Methods and systems for selective encryption and secured extent quota management for storage servers in cloud computing
First Claim
1. A method, comprising:
- allocating at least one secure storage disk and at least one non-secure storage disk in a managed disk group;
associating the at least one secure storage disk and the at least one non-secure storage disk to a virtual disk;
mapping the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk by the application; and
accessing the at least one secure storage disk and the at least one non-secure storage disk based on the mapping of the virtual disk to the application, to write or read input data which comprises confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk,wherein the application determines whether the input data is the confidential data or the non-confidential data and tags the confidential data,wherein a determination to write or read the confidential and the non-confidential data to one of the at least one secure storage disk and the at least one non-secure storage disk is based on a read or write encryption command received from the application,wherein the read or write encryption command received from the application includes an encryption read capacity command to determine and return a size or capacity of the at least one secure storage disk, andwherein the read or write encryption command received from the application indicates whether the confidential data should be written to or read from the at least one secure storage disk and the non-confidential data should be written to or read from the at least one non-secure storage disk.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for selective encryption and secured extent quota management for storage servers in cloud computing are provided. A method includes associating at least one secure storage disk and at least one non-secure storage disk to a virtual disk, and associating the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk. The method further includes accessing the at least one secure storage disk and the at least one non-secure storage disk based on the associating of the virtual disk to the application, to write or read confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk.
-
Citations
28 Claims
-
1. A method, comprising:
-
allocating at least one secure storage disk and at least one non-secure storage disk in a managed disk group; associating the at least one secure storage disk and the at least one non-secure storage disk to a virtual disk; mapping the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk by the application; and accessing the at least one secure storage disk and the at least one non-secure storage disk based on the mapping of the virtual disk to the application, to write or read input data which comprises confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk, wherein the application determines whether the input data is the confidential data or the non-confidential data and tags the confidential data, wherein a determination to write or read the confidential and the non-confidential data to one of the at least one secure storage disk and the at least one non-secure storage disk is based on a read or write encryption command received from the application, wherein the read or write encryption command received from the application includes an encryption read capacity command to determine and return a size or capacity of the at least one secure storage disk, and wherein the read or write encryption command received from the application indicates whether the confidential data should be written to or read from the at least one secure storage disk and the non-confidential data should be written to or read from the at least one non-secure storage disk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 26, 27, 28)
-
-
12. A system implemented in hardware, comprising:
-
a computer infrastructure operable to; associate a virtual disk to an application on a computing device, the virtual disk associated with at least one encrypting storage disk and at least one non-encrypting storage disk, and used by the application to access of the at least one encrypting storage disk and the at least one non-encrypting storage disk; access one of the at least one encrypting storage disk and the at least one non-encrypting storage disk based on the associating of the virtual disk to the application, to write or read confidential or non-confidential data associated with the application into a respective one of the at least one encrypting storage disk and the at least one non-encrypting storage disk; and read a size of the at least one encrypting storage disk based on a read encryption command received from the application, wherein a determination to write or read the confidential and the non-confidential data to one of the at least one encrypting storage disk and the at least one non-encrypting storage disk is based on a read or write encryption command received from the application, wherein the read or write encryption command received from the application includes an encryption read capacity command to determine and return a size or capacity of the at least one encrypting storage disk, and wherein the read or write encryption command received from the application indicates whether the confidential data should be written or read from the at least one encrypting storage disk and the non-confidential data should be written to or read from the at least one non-encrypting storage disk. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a computer readable storage device or memory having readable program code embodied in the storage medium, the computer program product includes at least one component operable to:
-
allocate at least one secure storage disk and at least one non-secure storage disk in a managed disk group; associate the at least one secure storage disk and the at least one non-secure storage disk to a virtual disk; map the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk by the application; and access the at least one secure storage disk and the at least one non-secure storage disk based on the mapping of the virtual disk to the application, to write or read input data which comprises confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk, wherein the application determines whether the input data is the confidential data or the non-confidential data and tags the confidential data, wherein a determination to write or read the confidential and the non-confidential data to one of the at least one secure storage disk and the at least one non-secure storage disk is based on a read or write encryption command received from the application, wherein the read or write encryption command received from the application includes an encryption read capacity command to determine and return a size or capacity of the at least one secure storage disk, and wherein the read or write encryption command received from the application indicates whether the confidential data should be written to or read from the at least one secure storage disk and the non-confidential data should be written to or read from the at least one non-secure storage disk. - View Dependent Claims (21)
-
-
22. A method of deploying a system for selective encryption and secured extent quota management for storage servers, comprising:
providing a computer infrastructure, being operable to; receive input data which comprises confidential data or non-confidential data; tagging the received input data as the confidential data to indicate confidential information or the received input data as the non-confidential data to indicate non-confidential information; determine whether the received input data is tagged as confidential or non-confidential respectively; and send one of an encryption command and a non-encryption command to a storage controller based on whether the received input data is tagged as confidential, wherein the one of the encryption command and the non-encryption command instructs the received input data to be stored in a secure or a non-secure storage based on whether the received input data is tagged as the confidential or the non-confidential respectively, wherein the encryption command includes an encryption read capacity command to determine and return a size or capacity of the secure storage, and wherein the encryption command instructs the received input data tagged as confidential to be stored in the secure storage and the non-encryption command instructs the received input data tagged as non-confidential to be stored in the non-secure storage. - View Dependent Claims (23)
-
24. A computer system for selective encryption and secured extent quota management for storage servers, the system comprising:
-
a CPU, a computer readable memory and a computer readable storage media; first program instructions to associate at least one encrypting storage disk and at least one non-encrypting storage disk to a virtual disk; second program instructions to associate the virtual disk to an application on a computing device to allow access of the at least one encrypting storage disk and the at least one non-encrypting storage disk; third program instructions to access the at least one encrypting storage disk based on an encryption command received from the application, to write or read confidential data associated with the application into the at least one encrypting disk; and fourth program instructions to access the at least one non-encrypting storage disk based on a non-encryption command received from the application, to write or read non-confidential data associated with the application into the at least one non-encrypting disk, wherein a determination to write or read input data which comprises the confidential and the non-confidential data to one of the at least one encrypting storage disk and the at least one non-encrypting storage disk is based on a read or write encryption command received from the application, wherein the application determines whether the input data is the confidential data or the non-confidential data and tags the confidential data, wherein the read or write encryption command received from the application includes an encryption read capacity command to determine and return a size or capacity of the at least one encrypting storage disk, wherein the read or write encryption command received from the application indicates whether the confidential data should be written to or read from the at least one encrypting storage disk and the non-confidential data should be written to or read from the at least one non-encrypting storage disk, and wherein the first, second, third, and fourth program instructions are stored on the computer readable storage media for execution by the CPU via the computer readable memory. - View Dependent Claims (25)
-
Specification