related application
This application is a continuation of part of a series of US patent applications. U.S. Patent No. 16/044,000, entitled CLOD LOGIN AUTHENTICATION STORAGE PLATFORM, filed July 24, 2018, is expressly incorporated herein by reference.
Brief description of the drawings
The drawings illustrate various embodiments and are a part of the specification. The illustrated embodiments are exemplary only and do not limit the scope of the present disclosure. Throughout the drawings, the same or similar reference numerals denote the same or similar elements.
example description
Exemplary methods, devices, and products for remotely accessing storage devices are described herein. For example, methods, devices, and products for simply connecting to storage devices using access tokens according to embodiments of the present disclosure are described with reference to the accompanying drawings, beginning with
system100Includes a range of computing devices164A-B. Computing devices (also referred to herein as "client devices") may be, for example, data center servers, workstations, personal computers, laptops, and the like. computer equipment164A-B can be combined to transfer data to one or more memory arrays102A-B via a Storage Area Network ("SAN")158or local area network ("LAN")160.
storage area158They can be realized through various backbone networks, equipment and data transmission protocols. For example, a fabric for a SAN158Can include Fiber Channel, Ethernet, Infiniband, Serial Attached Small Computer System Interface ("SAS"), and the like. Data Communication Protocols for SANs158May include Advanced Technology Attachment (“ATA”), Fiber Channel Protocol, Small Computer System Interface (“SCSI”), Internet Small Computer System Interface (“iSCSI”), HyperSCSI, Non-Volatile Memory Express (“NVMe”) via Skeleton network or similar. It seems that SAS158are indicative and not restrictive. Other data transfer links can be implemented between computing devices164Array A-B and storage102A-B。
local area network160It can also be achieved through different relays, devices and protocols. For example, a LAN structure160Can include Ethernet (802.3), wireless (802.11), etc. Data transfer protocol used in local area network160may include Transmission Control Protocol (“TCP”), User Data Protocol (“UDP”), Internet Protocol (“IP”), Hypertext Transfer Protocol (“HTTP”), Wireless Access Protocol (“WAP”), mobile Transport Protocol ("HDTP"), Session Initiation Protocol ("SIP"), Real-Time Protocol ("RTP"), etc.
storage array102A-B can provide persistent data storage for computing devices164A-B. storage array102A can be contained in an enclosure (not shown) and storage102In an embodiment, B may be included in another context (not shown). storage array102AI102B may include one or more storage array controllers110A-D (also referred to here as "Administrators"). storage array controller110A-D may be implemented as modules of an automatic computing machine comprising computer hardware, computer software, or a combination of computer hardware and software. In some embodiments, the storage array controller110A-D can be configured to perform various storage tasks. Storage operations may include storing data received from computing devices164A-B in memory array102A-B, erase data from memory matrix102A-B, get data from memory array102A-B and data transfer to computing device164A-B, monitor and report disk usage and performance, perform redundancy functions such as Redundant Array of Independent Disks (“RAID”) or RAID-style data redundancy functions, data compression, data encryption, etc.
storage array controller110A-D can be implemented in a variety of ways, such as user-programmable gate arrays (“FPGAs”), programmable logic chips (“PLCs”), application-specific integrated circuits (“ASICs”), and system-on-chips (“SOCs”). ) or any computing device consisting of separate components such as processing devices, central processing units, computer memory, or various adapters storage array controllers110A-D may include, for example, data adapters configured to support communication over a SAN158lub LAN160. In some embodiments, the storage array controller110A-D can independently access the LAN160.In an embodiment, the storage array controller110A-D may include I/O controllers connected to storage array controllers, etc.110A-D transfers data across intermediate tiers (not shown) to non-volatile memory resources170A-B (also referred to herein as "storage resource"). dynamic stocks170Master A-B includes any number of drives171A-F (also referred to herein as "storage devices") and any number of non-volatile random access memory ("NVRAM") devices (not shown).
In some NVRAM device implementations, persistent storage resources170A-B can be configured to receive110A-D, data to be stored on disk171A-F. In some instances, data may originate from computer equipment164A-B. In some examples, writing data to an NVRAM device may be faster than writing data directly to disk171A-F. In an embodiment, the storage array controller110A-D can be configured to use the NVRAM device as a fast-access buffer for writing data to disk171A-F. On systems where the storage array controller resides, the latency of write requests that use NVRAM devices as buffers can be improved110A-D writes data directly to disk171A-F. In some embodiments, NVRAM devices can be implemented with computer memory in the form of high-bandwidth, low-latency RAM. NVRAM devices are referred to as "non-volatile" because the NVRAM device can receive or contain a single power supply that maintains the RAM state after the main power supply to the NVRAM device is lost. Such a power source may be a battery, one or more capacitors, or the like. In response to a power loss, NVRAM devices can be configured to write the contents of RAM to non-volatile memory such as a disk drive171A-F。
In an embodiment, the storage unit171A-F can refer to any device configured to permanently store data, where "permanent" or "permanent" refers to the ability of the device to retain stored data after power is removed. In some embodiments, the storage unit171A-F can correspond to storage media other than magnetic disks. For example, a storage unit171A-F may be one or more solid-state drives (“SSDs”), flash-based storage, any type of non-volatile solid-state memory, or any other type of non-mechanical storage device. In other embodiments, the storage unit171A-F may include mechanical or spinning hard disks, such as hard disk drives (“HDDs”).
In some embodiments, the storage array controller110A-D can be configured to offload device management from disk171A-F in storage array102A-B. For example, storage array controllers110A-D can manage control information that describes the state of one or more blocks of memory on storage disk171A-F. For example, audit information might indicate that a particular block of memory has failed and should no longer be written to, that a particular block of memory contains initialization code for a storage array controller110A-D, the number of program erase (“P/E”) cycles that occurred in a particular memory block, the age of data stored in a particular memory block, the type of data stored in a particular memory block, etc. ETC is in. In some implementations, control information may be stored as metadata with associated memory blocks. In other embodiments, checking information about storage units171A-F can be stored in specific storage blocks of one or more storage disks171Storage Array Controller Selection A-F110announcement. The selected memory block may be marked with an identifier indicating that the selected memory block contains control information. This ID can be used by the storage array controller110A-D combined storage unit171A-F are used to quickly identify memory blocks containing control information. For example, storage controller110A-D can indicate the location of the memory block containing control information. It can be seen that the control information may be so large that part of the control information may be stored in multiple locations, e.g. for redundancy, the control information may be stored in multiple locations, or the control information may be distributed differently across many memory blocks in on disk171A-F。
In an embodiment, the storage array controller110A-D can offload your device management duties from your drive171A-F of memory matrix102A-B by downloading from storage unit171A-F, control information describing the state of one or more blocks of memory on disk171A-F. Retrieve control information from storage unit171For example, A-F can be performed by the storage array controller110A-D query records171A-F for drive-specific control information location171A-F. storage unit171A-F can be configured to execute commands to activate storage drives171A-F identify the location of control information. Commands can be executed by a controller (not shown) associated with or otherwise available on the storage disk171A-F and may damage the disc171A-F scans a portion of each memory block to locate the memory block that contains memory cell control information171A-F. storage unit171A-F can respond by sending a response message to the storage array controller110A-D, contains the location of the memory cell control information171A-F. Response Receives the response message, the storage array controller110A-D can send a request to read data stored at the address associated with the control information location of the memory unit171A-F。
In other embodiments, the storage array controller110A-D also reduces the burden of managing devices from disk171A-F, storage disk management functions are performed in response to the received control information. Storage disk management functions may include, for example, functions normally performed by storage disks171A-F associated with a particular memory unit (eg controller (not shown))171A-F). Storage drive management functions may include, for example, ensuring that data is not written to bad memory blocks on the storage drive171A-F, ensuring data is written to memory blocks on disk171A-F for proper wear compensation, etc.
In an embodiment, the storage array102A-B can implement two or more storage array controllers110announcement. For example, storage arrays102A may include storage array controllers110and storage array controller110B. Only one storage array controller per instance110A-D (such as storage array controller1101) Storage system100There can be master status (here also referred to as "primary controller") and other storage array controllers110A-D (such as storage array controller110A) May be assigned a secondary role (also referred to herein as "Assistant Controller"). Super administrators may have specific permissions, such as permission to change data on persistent storage resources170A-B (such as writing data to a persistent storage resource170A-B). At least some junior administrator privileges can override secondary administrator privileges. For example, secondary controllers may not have permission to change data on persistent storage resources170A-B when the main controller is correct. Storage Array Controller Status110A-D are subject to change. For example, storage array controllers110A can be marked as secondary state and storage array controller110B can be marked as the primary state.
In some implementations, a host controller, such as a storage array controller110A. Can act as the main controller of one or more storage arrays102A-B and a second controller, such as a storage array controller110B. Can be used as an additional controller for one or more storage arrays102A-B. For example, storage array controllers110A can be the main controller of the storage array102and memory board102B and storage array controller110B can be the secondary controller for the storage array102AI102B. Storage Array Controllers in Some Implementations110Ci110D (also called "Storage Handling Unit") cannot be a major or a minor. storage array controller110Ci110D, implemented as a storage processing unit that can act as a communication interface between the primary controller and the secondary controller (e.g.110AI110B, respectively) and storage array102B. For example storage array controller110memory board102A can send a registration request through the SAN158on memory board102B. A write request can be received by two storage array controllers110Ci110D storage matrix102B. Storage Array Controller110Ci110D Facilitates communication, such as sending write requests to the appropriate disk171A-F. It can be seen that, in some embodiments, a storage processing unit can be used to increase the number of storage units controlled by the primary and secondary controllers.
In an embodiment, the storage array controller110A-D is communicatively connected to one or more storage disks through an intermediate layer (not shown)171A-F and one or more NVRAM devices (not shown) that are part of the storage array102A-B. storage array controller110A-D can be connected to the middle layer through one or more data links, and the middle layer can be connected to the storage unit171Devices A-F and NVRAM on one or more data links. The data links described here are collectively referred to as data links108A-D and may include, for example, a Peripheral Interface Component Express ("PCIe") bus.
storage array controller101May include one or more processing devices104and Random Access Memory (“RAM”)111.processing device104(or controller101) means one or more general-purpose processing devices, such as microprocessors, central processing units, etc. More specifically, processing means104(or controller101) may be a Complex Instruction Set (“CISC”) Microprocessor, a Reduced Instruction Set (“RISC”) Microprocessor, a Large Instruction Set Word (“VLIW”) Microprocessor, or for any other instruction set or command instruction combination The processor. Processing device104(or controller101) may also be one or more special-purpose processing devices, such as application-specific integrated circuits ("ASICs"), user-programmable gate arrays ("FPGAs"), digital signal processors ("DSPs"), network processors, and the like.
processing device104Can be connected to RAM111via data link106, which can be implemented as a high-speed memory bus, such as a double data rate 4 (“DDR4”) bus. stored in memory111is the operating system112.In some embodiments, the instruction113stored in RAM111.instruct113May contain computer program instructions for performing operations on direct-mapped flash memory systems. In one application, a direct-mapped flash system is a system that directly addresses blocks of data on a flash drive without address translation by the flash controller.
In an embodiment, the storage array controller101Contains one or more host bus adapters103A-C connected to processing equipment104via data link105after Christ. In an embodiment, the central bus adapter103ACs can be computer hardware that connects host systems, such as storage array controllers, to other networks and storage arrays. Host bus adapters in some examples103A-C can be a fiber channel adapter with storage array controller enabled101To connect to the SAN, an Ethernet adapter that provides power to the storage array controller101Host bus adapter for LAN connection etc.103A-C can be connected to the processing unit104via data link105A-C, such as the PCIe bus.
In an embodiment, the storage array controller101May include host bus adapters114connect to extender115.they expand115Can be used to connect a host system to multiple drives. extender115For example, it could be a SAS extension to enable a host bus adapter114In the case of a host bus adapter connected to a storage disk114It is integrated as a SAS controller.
In an embodiment, the storage array controller101may include a switch116Connect to processing device104via data link109.change116Can be a computer hardware device that can create multiple endpoints from a single endpoint, allowing multiple devices to share a single endpoint. change116For example, it could be a PCIe switch connected to a PCIe bus (e.g.109) and have multiple PCIe connection points in the middle layer.
In an embodiment, the storage array controller101include a data link107Connect the storage array controller101to other storage array controllers. In some examples, data link107It can be QuickPath Interface (QPI).
Legacy storage systems that use legacy flash drives can apply this process to flash drives that are part of legacy storage systems. For example, higher-level storage system processes can start and control processes on flash drives. However, flash drives in traditional storage systems may contain their own storage controller, which also performs this process. Therefore, for a traditional storage system, both an upper-layer process (for example, started by the storage system) and a lower-layer process (for example, started by a storage controller of the storage system) can be implemented.
In order to solve various drawbacks of traditional storage systems, operations can be performed by upper-level processes instead of lower-level processes. For example, a flash system might contain flash drives that do not contain a storage controller that supports this process. Therefore, the operating system of the flash system itself can initiate and control this process. This can be achieved with a direct-mapped flash system, which directly addresses blocks of data on the flash drive without address translation by the flash controller.
The Flash System operating system can recognize and maintain a list of allocation units on multiple Flash System flash disks. An allocation unit can be an entire eraseblock or multiple eraseblocks. An operating system may maintain a direct-mapped address to erase address map or region of a flash drive block of a flash storage system.
Mapping directly to the flash drive erase block can be used to overwrite and erase data. For example, an operation may be performed on one or more allocation units including first data and second data, the first data being retained and the second data no longer being used by the flash memory system. The operating system can begin the process of writing the first data to a new location in the other allocation unit and erasing the second data and marking the allocation unit as available for subsequent data. This way, the process can only be performed by the flash system's higher-level operating system, without any additional lower-level processes being performed by the flash drive controller.
The advantage of this process being performed only by the operating system of the flash system is that the reliability of the flash disk of the flash system is improved because no unnecessary or redundant write operations are performed during this process. A possible innovation here is the idea of launching and controlling processes in the operating system of the flash system. Also, the process can be controlled by the operating system on multiple flash drives. This is in contrast to the process performed by the flash controller.
The storage system can be composed of two storage array controllers, which share a set of disks for failover, or one storage array controller, providing multi-disk storage services, or distributed storage network array controllers, each An array controller contains one or more disks or multiple flash memories, and NAS array controllers work together to provide integrated storage services and collaborate on all aspects of storage services, including storage allocation and garbage collection.
In one embodiment, the system117Includes Peripheral Component Interconnect ("PCI") dual flash storage devices.118Has an independent high-speed addressable memory. system117May contain a memory controller119. In one embodiment, the storage controller119A-D can be a CPU, ASIC, FPGA or any other circuit capable of implementing the control structures necessary according to the present disclosure. In one embodiment, the system117Include flash devices (for example, include flash devices120one-no), operatively connected to each channel of the storage device controller119.flash device120one-nocan be submitted to the controller119A-D as a set of addressable flash pages, erasable blocks, and/or controls sufficient to enable the storage device controller119A-D is used for all aspects of programming and downloading Flash. In one embodiment, the mass storage device controller119A-D can operate on flash devices120one-noIncludes content for storing and retrieving page data, cleaning and erasing any blocks, tracking statistics related to the use and reuse of flash pages, erasing blocks and cells, monitoring and predicting errors and error codes in flash memory, checking for and related The level trend of programming and downloading content from flash cells etc.
