Storage availability using cryptographic splitting

US 8,135,980 B2
Filed: 12/23/2008
Issued: 03/13/2012
Est. Priority Date: 12/23/2008
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining data connectivity in a secure storage network, the method comprising:

assigning a volume to a primary secure storage appliance located in a secure data storage network, the secure data storage network including a plurality of secure data paths between the primary secure storage appliance and a client device and a plurality of secure data paths between the secure storage appliance and a plurality of storage systems, the volume corresponding to physical storage at each of the plurality of storage systems;

detecting a connectivity problem on at least one of the secure data paths; and

assessing whether to reassign the volume to a different secure storage appliance based upon the connectivity problem;

wherein the plurality of secure data paths encrypt data transmitted over each of the plurality of secure data paths using different encryption keys; and

the data transmitted over each of the plurality of secure data paths corresponds to a different portion of the data being transmitted between the primary secure storage appliance and the client device.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. In one aspect, a method includes assigning a volume to a primary secure storage appliance located in a secure data storage network, the secure data storage network including a plurality of secure data paths between the primary secure storage appliance and a client device and a plurality of secure data paths between the secure storage appliance and a plurality of storage systems, the volume corresponding to physical storage at each of the plurality of storage systems. The method also includes detecting a connectivity problem on at least one of the secure data paths. The method further includes assessing whether to reassign the volume to a different secure storage appliance based upon the connectivity problem.

36 Citations

View as Search Results

23 Claims

1. A method of maintaining data connectivity in a secure storage network, the method comprising:
- assigning a volume to a primary secure storage appliance located in a secure data storage network, the secure data storage network including a plurality of secure data paths between the primary secure storage appliance and a client device and a plurality of secure data paths between the secure storage appliance and a plurality of storage systems, the volume corresponding to physical storage at each of the plurality of storage systems;
  
  detecting a connectivity problem on at least one of the secure data paths; and
  
  assessing whether to reassign the volume to a different secure storage appliance based upon the connectivity problem;
  
  wherein the plurality of secure data paths encrypt data transmitted over each of the plurality of secure data paths using different encryption keys; and
  
  the data transmitted over each of the plurality of secure data paths corresponds to a different portion of the data being transmitted between the primary secure storage appliance and the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising:
    - receiving data related to the volume at a second secure storage appliance communicatively connected to the primary secure storage appliance; and
      
      after assessing whether to reassign the volume to a different secure storage appliance, assigning the volume to the second secure storage appliance, thereby rendering the second secure storage appliance a new primary storage appliance.
  - 3. The method of claim 2, further comprising, upon assigning the volume to the second secure storage appliance, disassociating the volume from the primary secure storage appliance.
  - 4. The method of claim 2, further comprising, upon assigning the volume to the second secure storage appliance, sending an error message to an administrator of the secure data storage network.
  - 5. The method of claim 2, wherein the second secure storage appliance resides within a cluster including the primary secure storage appliance.
  - 6. The method of claim 1, wherein detecting a connectivity problem on at least one of the secure data paths comprises detecting a lack of connectivity on all of the plurality of secure data paths between the primary secure storage appliance and the client device.
  - 7. The method of claim 1, wherein the volume is presented to the client device as a virtual disk.
  - 8. The method of claim 1, wherein detecting a connectivity problem on at least one of the secure data paths occurs at a secure storage appliance in response to receipt of a data request from a client.
  - 9. The method of claim 8, wherein the data request is a request selected from the group consisting of a read request and a write request.
  - 10. The method of claim 1, wherein detecting a connectivity problem on at least one of the secure data paths occurs at a secure storage appliance in response to receipt of a failed transmission message relating to a secondary data request from the primary secure storage appliance to one or more of the plurality of storage systems.
  - 11. The method of claim 10, wherein the secondary data request is a secondary read request for a block of data stored at the plurality of storage systems.
  - 12. The method of claim 11, further comprising:
    - determining a failed connection between the primary secure storage appliance and one or more of the plurality of storage systems such that the secure storage appliance cannot successfully reconstitute the block of data identified by the secondary read request; and
      
      assigning the volume to a second secure storage appliance, thereby rendering the second secure storage appliance a new primary storage appliance.
  - 13. The method of claim 12, further comprising, upon assigning the volume to the second secure storage appliance, disassociating the volume from the primary secure storage appliance.
  - 14. The method of claim 12, further comprising, upon assigning the volume to the second secure storage appliance, sending an error message to an administrator of the secure data storage network.
  - 15. The method of claim 1, wherein assessing whether to reassign the volume to a different secure storage appliance based upon the connectivity problem includes assessing alternative data paths to the primary secure storage appliance from among the plurality of secure data paths.

