Method for voting with secret shares in a distributed system
First Claim
1. A method for recovering from a failure of a primary server storing a file that is replicated in each of a plurality of secondary servers in a server cluster, the method comprising:
- transmitting a request from a particular server in the server cluster to one or more servers in the server cluster for a portion of a master secret value, wherein, at the time of the failure, the complete master secret value is known to the primary server but not to any one of the other servers in the server cluster;
receiving a threshold number of different portions of the master secret value at the particular server;
reconstructing the master secret value based on the received threshold number of different portions at the particular server;
generating an authentication value derived from the master secret value at the particular server, the authentication value being used by at least some of the secondary servers to authenticate an operation as originating from the primary server;
distributing the authentication value from the particular server to each of the plurality of secondary servers; and
acting as a new primary server by the particular server after the master secret value is reconstructed at the particular server.
2 Assignments
0 Petitions
Accused Products
Abstract
A replicated decentralized storage system comprises a plurality of servers that locally store disk images for locally running virtual machines as well as disk images, for failover purposes, for remotely running virtual machines. To ensure that disk images stored for failover purposes are properly replicated upon an update of the disk image on the server running the virtual machine, a hash of a unique value known only to the server running the virtual machine is used to verify the origin of update operations that have been transmitted by the server to the other servers storing replications of the disk image for failover purposes. If verified, the update operations are added to such failover disk images. To enable the replicated decentralized system to recover from a failure of the primary server, the master secret is subdivided into parts and distributed to other servers in the cluster. Upon a failure of the primary server, a secondary server receives a threshold number of the parts and is able to recreate the master secret and failover virtual machines that were running in the failed primary server.
-
Citations
20 Claims
-
1. A method for recovering from a failure of a primary server storing a file that is replicated in each of a plurality of secondary servers in a server cluster, the method comprising:
-
transmitting a request from a particular server in the server cluster to one or more servers in the server cluster for a portion of a master secret value, wherein, at the time of the failure, the complete master secret value is known to the primary server but not to any one of the other servers in the server cluster; receiving a threshold number of different portions of the master secret value at the particular server; reconstructing the master secret value based on the received threshold number of different portions at the particular server; generating an authentication value derived from the master secret value at the particular server, the authentication value being used by at least some of the secondary servers to authenticate an operation as originating from the primary server; distributing the authentication value from the particular server to each of the plurality of secondary servers; and acting as a new primary server by the particular server after the master secret value is reconstructed at the particular server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium including instructions that, when executed by a processing unit of a secondary server storing a replication of a file stored on a primary server, causes the processing unit to recover from a failure of the primary server by performing the steps of:
-
transmitting a request from a particular server in the server cluster to one or more servers in a server cluster for a portion of a master secret value, wherein, at the time of the failure, the complete master secret value is known to the primary server but not to any one of the other servers in the server cluster; receiving a threshold number of different portions of the master secret value at the particular server; reconstructing the master secret value based on the received threshold number of different portions at the particular server; generating an authentication value derived from the master secret value at the particular server, the authentication value being used by at least some of the secondary servers to authenticate an operation as originating from the primary server; distributing the authentication value from the particular server to each of the plurality of secondary servers; and acting as a new primary server by the particular server after the master secret value is reconstructed at the particular server. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for enabling a plurality of secondary servers in a server cluster to recover from a failure of a primary server, wherein each of the plurality of secondary servers stores a replication of a log file stored on the primary server, the method comprising:
-
generating a master secret value to create unique identifiers for update operations to the log file and each replication of the log file stored by each of the plurality of secondary servers, wherein each update operation comprises a public unique id comprising a hash of a private unique id generated from the master secret value; dividing the master secret value into a plurality of parts, wherein a threshold number of any of the plurality of parts can recreate the master secret value; transmitting each of the plurality of parts for a different server in the server cluster. - View Dependent Claims (20)
-
Specification