In one embodiment, the system117may contain memory121Used to store individually addressable high-speed recording data. In one embodiment, RAM121It can be one or more independent discrete devices. In another embodiment, RAM121Can be integrated with storage device controllers119A-D or multi-memory controller. plunger121It can also be used for other purposes such as program cache for processing devices such as CPUs in memory device controllers119.
In one embodiment, the system117may include energy storage122Such as batteries or capacitors. energy storage device122It can store enough energy to power the storage device controller119, a certain amount of RAM (e.g. RAM121) and some flash memory such as120one-120no) to allow enough time to write the contents of RAM to Flash. In one embodiment, the mass storage device controller119If the storage device controller detects a loss of external power, the A-D can write the contents of RAM to flash.
In one embodiment, the system117Includes two data links123one,123and.In an implementation of the data link123one,123andThese can be PCI interfaces. In another embodiment of the data link123one,123andMay be based on other communication standards (e.g. HyperTransport, InfiniBand, etc.). data link123one,123andPossibly based on the Non-Volatile Memory Express ("NVMe") or NVMe over Fabric ("NVMf") specification that allows external connections to storage device controllers119A-D from other components in the storage system117. It should be noted that the data link is interchangeably referred to herein as the PCI bus for convenience.
system117It may also include an external power supply (not shown), which can be powered by one or both datalinks123one,123andOr can be provided separately. Another implementation includes separate flash memory (not shown) to store RAM contents121.Storage device controller119A-D can represent a logical device on the PCI bus, which can include a fast writable logical device or a separate part of the logical address space of a mass storage device118, which can appear as PCI memory or persistent memory. In one embodiment, functions to be stored on the device point to RAM121.In the event of a power failure, the controller of the storage device119A-D can write storage associated with fast writable logical memory to flash (such as flash120one-no) for long-term permanent storage.
In one embodiment, a logical device may include some representation of some or all of the contents of a flash memory device120one-noWhen such an introduction enables a storage system containing storage devices118(e.g. storage system117) directly address flash memory pages and reprogram erased blocks directly from memory system components external to the memory device via the PCI bus. Presentation can also allow one or more external components to control and retrieve other aspects of flash memory, including some or all of the following: Tracking statistics related to the use and reuse of flash memory pages, erasing blocks and cells in flash memory devices? Monitor and predict error codes and errors within and between flash memory devices. Controls the voltage levels associated with programming and downloading the contents of the flash memory cells. ETC.
In one embodiment, the energy storage device122Might be sufficient to complete ongoing operations on the flash device120one-120noenergy storage device122Can power storage device controllers119A-D and related flash memory devices (such as120one-no) for these functions along with high-speed RAM storage in flash memory. energy storage device122Can be used to store cumulative statistics and other parameters stored and monitored by the flash device120one-noand/or mass storage device controller119. A separate capacitor or energy storage device (such as a smaller capacitor located nearby or built into the flash memory device itself) may be used for some or all of the functions described herein.
Various schemes can be used to monitor and optimize the service life of energy storage devices, such as adjusting voltage levels over time, partially discharging energy storage devices122Measure the relevant discharge characteristics, etc. If the available energy decreases over time, the effective available capacity of the fast write addressable memory may be reduced to provide safe writing based on currently available stored energy.
In one embodiment, two memory controllers (such as125oneI125and) provides storage services such as SCS), block storage arrays, file servers, object servers, database or data analysis services, etc. storage controller125one,125andServices can be provided through a range of network interfaces (such as126one-Hey) for hosting computers127one-nooutside the storage system124.warehouse inspector125one,125andIntegration services or applications can be provided entirely within the storage system124, to create a converged storage and computing system. warehouse inspector125one,125andHigh-speed storage can be used within or between storage devices119A-D Document ongoing operations to ensure no loss of operation in the event of a power failure, storage controller removal, storage controller or storage system shutdown, or failure of one or more software or hardware components in the storage system124.
In one embodiment, the controller125one,125andActs as a PCI master for one or more PCI buses128one,128and.In another embodiment,128oneI128andMay be based on other communication standards (e.g. HyperTransport, InfiniBand, etc.). Other memory system implementations may support memory controllers125one,125andMulti-master as two PCI lanes128one,128and.Alternatively, a PCI/NVMe/NVMf switching infrastructure or network can connect multiple storage controllers. Some storage system implementations may allow storage devices to communicate directly with each other, rather than just with the storage controller. In one embodiment, the mass storage device controller119oneIt can operate under the direction of the memory controller125oneUsed to synthesize and transfer data to be stored in a flash device from data stored in RAM (e.g.121z
In one embodiment, under the direction of the memory controller125one,125and, storage device controller119one,119andData can be computed and transferred from data stored in RAM to other storage devices such as121z
storage device controller119A-D may include mechanisms to implement high availability primitives for use by other parts of the storage system other than dual PCI storage devices118For example, a primary reserve or blocking element can be provided so that in a memory system with two memory controllers providing high availability memory services, one memory controller can prevent the other memory controller from accessing or continuing to access device storage. This can be used, for example, in cases where one controller detects that the other is not functioning properly, or where the connection between two storage controllers might not be functioning properly on its own.
In one embodiment, a storage system for use with PCI dual direct-mapped storage devices with high-speed independent memory addresses includes managing erase blocks or groups of erase blocks as allocation units to store data on behalf of or related to storage services. Metadata (such as indexes, logs, etc.) or properly manage the storage system itself. Flash pages can be several kilobytes in size and can be written as data comes in, or when the storage system is expected to retain data for a long time (for example, beyond a certain time limit). To commit data faster or to reduce the number of writes to a flash device, the memory controller can first write the data to individually addressable high-speed memory in another memory device.
In one embodiment, the memory controller125one,125andThe use of erase blocks can be initiated within and between storage devices (eg, 118 ) based on the age and expected remaining life of the storage devices or other statistics. warehouse inspector125one,125andIt initiates garbage collection and migrates data between storage devices based on pages that are no longer needed, manages the lifecycle of flash pages and blocks, and manages overall system performance.
In one embodiment, the storage system124Mirror encoding and/or erasure schemes may be used as part of storing data in high-speed addressable memory and/or as part of writing data to allocation units associated with erase blocks. Erase codes can be used across different storage devices, as well as erase blocks or allocation units, or within and between flash devices on a single storage device to provide redundancy in case one or more storage devices fail or to prevent internal flash memory from being corrupted Memory page faults caused by flash operations or flash cell degradation. Different levels of mirroring and deletion can be used to recover from many types of failures occurring individually or in combination.
Referring to the example shown
A storage cluster can be contained within an enclosure, that is, an enclosure that houses one or more storage nodes. Mechanisms for providing power to each storage node, such as a power distribution bus, and communication mechanisms, such as a communication bus enabling communication between the storage nodes, are contained within the enclosure. According to some embodiments, a storage cluster may operate as a standalone system at one location. In one embodiment, the enclosure includes at least two instances of power distribution and fieldbus that can be turned on or off independently. The internal communication bus can be an Ethernet bus, but other technologies such as PCIe, InfiniBand, etc. are also suitable. The enclosure provides a port for external fieldbus, allowing multiple enclosures to communicate with client systems either directly or through a switch. External communications may use technologies such as Ethernet, InfiniBand, Fiber Channel, etc. In some embodiments, the external communication bus communicates between enclosures and with clients using various communication bus technologies. If a switch is deployed within or between cabinets, it can act as a translator between multiple protocols or technologies. When multiple chassis are combined to define a storage cluster, clients can access the storage cluster using proprietary or standard interfaces such as Network File System (“NFS”), Common Internet File System (“CIFS”), Microcomputer System Interface ( "SCSI") or Hypertext Transfer Protocol ("HTTP"). Conversion from the client protocol can be performed on the switch, on the frame's external communication bus, or on each storage node. In some applications, multiple chassis can be coupled or interconnected through an aggregation switch. Some and/or all coupled or combined enclosures may qualify as storage clusters. As noted above, each enclosure may have multiple blades, each with a Media Access Control ("MAC") address, but in some implementations the storage cluster is presented to the external network as having one cluster IP address and one MAC address.
Each memory node can be one or more memory servers, and each memory server is connected with one or more non-volatile semiconductor memory modules, which can be called memory modules or memory devices. One embodiment includes a single storage server and one to eight non-volatile semiconductor memory modules per storage node, however, this example is not intended to be limiting. A storage server may include a processor, DRAM, and interfaces for an internal communication bus and power distribution for each power bus. Within a storage node, the interface and storage units share a communication bus in some implementations, such as PCI Express. The non-volatile semiconductor memory module can directly access the internal communication bus interface through the storage node communication bus, and can also request the storage node to access the bus interface. A semiconductor non-volatile memory module includes an integrated processor, a semiconductor memory controller, and an amount of semiconductor memory, such as from 2 to 32 terabytes ("TB") in some embodiments. Semiconductor non-volatile memory modules contain integrated volatile storage media, such as DRAM, and power backup devices. In some embodiments, the backup power device is a capacitor, supercapacitor, or battery that allows a subset of the DRAM content to be transferred to a stable storage medium in the event of a power outage. In some embodiments, the non-volatile semiconductor memory modules consist of memory-type memories such as phase-change memory or magnetic-inductive random-access memory (“MRAM”), which replace DRAM and implement low-power backup devices.
One of the many properties of solid-state and non-volatile storage nodes is the ability to actively rebuild data in the storage cluster. Storage nodes and non-volatile solid-state storage can determine when a storage node or non-volatile solid-state storage in a storage cluster is inaccessible, regardless of whether data is attempted to be read to that storage node or non-volatile storage solid-state storage. The storage nodes and nonvolatile solid-state memory then work together to retrieve and reconstruct the data in at least some of its new locations. This is an active rebuild in which the system rebuilds the data without waiting until it needs to use the storage cluster to start reading it from the client system. These and further details regarding the storage memory and its operation are discussed below.
per storage node150There can be multiple elements. In the implementation shown here, a storage node150Includes a printed circuit board159load processor156i.e. processor, memory154combined with the processor156and non-volatile semiconductor memory152combined with the processor156Although in further embodiments other mounts and/or components may be used. memory154Instructions executed by the CPU156and/or data processed by the CPU156. As described below, semiconductor nonvolatile memory152Including flash memory or, in further applications, other types of semiconductor memory.
Refers
In some implementations, every piece of data and every piece of metadata is redundant in the system. In addition, each data segment and each metadata segment has an owner, which can be called an authority. If this is not accessible, for example due to a storage node failure, have a succession plan for how to find that data or metadata. In various implementations, there are redundant copies of licenses168.in principle168Related to storage nodes150and non-volatile semiconductor memory152In some embodiments. each organ168, consisting of a series of data segment numbers or other data identifiers that can be assigned to a specific non-volatile semiconductor memory152.In some embodiments, authorities168For all these areas, they are broken down in non-volatile semiconductor memory152storage cluster. per storage node150It has a network port and can access non-volatile semiconductor memory152the storage node150.Data can be stored on partitions that are associated with a partition number and, in some implementations, that partition number is a proxy for a Redundant Array of Independent Disks (RAID) stripe configuration. Grant and use of rights168A redirection of the data is thereby established. Indirectness can be defined as the ability to reference data indirectly, in this case through an authority168, according to some embodiments. This section specifies a group of non-volatile semiconductor memory152and a local identifier for the entire non-volatile semiconductor memory152It may contain data. In some embodiments, the local identifier is transferred to the device and may be reused sequentially by multiple segments. In other implementations, the local ID is unique to a particular segment and never used again. Changes in Non-Volatile Semiconductor Memory152Used to locate data to be written or read from nonvolatile semiconductor memory152(in the form of a RAID strip). Data is distributed across multiple semiconductor non-volatile memory cells152, which may include or differ from nonvolatile semiconductor memory152have power168for specific data.
If the location of a particular piece of data is changed, for example when transferring data or rebuilding data, permissions168For this data segment should be checked in the non-volatile semiconductor memory152or storage node150have this power168. To locate a specific data block, the embedding calculates the hash value of the data block or uses the inode number or data slice number. The output of this function points to the non-volatile semiconductor memory152have power168for that particular data. In some embodiments, this operation includes two steps. The first step maps entity identifiers (IDs), such as segment numbers, inode numbers, or directory numbers, to authorization identifiers. This mapping may include computations such as hashing or bitmasks. In the second step, the authorization ID is mapped to a specific non-volatile semiconductor memory152This can be done with explicit mapping. Operations are repeatable so that when calculations are performed, calculation results are repeatedly and reliably displayed for a specific nonvolatile semiconductor memory152have this power168. This function can take a set of accessible storage nodes as input. If the set of accessible non-volatile memory modules changes, the optimal set changes. In some implementations, the maintained value is the current allocation (always true), and the computed value is the target allocation that the cluster will attempt to reconfigure. These calculations can be used to determine the best non-volatile semiconductor memory152Equip the instrument with a bank of non-volatile semiconductor memory152They are accessible and form the same cluster. The calculation also identified a set of equivalent semiconductor nonvolatile memory ordered152It also records NVM map permissions so that permissions can be set even if allocated NVM is inaccessible. copy or substitute permission168Can consult authority168Not available in some implementations.
about
In some systems, such as the UNIX file system, data is manipulated using inodes, or inodes, which define the data structures that represent objects in the file system. For example, an object can be a file or a directory. Metadata can accompany objects, including attributes such as license data and creation timestamps. Segment numbers can be assigned to all or some of these objects in the file system. In other systems, data segments are addressed by segment numbers assigned elsewhere. For the purposes of this discussion, a distribution unit is an entity, and a unit can be a file, directory, or partition. That is, an entity is a unit of data or metadata stored by a storage system. Entities are grouped into collections called principals. Each permission has a permission owner, which is a storage node with exclusive rights to update entities in the permission. In other words, storage nodes contain permissions, which in turn contain entities.
According to some implementations, a segment is a logical container for data. A segment is the address space between the intermediate address space and the physical flash location, which is the data segment number within that address space. Segments can also contain metadata, allowing you to restore data redundancy (rewriting to a different location or flash device) without involving higher-level software. In one embodiment, the internal format of the segment includes client data and a media map to locate the data. Each data segment is protected against memory and other failures, for example, by dividing the segment into multiple data segments and parity where applicable. Data and parity segments are allocated in non-volatile semiconductor memory, i.e. interspersed with152Connect to host processor156(I understand
A series of address space translations occur throughout the storage system. At the top are directory entries (filenames) pointing to inodes. Inodes show the average address space where data is logically stored. Bearer addresses can be mapped using a series of intermediate bearers to distribute the load of large files or to implement data services such as replication or snapshots. Bearer addresses can be mapped using a series of intermediate bearers to distribute the load of large files or to implement data services such as replication or snapshots. The segment addresses are then translated into physical flash locations. According to some implementations, the address range of the physical flash locations is limited by the amount of flash in the system. Carrier addresses and segment addresses are logical containers, almost infinite in some implementations using identifiers of 128 bits or more, with a calculated probability of reuse greater than the expected lifetime of the system. In some implementations, addresses from logical containers are distributed hierarchically. 1. Any non-volatile semiconductor memory module152You can allocate a range of address spaces. Within this allocation, non-volatile semiconductor memory152It is capable of assigning addresses without synchronization with other non-volatile semiconductor memories152.
