domain permits a first host in the first security domain to directly access the first data storage, and the first security domain prohibits a second host in the second security domain from directly accessing the first data storage; awaiting a receipt of an acknowledgement that the operation on the data has been completed in the second security domain; and completing instructions configured to complete the operation on the data in the first security domain in response to the receipt of the acknowledgement that the operation on the data has been completed in the second security domain, wherein the completing the operation in the second security domain comprises completing the operation on the data in second data storage in the second security domain. - View Dependent Claims (50, 51, 52, 53)
-
Specification