Compression and secure, end-to-end encrypted, ZFS cloud storage

US 10,540,384 B2
Filed: 05/31/2017
Issued: 01/21/2020
Est. Priority Date: 01/06/2017
Status: Active Grant

First Claim

Patent Images

1. A method of transforming blocks on a cloud object store that is remote from a block storage system, the method comprising:

receiving, at an application layer of the block storage system and through a system call interface of an interface layer of the block storage system, a first request to store or modify a file, the first request including file data;

generating, at a transactional object layer of the block storage system, a plurality of data blocks, each data block of the plurality of data blocks corresponding to at least a portion of the file data;

receiving, at the application layer of the block storage system and through the system call interface of the interface layer of the block storage system, one or more communications that identify one or more transformation actions to perform on the plurality of data blocks, the one or more transformation actions including one or more of;

a compression type to compress each data block of the plurality of data blocks by; and

an encryption type to encrypt each data block of the plurality of data blocks, wherein an encryption key associated with the encryption type is retrieved locally from the block storage system;

transforming each data block of the plurality of data blocks to form a plurality of transformed blocks by performing the one or more transformation actions on each data block of the plurality of data blocks;

generating, at the transactional object layer of the block storage system, a plurality of metadata blocks corresponding to the plurality of transformed blocks, the plurality of metadata blocks being configured to hierarchically point to lower-level blocks associated with the file and thereby correspond to at least part of a tree hierarchy for the file, wherein;

each metadata block of the plurality of metadata blocks includes one or more address pointers, each address pointer of the one or more address pointers being pointed to a transformed block of the plurality of transformed blocks or to a metadata block of the plurality of metadata blocks;

each transformed block of the plurality of transformed blocks being pointed to by at least one metadata block of the plurality of metadata blocks;

the plurality of metadata blocks includes a root block that is positioned at a top of the tree hierarchy for the file and one or more non-root metadata blocks; and

each non-root metadata block of the plurality of metadata blocks being pointed to by at least one metadata block of the plurality of metadata blocks of the tree hierarchy of the file;

causing a set of cloud storage objects to be stored in the cloud object store by transmitting the plurality of transformed blocks and the plurality of metadata blocks to a hybrid cloud storage system, the hybrid cloud storage system managing data storage in the cloud object store;

transmitting, to the hybrid cloud storage system, one or more second requests for a set of addresses, each address of the set of addresses corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks; and

receiving, from the hybrid cloud storage system, one or more responses to the one or more second requests, each response of the one or more responses identifying an address corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks, the address identifying a storage location in the cloud object store.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques described herein relate to systems and methods of data storage, and more particularly to providing layering of file system functionality on an object interface. In certain embodiments, file system functionality may be layered on cloud object interfaces to provide cloud-based storage while allowing for functionality expected from a legacy applications. For instance, POSIX interfaces and semantics may be layered on cloud-based storage, while providing access to data in a manner consistent with file-based access with data organization in name hierarchies. Various embodiments also may provide for memory mapping of data so that memory map changes are reflected in persistent storage while ensuring consistency between memory map changes and writes. For example, by transforming a ZFS file system disk-based storage into ZFS cloud-based storage, the ZFS file system gains the elastic nature of cloud storage.

59 Citations

View as Search Results

20 Claims

1. A method of transforming blocks on a cloud object store that is remote from a block storage system, the method comprising:
- receiving, at an application layer of the block storage system and through a system call interface of an interface layer of the block storage system, a first request to store or modify a file, the first request including file data;
  
  generating, at a transactional object layer of the block storage system, a plurality of data blocks, each data block of the plurality of data blocks corresponding to at least a portion of the file data;
  
  receiving, at the application layer of the block storage system and through the system call interface of the interface layer of the block storage system, one or more communications that identify one or more transformation actions to perform on the plurality of data blocks, the one or more transformation actions including one or more of;
  
  a compression type to compress each data block of the plurality of data blocks by; and
  
  an encryption type to encrypt each data block of the plurality of data blocks, wherein an encryption key associated with the encryption type is retrieved locally from the block storage system;
  