Data and metadata are stored by a set of underlying memory chips optimized for various workload patterns and storage devices. These layouts include various redundancy schemes, compression formats, and indexing algorithms. Some of these layouts store information about permissions and permission modes, while others store file metadata and file data. Redundancy schemes include error-correcting codes to tolerate bad bits on a single storage device (such as a NAND flash chip), erasure codes to tolerate failures of multiple storage nodes, and replication schemes to tolerate data center or local data failures. In some embodiments, low density parity check ("LDPC") codes are used in the memory cells. Reed-Solomon encoding is used for storage clusters, and in some implementations, mirroring is used for storage networks. Metadata can be stored using a sorted index of a structured log file (such as a structured log merge tree), while large data may not be stored in a structured log layout.
To maintain consistency among multiple copies of an entity, storage nodes implicitly agree to two things through computation: (1) the authority containing the entity, and (2) the storage nodes containing the authority. Mapping entities to principals can be done by pseudo-randomly mapping entities to principals, dividing entities into ranges based on an externally generated key, or placing one entity in each principal. Examples of pseudo-random schemes are linear hashing and the family of replicating ("RUSH") hashes under scalable hashing, including controlled replication with scalable hashing ("CRUSH"). In some implementations, pseudo-random assignment is only used to assign permissions to nodes, since the set of nodes may change. The power set cannot be changed, so any arbitrary function can be used in these implementations. Some deployment scenarios automatically set permissions on storage nodes, while others rely on explicitly assigning permissions to storage nodes. In some implementations, each permission is matched with a set of candidate permission holders using a pseudo-random scheme. The pseudo-random data distribution function associated with CRUSH can assign permissions to storage nodes and generate a list of assigned permissions. Each storage node has a copy of the pseudo-random data distribution function and can receive the same computations to distribute and find or locate instruments later. Every pseudo-random scheme requires a set of feasible storage nodes as input in some implementations to contain the same target node. Once the entity is on the desktop, the entity can be stored on a physical device so that any anticipated failure does not result in unexpected data loss. In some implementations, the rebalancing algorithm attempts to store copies of all entities in the principal on the same system and set of machines.
Examples of anticipated disruptions include equipment failure, stolen machinery, data center fires, and regional disasters such as nuclear or geological events. Different failures result in varying degrees of acceptable data loss. In some examples, the theft of a storage node affects neither the security nor the reliability of the system, whereas a local event may result in no data loss, seconds, or minutes depending on the system configuration. Lost updates, or even complete data loss.
In an implementation, data placement for storage redundancy is independent of permission placement for data integrity. In some implementations, storage nodes containing permissions do not contain any persistent storage. Instead, storage nodes are attached to non-volatile semiconductor storage units that contain no permissions. The communication link between the storage node and the semiconductor non-volatile memory module consists of multiple communication technologies with non-uniform performance and fault tolerance characteristics. In some embodiments, as described above, the non-volatile solid-state storage units are connected to storage nodes through PCI Express, the storage nodes are interconnected in a single cabinet through Ethernet backplanes, and the cabinets are interconnected to form a storage cluster. In some examples, the storage cluster is connected to the clients via Ethernet or Fiber Channel. If multiple storage clusters are configured as a storage grid, the multiple storage clusters are connected via the Internet or other long-distance network connections such as metro connections or dedicated connections that do not connect to the Internet.
Rights holders have exclusive rights to modify drives, transfer drives from one non-volatile SSD to another, and add and remove duplicate drives. This allows you to maintain redundancy of the underlying data. When an entitlement holder fails, decommissions, or becomes overloaded, entitlements are moved to new storage nodes. Intermittent failures don't make it trivial to ensure that all unaffected machines agree to the new license location. Manual intervention by a remote system administrator or local hardware administrator (for example, physically removing a faulty machine from the cluster or pressing a broken machine). In some implementations, a consensus protocol is used and redirection is automatic. According to some embodiments, if too many failures or replication events occur in a very short period of time, the system enters a self-maintenance mode and suspends replication and data movement activities until an administrator intervenes.
When entitlements are transferred between storage nodes and entitlement holders update drives to their entitlements, the system sends messages between storage nodes and semiconductor persistent memory drives. For persistent messages, messages with different purposes belong to different types. Depending on the message type, the system maintains various ordering and durability guarantees. As persistent messages are processed, they are cached on various persistent and non-persistent storage hardware technologies. In some implementations, messages are stored in RAM, NVRAM, and NAND flash devices, and different protocols are used to efficiently use each storage medium. Latency-sensitive client requests can be kept in replicated NVRAM and then in NAND, while background rebalance operations are kept directly in NAND.
Persistent messages are stored permanently until sent. This allows the system to continue servicing customer requests in the event of component failure and replacement. While many hardware components contain unique identifiers visible to the continuous monitoring of system administrators, manufacturers, hardware supply chains, and quality control infrastructure, applications running on infrastructure addresses virtualize the addresses. These virtual addresses do not change during the life of the storage system, whether components fail or are replaced. This allows each component of the storage system to be replaced over time without reconfiguration or interruption in processing customer requests, i.e. the system supports non-disruptive updates.
In some implementations, virtualized addresses are stored with sufficient redundancy. A continuous monitoring system correlates hardware and software status with hardware identifiers. This enables the detection and prediction of failures caused by faulty components and construction details. In some implementations, monitoring systems also allow for the proactive removal of authorities and entities from affected devices before a failure occurs, by removing an element from the critical path.
storage cluster161In the various embodiments disclosed herein, a memory array may generally be contrasted. storage node150They are part of the collection that makes up the storage cluster161.per storage node150Owns the data parts and computations needed to pass the data. multiple storage nodes150Work together to store and retrieve data. Storage or storage devices, usually used in storage arrays, less concerned with data processing and manipulation. Storage or storage devices in a storage array receive commands to read, write or delete data. The storage or storage devices in a storage array are unaware of the larger system in which they are embedded or the importance of the data. A storage device or storage array can include various types of storage such as RAM, solid state drives, hard drives, etc. storage unit152There are multiple interfaces described in this document that are simultaneously active and used for multiple purposes. In some implementations, some functionality of the storage node150transfer to warehouse152, transform the storage unit152in storage unit combination152and storage center150. put computation (for stored data) in one memory unit152This brings processing closer to the data itself. Different implementations of the system have a hierarchy of storage nodes with different functions. In a storage array, by contrast, a controller owns and understands all the data it manages in a rack or storage device. in the storage cluster161Multiple controllers on multiple memory modules as described here152and/or storage nodes150They work together in various ways (e.g. erasure coding, data fragmentation, metadata communication and redundancy, increasing or decreasing storage capacity, data recovery, etc.).
In some implementations, physical storage is divided into named areas based on application usage. NVRAM memory204is a contiguous block of memory allocated in the memory unit152napatech216And backed by NAND flash memory. non-volatile memory204Logically divided into multiple memory regions, written for two buffers (e.g. spool_region). Space in NVRAM204Reels are managed by each institution168independently. Each device provides a certain amount of data storage for each permission168.this principle168It also manages life and distribution in this space. Examples of queues include distributed transactions or concepts. When the main power supply to the energy storage unit152In the event of a failure, a built-in super capacitor provides a small backup power supply. During this wait, the contents of NVRAM204flash to flash206.The contents of NVRAM will be saved at the next boot204Retrieve from flash206.
For the controller of the storage unit, assign the logical "controller" responsibility to each blade server containing the authority168. This logical control arrangement is shown in
at the compute and storage level256,258z
still mentioned
why the authorities168They are stateless and they can migrate between blades252.Each organ168has a unique identifier. non-volatile memory204and blink206parts connected to authorities168badges, not blades252Some of them are working. so when the organ168migration power168It still manages the same buckets from the new location. when a new blade252Installed in the storage cluster variant, the system automatically balances the load by: Partitioning the new blade server252storage for system privileges168, migration of selected institutions168get a new blade252, the primary endpoint272on a new blade252and integrate them into the switch fabric146Customer call distribution algorithm.
Authorities move out of new location168Save the contents of NVRAM204pop-up party206, to handle read and write requests from other permissions168and satisfy the client request at the endpoint272Give them directly. Likewise, if the blade252fails or is removed, the system redistributes its power168Between other blades in the system252.Reassign permissions168They continue to perform their original functions at the new location.
Οι εφαρμογές που περιγράφονται εδώ μπορεί να χρησιμοποιούν διάφορα πρωτόκολλα λογισμικού, επικοινωνίας και/ή δικτύου. Επιπλέον, η διαμόρφωση υλικού και/ή λογισμικού μπορεί να προσαρμοστεί σε διαφορετικά πρωτόκολλα. Για παράδειγμα, οι ενσωματώσεις μπορούν να χρησιμοποιούν το Active Directory, το οποίο είναι ένα σύστημα που βασίζεται σε βάση δεδομένων και παρέχει έλεγχο ταυτότητας, κατάλογο, πολιτική και άλλες υπηρεσίες σε περιβάλλον WINDOWS™. Σε αυτές τις υλοποιήσεις, το LDAP (Lightweight Directory Access Protocol) είναι ένα υποδειγματικό πρωτόκολλο εφαρμογής για την αναζήτηση και την τροποποίηση στοιχείων σε παρόχους υπηρεσιών καταλόγου όπως η Active Directory. Σε ορισμένες υλοποιήσεις, ένας διαχειριστής κλειδώματος δικτύου ("NLM") χρησιμοποιείται ως εργαλείο που λειτουργεί σε συνδυασμό με το σύστημα αρχείων δικτύου ("NFS") για την παροχή συμβουλευτικών αρχείων και εγγραφών τύπου System V στο δίκτυο. Το πρωτόκολλο Μπλοκ μηνυμάτων διακομιστή ("SMB"), μία έκδοση του οποίου είναι επίσης γνωστή ως Κοινό Σύστημα Αρχείων Διαδικτύου ("CIFS"), μπορεί να ενσωματωθεί με τα συστήματα αποθήκευσης που αναφέρονται εδώ. Το SMP λειτουργεί ως πρωτόκολλο δικτύωσης επιπέδου εφαρμογής, το οποίο συνήθως χρησιμοποιείται για την παροχή κοινής πρόσβασης σε αρχεία, εκτυπωτές και σειριακές θύρες και διάφορες επικοινωνίες μεταξύ κόμβων σε ένα δίκτυο. Η SMB παρέχει επίσης έναν πιστοποιημένο μηχανισμό επικοινωνίας μεταξύ των διεργασιών. Το AMAZON™ S3 (Simple Storage Service) είναι μια διαδικτυακή υπηρεσία που προσφέρεται από την Amazon Web Services και τα συστήματα που περιγράφονται εδώ μπορούν να συνδεθούν στο Amazon S3 μέσω διεπαφών υπηρεσιών web (REST (αναπαραστατική μεταφορά κατάστασης), SOAP (πρωτόκολλο πρόσβασης απλού αντικειμένου) και BitTorrent). Ένα RESTful API (Application Programming Interface) αναλύει μια συναλλαγή σε μια σειρά από μικρές ενότητες. Κάθε ενότητα ασχολείται με ένα συγκεκριμένο βασικό μέρος της συναλλαγής. Ο έλεγχος ή τα δικαιώματα που παρέχονται σε αυτές τις υλοποιήσεις, ειδικά για δεδομένα αντικειμένων, μπορεί να περιλαμβάνουν τη χρήση μιας λίστας ελέγχου πρόσβασης ("ACL"). Ένα ACL είναι μια λίστα δικαιωμάτων που εκχωρούνται σε ένα αντικείμενο και ένα ACL ορίζει ποιοι χρήστες ή διεργασίες συστήματος έχουν πρόσβαση σε αντικείμενα και ποιες λειτουργίες επιτρέπονται σε αυτά τα αντικείμενα. Τα συστήματα μπορούν να χρησιμοποιούν Πρωτόκολλο Διαδικτύου Έκδοση 6 ("IPv6") καθώς και IPv4 ως πρωτόκολλο επικοινωνίας που παρέχει ένα σύστημα για την αναγνώριση και τον εντοπισμό υπολογιστών σε ένα δίκτυο και τη διεύθυνση της κυκλοφορίας στο Διαδίκτυο. Η δρομολόγηση πακέτων μεταξύ συστημάτων δικτύου μπορεί να περιλαμβάνει δρομολόγηση πολλαπλών διαδρομών ίσου κόστους ("ECMP"), η οποία είναι μια στρατηγική δρομολόγησης όπου η επόμενη προώθηση πακέτων σε έναν μόνο προορισμό μπορεί να πραγματοποιηθεί σε πολλαπλές "καλύτερες διαδρομές" που συνδέονται με την κορυφή τον υπολογισμό της μετρικής δρομολόγησης. Η δρομολόγηση πολλαπλών διαδρομών μπορεί να χρησιμοποιηθεί σε συνδυασμό με τα περισσότερα πρωτόκολλα δρομολόγησης επειδή είναι μια απόφαση ανά hop που περιορίζεται σε έναν μόνο δρομολογητή. Το λογισμικό μπορεί να υποστηρίξει το Multi-tenancy, το οποίο είναι μια αρχιτεκτονική στην οποία ένα μόνο παράδειγμα εφαρμογής εξυπηρετεί πολλούς πελάτες. Οποιοσδήποτε πελάτης μπορεί να ονομαστεί μισθωτής. Σε ορισμένα παραδείγματα, οι ενοικιαστές ενδέχεται να μπορούν να προσαρμόσουν ορισμένα μέρη της εφαρμογής, αλλά δεν μπορούν να προσαρμόσουν τον κωδικό της εφαρμογής. Οι ενσωματώσεις ενδέχεται να διατηρούν αρχεία καταγραφής ελέγχου. Ένα αρχείο καταγραφής ελέγχου είναι ένα έγγραφο που καταγράφει ένα συμβάν σε ένα σύστημα υπολογιστή. Εκτός από την τεκμηρίωση των πόρων που έχουν προσπελαστεί, οι εγγραφές αρχείου καταγραφής ελέγχου περιλαμβάνουν συνήθως διευθύνσεις προορισμού και πηγής, χρονικές σημάνσεις και πληροφορίες σύνδεσης χρηστών για να διασφαλιστεί η συμμόρφωση με διάφορους κανονισμούς. Οι ενσωματώσεις ενδέχεται να υποστηρίζουν διάφορες πολιτικές διαχείρισης κλειδιών, όπως εναλλαγή κλειδιού κρυπτογράφησης. Επιπλέον, το σύστημα μπορεί να υποστηρίξει δυναμικούς κωδικούς πρόσβασης root ή ορισμένες παραλλαγές κωδικών πρόσβασης που αλλάζουν δυναμικά.
