Block-level data storage using an outstanding write list

US 8,386,798 B2
Filed: 12/23/2008
Issued: 02/26/2013
Est. Priority Date: 12/23/2008
Status: Active Grant

First Claim

Patent Images

1. A method for securely writing and reading data, the method comprising:

receiving, at a secure storage appliance, a primary read request for a primary data block at a primary storage location of a volume provided by the secure storage appliance;

in response to receiving the primary read request, determining, at the secure storage appliance, whether the primary storage location is locked;

when the primary storage location is locked, retrieving the primary data block from an outstanding write list that stores primary write requests that could not be completed when the primary write requests were received by the secure storage appliance;

when the primary storage location is not locked,sending, from the secure storage appliance to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than N;

receiving, at the secure storage appliance, secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and

reconstructing, at the secure storage appliance, the primary data block using the secondary data blocks contained in the secondary read responses; and

sending, from the secure storage appliance, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block;

wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.

43 Citations

View as Search Results

18 Claims

1. A method for securely writing and reading data, the method comprising:
- receiving, at a secure storage appliance, a primary read request for a primary data block at a primary storage location of a volume provided by the secure storage appliance;
  
  in response to receiving the primary read request, determining, at the secure storage appliance, whether the primary storage location is locked;
  
  when the primary storage location is locked, retrieving the primary data block from an outstanding write list that stores primary write requests that could not be completed when the primary write requests were received by the secure storage appliance;
  
  when the primary storage location is not locked,sending, from the secure storage appliance to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than N;
  
  receiving, at the secure storage appliance, secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and
  
  reconstructing, at the secure storage appliance, the primary data block using the secondary data blocks contained in the secondary read responses; and
  
  sending, from the secure storage appliance, a primary read response that is responsive to the primary read request, the primary read response containing the primary data block;
  
  wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - receiving, at the secure storage appliance, a primary write request to store the primary data block at the primary storage location;
      
      in response to receiving the primary write request, determining whether the primary storage location is locked;
      
      in response to determining that the primary storage location is locked, writing the primary write request to the outstanding write list;
      
      in response to determining that the primary storage location is not locked, determining, at the secure storage appliance, whether the primary write request can be completed;
      
      when it is determined that the primary write request cannot be completed;
      
      locking, at the secure storage appliance, the primary storage location; and
      
      writing the primary write request to the outstanding write list; and
      
      when it is determined that the primary write request can be completed;
      
      cryptographically splitting, at the secure storage appliance, the primary data block into the secondary data blocks; and
      
      sending, from the secure storage appliance to the storage devices, secondary write requests to write the secondary data blocks.
  - 3. The method of claim 2, wherein determining whether the primary write request can be completed comprises:
    - determining that the primary write request could not be completed when a backup operation is currently occurring at the one of the storage devices.
  - 4. The method of claim 2, wherein determining whether the primary write request can be completed comprises:
    - determining that the primary write request could not be completed when one of the storage devices is not currently available.
  - 5. The method of claim 2, further comprising:
    - after writing the primary write request to the outstanding write list,cryptographically splitting, at the secure storage appliance, the primary data block into the secondary data blocks;
      
      sending, from the secure storage appliance to the storage devices, secondary write requests to write the secondary data blocks;
      
      determining, at the secure storage appliance, whether all of the secondary write requests were successful; and
      
      unlocking, at the secure storage appliance, the primary storage location when the secondary write requests were successful.
  - 6. The method of claim 5, further comprising:
    - removing the primary write request from the outstanding write list when the secondary write requests were successful.
  - 7. The method of claim 1, further comprising:
    - storing a first subset of the secondary data blocks at a first subset of the storage devices that is physically located at a first data center; and
      
      storing a second subset of the secondary data blocks at a second subset of the storage devices that is physically located at a second data center, the first data center being geographically separated from the second data center.
  - 8. The method of claim 7,wherein the first subset of the secondary data blocks includes at least the minimum number of secondary data blocks;
    - andwherein the second subset of the secondary data blocks includes at least the minimum number of secondary data blocks.
  - 9. The method of claim 7, wherein storing the first subset of the secondary data blocks comprises sending the secondary write requests from the secure storage appliance to the storage devices via a storage-area network (SAN).
  - 10. The method of claim 1, wherein locking the primary storage location comprises updating metadata stored at the secure storage appliance.