  transforming each data block of the plurality of data blocks to form a plurality of transformed blocks by performing the one or more transformation actions on each data block of the plurality of data blocks;
  
  generating, at the transactional object layer of the block storage system, a plurality of metadata blocks corresponding to the plurality of transformed blocks, the plurality of metadata blocks being configured to hierarchically point to lower-level blocks associated with the file and thereby correspond to at least part of a tree hierarchy for the file, wherein;
  
  each metadata block of the plurality of metadata blocks includes one or more address pointers, each address pointer of the one or more address pointers being pointed to a transformed block of the plurality of transformed blocks or to a metadata block of the plurality of metadata blocks;
  
  each transformed block of the plurality of transformed blocks being pointed to by at least one metadata block of the plurality of metadata blocks;
  
  the plurality of metadata blocks includes a root block that is positioned at a top of the tree hierarchy for the file and one or more non-root metadata blocks; and
  
  each non-root metadata block of the plurality of metadata blocks being pointed to by at least one metadata block of the plurality of metadata blocks of the tree hierarchy of the file;
  
  causing a set of cloud storage objects to be stored in the cloud object store by transmitting the plurality of transformed blocks and the plurality of metadata blocks to a hybrid cloud storage system, the hybrid cloud storage system managing data storage in the cloud object store;
  
  transmitting, to the hybrid cloud storage system, one or more second requests for a set of addresses, each address of the set of addresses corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks; and
  
  receiving, from the hybrid cloud storage system, one or more responses to the one or more second requests, each response of the one or more responses identifying an address corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks, the address identifying a storage location in the cloud object store.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the compression type includes one of:
    - LZ4, LZJB, GZIP, and ZLE.
  - 3. The method of claim 1, wherein the encryption type includes advanced encryption standard (AES) with key lengths including 128, 192, and 256.
  - 4. The method of claim 1, wherein the encryption key is randomly generated.
  - 5. The method of claim 1, wherein a wrapping key is used to decrypt the encryption key.
  - 6. The method of claim 5, wherein the wrapping key is a stored passphrase or an AES key.
  - 7. The method of claim 1, wherein a compression ratio is 2 to 1.

8. One or more non-transitory tangible computer-readable storage media storing computer-executable instructions for performing a computer process for transforming blocks on a cloud object store that is remote from a block storage system on a computing system, the computer process comprising:
- receiving, at an application layer of the block storage system and through a system call interface of an interface layer of the block storage system, a first request to store or modify a file, the first request including file data;
  
  generating, at a transactional object layer of the block storage system, a plurality of data blocks, each data block of the plurality of data blocks corresponding to at least a portion of the file data;
  
  receiving, at the application layer of the block storage system and through the system call interface of the interface layer of the block storage system, one or more communications that identify one or more transformation actions to perform on the plurality of data blocks, the one or more transformation actions including one or more of;
  
  a compression type to compress each data block of the plurality of data blocks by; and
  
  an encryption type to encrypt each data block of the plurality of data blocks, wherein an encryption key associated with the encryption type is retrieved locally from the block storage system; and
  
  transforming each data block of the plurality of data blocks to form a plurality of transformed blocks by performing the one or more transformation actions on each data block of the plurality of data blocks; and
  
  generating, at the transactional object layer of the block storage system, a plurality of metadata blocks corresponding to the plurality of transformed blocks, the plurality of metadata blocks being configured to hierarchically point to lower-level blocks associated with the file and thereby correspond to at least part of a tree hierarchy for the file, wherein;
  
  each metadata block of the plurality of metadata blocks includes one or more address pointers, each address pointer of the one or more address pointers being pointed to a transformed block of the plurality of transformed blocks or to a metadata block of the plurality of metadata blocks;
  
  each transformed block of the plurality of transformed blocks being pointed to by at least one metadata block of the plurality of metadata blocks;
  
  the plurality of metadata blocks includes a root block that is positioned at a top of the tree hierarchy for the file and one or more non-root metadata blocks; and
  
  each non-root metadata block of the plurality of metadata blocks being pointed to by at least one metadata block of the of the plurality of metadata blocks of the tree hierarchy of the file;
  