In the example shown
cloud service provider302was presented to
In the example shown
In the example shown
Although not explicitly mentioned
activate storage system306and storage system users306Using services provided by cloud service providers302A cloud migration process may occur in which data, applications, or other assets from an organization's internal systems (or even from another cloud environment) are transferred to a cloud service provider302.Successfully migrate data, applications, or other assets to a cloud service provider302Environment, middleware, such as cloud migration tools, can be used to bridge the gap between cloud service providers302environment and organizational context. Such cloud migration tools can also be configured to account for potentially high network costs and long transfer times associated with migrating large amounts of data to cloud service providers302and raising concerns about the security of sensitive data with cloud service providers302via data network. In order to further activate the storage system306and storage system users306Using services provided by cloud service providers302, Cloud Orchestrator can also be used to organize and coordinate automation tasks to create a unified process or workflow. Such a cloud coordinator can perform tasks such as configuring various components (whether cloud or local) and managing the interfaces between these components. A cloud orchestrator simplifies communication and connectivity between components to ensure links are properly set up and maintained.
In the example shown
cloud service provider302It can also be configured to provide access to virtual computing environments on storage systems306and storage system users306. Such virtual computing environments may be, for example, virtual machines or other virtualized computer hardware platforms, virtual storage devices, virtual computer network resources, and the like. Examples of such virtualization environments include virtual machines created to emulate real computers, virtual desktop environments that separate logical desktops from physical computers, virtual file systems that allow uniform access to different types of specific file systems, and more.
For further clarification,
Storage System306was presented to
Warehouse resources308was presented to
Examples of storage systems306was presented to
Examples of storage systems306was presented to
Storage System306was presented to
Storage System306was presented to
Storage System306was presented to
software resources314It may also include software useful for implementing software-defined storage ("SDS"). In one such example, the software resource314may include one or more segments of computer program instructions which, when executed, may be used to provide and manage policy-based data storage independent of the underlying hardware. Such software resources314In storage virtualization applications, it can be useful to separate the storage hardware from the software that manages the storage hardware.
software resources314May also include software that helps facilitate and optimize routing of I/O operations to storage resources308in the storage system306. For example, software resources314Software modules that perform various data reduction techniques, such as data compression, data deletion, etc., may be included. software resources314May contain software modules that intelligently group I/O operations to help better utilize underlying storage resources308, a software module performing a data migration function of migrating from a storage system, and a software module performing other functions. Such software resources314They can be implemented as one or more software containers or in many other ways.
Readers will appreciate the existence of such software resources314Can provide a better user experience for your storage system306, the function extension supported by the storage system306and many other benefits. Consider the concrete example of a software component314Implement data backup techniques whereby data stored on storage systems can be backed up and stored in a separate location to prevent data loss in the event of hardware failure or other forms of disruption. In such examples, the system described in this document can perform backup operations more reliably (and with less user overhead) than interactive backup management systems that require a high degree of user interaction, provide less reliable automation and feature sets, etc. ). .
For further clarification,
cloud-based storage system318was presented to
In the example method shown
Consider an example of a cloud computing environment316The integration is AWS, and the cloud computing instance is integrated as an EC2 instance. In such an example, AWS offers several types of EC2 instances. For example, AWS offers a general-purpose set of EC2 instances that include varying levels of memory and processing power. In this example, a cloud computing instance320As the main controller, it can be deployed on one of the instance types with large memory and processing power, while the cloud computing instance322An instance acting as a secondary controller can be deployed on one of the instance types with relatively small amounts of memory and processing power. In such an example, after a failover event where the primary and secondary roles switch, a double failover can occur such that: 1) the first failover event occurs for the cloud instance322Formerly the secondary controller, became the primary controller, and 2) a third cloud computing instance (not shown), which is an instance type with a relatively large amount of memory and processing power to store the controller application, where the third The cloud computing instance begins to act as the master controller, and the cloud computing instance322What used to be a secondary controller starts working as a secondary controller again. In this example, a cloud computing instance320Acts previously acting as primary controllers may be terminated. Readers will appreciate this in an alternative implementation of cloud computing320After a failure, it can continue to act as a slave controller and cloud computing instance as a slave controller322The controller acting as master after a failover event can be terminated when a third cloud computing instance (not shown) assumes the master role.
The reader will understand that although the above embodiments relate to embodiments involving cloud computing instances320As the primary controller and second instance of cloud computing322As a secondary controller, other applications are within the scope of this disclosure. For example, any cloud computing instance320,322It can act as the master controller for certain parts of the address space served by the cloud storage system318, each cloud computing instance320,322It can act as a master controller where I/O operations are routed to cloud-based storage systems318They are divided in different ways, etc. In fact, in other implementations where cost savings may outweigh performance requirements, there may be only one cloud computing instance containing the storage controller application. In such instances, repairing a controller failure may take longer because a new cloud instance containing the storage controller application needs to be launched, while the previously created cloud instance will take over the role of handling I/O operations. Otherwise, it will be handled by the failed cloud computing presence.
cloud-based storage system318was presented to
In the example shown
In the example shown
In the example shown
Readers will appreciate when a data write request is received from a particular cloud computing instance340one,340and,340nowith local storage330,334,338, the software daemon328,332,336or other computer program command unit that runs on a particular cloud computing instance340one,340and,340noNot only can it be configured to store data in its own local storage330,334,338resource and any associated storage blocks342,344,346Provided by cloud computing environment316But software daemons328,332,336or other computer program command unit that runs on a particular cloud computing instance340one,340and,340noIt can also be configured to store data in cloud object storage348It connects to a specific cloud computing instance340one,340and,340no.Cloud-based object storage348It connects to a specific cloud computing instance340one,340and,340noFor example, it could be Amazon Simple Storage Service (“S3”) storage accessed by a particular cloud computing instance340one,340and,340no. In other embodiments, the cloud computing instance320,322Each contains a storage controller application324,326You can start saving data to local storage330,334,338Cloud computing instance340one,340and,340noand cloud-based object storage348.
Readers will appreciate the above cloud storage systems318Can be used to provide block storage services to users of cloud storage systems318.when saving locally330,334,338resources and memory blocks342,344,346Resources used by cloud computing instances340one,340and,340noCan support block-level access, cloud object storage348It connects to a specific cloud computing instance340one,340and,340noOnly object access is supported. To solve this problem, the software daemon328,332,336or other computer program command unit that runs on a particular cloud computing instance340one,340and,340noCan be configured to receive chunks of data, package those chunks into objects, and store the objects in cloud object storage348It connects to a specific cloud computing instance340one,340and,340N.
Consider an example of writing data to local storage330,334,338resources and memory blocks342,344,346Resources used by cloud computing instances340one,340and,340noin 1MB blocks. In such an example, assume that a user of a cloud storage system318Send requests to write data, compressed and decompressed by the storage controller application324,326As a result, 5 MB of data needs to be saved. In this example, save the data to local storage330,334,338resources and memory blocks342,344,346Resources used by cloud computing instances340one,340and,340noIt's relatively simple, since five 1 MB chunks are written to local memory330,334,338resources and memory blocks342,344,346Resources used by cloud computing instances340one,340and,340no.In this example, the software daemon328,332,336or other computer program command unit that runs on a particular cloud computing instance340one,340and,340noCan be configured to: 1) Create the first object containing the first 1MB of data and store the first object in Cloud Object Storage3482) Create a second object containing the second 1MB of data and save the second object to cloud object storage3483) Create a third object containing the third 1MB of data and store the third object in Cloud Object Storage348, etc. Therefore, in some implementations, any object stored in cloud object storage348They may be the same size (or nearly the same size). The reader will understand that in such examples, metadata related to the data itself may be included in each object (eg, the first 1MB of the object is data, and the rest is metadata related to the data).
Readers will appreciate cloud-based object storage348Can be integrated into cloud storage systems318Increase the elasticity of cloud storage system318.Continuing the example described above, there is an instance of cloud computing340one,340and,340nois an EC2 instance, the reader will understand that the guaranteed monthly availability of an EC2 instance is only 99.9%, and that data stored in local instance storage is only retained for the lifetime of the EC2 instance. Therefore, relying on cloud computing instances340one,340and,340nowith local storage330,334,338As the sole source of persistent data storage in cloud storage systems318May result in a relatively unreliable storage system. Likewise, EBS volumes are designed for 99.999 percent availability. Therefore, even when relying on EBS as a persistent data store in a cloud-based storage system318The storage system may not be durable enough. However, Amazon S3 is designed to be 99.999999999% durable, which means that the cloud-based storage system318Software that can integrate S3 into its storage pool is more durable than various other options.
Readers will appreciate this when using cloud-based storage systems318The approach that can integrate S3 into its storage is more robust than various other options because using S3 as primary storage results in relatively slow response times and relatively long I/O latencies for the storage system. Therefore, cloud-based storage systems318was presented to
In some embodiments, all data is stored by the cloud storage system318Can be stored in: 1) cloud object storage;3482) At least one local repository330,334,338resource or memory block342,344,346Resources used by cloud computing instances340one,340and,340no.In such an embodiment, the local storage330,334,338resources and memory blocks342,344,346Resources used by cloud computing instances340one,340and,340noIt effectively acts as a cache and typically contains all data that is also stored in S3 so that all data reads can be handled by the cloud compute instance340one,340and,340nowithout e.g. cloud computing340one,340and,340noAccess cloud object storage348.However, the reader will understand that in other applications, all data is stored by cloud-based storage systems318Can be stored in cloud object storage348, but less than all the data stored in the cloud storage system318Can be stored in one or more local repositories330,334,338resource or memory block342,344,346Resources used by cloud computing instances340one,340and,340no.In such examples, different rules can be applied to determine which subset of data is stored by the cloud-based storage system318They should be in both: 1) cloud object storage;3482) At least one local repository330,334,338resource or memory block342,344,346Resources used by cloud computing instances340one,340and,340N.
As mentioned above, when it comes to cloud computing case340one,340and,340nowith local storage330,334,338Embedded as EC2 instance, cloud computing instance340one,340and,340nowith local storage330,334,33899.9% monthly uptime is guaranteed only, and data stored in local storage is only retained for the lifetime of each cloud computing instance340one,340and,340nowith local storage330,334,338.thus, one or more units of computer program instructions running on a cloud-based storage system318(such as a monitoring unit running its own EC2 instance) can be designed to handle the failure of one or more cloud computing instances340one,340and,340nowith local storage330,334,338.In such an example, the monitoring unit can handle the failure of one or more cloud computing instances340one,340and,340nowith local storage330,334,338Create one or more new cloud instances using local storage, restore data stored in failed cloud instances340one,340and,340noFrom storing objects in the cloud348and store data retrieved from object storage in the cloud348to local storage in the newly created cloud computing instance. The reader will appreciate that many variations of this process can be applied.
Consider an example where all cloud computing instances340one,340and,340nowith local storage330,334,338lost. In such an example, the monitoring unit may create a new local cloud computing instance, where the high-bandwidth instance type is selected to allow maximum data transfer rates between the newly created high-bandwidth cloud instance and the cloud object store348.Readers will appreciate the choice of instance types that enable maximum data transfer rates between new cloud computing instances and cloud-based object storage348This way new high-bandwidth cloud computing instances can be populated with data from cloud object storage348as soon as possible. When new high-bandwidth cloud computing instances are rehydrated with data from cloud object storage348, cheaper low-bandwidth cloud instances can be created, data can be migrated to cheaper low-bandwidth cloud instances, and high-bandwidth cloud instances can be terminated.
Readers will note that in some implementations, the number of new cloud computing instances created may far exceed the number of cloud computing instances required to locally store all the data stored by the cloud-based storage system.318.The number of new cloud computing instances created may far exceed the number of cloud computing instances required to locally store all the data maintained by the cloud-based storage system318For faster data retrieval from cloud object storage348And in new cloud computing instances, because each new cloud computing instance can (in parallel) retrieve part of the data stored from the cloud storage system318. In such embodiments, the data is stored by a cloud-based storage system318Having pulled in the newly created cloud instances, data can be consolidated into a subset of the newly created cloud instances, and those redundant newly created cloud instances can be terminated.
Consider an example where 1,000 cloud computing instances are required to locally store all important data owned by users of the cloud-based storage system318Subscribe to cloud storage system318.In such an example, assume that all 1000 cloud computing instances fail. In such an example, the monitoring unit might create 100,000 cloud computing instances, each responsible for retrieving348, discrete 1/100,000 part of valid data used by cloud storage system users318Subscribe to cloud storage system318And locally store a separate part of the dataset it takes over. In this example, assume that each of the 100,000 cloud computing instances can retrieve data from cloud object storage348At the same time, the recovery speed at the cache level can be increased by 100 times compared with the application where the monitor only creates 1000 virtual instances of cloud computing. In such an example, 100,000 data stored locally could be consolidated over time to 1,000 cloud computing instances, and the remaining 99,000 cloud computing instances could be terminated.
Readers will appreciate all aspects of cloud-based storage system performance318Can be monitored (e.g., by monitoring modules running on EC2 instances) so that cloud-based data storage systems318You can zoom in or out as needed. Consider an example where a monitoring unit monitors the performance of a storage system in terms of capacity318By communicating with one or more cloud computing instances320,322Each is used to support the execution of the memory controller application324,326Monitor communication between cloud computing instances320,322,340one,340and,340noMonitor communication between cloud computing instances320,322,340one,340and,340noand cloud-based object storage348otherwise. In such an example, assume that the monitoring unit determines that these cloud computing instances320,322Used to support the execution of memory controller applications324,326They are small and cannot adequately support I/O requests from cloud storage system users318.In such an example, the monitor can create a new, more powerful cloud instance (e.g., one that includes more processing power, more memory, etc.) that includes the storage controller application so that the new The most powerful cloud computing instance can start acting as the master controller. Likewise, if the monitor detects a cloud computing instance320,322Used to support the execution of memory controller applications324,326is too large and can save costs by moving to a smaller, less efficient cloud instance, the monitor can create a new less efficient (and cheaper) cloud instance that includes the storage A less efficient cloud computing instance can start acting as the master controller.
Take dynamic resizing of cloud-based storage systems as another example318, the monitoring unit judges that the local storage uses an example uniformly provided by the cloud computing instance340one,340and,340noA predetermined usage threshold (for example, 95%) has been reached. In such an example, the monitoring unit may create additional cloud instances with local storage to expand the pool of local storage provided by the cloud instances. Alternatively, the monitor can create one or more new cloud instances with a larger amount of local storage than existing cloud instances340one,340and,340no, so that the data is stored in an existing cloud computing instance340one,340and,340noYou can migrate to one or more new cloud instances as well as existing cloud instances340one,340and,340noCan be terminated, extending the local storage pool provided by the cloud computing instance. Likewise, if the local storage provided by cloud instances becomes too large, data can be consolidated and some cloud instances terminated.
Readers will love this cloud-based storage system318They can be increased and decreased automatically through screens applying a set of predefined rules, which can be relatively simple or relatively complex. In fact, the monitoring unit can not only take into account the current state of the cloud storage system318, but monitors can also be based on observed behavior (e.g., system uses relatively little storage every day from 10:00 pm to 6:00 am), predefined fingerprints (e.g., every time VDI adds 100 virtual desktops , increasing the number of IOPS directed to the storage system by X) and so on. In one such example, the dynamic scaling of cloud-based storage systems318It can be based on current performance metrics, projected workload, and many other factors, including combinations of them.
