Network storage server with integrated encryption, compression and deduplication capability
First Claim
1. A method of operation of a network storage server, the method comprising:
- receiving a plurality of write requests at the network storage server from a set of clients;
buffering a plurality of data blocks written by the write requests in a cache in the network storage server;
during a consistency point process that is characterized by committing the plurality of buffered data blocks written by the write requests and stored in the cache to a nonvolatile mass storage facility, using a storage operating system in the network storage server to,compress each of the data blocks,encrypt each of the data blocks,for each of the data blocks, in parallel with compressing and encrypting the data block, hash an unencrypted version of the data block to generate a fingerprint of the data block, andstore the compressed and encrypted data blocks in the nonvolatile mass storage facility; and
enabling at least one of the encrypted data blocks to be shared by a plurality of logical containers, including using the fingerprints of the data blocks to identify duplicate data blocks.
1 Assignment
0 Petitions
Accused Products
Abstract
A network storage server receives multiple write requests from a set of clients via a network and internally buffers multiple data blocks written by the write requests. At a consistency point, the storage server commits the data blocks to a nonvolatile mass storage facility. The consistency point process includes using a storage operating system in the network storage server to compress the data blocks, encrypt selected data blocks, and store the compressed and (possibly) encrypted data blocks in the nonvolatile mass storage facility. Data blocks can also be fingerprinted in parallel with compression and/or encryption, to facilitate subsequent deduplication. Data blocks can be indexed and classified according to content or attributes of the data. Encryption can be applied at different levels of logical container granularity, where a separate, unique cryptographic key is used for each encrypted data container.
-
Citations
24 Claims
-
1. A method of operation of a network storage server, the method comprising:
-
receiving a plurality of write requests at the network storage server from a set of clients; buffering a plurality of data blocks written by the write requests in a cache in the network storage server; during a consistency point process that is characterized by committing the plurality of buffered data blocks written by the write requests and stored in the cache to a nonvolatile mass storage facility, using a storage operating system in the network storage server to, compress each of the data blocks, encrypt each of the data blocks, for each of the data blocks, in parallel with compressing and encrypting the data block, hash an unencrypted version of the data block to generate a fingerprint of the data block, and store the compressed and encrypted data blocks in the nonvolatile mass storage facility; and enabling at least one of the encrypted data blocks to be shared by a plurality of logical containers, including using the fingerprints of the data blocks to identify duplicate data blocks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory machine-readable medium comprising program code, the program code to:
-
receive a plurality of write requests at a network storage server from a set of clients; buffer a plurality of data blocks written by the write requests in a cache in the network storage server; during a consistency point process that is characterized by committing the plurality of buffered data blocks written by the write requests and stored in the cache to a nonvolatile mass storage facility, use a storage operating system in the network storage server to, compress each of the data blocks, encrypt each of the data blocks, for each of the data blocks, in parallel with compression and encryption of the data block, hash an unencrypted version of the data block to generate a fingerprint of the data block, and store the compressed and encrypted data blocks in the nonvolatile mass storage facility; and enable at least one of the encrypted data blocks to be shared by a plurality of logical containers, including using the fingerprints of the data blocks to identify duplicate data blocks.
-
-
24. An apparatus comprising:
-
a processor; and a machine-readable medium having program code executable by the processor to cause the apparatus to; receive a plurality of write requests at the apparatus from a set of clients; buffer a plurality of data blocks written by the write requests in a cache in the apparatus; during a consistency point process that is characterized by committing the plurality of buffered data blocks written by the write requests and stored in the cache to a nonvolatile mass storage facility, use a storage operating system in the apparatus to, compress each of the data blocks, encrypt each of the data blocks, for each of the data blocks, in parallel with compression and encryption of the data block, hash an unencrypted version of the data block to generate a fingerprint of the data block, and store the compressed and encrypted data blocks in the nonvolatile mass storage facility; and enable at least one of the encrypted data blocks to be shared by a plurality of logical containers, including using the fingerprints of the data blocks to identify duplicate data blocks.
-
Specification