16. A multi-path secure storage network comprising:
- a client device;
  
  a plurality of storage systems;
  
  a primary secure storage appliance associated with a volume, the primary secure storage appliance configured to manage data requests associated with the volume, the volume associated with data stored at each of the plurality of storage systems;
  
  a plurality of secure data paths between the primary secure storage appliance and the client device; and
  
  a plurality of secure data paths between the primary secure storage appliance and the plurality of storage systems;
  
  wherein the primary secure storage appliance is configured to detect a connectivity problem on at least one of the secure data paths and assess whether to reassign the volume to a different secure storage appliance based upon the connectivity problem;
  
  the plurality of secure data paths encrypt data transmitted over each of the plurality of secure data paths using different encryption keys; and
  
  the data transmitted over each of the plurality of secure data paths corresponds to a different portion of the data being transmitted between the primary secure storage appliance and the client device.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The multi-path secure storage network of claim 16, wherein the primary secure storage appliance is further configured to receive data related to the volume at a second secure storage appliance communicatively connected to the primary secure storage appliance, and, after assessing whether to reassign the volume to a different secure storage appliance, associate the volume with the second secure storage appliance, thereby rendering the second secure storage appliance a new primary storage appliance.
  - 18. The multi-path secure storage network of claim 17, wherein the primary secure storage appliance is further configured to, upon transferring association of the volume to the second secure storage appliance, disassociate from the volume.
  - 19. The multi-path secure storage network of claim 17, wherein the primary secure storage appliance is further configured to, upon transferring association of the volume to the second secure storage appliance, send an error message to an administrator of the secure data storage network.
  - 20. The multi-path secure storage network of claim 16, wherein the primary secure storage appliance is configured to detect a connectivity problem on at least one of the secure data paths in response to receipt of a data request from a client.
  - 21. The multi-path secure storage network of claim 20, wherein the data request is a request selected from the group consisting of a read request and write request.
  - 22. The multi-path secure storage network of claim 16, wherein the volume is presented to the client device as a virtual disk.

23. A method of maintaining data connectivity in a secure storage network, the method comprising:
- assigning a volume to a primary secure storage appliance located in a secure data storage network, the secure data storage network including a plurality of secure data paths between the primary secure storage appliance and a client device and a plurality of secure data paths between the secure storage appliance and a plurality of storage systems, the volume corresponding to physical storage at each of the plurality of storage systems;
  
  detecting a connectivity problem on at least one of the secure data paths;
  
  assessing whether to reassign the volume to a different secure storage appliance based upon the connectivity problem;
  
  assigning the volume to a second secure storage appliance, thereby rendering the second secure storage appliance a new primary storage appliance; and
  
  disassociating the volume from the primary secure storage appliance;
  
  wherein the plurality of secure data paths encrypt data transmitted over each of the plurality of secure data paths using different encryption keys; and
  
  the data transmitted over each of the plurality of secure data paths corresponds to a different portion of the data being transmitted between the primary secure storage appliance and the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Dodgson, David, Neill, Joseph, Farina, Ralph, Chin, Edward, French, Albert, Summers, Scott
Primary Examiner(s)
Baderman, Scott
Assistant Examiner(s)
Patel, Kamini

Application Number

US12/342,438
Publication Number

US 20100162031A1
Time in Patent Office

1,176 Days
Field of Search

714/4
US Class Current

714/4.2
CPC Class Codes

G06F 11/2007   using redundant communicati...

H04L 63/06   for supporting key manageme...

H04L 63/104   Grouping of entities

Storage availability using cryptographic splitting

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Storage availability using cryptographic splitting

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others