Readers will appreciate it extra because the cloud-based storage system318Dynamically scalable cloud-based storage system318It can even work in a more dynamic way. Consider the example of garbage collection. In traditional storage systems, the amount of memory is fixed. Therefore, at some point the storage system may be forced to garbage collect because the amount of available storage is so limited that the storage system is about to be exhausted. cloud-based storage system318It is always possible to "add" additional storage as described here (e.g. adding more cloud computing instances with local storage). Because cloud-based storage systems318Additional storage can be "added" at any time as described here, a cloud-based storage system318A more informed decision can be made about when to garbage collect. For example, cloud-based storage systems318The principle that garbage collection occurs only when the number of IOPS supported by the cloud storage system can be applied318below a certain level. In some implementations, depending on the size of the cloud storage system, other system-level features (e.g., deduplication, compression) may also be disabled and enabled in response to system load318It is not as limited as traditional storage systems.
Readers will appreciate that embodiments of the present disclosure address issues with block storage services provided by some cloud computing environments, as some cloud computing environments only allow one cloud computing instance to connect to a block storage volume at a time. For example, in Amazon AWS, only one EC2 instance can be attached to an EBS volume. Using EC2 local storage instances, embodiments of the present disclosure may provide multiple connectivity capabilities, where multiple EC2 instances may connect to another EC2 local storage instance ("disk instance"). In such implementations, a disk instance may include software running within the disk instance that allows the disk instance to handle a certain amount of I/O from each connected EC2 instance. Accordingly, some embodiments of the present disclosure may be implemented as a multi-block storage service, which may not include all of the features shown in
In some implementations, especially in object storage cloud-based applications348Resource integration into cloud-based storage system Amazon S3318may contain one or more modules (for example, a computer program command module running on an EC2 instance) that are configured to ensure that when a particular cloud computing instance's local storage is populated with data from S3, the corresponding data will actually is in S3. This issue arises primarily because S3 implements an eventual consistency model where when an existing object is replaced, reads of the object eventually (but not necessarily immediately) become consistent and eventually (but not necessarily immediately) return the replaced version of the object . To solve this problem, in some implementations of the present disclosure, objects in S3 are never replaced. In contrast, a traditional "replica" would create a new object (containing the newer version of the data) and possibly delete the old object (containing the previous version of the data).
In some embodiments of the present disclosure, as part of an effort to never (or almost never) replace objects when data is written to S3, resulting objects may be tagged with a sequence number. In some embodiments, these serial numbers may be maintained elsewhere (eg, in a database) so that at any time the serial numbers associated with the most recent version of some data are known. This allows you to determine whether S3 has the latest version of the data by reading the serial number associated with the object - without actually reading the data from S3. The ability to obtain this certainty may be particularly important in the event of a failure of a cloud instance with internal storage, since rehydrating a cloud instance's local virtual storage with outdated data is inadvisable. In fact, because cloud-based storage systems318No need to access data to check its validity, data.
The above-mentioned storage system can use intelligent data backup technology, so that the data stored in the storage system can be backed up and stored in a separate location to prevent data loss in the event of a disaster in the form of hardware or other failures. For example, the storage system described above can be configured to audit each backup to prevent the storage system from reverting to an unwanted state. Consider an example of malware infecting a storage system. In such an example, the storage system may include software resources314It scans each backup to identify backups taken before the storage system was infected by malware and backups taken after the storage system was infected by malware. In such an example, the storage system can restore from a backup that does not contain malware—or at least not restore the portion of the backup that contains malware. In such an example, the storage system may include software resources314Each backup can be scanned for the presence of malware (or viruses or other unwanted components), for example, by identifying writes backed by the storage system and from subnets where malware might be served, by identifying The write operation supported by the storage system is suspected of providing malicious software. The user detects the storage system by detecting the write operation supported by the storage system and checking whether the content of the write operation has malware fingerprints.
Readers will also be aware that backups (usually in the form of one or more snapshots) can also be used to quickly restore storage systems. Consider an example where a storage system is infected with ransomware, preventing users from accessing the storage system. In one such example, the software resource314Backups on the storage system can be configured to detect the presence of ransomware or to use maintained backups to restore the storage system to a point in time before the ransomware infected the storage system. In this case, the software tools used by the system can detect the presence of ransomware directly by inserting a key into a storage system or similar device, such as a USB drive. Likewise, the presence of ransomware can be inferred based on system activity that meets a predefined fingerprint, such as not reading or writing to the system for a certain period of time.
Readers will understand that in
Readers will appreciate this storage system306was presented to
The storage systems described above can support a wide range of applications. Because storage systems include computing resources, storage resources, and a wide range of other resources, storage systems are well suited to support resource-intensive applications, such as artificial intelligence applications. Such AI applications can enable devices to sense their environment and take actions to maximize their chances of success. Examples of such AI applications include IBM Watson, Microsoft Oxford, Google DeepMind, Baidu Minwa, etc. The storage systems described above may also be suitable for supporting other types of resource-intensive applications, such as machine learning applications. Machine learning applications can perform various types of data analysis to automatically create analytical models. Using algorithms that learn iteratively from data, machine learning applications enable computers to learn without being explicitly programmed. A specific field of machine learning is called reinforcement learning, which involves taking appropriate actions to maximize reward in a given situation. Reinforcement learning can be used to find the best behavior or path that an application or machine should take in a given situation. Reinforcement learning differs from other fields of machine learning (e.g., supervised learning, unsupervised learning) in that valid input/output pairs are not required for reinforcement learning, and suboptimal performance does not need to be explicitly corrected.
In addition to the resources already described, the memory systems described above may also include a graphics processing unit ("GPU"), sometimes referred to as a video processing unit ("VPU"). Such GPUs can be built as specialized electronic circuits that can manipulate and rapidly change memory to speed up the creation of images in a frame buffer for display on a display device. Such a graphics processor may be included in any computing device that is part of the storage system described above, including one of several separately scalable components of the storage system, where other examples of such separately scalable components of the storage system may include Storage components, memory, computing components (such as CPU, FPGA, ASIC), network components, software components, etc. In addition to GPUs, the memory systems described above may also include neural network processors (“NNPs”) for various aspects of neural network processing. Such an NNP can be used instead of (or in addition to) a GPU, or it can be scaled independently.
As noted above, the storage systems described here can be configured to run artificial intelligence applications, machine learning applications, big data analytics applications, and many other types of applications. The rapid growth of these types of applications is driven by three technologies: deep learning (DL), GPUs, and big data. Deep learning is a computational model that uses massively parallel neural networks inspired by the human brain. Instead of experts building software by hand, deep learning models write their own software by learning from many examples. A GPU is a modern processor with thousands of cores, suitable for running algorithms that loosely represent the parallel nature of the human brain.
Advances in deep neural networks have spawned a new wave of algorithms and tools that data scientists can use artificial intelligence (AI) to leverage their data. With improved algorithms, larger datasets, and a variety of platforms (including open-source software libraries for machine learning across a range of tasks), data scientists are tackling new use cases such as self-driving cars, natural language processing and understanding, Computer vision, inference, powerful artificial intelligence, and more. Applications of such technologies may include: detecting, identifying and avoiding mechanical and vehicular objects. Visual identification, classification and tagging. Algorithmic performance management for strategic financial transactions. Simultaneous detection and mapping. Predictive maintenance of high-value machinery. Cyber security threat prevention, automation expertise; image recognition and classification. Answering questions; robots; text analysis (extraction, classification) and text creation and translation. and many others. The application of artificial intelligence technology has been implemented in a wide range of products, such as Amazon Echo voice recognition technology that allows users to talk to their machines, Google Translate™ that supports machine language translation, Discover Weekly Spotify that provides new song recommendations and user usage and Traffic analytics, artists a user might like, Quill's text generation product, which takes structured data and turns it into a narrative story, chatbots that provide real-time questions with contextual answers in a conversational format, and more. Additionally, AI can impact many different industries and fields. For example, AI solutions can be used in healthcare to generate clinical notes, patient records, research data, and other inputs to explore potential treatment options for physicians. Similarly, retailers can use AI solutions to provide consumers with personalized recommendations based on an individual's digital footprint, profile data or other data.
However, training deep neural networks requires high-quality inputs and extensive computation. GPUs are massively parallel processors capable of processing large amounts of data simultaneously. When clustered with multiple GPUs, high-bandwidth pipelines may be required to carry input from storage to compute engines. Deep learning is more than building and training models. There is also a complete dataset that must be designed for the scale, iterations, and experiments that a data science team needs to succeed.
Data is at the heart of modern artificial intelligence and deep learning algorithms. Before starting training, questions about labeled data collection must be addressed, which is critical to training an accurate AI model. AI may need to be deployed across the board to continuously collect, clean, transform, label and store large volumes of data. Adding additional high-quality data points directly translates to more accurate models and better information. Sample data may go through various processing steps, including but not limited to: 1) receiving data from external sources into the training system and storing the data in raw form, 2) cleaning and converting the data into a form suitable for training, including links with Appropriately labeled sample data 3) Check parameters and models, quickly test with smaller datasets and iterate to converge on the most promising models for transfer to production clusters, 4) Run the training phase to select random batches of input data, including Both new and old samples and feed them to production GPU server for computation to update model parameters and 5) evaluation, including using cached parts of data not used in training, to evaluate model accuracy on alternate data . This lifecycle can be applied to any type of parallel machine learning, not just neural networks or deep learning. For example, a typical machine learning framework might be CPU-based rather than GPU-based, but the data ingestion and training workflow might be the same. Readers will appreciate that a common storage data center creates a coordination point throughout the lifecycle without the need for additional data backups during the ingest, preprocessing, and training phases. Data is rarely downloaded for a single purpose, and shared memory gives you the flexibility to train many different models or use traditional data analysis.
Readers will appreciate that each stage of an AI data pipeline may have different data center requirements (for example, a storage system or set of storage systems). Scale-out storage systems must deliver uncompromising performance for all access types and patterns—from small, metadata-rich files to large files, from random to sequential access patterns, and from low to high concurrency. The storage systems mentioned above can be ideal AI data centers because they can handle unstructured workloads. In the first phase, data is preferably extracted and stored in the same data center that will be used in subsequent phases to avoid excessive data duplication. The next two steps can be run on standard compute servers optionally containing GPUs, then in the fourth and final step the full training production job is run on high-performance GPU-accelerated servers. Typically a production pipeline and an experimental pipeline are run on the same dataset. Additionally, GPU-accelerated servers can be used independently for different models, or combined to train larger models, and even distributed training across multiple systems. If the shared storage layer is slow, data must be copied to local storage at each stage, which wastes time putting data on different servers. The ideal data center for AI training pipelines provides performance similar to data stored locally on server nodes, but with the simplicity and performance of running all stages of the pipeline concurrently.
Data scientists work to improve the availability of trained models through multiple approaches: more data, better data, smarter training, and deeper models. In many cases, data science teams will share the same dataset and work in parallel to create new and improved trained models. Typically, a team of data scientists work on the same public dataset concurrently during these stages. Multiple concurrent full-scale data processing, experimentation, and training tasks satisfy multiple storage tier access patterns. In other words, the storage cannot only accommodate large file reads, but must also handle a mix of large and small file reads and writes. Finally, with many data scientists working on datasets and models, storing data in its raw form is critical to giving each user the flexibility to transform, clean, and use the data in unique ways. The storage systems described above can provide physically shared storage for datasets, with data protection redundancy (e.g. using RAID6), and the performance needed to be a common access point for many developers and many experiments. Using the storage systems described above saves time for engineers and GPU-accelerated servers by avoiding laborious copying of subsets of data to work locally. These copies become a constant incremental tax as the original dataset and required transformations are constantly updated and changed.
Readers will understand that the main reason for the success of deep learning is the continuous improvement of models with larger datasets. In contrast, classical machine learning algorithms such as logistic regression cannot improve accuracy on smaller data sets. Therefore, separating compute and storage resources also allows each tier to scale independently, avoiding the inherent complexity of managing both. A scale-out storage system must scale easily as data set sizes increase or new data sets are considered. Likewise, if more parallel training is required, additional GPUs or other computing resources can be added without worrying about their internal storage. Furthermore, the aforementioned storage system can easily create, run, and scale AI systems due to the random read throughput provided by the storage system, which is capable of random reading small files (50 KB) at high speed (meaning no additional effort to aggregate individual data points to create larger, storage-friendly files), the ability of a storage system to scale capacity and performance as datasets grow or bandwidth requirements increase, the ability of a storage system to process files or objects, a storage system The ability to tune performance for large or small files (i.e. when training production models, among many other reasons.
The performance of the storage layer for small files can be critical because many types of input, including text, audio, or images, will be stored locally as small files. If the storage layer does not handle small files well, additional steps are required to preprocess and group the samples into larger files. Disk-based spinning storage that relies on SSDs as a caching layer may not be able to meet the required performance. Since training with random input batches produces a more accurate model, the entire dataset must be available at full capacity. SSD caching can only provide high performance for a small fraction of data and cannot effectively hide the latency of spinning drives.
Although the preceding paragraphs discuss deep learning applications, the reader will understand that the storage system described here can also be part of a distributed deep learning (“DDL”) platform that supports the execution of DDL algorithms. Distributed deep learning can be used to significantly accelerate deep learning through distributed computation on GPUs (or other forms of computer program accelerators or executors), thereby enabling parallelism. In addition, the results of machine learning and deep learning models, such as fully trained machine learning models, can be used for various purposes and combined with other tools. For example, trained machine learning models can be used with tools like Core ML to integrate various machine learning model types into your application. In fact, trained models can be run using the Core ML converter tool and imported into custom applications that can be deployed on compatible devices. The memory systems described above can also be used in conjunction with other technologies, such as TensorFlow, an open source software library for programming the flow of data in a range of tasks that can be used in machine learning applications such as neural networks to facilitate such Development of machine learning models, applications, etc.
Readers will also be aware that as AI becomes more widely available for large-scale use, the systems described above can be applied in a number of ways to support the democratization of AI. The democratization of AI may include, for example, the ability to deliver AI as a platform-as-a-service, the development of general AI products, the proliferation of Tier 4 and Tier 5 autonomous vehicles, the availability of autonomous mobile robots, the development of AI chat platforms, etc. For example, the systems described above could be deployed in cloud environments, edge environments, or other environments that help support the democratization of AI. As part of the democratization of artificial intelligence, there may be a shift from narrow artificial intelligence (consisting of high-domain machine learning solutions that focus on specific tasks) to general artificial intelligence (in which the use of machine learning is expanded to support a wider range of uses). These cases are basically It can complete any intelligent task that humans can do, and can learn dynamically like humans.
The memory system described above can also be used in a neuromorphic computing environment. Neuromorphic computing is a form of processing that mimics brain cells. To support neuromorphic processing, traditional computing models are replaced by interconnected "neuron" architectures, where low-power signals are passed directly between neurons for more efficient computation. Neuromorphic computing can use very large scale integration (VLSI) systems containing electronic analog circuits to simulate the neurobiological architecture present in the nervous system, as well as analog, digital, mixed-mode analog/digital VLSI and software systems implementing models for perception, Nervous system for motor control or multisensory integration.
