公开(公告)号：WO2008118345A1

公开(公告)日：2008-10-02

申请号：PCT/US2008/003696

申请日：2008-03-20

Applicant: NETWORK APPLIANCE, INC.

Inventor： ZIMMELS, Ori ,  FRANDZEL, Yuval

IPC: G06F21/02

CPC classification number: G06F21/85 ,  G06F21/78

Abstract: A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container.

Abstract translation: 提供了一种基于签名的数据容器识别的系统和方法。 当创建诸如lun的新数据容器时，安全设备通过例如检查数据容器的一个或多个数据块的内容来生成数据容器的签名。 生成的签名然后与数据容器的适当的加密密钥相关联，并存储在安全设备的配置数据库内或在安全设备环境中运行的密钥管理系统上。 为了识别与数据容器相关联的加密密钥，安全设备生成数据容器的签名，并将生成的签名与存储的签名进行比较。 如果存在匹配的签名，则安全设备利用与匹配签名相关联的加密密钥来处理对数据容器的数据访问请求。

公开(公告)号：WO2008147516A1

公开(公告)日：2008-12-04

申请号：PCT/US2008/006536

申请日：2008-05-22

Applicant: NETWORK APPLIANCE, INC.

Inventor： FRANDZEL, Yuval

IPC: G06F17/30

CPC classification number: G06F17/30159 ,  G06F3/0608 ,  G06F3/0641 ,  G06F3/0689

Abstract: A system and method for "on-the-fly" de-duplication of data before storing the data in a storage system is provided. A data de-duplication module illustratively cooperates with protocol servers and a file system of a storage operating system executing on the storage system to implement the novel de-duplication technique. The deduplication module illustratively generates a block store, an index file and a hash table on storage space provided by the storage system. The hash table is utilized for tracking fingerprints and locations of blocks within the block store. The index file is utilized for storing directory information identifying the contents of data containers stored on the storage system, while the block store is utilized to store raw data blocks that comprise the data containers.

Abstract translation: 提供了一种在将数据存储在存储系统中之前用于“即时”重复数据删除数据的系统和方法。 数据重复数据删除模块说明性地与协议服务器和在存储系统上执行的存储操作系统的文件系统协作以实现新的重复数据删除技术。 重复数据消除模块说明性地在由存储系统提供的存储空间上生成块存储，索引文件和散列表。 哈希表用于跟踪块存储中的指纹和块的位置。 索引文件用于存储识别存储在存储系统上的数据容器的内容的目录信息，同时使用块存储来存储构成数据容器的原始数据块。

公开(公告)号：WO2007127360A2

公开(公告)日：2007-11-08

申请号：PCT/US2007/010222

申请日：2007-04-26

Applicant: NETWORK APPLIANCE, INC. ,  ZHENG, Ling ,  STAGER, Roger ,  JOHNSTON, Craig ,  TRIMMER, Don ,  FRANDZEL, Yuval

Inventor： ZHENG, Ling ,  STAGER, Roger ,  JOHNSTON, Craig ,  TRIMMER, Don ,  FRANDZEL, Yuval

CPC classification number: H03M7/00 ,  H04N19/20 ,  H04N19/23 ,  H04N19/25

Abstract: A technique for eliminating duplicate data is provided. Upon receipt of a new data set, one or more anchor points are identified within the data set. A bit-by-bit data comparison is then performed of the region surrounding the anchor point in the received data set with the region surrounding an anchor point stored within a pattern database to identify forward/backward delta values. The duplicate data identified by the anchor point, forward and backward delta values is then replaced in the received data set with a storage indicator.

Abstract translation: 提供了一种消除重复数据的技术。 在接收到新的数据集之后，在数据集内识别一个或多个锚点。 然后，在包含存储在模式数据库内的锚定点周围的区域的接收数据集中围绕定位点的区域执行逐位数据比较，以识别前向/后向增量值。 由锚点，前向和后向增量值标识的重复数据随后用存储指示器在接收的数据集中替换。

公开(公告)号：EP2143023A1

公开(公告)日：2010-01-13

申请号：EP08726988.2

申请日：2008-03-19

Applicant: Network Appliance, Inc.

Inventor： JARDETZKY, Paul ,  KLEIMAN, Steven R. ,  STAGER, Roger ,  TRIMMER, Don ,  ZHENG, ling ,  FRANDZEL, Yuval

IPC: G06F17/30 ,  H04L29/08

CPC classification number: G06F17/30067

Abstract: According to one or more embodiments of the present invention, a network cache intercepts data requested by a client from a remote server interconnected with the cache through one or more wide area network (WAN) links (e.g., for Wide Area File Services, or 'WAFS'). The network cache stores the data and sends the data to the client. The cache may then intercept a first write request for the data from the client to the remote server, and determine one or more portions of the data in the write request that changed from the data stored at the cache (e.g., according to one or more hashes created based on the data). The network cache then sends a second write request for only the changed portions of the data to the remote server.

公开(公告)号：EP2168063A1

公开(公告)日：2010-03-31

申请号：EP08767836.3

申请日：2008-05-22

Applicant: Network Appliance, Inc.

Inventor： FRANDZEL, Yuval

IPC: G06F17/30

CPC classification number: G06F17/30159 ,  G06F3/0608 ,  G06F3/0641 ,  G06F3/0689

Abstract: A system and method for 'on-the-fly' de-duplication of data before storing the data in a storage system is provided. A data de-duplication module illustratively cooperates with protocol servers and a file system of a storage operating system executing on the storage system to implement the novel de-duplication technique. The deduplication module illustratively generates a block store, an index file and a hash table on storage space provided by the storage system. The hash table is utilized for tracking fingerprints and locations of blocks within the block store. The index file is utilized for storing directory information identifying the contents of data containers stored on the storage system, while the block store is utilized to store raw data blocks that comprise the data containers.

公开(公告)号：EP2143032A1

公开(公告)日：2010-01-13

申请号：EP08742167.3

申请日：2008-03-20

Applicant: Network Appliance, Inc.

Inventor： ZIMMELS, Ori ,  FRANDZEL, Yuval

IPC: G06F21/02

CPC classification number: G06F21/85 ,  G06F21/78

Abstract: A system and method for signature based data container recognition is provided. When a new data container, such as a lun, is created, a security appliance generates a signature of the data container, by, e.g., examining the contents of one or more data blocks of the data container. The generated signature is then associated with the appropriate encryption key for the data container and is stored either within a configuration database of the security appliance or on a key management system operating within a security appliance environment. To identify the encryption key associated with a data container, the security appliance generates a signature of the data container and compares the generated signature with the stored signatures. Should there be a matching signature, the security appliance utilizes the encryption key associated with the matching signature to process data access requests to/from the data container.

公开(公告)号：EP2013973A2

公开(公告)日：2009-01-14

申请号：EP07794387.6

申请日：2007-04-26

Applicant: NETWORK APPLIANCE, INC.

Inventor： ZHENG, Ling ,  STAGER, Roger ,  JOHNSTON, Craig ,  TRIMMER, Don ,  FRANDZEL, Yuval

IPC: H03M7/00

CPC classification number: H03M7/00 ,  H04N19/20 ,  H04N19/23 ,  H04N19/25

Abstract: A technique for eliminating duplicate data is provided. Upon receipt of a new data set, one or more anchor points are identified within the data set. A bit-by-bit data comparison is then performed of the region surrounding the anchor point in the received data set with the region surrounding an anchor point stored within a pattern database to identify forward/backward delta values. The duplicate data identified by the anchor point, forward and backward delta values is then replaced in the received data set with a storage indicator.