Background encryption of disks in a large cluster

US 8,171,307 B1
Filed: 05/26/2006
Issued: 05/01/2012
Est. Priority Date: 05/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method for encrypting a disk, the disk accessible by a plurality of storage security appliances, and the disk accessed via a storage system, comprising:

selecting one of the storage security appliances as a master, and designating all the other storage security appliances as slaves;

sending, by the master, a first message to each slave, the first message comprising;

(i) a location of a first area of the disk, and(ii) an instruction to block access to the first area; and

receiving, by the master, in response to the first message, a second message comprising a location of a second area of the disk designated as blocked from access by a slave, where the second area extends past the first area, and where the slave permits access to unblocked areas of the disk;

encrypting, by the master, the contents of the disk, starting with the first area and proceeding on an area-by-area basis, until the entire disk is encrypted;

sending, by the master, a third message to each slave, the third message comprising an instruction to block access to a rekey recovery area of the disk;

decrypting and then re-encrypting, by the master, a backup of the rekey recovery area of the disk;

overwriting, by the master, the rekey recovery area of the disk;

sending a fourth message, by the master, to each slave, the fourth message comprising a notice that encryption of the disk is terminated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides for rekeying a large cluster of storage security appliances which allows more than two of the storage security appliances to proxy a single storage medium while encrypting the storage medium in a manner that is transparent to any attached server. The invention provides a method for synchronizing encryption of the disk among a large cluster of storage security appliances, while allowing all of the storage security appliances involved to access the storage device being rekeyed in a secure fashion.

73 Citations

View as Search Results

20 Claims

1. A method for encrypting a disk, the disk accessible by a plurality of storage security appliances, and the disk accessed via a storage system, comprising:
- selecting one of the storage security appliances as a master, and designating all the other storage security appliances as slaves;
  
  sending, by the master, a first message to each slave, the first message comprising;
  
  (i) a location of a first area of the disk, and(ii) an instruction to block access to the first area; and
  
  receiving, by the master, in response to the first message, a second message comprising a location of a second area of the disk designated as blocked from access by a slave, where the second area extends past the first area, and where the slave permits access to unblocked areas of the disk;
  
  encrypting, by the master, the contents of the disk, starting with the first area and proceeding on an area-by-area basis, until the entire disk is encrypted;
  
  sending, by the master, a third message to each slave, the third message comprising an instruction to block access to a rekey recovery area of the disk;
  
  decrypting and then re-encrypting, by the master, a backup of the rekey recovery area of the disk;
  
  overwriting, by the master, the rekey recovery area of the disk;
  
  sending a fourth message, by the master, to each slave, the fourth message comprising a notice that encryption of the disk is terminated.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising loading, by the master, contents of the rekey recovery area into a non-volatile memory.
  - 3. The method of claim 2, wherein status of overwriting the rekey recovery area is saved in the non-volatile memory.
  - 4. The method of claim 1, wherein encrypting further comprises:
    - encrypting the area of the disk within the second area that extends beyond the first area.
  - 5. The method of claim 1, wherein access provided by the slaves uses a protocol chosen from a group of protocols consisting of CIFS, NFS, iSCSI, and SCSI over Fiber Channel.
  - 6. The method of claim 1, further comprising:
    - in response to an error, the master retrying sending, receiving and encrypting.
  - 7. The method of claim 1, further comprising:
    - in response to an error indicating the disk is not available, selecting another storage security appliance as master.

8. A cluster of storage security appliances for encrypting a disk, the disk accessed via a storage system the cluster comprising:
- a plurality of slave storage security appliances (slaves);
  
  a master storage security appliance (master), the master configured to;
  
  send a first message to each slave, the first message comprising;
  