Readers will appreciate that the storage systems described above can be configured to support storing or using (among other types of data) blockchains. Such a blockchain could take the form of an ever-growing list of records, called blocks, linked and secured by cryptography. Each block in the blockchain can contain a hash index as a link to the previous block, timestamp, transaction data, etc. A blockchain can be designed to be resistant to data modification and to function as an open distributed ledger that efficiently records transactions between two parties in a verifiable and durable manner. This makes blockchain potentially applicable to event records, medical records, and other records management activities such as identity management, transaction processing, etc. In addition to supporting the storage and use of blockchain technology, the storage systems described above can also support the storage and use of derivatives such as open source blockchains and related tools, permissioned blockchains, certain trusted Any party can access the blockchain, blockchain products that allow developers to build their own distributed ledger projects, and more. Readers will appreciate the fact that blockchain technology can impact many different industries and sectors. For example, blockchain technology can be used in real estate transactions as blockchain-based contracts, using it to eliminate the need for third parties and enable automatic execution of actions when conditions are met. Likewise, a universal medical record can be created by aggregating and placing an individual's health history on a universal blockchain that can be accessed and updated by any healthcare provider or authorized healthcare provider.
Readers will understand that the use of blockchain is not limited to financial transactions, contracts, etc. In fact, blockchain can be used for decentralized aggregation, sorting, time stamping and archiving of all kinds of information, including structured data, mail, documents or other data. By using a blockchain, participants can agree on what data was entered, when it was entered, and by whom, in a provable and permanent manner without relying on a trusted intermediary. For example, SAP's recently released Blockchain Platform, which supports MultiChain and Hyperledger Fabric solutions, targets a wide range of supply chain and other non-financial applications.
One way to record data using a blockchain is to embed each piece of data directly into a transaction. Every blockchain transaction can be digitally signed by one or more parties, replicated across multiple nodes, ordered and sealed by the chain's consensus algorithm, and permanently stored in a tamper-proof manner. Therefore, any data in the transaction will be stored by each node in the same but independent way, with proof of who wrote it when. Web users can retrieve this information at any time. This storage method can be called chain storage. However, storing strings may not be practical when trying to store very large datasets. Therefore, according to embodiments of the present disclosure, the blockchain and storage systems described herein can be used to support on-chain data storage as well as off-chain data storage.
Off-chain data storage can be achieved in a number of ways and can occur when the data itself is not stored on the blockchain. For example, in one embodiment, a hash function may be used, and the data itself may be fed into the hash function to generate a hash value. In such instances, hashes of chunks of data could be embedded in transactions rather than the data itself. Each hash can be submitted as an input, and the data itself is stored off-chain. Readers will understand that any blockchain participant who needs the data off-chain will not be able to reconstruct the data from its hash, but if the data can be recovered by other means, the on-chain hash will be used to confirm who created it, and forever Won't. Like regular data on-chain, hashes can be embedded in digitally signed transactions that have been built into the chain by consensus.
Readers will understand that alternatives to blockchain can be used in other implementations to facilitate decentralized information storage. For example, an alternative to blockchain that could be used is block weaving. Whereas traditional blockchains store each transaction for verification purposes, blockchain convolutions allow for secure decentralization without using the entire chain, enabling low-cost on-chain data storage. This block convolution can use a consensus mechanism based on Proof of Access (PoA) and Proof of Work (PoW). While a typical PoW system relies only on the previous block to generate each subsequent block, the PoA algorithm can check data from a randomly selected previous block. Combined with the blockweave data structure, miners do not need to store all blocks (to create a blockchain), but can store any previous block to form a block convolution. This allows for higher levels of scalability, speed and low cost, and reduces data storage costs, partly because miners don't need to store all blocks, thus significantly reducing the electricity used in the mining process because, as the network grows , power consumption decreases as the convolution of blocks requires less and less hash power to reach consensus as data is added to the system. Additionally, block splicing can be deployed on a decentralized storage network where incentives are created to encourage fast data sharing. This decentralized storage network can also use block shadowing technology, where nodes only send a minimal "shadow" of a block to other nodes, allowing peers to reconstruct complete blocks instead of broadcasting the complete blocks themselves.
The storage systems described above can be used alone or in combination with other computing devices to support in-memory computing applications. In-memory computing involves storing information in RAM distributed across a cluster of computers. In-memory computing helps business customers, including retailers, banks, and utilities, quickly spot patterns, instantly analyze large amounts of data, and execute actions quickly. The reader will appreciate that the storage systems described above, especially those that can be configured with adjustable amounts of processing resources, storage resources, and storage resources (for example, to provide an infrastructure that can support in-memory computing. Similarly, the storage systems described above may Includes components (for example, NVDIMM, a 3D interleaved memory that provides fast and persistent random access memory) that can actually provide an improved in-memory computing environment compared to one based on RAM distributed across dedicated servers.
In some embodiments, the storage system described above may be configured to function as a hybrid in-memory computing environment that includes a common interface to all storage media (e.g., in such examples, users may not know where their data is stored, but Still uses the same fully unified API for data addressing In such examples, the storage system can (behind the scenes) move the data to the fastest available tier - including intelligent placement of data based on various characteristics of the data or some other heuristic , the storage system can even use existing products such as Apache Ignite and GridGain to move data between different storage tiers, or the storage system can use custom software to move data between different storage tiers. The storage system described here can implement various An optimization to improve the performance of in-memory computations, such as performing computations as close to the data as possible.
Readers will further understand that, in some embodiments, the above-mentioned storage system can be combined with other resources to support the above-mentioned applications. For example, infrastructure may include core computing power in the form of servers and workstations dedicated to accelerating deep learning applications using general-purpose computing on graphics processing units (“GPGPUs”) that are combined in deep training parameters into a computational engine neural network. Each system can have external Ethernet connections, external InfiniBand connections, some other form of external connectivity, or a combination of these. In this example, the GPUs can be clustered for one large training session or used independently to train multiple models. The infrastructure can also include storage systems, such as those described above, to provide, for example, large-scale flash file storage or object storage, through which data can be accessed through high-performance protocols (such as NFS, S3, etc.). .The infrastructure can also include, for example, redundant top-of-rack Ethernet switches, connected to storage and compute via ports on MLAG port channels for redundancy. The infrastructure may also include additional computing power, in the form of white-box servers, optionally with GPUs, for data acquisition, preprocessing, and model debugging. The reader will appreciate that additional infrastructure is also possible.
The reader will understand that the system described above may be more suitable for the application described above than other systems, which may include, for example, distributed direct attached storage (DDAS) solutions deployed on server nodes. Such DDAS solutions can be built to handle large, less sequential accesses, but may be less capable of handling small random accesses. Readers will further understand that the above storage system can be used to provide a platform for the above applications, which is better than using cloud resources because the storage system can be integrated into local or on-premises infrastructure, which is more secure and better served locally and internally management, are more robust in terms of feature set and performance, or prefer to use cloud-based resources as part of the platform to run the aforementioned applications. For example, services built on platforms such as IBM's Watson may require companies to distribute information about individual users, such as information about financial transactions or identifiable patient data, to other agencies. Therefore, cloud-based AI-as-a-service offerings may be less popular than in-house managed and storage-backed AI-as-a-service offerings (such as the storage systems described above) for a variety of technical and business reasons.
Readers will understand that the storage systems described above, whether used alone or in conjunction with other compute engines, can be configured to support other AI-related tools. For example, storage systems could use tools like ONXX or other forms of Open Neural Network Exchange to facilitate the transfer of models written in different AI frameworks. Likewise, storage systems can be configured to support tools like Amazon's Gluon, which allows developers to prototype, build and train deep learning models. In fact, the aforementioned storage systems can be part of a larger platform, such as IBM™ Cloud Private for Data, which includes integrated data analytics, data engineering and application development services. Such platforms seamlessly collect, organize, secure and analyze data across the enterprise and simplify hybrid data management, unify data governance and integration, data science and business analytics with a single solution.
The reader will understand that the storage system described above can also be deployed as an end-to-end solution. This edge solution can be used to optimize cloud computing systems by processing data at the edge of the network close to the data source. Edge computing can move applications, data and computing power (ie services) from a central point to the logical edge of the network. Using state-of-the-art solutions, such as the above-mentioned storage systems, computing resources provided by these storage systems can be used to perform computing tasks, storage resources of the storage systems can be used to store data, and various storage system resources (including network resource). By running computing tasks on edge solutions, storing data on edge solutions, and using edge solutions in general, you can avoid consuming expensive cloud-based resources and actually rely on the cloud to a greater extent Experience performance improvements without resources.
While many tasks can benefit from using edge solutions, certain applications may be particularly well-suited for development in this environment. For example, devices such as drones, self-driving cars, robots, etc. may require extremely fast processing speeds - so fast that sending data to and from the cloud environment to support data processing may be too slow . Likewise, machines such as traction engines and gas turbines that generate large amounts of information using various data-generating sensors can benefit from the fast data processing capabilities of state-of-the-art solutions. As another example, some IoT devices, such as connected cameras, may not be suitable for using cloud resources because it may not be practical (from a privacy, security or financial perspective) to send data to the cloud just for the same amount of it The data. Therefore, many data processing, storage, or communication tasks may be better suited to platforms that include edge solutions, such as the storage systems mentioned above.
Consider the specific example of inventory management in a warehouse, distribution center, or similar location. Mass inventory, warehousing, shipping, order fulfillment, manufacturing, or other operations have large inventories on warehouse shelves and high-resolution digital cameras that generate vast amounts of data. All of this data can be fed into an image processing system that reduces the amount of data to a small data firehose. All small data can be stored locally in storage. Local storage at the perimeter of the facility can be connected to the cloud for external reporting, real-time monitoring and cloud storage. Inventory management can be based on the results of image processing, so you can track inventory on shelves and restock, move, ship, modify new products or remove discontinued/obsolete products, etc. The above scenarios are the best candidates for the configurable processing and storage integration described above. A combination of compute-only blades and dedicated imaging offloaders, perhaps deep learning on offloaded FPGAs or custom offloaded blades, can take a big data pipeline from all digital cameras and create a small data pipeline. All small data can then be stored by storage nodes running storage units on whatever combination of storage box types best supports data flow. This is an example of accelerating and consolidating storage and operations. Depending on your external cloud communication and external cloud computing needs, and depending on the reliability of network connectivity and cloud resources, the system can be tailored to manage storage and computing under heavy workloads and variable throughput reliability. Additionally, depending on other aspects of inventory management, the system can be configured to plan and manage inventory in a hybrid edge/cloud environment.
The above storage system can be used alone or combined with other computing resources as an edge network platform that combines computing resources, storage resources, network resources, cloud technology and network virtualization technology. As part of the network, the edge can have characteristics similar to other network facilities, from local aggregation and backhaul equipment to points of presence (PoPs) and regional data centers. Readers will understand that network workloads such as virtual network functions (VNFs) will reside on edge network platforms. Edge networking platforms enabled by a combination of containers and virtual machines can rely on controllers and developers who are no longer geographically close to data processing resources. Functions as microservices can be decomposed into control planes, user and data planes, and even state machines, allowing independent optimization and scaling techniques. Such user and data layers can be accessed through enhanced accelerators, both in server platforms such as FPGAs and smart NICs, and through SDN-enabled silicon and programmable ASICs.
The storage systems described above can also be optimized for big data analytics. Big data analytics can be broadly described as the process of examining large and diverse data sets to discover hidden patterns, unknown correlations, market trends, customer preferences, and other useful information that can help organizations make more informed business decisions. Big data analytics applications allow data scientists, predictive modelers, statisticians, and other analytics professionals to analyze growing volumes of structured transactional data, as well as other forms of data that traditional business intelligence (BI) and analytics programs often go untapped. As part of this process, semi-structured and unstructured data can be collected such as web clickstream data, web server logs, social media content, customer email texts and survey responses, mobile phone call detail files, IoT sensors and others Data is converted into a structured format. Big data analytics is a form of advanced analytics that includes complex applications with elements such as predictive models, statistical algorithms, and what-if analysis supported by high-performance analytics systems.
The storage system described above can also host (including as a tool to interface with the system) applications that perform tasks in response to human speech. For example, the storage system can support the implementation of intelligent personal assistant applications such as Amazon Alexa, Apple Siri, Google Voice, Samsung Bixby, and Microsoft Cortana. While the example described in the preceding sentence uses speech as input, the storage system described above may also host chatbots, talking bots, chatbots, or human dialog entities or other applications configured to conduct conversations using audio or text methods. Also, the storage system may actually run such an application to allow a user, such as a system administrator, to interact with the storage system by voice. Such applications are typically capable of voice interaction, play music, create to-do lists, set notifications, stream podcasts, play audiobooks, and provide weather, traffic, and other real-time information (such as news), although compatible implementations of this disclosure In , such applications can be used as an interface to various system management functions.
The above-mentioned storage system can also realize the artificial intelligence platform and realize the vision of self-storage. Such AI platforms can be configured to provide global predictive intelligence by collecting and analyzing large numbers of storage system telemetry data points for ease of management, analysis and support. In fact, such storage systems can predict capacity and performance and provide intelligent recommendations for load placement, interaction and optimization. Such AI platforms can be configured to scan all incoming storage system telemetry data against a library of problem fingerprints to predict and resolve incidents in real time before they impact customer environments, and capture hundreds of performance variables for load performance predictions.
The storage systems described above can support serial or concurrent execution of AI applications, machine learning applications, data analytics applications, data transformations, and other tasks that collectively constitute AI scale. Such an AI ladder can be efficiently formed by combining these elements to form a complete data science pipeline, where there are dependencies between elements of the AI ladder. For example, artificial intelligence may require some form of machine learning, machine learning may require some form of analysis, analysis may require some form of data and information architecture, etc. Therefore, each component can be seen as a rung on the AI ladder, and together they can create a complete and complex AI solution.
The storage systems described above can also be used alone or in combination with other computing environments to provide artificial intelligence, where artificial intelligence permeates broad and pervasive aspects of business and life. For example, AI can be used in providing deep learning solutions, deep reinforcement learning solutions, artificial intelligence solutions, autonomous vehicles, cognitive computing solutions, commercial drones or drones, conversational user interfaces, business taxonomies , ontology management, solution machine learning plays an important role, smart dust, smart robots, smart workplace, etc. The storage systems described above can also be used alone or in combination with other computing environments to provide a wide range of transparent and immersive experiences, where technology can provide transparency between people, businesses and things. This transparent immersive experience can be delivered as augmented reality, connected home, virtual reality, brain-computer interface, human augmentation, nanotube electronics, volumetric displays, 4D printing, and more. The storage systems described above can also be used alone or in combination with other computing environments to support various digital platforms. Such digital platforms may include, for example, 5G wireless systems and platforms, digital twin platforms, edge computing platforms, IoT platforms, quantum computing platforms, serverless PaaS, software-defined security, neuromorphic computing platforms, and others.
Readers will understand that some transparent experiences may involve the use of digital twins of different "things" (eg, people, places, processes, systems, etc.). Chat platforms, augmented reality, virtual reality and mixed reality offer more natural and immersive interactions with the digital world. In fact, digital twins can be connected to the real world, even in real time, to understand the state of things or systems, react to changes, etc. Because digital twins aggregate a wealth of information about individual assets and groups of assets (and even provide control over those assets), digital twins can communicate with the digital plant model of multiple connected digital twins.