  causing a set of cloud storage objects to be stored in the cloud object store by transmitting the plurality of transformed blocks and the plurality of metadata blocks to a hybrid cloud storage system, the hybrid cloud storage system managing data storage in the cloud object store;
  
  transmitting, to the hybrid cloud storage system, one or more second requests for a set of addresses, each address of the set of addresses corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks; and
  
  receiving, from the hybrid cloud storage system, one or more responses to the one or more second requests, each response of the one or more responses identifying an address corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks, the address identifying a storage location in the cloud object store.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more non-transitory tangible computer-readable storage media of claim 8, wherein the compression type includes one of:
    - LZ4, LZJB, GZIP, and ZLE.
  - 10. The one or more non-transitory tangible computer-readable storage media of claim 8, wherein the encryption type includes advanced encryption standard (AES) with key lengths including 128, 192, and 256.
  - 11. The one or more non-transitory tangible computer-readable storage media of claim 8, wherein the encryption key is randomly generated.
  - 12. The one or more non-transitory tangible computer-readable storage media of claim 8, wherein a wrapping key is used to decrypt the encryption key.
  - 13. The one or more non-transitory tangible computer-readable storage media of claim 12, wherein the wrapping key is a stored passphrase or an AES key.
  - 14. The one or more non-transitory tangible computer-readable storage media of claim 8, wherein a compression ratio is 2 to 1.

15. A system for transforming blocks on a cloud object store that is remote from a block storage system comprising:
- one or more processors;
  
  a non-transitory computer-readable medium coupled to the one or more processors and storing instructions, wherein the instructions, when executed by the one or more processors, cause the one or more processors, to perform operations including;
  
  receiving, at an application layer of the block storage system and through a system call interface of an interface layer of the block storage system, a first request to store or modify a file, the first request including file data;
  
  generating, at a transactional object layer of the block storage system, a plurality of data blocks, each data block of the plurality of data blocks corresponding to at least a portion of the file data;
  
  receiving, at the application layer of the block storage system and through the system call interface of the interface layer of the block storage system, one or more communications that identify one or more transformation actions to perform on the plurality of data blocks, the one or more transformation actions including one or more of;
  
  a compression type to compress each data block of the plurality of data blocks by; and
  
  an encryption type to encrypt each data block of the plurality of data blocks, wherein an encryption key associated with the encryption type is retrieved locally from the block storage system; and
  
  transforming each data block of the plurality of data blocks to form a plurality of transformed blocks by performing the one or more transformation actions on each data block of the plurality of data blocks;
  
  generating, at the transactional object layer of the block storage system, a plurality of metadata blocks corresponding to the plurality of transformed blocks, the plurality of metadata blocks being configured to hierarchically point to lower-level blocks associated with the file and thereby correspond to at least part of a tree hierarchy for the file, wherein;
  
  each metadata block of the plurality of metadata blocks includes one or more address pointers, each address pointer of the one or more address pointers being pointed to a transformed block of the plurality of transformed blocks or to a metadata block of the plurality of metadata blocks;
  
  each transformed block of the plurality of transformed blocks being pointed to by at least one metadata block of the plurality of metadata blocks;
  
  the plurality of metadata blocks includes a root block that is positioned at a top of the tree hierarchy for the file and one or more non-root metadata blocks; and
  
  each non-root metadata block of the plurality of metadata blocks being pointed to by at least one metadata block of the plurality of metadata blocks of the tree hierarchy of the file;
  
  causing a set of cloud storage objects to be stored in the cloud object store by transmitting the plurality of transformed blocks and the plurality of metadata blocks to a hybrid cloud storage system, the hybrid cloud storage system managing data storage in the cloud object store;
  
  transmitting, to the hybrid cloud storage system, one or more second requests for a set of addresses, each address of the set of addresses corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks; and
  
  receiving, from the hybrid cloud storage system, one or more responses to the one or more second requests, each response of the one or more responses identifying an address corresponding to a transformed block of the plurality of transformed blocks or a metadata block of the plurality of metadata blocks, the address identifying a storage location in the cloud object store.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the compression type includes one of:
    - LZ4, LZJB, GZIP, and ZLE.
  - 17. The system of claim 15, wherein the encryption type includes advanced encryption standard (AES) with key lengths including 128, 192, and 256.
  - 18. The system of claim 15, wherein the encryption key is randomly generated.
  - 19. The system of claim 15, wherein a wrapping key is used to decrypt the encryption key.
  - 20. The system of claim 19, wherein the wrapping key is a stored passphrase or an AES key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Maybee, Mark, Kremer, James, Gibson, Gavin
Primary Examiner(s)
Davis, Chenea

