Preserving redundancy in data deduplication systems by encryption
First Claim
1. A system for preserving data redundancy in a data deduplication system in a computing environment, comprising:
- at least one processor device implemented in computing hardware;
a file system module controlled by the processor device; and
a storage controller, controlled by the at least one processor, in operable communication with the file system module, wherein;
for adhering to requirements of an application for allocating a plurality of copies of a selected data segment to a plurality of physical storage locations, the file system module is configured to;
in a two-way mirrored storage pool, determine and identify the plurality of copies of the selected data segment that are to be precluded from data deduplication, the selected data segment comprising a superblock associated with a segment of metadata describing characteristics of a file system;
encrypt with a unique encryption key, by the application, the selected data segment to be written through the data deduplication system such that the selected data segment is not subject to a deduplication operation, wherein the unique encryption key is a weak and predictable encryption key and does not require additional metadata storage space of the selected data segment;
trick the data deduplication system to recognize the encrypted, selected data segment as new, undeduplicated data by the encrypting thereby skipping steps of the deduplication operation that includes fingerprint generation and matching, wherein the encrypted, selected data segment is not matched with identical data previously written;
directly write the encrypted, selected data segment to a new physical storage location even if there are earlier instances of identical data of the encrypted, selected data segment being stored on the storage controller, system such that multiple, redundant copies of the selected data segment comprising the superblock are stored in the plurality of physical storage locations in the computing environment;
wherein encrypting the selected data segment includes choosing multiple selected data segments written as a unit such that each of the multiple selected data segments are decrypted as the unit; and
requesting the superblock of data segments and subsequently decrypting the data segments with the weak and predictable key.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and non-transitory computer program product for preserving data redundancy in a data deduplication system in a computing environment is provided. A selected data segment, to be written through the data deduplication system, is encrypted such that the selected data segment is not subject to a deduplication operation. Copies of the data segment that are to be precluded from data deduplication are determined and identified. A unique encryption key is used to encrypt the selected data segment to be written through the data deduplication system such that the selected data segment is not subject to a deduplication operation. The data deduplication system is tricked to recognize the encrypted, selected data segment as new, undeduplicated data by the encrypting thereby skipping steps of the deduplication operation that includes fingerprint generation and matching. The encrypted, selected data segment is directly written to a new physical storage location.
-
Citations
18 Claims
-
1. A system for preserving data redundancy in a data deduplication system in a computing environment, comprising:
- at least one processor device implemented in computing hardware;
a file system module controlled by the processor device; and
a storage controller, controlled by the at least one processor, in operable communication with the file system module, wherein;
for adhering to requirements of an application for allocating a plurality of copies of a selected data segment to a plurality of physical storage locations, the file system module is configured to;
in a two-way mirrored storage pool, determine and identify the plurality of copies of the selected data segment that are to be precluded from data deduplication, the selected data segment comprising a superblock associated with a segment of metadata describing characteristics of a file system;
encrypt with a unique encryption key, by the application, the selected data segment to be written through the data deduplication system such that the selected data segment is not subject to a deduplication operation, wherein the unique encryption key is a weak and predictable encryption key and does not require additional metadata storage space of the selected data segment;
trick the data deduplication system to recognize the encrypted, selected data segment as new, undeduplicated data by the encrypting thereby skipping steps of the deduplication operation that includes fingerprint generation and matching, wherein the encrypted, selected data segment is not matched with identical data previously written;
directly write the encrypted, selected data segment to a new physical storage location even if there are earlier instances of identical data of the encrypted, selected data segment being stored on the storage controller, system such that multiple, redundant copies of the selected data segment comprising the superblock are stored in the plurality of physical storage locations in the computing environment;
wherein encrypting the selected data segment includes choosing multiple selected data segments written as a unit such that each of the multiple selected data segments are decrypted as the unit; andrequesting the superblock of data segments and subsequently decrypting the data segments with the weak and predictable key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- at least one processor device implemented in computing hardware;
-
9. A computer program product for preserving data redundancy in a data deduplication system in a computing environment by a processor, the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- for adhering to requirements of an application for allocating a plurality of copies of a selected data segment to a plurality of physical storage locations;
a first executable portion that, in a two-way mirrored storage pool, determines and identifies the plurality of copies of the selected data segment that are to be precluded from data deduplication, the selected data segment comprising a superblock associated with a segment of metadata describing characteristics of a file system;
a second executable portion that, before a write of the selected data segment is issued, encrypts with a unique encryption key, by the application, the selected data segment to be written through the data deduplication system such that the selected data segment is not subject to a deduplication operation, wherein the unique encryption key is a weak and predictable encryption and does not require additional metadata storage space of the selected data segment;
a third executable portion that tricks the data deduplication system to recognize the encrypted, selected data segment as new, undeduplicated data by the encrypting thereby skipping steps of the deduplication operation that includes fingerprint generation and matching, wherein the encrypted, selected data segment is not matched with identical data previously written;
a fourth executable portion that directly writes the encrypted, selected data segment to a new physical storage location even if there are earlier instances of identical data of the encrypted, selected data segment being stored on a storage controller, such that multiple, redundant copies of the selected data segment comprising the superblock are stored in the plurality of physical storage locations in the computing environment;
wherein encrypting the selected data segment includes choosing multiple selected data segments written as a unit such that each of the multiple selected data segments are decrypted as the unit; anda fifth execution portion that requests the superblock of data segments and subsequently decrypts the data segments with the weak and predictable key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- for adhering to requirements of an application for allocating a plurality of copies of a selected data segment to a plurality of physical storage locations;
Specification