The storage system described above can also be part of a multi-cloud environment, where multiple cloud computing and storage services are deployed in a single heterogeneous architecture. To facilitate this multi-cloud environment, DevOps tools can be deployed to enable cloud orchestration. Likewise, continuous development and continuous integration tools can be deployed to standardize processes related to continuous integration and delivery, implementing new features, and delivering workloads to the cloud. By standardizing these processes, you can implement a multi-cloud strategy that lets you use the best provider for each workload. Additionally, you can deploy application monitoring and visibility tools to offload application workloads to the cloud, identify performance issues, and more. Additionally, security and compliance tools can be implemented to ensure compliance with security requirements, government regulations, and more. This multi-cloud environment may also include application delivery and intelligent workload management tools to ensure efficient application delivery and workload management across distributed and heterogeneous infrastructures, as well as facilitate packaged and custom application development and maintenance in the cloud tools and enable portability between clouds. Multi-cloud environments may also include data movement tools.
The aforementioned storage system can be used as part of the platform to enable a cryptographic anchor that can be used to verify the origin and content of a product to ensure it matches the blockchain record associated with the product. This cryptographic anchor could take many forms, such as edible ink, motion sensors, microchips, and more. Likewise, the aforementioned storage systems may implement various encryption techniques and schemes, including grid encryption, as part of a suite of tools for securing data stored on the storage system. Grid cryptography can include the construction of cryptographic primitives that include grids either in the construction itself or in security proofs. Unlike public-key schemes such as RSA, Diffie-Hellman, and elliptic-curve cryptography, which are vulnerable to quantum computers, some network-based designs appear to be immune to both classical and quantum computers.
A quantum computer is a device that performs quantum calculations. Quantum computing is a type of computing that exploits quantum mechanical phenomena such as superposition and entanglement. Quantum computers differ from conventional transistor-based computers because these need to encode data as bits, each of which is always in one of two specific states (0 or 1). Unlike conventional computers, quantum computers use qubits that can be in a superposition state. A quantum computer maintains a sequence of qubits, where a single qubit can represent one, zero, or any quantum superposition of the states of those two qubits. A pair of qubits can be in any superposition of 4 states, and three qubits can be in any superposition of 8 states. A quantum computer with n qubits can generally be in any superposition of at most 2{circumflex in (-)}n different states at the same time, whereas a classical computer can only be in one of these states at a time. A quantum Turing machine is a theoretical model of such a computer.
The aforementioned storage systems can also be combined with FPGA-accelerated servers as part of a larger AI or ML infrastructure. Such FPGA-accelerated servers may be located nearby (for example, one or more storage systems and one or more FPGA-accelerated servers and other hardware and software components). Alternatively, the FPGA-accelerated server may be located in a cloud computing environment, which can be the computing tasks used to perform AI and ML tasks. Any of the above implementations can be used as an FPGA-based AI or ML platform. Readers will understand that in some embodiments of an FPGA-based AI or ML platform, the FPGA included in the FPGA Acceleration Server can be reconfigured for different types of ML models (e.g., LSTM, CNN, GRU). The collection of s is processed as a pool of FPGAs, and each processor in the data center can use the FPGA pool as a shared hardware microservice, rather than restricting the server to its dedicated accelerator.
The FPGA-accelerated servers and GPU-accelerated servers described above enable a computing model that, instead of storing a small amount of data on the CPU and executing a large stream of instructions on it, as in the more traditional computing model, machine learning and parameters are fixed to high bandwidth On-chip memory, much data is transferred through high-bandwidth on-chip memory. FPGAs can even be more powerful than GPUs for this computing model because FPGAs can be programmed with only the instructions needed to run this computing model.
The storage system described above can be configured to provide parallel storage, for example using a parallel file system such as BeeGFS. Such a parallel file system may include a distributed metadata architecture. For example, a parallel file system may include multiple metadata servers to which metadata is distributed, and components including client services and storage servers. With a parallel file system, file content can be distributed across multiple storage servers using stripes, and metadata can be distributed across multiple metadata servers at the directory level, with each server holding a portion of the complete file system tree. The reader will appreciate that in some implementations, the storage server and metadata server may run in user space on an existing local file system. In addition, no dedicated hardware is required for client services, metadata servers, or hardware servers, since metadata servers, storage servers, and even client services can all run on the same machine.
Readers will be aware that due in part to the advent of many of the technologies discussed above, including mobile devices, cloud services, social networking, big data analytics, etc., may require an IT platform to integrate all of these technologies and create products that generate revenue through rapid delivery , services and experiences to create new business opportunities—rather than simply providing technology to automate internal business processes. IT organizations may need to balance the resources and investment required to maintain and operate the underlying legacy systems while integrating technology to create an information technology platform that can deliver speed and agility in areas such as unstructured data and the use of cloud applications and services . A possible embodiment of such an information technology platform is a scalable infrastructure that includes fluid pools of resources, such as many of the systems described above, that can respond to applications by allowing the assembly and reassembly of blocks of distributed computing resources. Changing needs. Storage and textile infrastructure. The composable infrastructure can also include a single management interface for removing complexity and a unified API for discovering, searching, inventorying, configuring, provisioning, updating and diagnosing the composable infrastructure.
The system described above can support the execution of a wide range of applications. Such applications can be deployed in a number of ways, including container-based deployment models. Various tools are available to manage containerized applications. For example, containerized applications can be managed using Docker Swarm, a clustering and scheduling tool for Docker containers that allows IT administrators and developers to create and manage clusters of Docker nodes as a single virtual system. Likewise, containerized applications can be managed using Kubernetes, a container orchestration system for automatically deploying, scaling, and managing containerized applications. Kubernetes can run on operating systems like Red Hat Enterprise Linux, Ubuntu Server, SUSE Linux Enterprise Servers, etc. In such examples, a master node can delegate tasks to worker/slave nodes. Kubernetes can consist of a set of components that manage individual nodes (e.g. kubelet, kube-proxy, cAdvisor), and a set of components that make up platform control (e.g. etcd, API server, scheduler, control manager). Different controllers (e.g. Replication Controller, DaemonSet Controller) can monitor the state of a Kubernetes cluster by managing a set of pods containing one or more containers deployed on a single node. Containerized applications can be used to facilitate serverless, cloud-native computing and application management models. To support the serverless model of cloud-native computing for deploying and managing applications, containers can be used as part of the event-handling mechanism (e.g. event-handling.
The systems described above may be deployed in a variety of ways, including in a manner to support fifth generation ("5G") networks. 5G networks could support faster data transfers from tiny data centers located near cell towers. The system described above may be contained within such a local micro data center and may be part of or in conjunction with a multi-access edge computing ("MEC") system. This MEC system can enable cloud computing and IT service environments at the edge of cellular networks. Running the application and related processing tasks close to the mobile client reduces network congestion and the application may perform better. MEC technology is designed to be implemented in mobile base stations or other edge nodes and enables flexible and rapid implementation of new applications and services for customers. MEC can also allow mobile operators to open up their radio access network (“RAN”) to authorized third parties such as application developers and content providers. In addition, edge computing and micro data centers can significantly reduce the cost of 5G-enabled smartphones, as customers may not need such computing-intensive devices and expensive core components.
Readers will be aware that 5G networks can generate far more data than previous generations of networks, especially given that the high network bandwidth provided by 5G networks may force 5G networks to process large volumes and types of data (e.g. driving, data) ), which is not feasible in the case of previous generation networks. In such examples, the scalability provided by the above systems can be very valuable as data volumes increase, adoption of new technologies increases, etc.
For further clarification,
Communication Interface352Can be configured to communicate with one or more computing devices. Example of communication interface352Includes, but is not limited to, wired network interfaces (such as network interface cards), wireless network interfaces (such as wireless network interface cards), modems, audio/video connections, and any other suitable interface.
author354Generally refers to any type or form of processing unit capable of processing data and/or interpreting, executing and/or directing the execution of one or more commands, procedures and/or functions described herein. author354Can follow instructions executed by a computer362(for example, other executable instances of applications, software, code, and/or data) stored on a storage device356.
storage device356One or more storage media, devices or configurations may be included and any type, format and combination of storage media and/or devices may be used. For example, storage devices356Any combination of non-volatile and/or volatile media described herein may be included, but not limited to. Electronic data, including the data described herein, may be temporarily and/or permanently stored on storage devices356.for example, data representing instructions executed by a computer362set as direct processor354performing any of the functions described here may be stored on a storage device356. In some examples, the data may be arranged in one or more databases located on the storage device356.
I/O unit358One or more input/output modules may be included that are configured to receive user input and provide user output. I/O unit358Can include any hardware, firmware, software, or combination thereof that supports input and output functions. For example, an I/O module358may include hardware and/or software for capturing user input, including but not limited to keyboards or keypads, touch screen components (e.g., touch screens), receivers (e.g., radio frequency or infrared receivers), motion sensors, and/or a or multiple input buttons.
I/O unit358may include one or more devices for presenting output to the user, including but not limited to a graphics engine, a monitor (e.g., a monitor), one or more output drivers (e.g., a display driver), one or more audio speakers and one or more more audio drivers. In some embodiments, the I/O unit358It is configured to provide graphical data to the screen for presentation to the user. Graphics data may represent one or more graphical user interfaces and/or any other graphical content that a particular implementation can serve. In some examples, any of the systems, computing devices, and/or other components described herein may be implemented by a computing device350.
For further clarification,
Access various services provided by the cloud storage platform (402) from the user's system user (410) can use login credentials for authentication. However, different user systems may manage identity data differently. Therefore, cloud storage platforms may not be ideal places for user authentication. To this end, the cloud storage platform (402) in the example
As used herein, the term "authentication endpoint" refers to an entity configured to authenticate user credentials. Some example authentication endpoints include Cloud Identity Providers (“Identity Providers”) (408) or a local directory service (404), such as Microsoft's Active Directory.
cloud storage platform (402) gets the user's user ID, it can extract the domain from that ID. In some implementations, the user ID can be an email address, and in some implementations, the user ID can map to a domain or an email address from which the domain can be derived. You may have registered multiple valid domain names on the cloud storage platform before (402). Among other applications, cloud storage platforms (402) can extract the domain from the telemetry provided by the storage system to the cloud storage platform.
To this end, cloud storage platforms can verify domains by mapping exported domains to registered domains. Additionally, each registered domain can be associated with an authentication endpoint of the user's choice and one or more groups to which domain users can be assigned. These groups may have different permissions associated with the group. For example, the "Administrator" group may have more access rights than the standard user group. In some implementations, a user may provide a set of groups directly to the cloud storage platform. In some embodiments, a set of groups may be derived from telemetry data provided by the storage system to the cloud storage platform.
cloud storage platform (402) can identify the authentication endpoint associated with the exporting domain and provide to that authentication endpoint (408ruble404), the user's login information. The authentication endpoint can then validate the user's credentials against the user's specific configuration and relay authentication authorization back to the cloud. Identity authorization can include all groups to which a user can be assigned, as well as additional identification data.
Please note that the number of groups listed in the identity authorization may exceed the number of groups registered by the cloud storage platform (402) for a specific user or user organization. For example, consider a cloud-based identity provider (408) authorizes the user and provides authentication to the forty different groups to which the user is assigned. Many of these groups may be useful to some parts of your organization, but are not relevant to cloud storage platform services. Note that the cloud storage platform only has four groups registered for specific users. To this end, the cloud storage platform (402) to filter out any groups in the identity authorization that are not included in the set of groups registered with the cloud storage platform (402). Since the cloud storage platform (402) can then proceed to generate a token, which includes the pool as well as identity data, to authorize and authenticate applications hosted on or accessed through the cloud storage platform. Group filtering as described above reduces the token size significantly.
For further clarification,
method
method
method
method
method for this purpose
For further clarification,
method
For further clarification,
method
method
For further clarification,
method
method for this purpose
method
method
If the test configuration passes the validation tests, the method
The advantages and features of the present disclosure can be further described by the following statements:
1. A method comprising:
User authorization for user equipment to access the cloud storage platform;
When the storage device is away from the cloud storage platform, receiving a request from the user device to access the application program running on the storage device through the cloud storage platform;
obtaining an access token from the cloud storage platform in response to receiving a request from the user device, the access token including user identity information of the user and storage device identity information of the storage device; and
An access token is sent from the cloud storage platform to the storage device, which is used by the storage device to authenticate the user and grant the user access to applications running on the storage device through the cloud storage platform.
2. The method of claim 1, wherein obtaining the access token in response to the request comprises:
An access token to the cloud storage platform is generated in response to the request, the access token being generated based at least in part on the user identity information of the user and the storage device identity information of the storage device.
3. A method as claimed in claim 2 or claim 1, wherein obtaining an access token in response to the request comprises:
sending an access token request to the identity authorization endpoint upon receipt of a request from the user device to access an application running on the storage device, the access token request including the user's user identity information and the storage device identity information stored by the device; and
Obtain an access token to the cloud storage platform from the identity authorization endpoint.
4. The method according to claim 3, claim 2 or claim 1, wherein authorizing the user to access the cloud storage platform comprises:
obtain the user's user credentials from the user's device; and
Authentication of users connecting to cloud storage platforms based on user credentials.
5. The method of extract 4, extract 3, extract 2 or extract 1, wherein:
Additional permissions allow the user of the user device to access applications running on the storage device; and
Access tokens facilitate additional authorization without prompting users for user credentials to access applications running on storage devices.
6. Extract 5, Extract 4, Extract 3, Extract 2 or Extract 1 method where:
The cloud storage platform is in the computing domain and is used for remote management. and
The storage device resides in a computer system domain separate from the remote management domain.
7. The method described in instruction 6, instruction 5, instruction 4, instruction 3, instruction 2 or instruction 1, wherein the authorization of the user to access the cloud storage platform includes:
obtain the user's user credentials from the user's device;
Pass the user credentials to the authentication endpoint;
Get the user's authentication authorization from the authentication endpoint; and
Users are authorized to access the cloud storage platform based on the identity received from the authentication endpoint.
8. The method of extract 7, extract 6, extract 5, extract 4, extract 3, extract 2 or extract 1, further comprising:
Send information about the storage device group associated with the user to the user device, and the information about the storage device group is sent after the user is authorized to access the cloud storage device;
where the information includes an overall view of a set of storage devices associated with the user for display on the user's device, and
Wherein a request to access an application running on the storage device via the cloud storage platform is received based at least in part on selecting a storage device from a set of storage devices included in the queue view.
9. A method comprising:
Receive a request for an access token from a cloud storage platform to allow a user of a user device to access an application running on a storage device that is remote from the cloud storage platform, and a request containing information about the identity of the user for the user of the storage device Identify and store device information;
determining at the identity authorization endpoint whether the user of the user device is authorized to access an application running on the storage device based at least in part on Active Directory, the user's user identity information, and the storage device's identity information storage device;
Generate an access token identity at the authentication endpoint after determining that the user of the user device is authorized to access the application running on the storage device, the access token including the user's user identity information and the storage device identity information of the device data store; and
Upload the access token to the cloud storage platform;
10. A method comprising:
Receive an access token on the storage device from a cloud storage platform far away from the storage device, the access token includes user identity information and information identifying the storage device;
Validate the access token based at least in part on Active Directory, user identity information, and storage device identity information; and
Grants the user access to applications running on the storage device after validating the access token.