Application Number

US15/610,380
Publication Number

US 20180198765A1
Time in Patent Office

965 Days
Field of Search
US Class Current
CPC Class Codes

G06F 1/28   Supervision thereof, e.g. d...

G06F 11/07   Responding to the occurrenc...

G06F 11/1004   to protect a block of data ...

G06F 11/14   Error detection or correcti...

G06F 11/1446   Point-in-time backing up or...

G06F 11/1464   for networked environments

G06F 11/3006   where the computing system ...

G06F 11/3034   where the computing system ...

G06F 11/3037   where the computing system ...

G06F 11/328   Computer systems status dis...

G06F 11/3495   for systems

G06F 12/0804   with main memory updating G...

G06F 12/0813   with a network or matrix co...

G06F 12/0868   Data transfer between cache...

G06F 12/0897   with two or more cache hier...

G06F 12/123   with age lists, e.g. queue,...

G06F 12/128   adapted to multidimensional...

G06F 12/1408   by using cryptography for d...

G06F 16/128   Details of file system snap...

G06F 16/172   Caching, prefetching or hoa...

G06F 16/1748 : De-duplication implemented ...

G06F 16/182 : Distributed file systems

G06F 16/184 : implemented as replicated f...

G06F 16/1844 : Management specifically ada...

G06F 16/185 : Hierarchical storage manage...

G06F 16/2365 : Ensuring data consistency a...

G06F 16/434 : using image data, e.g. imag...

G06F 16/9027 : Trees

G06F 2009/4557 : Distribution of virtual mac...

G06F 2009/45583 : Memory management, e.g. acc...

G06F 2009/45595 : Network integration; Enabli...

G06F 21/602 : Providing cryptographic fac...

G06F 2201/80 : Database-specific techniques

G06F 2201/81 : Threshold

G06F 2201/84 : Using snapshots, i.e. a log...

G06F 2212/154 : Networked environment

G06F 2212/225 : Hybrid cache memory, e.g. h...

G06F 2212/262 : configured as RAID

G06F 2212/284 : being distributed

G06F 2212/313 : In storage device

G06F 2212/401 : Compressed data

G06F 2212/502 : using adaptive policy

G06F 3/0605 : by facilitating the interac...

G06F 3/0607 : by facilitating the process...

G06F 3/0608 : Saving storage space on sto...

G06F 3/061 : Improving I/O performance

G06F 3/0617 : in relation to availability

G06F 3/0623 : in relation to content

G06F 3/064 : Management of blocks

G06F 3/0641 : De-duplication techniques

G06F 3/0643 : Management of files

G06F 3/065 : Replication mechanisms

G06F 3/0665 : at area level, e.g. provisi...

G06F 3/0667 : at data level, e.g. file, r...

G06F 3/067 : Distributed or networked st...

G06F 9/45558 : Hypervisor-specific managem...

G06F 9/5077 : Logical partitioning of res...

H03M 7/30 : Compression speech analysis...

H03M 7/3086 : employing a sliding window,...

H03M 7/40 : Conversion to or from varia...

H04L 63/0428 : wherein the data content is...

H04L 67/1095 : Replication or mirroring of...

H04L 67/1097 : for distributed storage of ...

H04L 9/0637 : Modes of operation, e.g. ci...

H04L 9/0822 : using key encryption key

H04L 9/14 : using a plurality of keys o...

View All

Compression and secure, end-to-end encrypted, ZFS cloud storage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Compression and secure, end-to-end encrypted, ZFS cloud storage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links