Techniques and systems for data segregation in data storage systems
First Claim
1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,in response to receiving a data storage request whose fulfillment involves data being stored in a plurality of volumes of durable storage of a data storage system, the data storage request having a home region of a plurality of regions, storing the data by at least;
using a redundancy code, redundancy coding the data into a plurality of shards having a first quantity of members, a subset of the plurality of shards having a second quantity of members that corresponds to a minimum quantity of shards capable of recreating the data via the redundancy code;
selecting a partitioning of the plurality of shards that includes a first partition of shards and a second partition of shards, the second partition of shards insufficient for reconstructing the data; and
storing the plurality of shards such that;
the first partition is stored among a first set of volumes of the plurality of volumes, the first set of volumes being located in the home region; and
the second partition is stored among a second set of volumes that are located outside of the home region; and
tracking shard storage in the second set of volumes so as to prevent a total number of shards of the plurality of shards from being stored among the second set of volumes such that a total number of shards of the plurality of shards that is stored outside of the home region is insufficient for recreation of the data.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer system, such as a data storage system, implements techniques for segregating and controlling access to data stored in multiple regions. In some embodiments, redundancy coded shards generated from the data and stored in durable storage of a data storage system is allocated across multiple regions, but in a fashion that prevents actors with access to regions outside that of a “home” region from recovering a sufficient number of unique shards to regenerate the data represented thereby. In some embodiments, encryption is used to segregate the data by encrypting the generated shards, then storing the cryptographic information on or otherwise controlling access on hosts or other devices of only the home region.
152 Citations
20 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, in response to receiving a data storage request whose fulfillment involves data being stored in a plurality of volumes of durable storage of a data storage system, the data storage request having a home region of a plurality of regions, storing the data by at least; using a redundancy code, redundancy coding the data into a plurality of shards having a first quantity of members, a subset of the plurality of shards having a second quantity of members that corresponds to a minimum quantity of shards capable of recreating the data via the redundancy code; selecting a partitioning of the plurality of shards that includes a first partition of shards and a second partition of shards, the second partition of shards insufficient for reconstructing the data; and storing the plurality of shards such that; the first partition is stored among a first set of volumes of the plurality of volumes, the first set of volumes being located in the home region; and the second partition is stored among a second set of volumes that are located outside of the home region; and tracking shard storage in the second set of volumes so as to prevent a total number of shards of the plurality of shards from being stored among the second set of volumes such that a total number of shards of the plurality of shards that is stored outside of the home region is insufficient for recreation of the data. - View Dependent Claims (2, 3, 4)
-
5. A system, comprising:
at least one computing device configured to implement one or more services, wherein the one or more services are configured to; in response to receiving data storage requests, process the data storage requests by at least; generating, using a redundancy code, a plurality of shards from data associated with the data storage requests; allocating a first subset of the plurality of shards to a first region; and allocating a second subset of the plurality of shards to a second region, the second subset being insufficient for regeneration of the data without at least one member of the first subset; and monitor the second subset of the plurality of shards allocated to the second region so as to ensure that the second subset remains insufficient for generation of the data if one or more additional shards of the plurality of shards are allocated to the second region. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
in response to receiving data storage requests, process the data storage requests by at least; generating, using a redundancy code, a plurality of shards from data associated with the data storage requests; encrypting at least some of the plurality of shards; storing cryptographic information sufficient for decrypting the encrypted portion of the plurality of shards in a first region of a plurality of regions; preventing access to the cryptographic information to a remainder of the plurality of regions; allocating a first subset of the plurality of shards to the first region; and allocating a second subset of the plurality of shards to the remainder of the plurality of regions, the second subset being insufficient for regeneration of the data without access to the cryptographic information, the second subset including at least the encrypted portion of the plurality of shards. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
Specification