  (i) a location of a first area of the disk, and(ii) an instruction to block access to the first area;
  
  receive a second message in response to the first message, the second message comprising a location of a second area of the disk designated as blocked from access by a slave, where the second area extends past the first area, and where the slave permits access to unblocked areas of the disk; and
  
  encrypt the contents of the disk, starting with the first area and proceeding on an area-by-area basis, until the entire disk is encrypted;
  
  send a third message to each slave, the third message comprising an instruction to block access to a rekey recovery area of the disk;
  
  decrypt and then re-encrypt a backup of the rekey recovery area of the disk;
  
  overwrite the rekey recovery area of the disk;
  
  send a fourth message to each slave, the fourth message comprising a notice that encryption of the disk is terminated.
- View Dependent Claims (9, 10, 11)
- - 9. The cluster of claim 8, wherein the master further comprises:
    - a non-volatile memory loaded with the contents of a rekey recovery area on the disk.
  - 10. The cluster of claim 8, further comprising:
    - a management process for selecting the master from among the cluster of storage security appliances.
  - 11. The cluster apparatus of claim 8, wherein each slave further comprises:
    - a state machine comprising the states of;
      
      an idle state where the slave provides proxy access to the disk;
      
      a block state where the slave blocks a region of the disk requested by the master;
      
      a done state where encryption of the disk is terminated; and
      
      an error state where the slave has not received any messages for a predetermined period of time, and the slave awaits further instructions.

12. An apparatus for encrypting a disk, the disk accessible by a plurality of systems, and the disk accessed via a storage system, the apparatus comprising a memory and configured to:
- send a first message to each system, the first message comprising;
  
  (i) a location of a first area of the disk, and(ii) an instruction to block access to the first area;
  
  receive a second message in response to the first message, the second message comprising a location of a second area of the disk designated as blocked from access by the system, where the second area extends past the first area, and where the system providing access to unblocked areas of the disk;
  
  encrypt the contents of the disk, starting with the first area and proceeding on an area-by-area basis, until the disk is encrypted;
  
  send a third message to each system, the third message comprising an instruction to block access to a rekey recovery area of the disk;
  
  decrypt and then re-encrypt a backup of the rekey recovery area of the disk;
  
  overwrite the rekey recovery area of the disk;
  
  send a fourth message to each system, the fourth message comprising a notice that encryption of the disk is terminated.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The apparatus of claim 12, further comprising:
    - a non-volatile memory loaded with the contents of the rekey recovery area of the disk.
  - 14. The apparatus of claim 13, wherein status is stored in the non-volatile memory of the execution of the program instructions that overwrite the rekey area of the disk.
  - 15. The apparatus of claim 12, the step of encrypting further comprising:
    - encrypting the area of the disk within the second area that extends beyond the first area.
  - 16. The apparatus of claim 12, wherein access provided by the systems uses a protocol chosen from the group of protocols consisting of CIFS, NFS, iSCSI, and SCSI over Fiber Channel.
  - 17. The apparatus of claim 12, further comprising:
    - program instructions that in response to an error, the apparatus is programmed to repeat the program instructions that send, receive and encrypt.
  - 18. The apparatus of claim 12, further comprising:
    - program instructions that in response to an error indicating the disk is not available, selecting another storage security appliance as master.

19. An apparatus for disk encryption, comprising a memory and configured to:
- designate the apparatus as a master;
  
  send a first message to a plurality of slave systems, the message instructing the plurality of slave systems to block access to a rekey recovery area of the disk, the disk accessed via a storage system;
  
  in response to a second message received from all the slaves, broadcast the contents of the rekey recovery area to all the slaves; and
  
  encrypt the contents of the disk, starting with a first area and proceeding on an area-by-area basis, until said entire disk is encrypted, where a backup of each area is written to the rekey recovery area prior to encryption of each area;
  
  send a third message to each slave, the third message comprising an instruction to block access to a rekey recovery area of the disk;
  
  decrypt and then re-encrypt a backup of the rekey recovery area of the disk;
  
  overwrite the rekey recovery area of the disk;
  
  send a fourth message to each slave, the fourth message comprising a notice that encryption of the disk is terminated.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, the memory further comprising:
    - a non-volatile memory loaded with the contents of the rekey recovery area on the disk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Chang, Steven
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Rahman, Mahfuzur

Application Number

US11/420,723
Time in Patent Office

2,167 Days
Field of Search

713/189
US Class Current

713/189
CPC Class Codes

G06F 11/2023   Failover techniques

G06F 21/80   in storage media based on m...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 67/1097   for distributed storage of ...

Background encryption of disks in a large cluster

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Background encryption of disks in a large cluster

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links