11. An electronic computing device comprising:
- a processing unit;
  
  a primary interface;
  
  a secondary interface; and
  
  a system memory comprising instructions that, when executed by the processing unit, cause the processing unit to;
  
  receive a primary read request for a primary data block at a primary storage location of a volume provided by the electronic computing device;
  
  in response to receiving the primary read request, determine whether the primary storage location is locked;
  
  when the primary storage location is locked, retrieve the primary data block from an outstanding write list that stores primary write requests that could not be completed when the primary write requests were received by the secure storage appliance;
  
  when the primary storage location is not locked,send, to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than N;
  
  receive secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and
  
  reconstruct the primary data block using the secondary data blocks contained in the secondary read responses; and
  
  send a primary read response that is responsive to the primary read request,the primary read response containing the primary data block;
  
  wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The electronic computing device of claim 11, wherein the instructions further cause the processing unit to:
    - receive a primary write request to store the primary data block at the primary storage location;
      
      in response to receiving the primary write request, determine whether the primary storage location is locked;
      
      in response to determining that the primary storage location is locked, writing the primary write request to the outstanding write list;
      
      in response to determining that the primary storage location is not locked, determine whether the primary write request can be completed;
      
      when it is determined that the primary write request cannot be completed;
      
      lock the primary storage location; and
      
      write the primary write request to the outstanding write list; and
      
      when it is determined that the primary write request can be completed;
      
      cryptographically split the primary data block into the secondary data blocks;
      
      send, to the storage devices, secondary write requests to write the secondary data blocks.
  - 13. The electronic computing device of claim 12, wherein the instructions cause the processing unit to determine that the primary write request could not be completed when a backup operation is currently occurring at one of the storage devices.
  - 14. The electronic computing device of claim 12, wherein the instructions cause the processing unit to determine that the primary write request could not be completed when one of the storage devices is not currently available.
  - 15. The electronic computing device of claim 12, the instructions further causing the processing unit to:
    - after writing the primary data block to the outstanding write list,cryptographically split the primary data block into the secondary data blocks;
      
      send, to the storage devices, secondary write requests to write the secondary data blocks;
      
      determine whether all of the secondary write requests were successful; and
      
      unlock the primary storage location when the secondary write requests were successful.

16. A non-transitory computer-readable storage medium comprising encoded digital data representing instructions that, when executed at an electronic computing device, cause the electronic computing device to:
- receive a primary write request to store a primary data block at a primary storage location;
  
  in response to receiving the primary write request, determine whether the primary storage location is locked;
  
  in response to determining that the primary storage location is locked, write the primary write request to an outstanding write list;
  
  in response to determining that the primary storage location is not locked, determine whether the primary write request can be completed;
  
  when it is determined that the primary write request cannot be completed;
  
  lock the primary storage location; and
  
  write the primary write request to the outstanding write list; and
  
  when it is determined that the primary write request can be completed;
  
  cryptographically split the primary data block into the secondary data blocks;
  
  send, to the storage devices, secondary write requests to write the secondary data blocks;
  
  receive a primary read request for the primary data block at the primary storage location of a volume provided by the electronic computing device;
  
  in response to receiving the primary read request, determine whether the primary storage location is locked;
  
  when the primary storage location is locked, retrieve the primary data block from an outstanding write list that stores primary write requests that could not be completed at the time when the primary write requests were received by the secure storage appliance;
  
  when the primary storage location is not locked,send, to at least M storage devices in a plurality of N storage devices that store secondary data blocks that result from cryptographically splitting the primary data block, secondary read requests to read ones of the secondary data blocks, wherein M designates a minimum number of secondary data blocks required to reconstruct the primary data block and N designates a number of secondary storage blocks generated by cryptographically splitting the primary data block, wherein M is less than M;
  
  receive secondary read responses sent by the storage devices, the secondary read responses containing the secondary data blocks; and
  
  reconstruct the primary data block using the secondary data blocks contained in the secondary read responses; and
  
  send a primary read response that is responsive to the primary read request, the primary read response containing the primary data block;
  
  wherein the cryptographically splitting data utilize a plurality of encryption keys to create a plurality of separate community of interest data sets in which the primary write requests and corresponding plurality of secondary write request are members of the community of interest associated with the one of the plurality of encryption keys used in the write requests.
- View Dependent Claims (17, 18)
- - 17. The computer-readable storage medium of claim 16, wherein the instructions cause the processing unit to determine that the primary write request could not be completed when a backup operation is currently occurring at one of the storage devices.
  - 18. The computer-readable storage medium of claim 16, wherein the instructions cause the processing unit to determine that the primary write request could not be completed when one of the storage devices is not currently available.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Dodgson, David, Neill, Joseph, Farina, Ralph, Chin, Edward, French, Albert, Summers, Scott
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
HO, DAO Q

Application Number

US12/342,500
Publication Number

US 20100161919A1
Time in Patent Office

1,526 Days
Field of Search

711/161, 713/189
US Class Current

713/189
CPC Class Codes

G06F 11/1458   Management of the backup or...

G06F 11/1464   for networked environments

G06F 11/2061   combined with de-clustering...

G06F 11/2069   Management of state, config...

G06F 21/62   Protecting access to data v...

G06F 21/78   to assure secure storage of...

G06F 2221/2107   File encryption

H04L 63/0428   wherein the data content is...

H04L 67/1097   for distributed storage of ...

Block-level data storage using an outstanding write list

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Block-level data storage using an outstanding write list

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links