11. The method of claim 10, wherein validating the access token based at least in part on active directory, user identity information, and storage device identity information comprises:
judging whether the storage device identity information contained in the access token corresponds to the storage device; and
Determine whether the user identity information is included in the active directory of the storage device;
After determining that the storage device identity information contained in the access token corresponds to the storage device and after determining that the user identity information is contained in the active directory of the storage device, the access token is verified.
11. The method of claim 11 or claim 10, further comprising:
Obtain single sign-on consent information from cloud storage platforms associated with users and/or storage devices; and
maintain single sign-on consent information associated with users and/or storage devices;
12. The system includes:
Memory used to store instructions.
The processor is communicatively connected to the memory and configured to execute instructions to:
-
- Authorize your device users to access cloud storage platforms.
- receiving a request from a user device to access an application running on a storage device that is remote from the cloud storage platform through the cloud storage platform;
- Obtain an access token from the cloud storage platform in response to a request from the user device, the access token including the user identity information of the user and the storage device identity information of the storage device; and
- A storage device access token is sent from the cloud storage platform for the storage device to use to authenticate the user and grant the user access to applications running on the storage device through the cloud storage platform.
13. The command system 12, wherein the processor is configured to execute a command to obtain the access token in response to a request from:
An access token to the cloud storage platform is generated in response to the request, the access token being generated based at least in part on the user identity information of the user and the storage device identity information of the storage device.
14. Command system 13 or command 12, wherein the processor is configured to execute a command to obtain an access token in response to a request from:
sending an access token request to the identity authorization endpoint upon receipt of a request from the user device to access an application running on the storage device, the access token request including the user's user identity information and the storage device identity information stored by the device; and
Obtain an access token to the cloud storage platform from the identity authorization endpoint.
15. The order 14, order 13 or order 12 system, wherein the processor is configured to execute user authorization instructions to access the cloud storage platform by:
obtain the user's user credentials from the user's device; and
Authentication of users connecting to cloud storage platforms based on user credentials.
16. Schedule Statement 15, Statement 14, Statement 13, or Statement 12, where:
Additional authorizations allow the user of the user device to access applications running on the storage device; and
Access tokens facilitate additional authorization without prompting users for user credentials to access applications running on storage devices.
17. Lifting systems of 16 lifts, 15 lifts, 14 lifts, 13 lifts or 12 lifts of which:
The cloud storage platform is in the computing domain and is used for remote management. and
The storage device resides in a computer system domain separate from the remote management domain.
18. Instruction 17, Instruction 16, Instruction 15, Instruction 14, Instruction 13, or instruction set 12, wherein the processor is configured to execute instructions that authorize a user to access the cloud storage platform by:
obtain the user's user credentials from the user's device;
Pass the user credentials to the authentication endpoint;
Get the user's authentication authorization from the authentication endpoint; and
Users are authorized to access the cloud storage platform based on the identity received from the authentication endpoint.
19. Lifting system 18, lift 17, lift 16, lift 15, lift 14, lift 13 or lift 12, further comprising:
Send information about the storage device group associated with the user to the user device, and the information about the storage device group is sent after the user is authorized to access the cloud storage device;
-
- where the information includes an overall view of a set of storage devices associated with the user for display on the user's device, and
- Wherein a request to access an application running on the storage device via the cloud storage platform is received based at least in part on selecting a storage device from a set of storage devices included in the queue view.
20. A computer program product for authenticating a connection to a cloud storage platform, a computer program product embodied in a machine-readable medium, a computer program product comprising computer program instructions which, when executed, use The computer performs the following steps:
User authorization for user equipment to access the cloud storage platform;
When the storage device is away from the cloud storage platform, receiving a request from the user device to access the application program running on the storage device through the cloud storage platform;
obtaining an access token from the cloud storage platform in response to receiving a request from the user device, the access token including user identity information of the user and storage device identity information of the storage device; and
An access token is sent from the cloud storage platform to the storage device, which is used by the storage device to authenticate the user and grant the user access to applications running on the storage device through the cloud storage platform.
21. The computer program product of claim 20, wherein the computer program instructions, when executed, cause the computer to perform the step of obtaining an access token in response to a request from:
An access token to the cloud storage platform is generated in response to the request, the access token being generated based at least in part on the user identity information of the user and the storage device identity information of the storage device.
22. The computer program product of order 21 or 20, wherein the computer program commands, when executed, cause the computer to perform the steps of obtaining an access token in response to a request from:
sending an access token request to the identity authorization endpoint upon receipt of a request from the user device to access an application running on the storage device, the access token request including the user's user identity information and the storage device identity information stored by the device; and
Obtain an access token to the cloud storage platform from the identity authorization endpoint.
23. The computer program product of claim 22, claim 21 or claim 20, wherein the computer program instructions, when executed, cause the computer to perform user authorization steps to access the cloud storage platform by:
obtain the user's user credentials from the user's device; and
Authentication of users connecting to cloud storage platforms based on user credentials.
24. The computer program product of claim 23, claim 22, claim 21 or claim 20, wherein:
Additional authorizations allow the user of the user device to access applications running on the storage device; and
Access tokens facilitate additional authorization without prompting users for user credentials to access applications running on storage devices.
25. The computer program product of claim 24, claim 23, claim 22, claim 21 or claim 20, wherein:
The cloud storage platform is in the computing domain and is used for remote management. and
The storage device resides in a computer system domain separate from the remote management domain.
26. The computer program product of claim 25, claim 24, claim 23, claim 22, claim 21, or claim 20, wherein the computer program instructions, when executed, cause the computer to execute the Step cloud:
obtain the user's user credentials from the user's device;
Pass the user credentials to the authentication endpoint;
Get the user's authentication authorization from the authentication endpoint; and
Users are authorized to access the cloud storage platform based on the identity received from the authentication endpoint.
27. The computer program product of claim 26, claim 25, claim 24, claim 23, claim 22, claim 21, or claim 20, wherein the computer program instructions, when executed, further cause the computer Perform the following steps:
Send information about the storage device group associated with the user to the user device, and the information about the storage device group is sent after the user is authorized to access the cloud storage device;
-
- where the information includes an overall view of a set of storage devices associated with the user for display on the user's device, and
- Wherein a request to access an application running on the storage device via the cloud storage platform is received based at least in part on selecting a storage device from a set of storage devices included in the queue view.
28. The system includes:
Memory used to store instructions.
The processor is communicatively connected to the memory and configured to execute instructions to:
When the storage device is far away from the cloud storage platform, receive an access token request from the cloud storage platform, so that the user of the user device can access the application program running on the storage device, and the user identity information of the request storage device including the user identity information and the storage device;
determining at the identity authorization endpoint whether the user of the user device is authorized to access an application running on the storage device based at least in part on Active Directory, the user's user identity information, and the user's identity storage information on the storage device;
After it is determined that the user of the user device is authorized to access the application running on the storage device, an access token is created at the identity authorization endpoint, and the access token includes the user identity information of the user and the storage device identity information of the device. and
Upload the access token to the cloud storage platform;
29. The system includes:
Memory used to store instructions.
The processor is communicatively connected to the memory and configured to execute instructions to:
Receive an access token on the storage device from a cloud storage platform far away from the storage device, the access token includes user identity information and information identifying the storage device;
The access token is validated based at least in part on Active Directory, user identity information, and storage device identity information. and
Grants the user access to applications running on the storage device after validating the access token.
30. A system of instructions 29, wherein the processor is configured to execute access token verification instructions based at least in part on active directory, user identity information, and storage device identity information:
judging whether the storage device identity information contained in the access token corresponds to the storage device; and
Determine whether the user identity information is included in the active directory of the storage device;
After determining that the storage device identity information contained in the access token corresponds to the storage device and after determining that the user identity information is contained in the active directory of the storage device, the access token is verified.
31. The repertoire of instructions 30 or instructions 29, wherein the processor is further configured to execute instructions to:
Receive single sign-on consent from the cloud storage platform associated with the user and/or storage device; and
maintain single sign-on consent information associated with users and/or storage devices;
32. A computer program product for authenticating a connection to a cloud storage platform, a computer program product contained in a computer-readable medium, a computer program product comprising computer program instructions which, when executed, cause a computer to perform The following steps:
Receive a request for an access token from a cloud storage platform to allow a user of a user device to access an application running on a storage device that is remote from the cloud storage platform, and a request containing information about the identity of the user for the user of the storage device Identify and store device information;
determining at the identity authorization endpoint whether the user of the user device is authorized to access an application running on the storage device based at least in part on Active Directory, the user's user identity information, and the storage device's identity information storage device;
Generate an access token identity at the authentication endpoint after determining that the user of the user device is authorized to access the application running on the storage device, the access token including the user's user identity information and the storage device identity information of the device data store; and
Upload the access token to the cloud storage platform;
33. A computer program product for authenticating a connection to a cloud storage platform, a computer program product embodied in a machine-readable medium, a computer program product comprising computer program instructions which, when executed, will Causes the computer to do the following:
Receive an access token on the storage device from a cloud storage platform far away from the storage device, the access token includes user identity information and information identifying the storage device;
Validate the access token based at least in part on Active Directory, user identity information, and storage device identity information; and
Grants the user access to applications running on the storage device after validating the access token.
34. The computer program product of claim 33, wherein the computer program instructions, when executed, cause a computer to perform access token validation based at least in part on Active Directory, user identity information, and storage device identity information by:
judging whether the storage device identity information contained in the access token corresponds to the storage device; and
Determine whether the user identity information is included in the active directory of the storage device;
After determining that the storage device identity information contained in the access token corresponds to the storage device and after determining that the user identity information is contained in the active directory of the storage device, the access token is verified.
34. A computer program product as claimed in claim 34 or 33, further comprising computer program instructions which, when executed, cause a computer to perform the following steps:
Obtain single sign-on consent information from cloud storage platforms associated with users and/or storage devices; and
maintain single sign-on consent information associated with users and/or storage devices;
as above
In some example embodiments, the cloud storage platform (402) may send information related to viewing a set of storage devices (such as102one,102b) the user registered in the user system (410).User System (410) can display and/or otherwise output information related to a queue view of a set of storage devices so that the user can easily navigate to a specific storage device.
Each storage device displayed in the queue view can include a graphical user interface (GUI) for device management, as well as its own application that can be hosted locally on the storage device. Therefore, when a user authenticates through the cloud storage platform (402) can access a group of storage devices (for example, they appear in the user system's fleet view (410)), navigating a group of storage devices to perform administrative tasks may require entering multiple user credentials each time the user attempts to access one of the storage devices through the cloud storage platform (402) because the device management GUI can be hosted locally on the storage device.
Therefore, users use the cloud storage platform (402) due to entering user credentials multiple times for authentication (for example, even after accessing the cloud storage portal (402) be awarded). When navigating between storage devices accessed through cloud storage platforms, there is a need to reduce the number of times users need to enter credentials for authentication (402).
The present disclosure provides a solution by allowing a cloud storage platform to send an access token to a storage device in response to receiving a storage device access request from an authenticated user computing device. The storage device may determine whether to grant access to the user based at least in part on whether information contained in the access token matches information contained in an access directory that maintains a lookup table of registered users. By using an access token as described herein, the user experience may be improved because the user may not have to re-enter the user's credentials after the user is authenticated for the session with the cloud storage platform. Combination below
one second
computer system902It can be any system with one or more computing resources to which access can be controlled. For example, computer systems902A storage system that may be similar to any of the storage systems described herein may be included. computer system902Can be configured to perform any of the computer system functions described herein, including one or more storage device access control functions904one,904and.Examples of Computer System Access and Operational Control902Described here.
per storage device904one,904andit can include any component of a computer system902Access rights can be controlled. For example, each storage device904one,904andComputing processes, computing applications, computing containers (eg, software containers), processors, and/or any other computing resources may be included. per storage device904one,904andmay include physical and/or virtual storage arrays, individual disks or storage devices, volumes, hosts, storage units, clusters, processors, controllers, applications (such as agents, clients, etc.), application programming interfaces, data storage resources and and/or any component of a data storage system, such as any component of any storage system described herein. Although two storage devices904one,904anddescribed as part of a computer system902, there may be more or less than two storage devices in a computer system902without departing from the scope of this disclosure.
field of computer systems906is a computational domain in which the computer system902implement. field of computer systems906Can include any set of computing devices that access and manage a common set of rules, such as enforced by a shared access control mechanism. Therefore, computer equipment and/or users operating in a computer system domain906Can be trusted by other computing devices and/or users operating in the domain of the computer system906.In some examples, domains of computer systems906Can include a group of computing devices on a network, such as a corporate network, protected by one or more security mechanisms (eg, firewalls, authentication mechanisms, authorization mechanisms, encryption mechanisms, etc.). In the example of a computer system902Domains including data storage systems, computer systems906Can be referred to as the computing domain of the storage system.
In some examples, the computer system's domain906Can be linked to the physical location of a site, such as the physical location of a site where a computer system is located902implement. Such facilities may be the physical location of businesses, customers, or other entities that operate or use the facility to develop computer systems902.
Authorized access (e.g. user's computer equipment920, the user of the user computer device920, an application implemented on a user's computing device920etc.) run in the domain of the computer system906May use computer system domain access control mechanisms906Access and manipulate one or more storage devices904one,904andcomputer system902.can use any suitable access control mechanism (such as authentication mechanism, authorization mechanism, etc.) to control access to one or more storage devices904one,904andcomputer system902From computer system domain906.An example of such an access control mechanism is described here.
your computer equipment920It can include any computing device operating in a computer system domain906and configured for use by computer system users902Access and manipulate one or more storage devices904one,904andcomputer system902From computer system domain906.for example, your computer device920Can be a user's personal computer, laptop, tablet, smartphone, or any other computing device configured with instructions (e.g., applications, mobile applications, etc.) configured to guide their computing device users920To perform one or more of the functions described here on your computer equipment, including communicating with computer systems902For local access and manipulation of one or more storage devices904one,904andFrom computer system domain906.
your computer equipment920A sample attachment that illustrates authorizing local access to a computer system902From computer system domain906.other access devices, such as authorized applications or computer processes, may communicate with the computer system in a similar manner902Local access and manipulation on one or more storage devices904one,904andFrom computer system domain906.
remote management system908may include one or more computing devices configured to perform any of the remote management functions described herein, including one or more functions for controlling access to one or more storage devices904one,904andcomputer system902Use remote management system908and/or one or more features to facilitate remote management and/or maintenance of one or more storage devices904one,904andcomputer system902Use remote management system908.Components and operation examples of the remote management system908Described here. e.g. remote management system908it may include a cloud storage platform924It can be configured to perform the same or similar functions as those described above with regard to the cloud storage platform402z
Remotely Managed Domain Computing910is the compute domain where the remote management system resides908implement. Remotely Managed Domain Computing910can include any set of computing devices that access and manage a common set of rules, such as that applied by a shared access control mechanism to remotely manage a domain of computers910. Correspondingly, computing devices (such as cloud storage platforms924, the authentication endpoint926etc.) and/or users operating in remote administrative computer domains910Can be trusted by other computing devices (such as cloud storage platforms924, the authentication endpoint926etc.) and/or users operating in remote administrative computer domains910.
Remotely Managed Domain Computing910It is independent of the computer system domain906.such as remote management of computer domains910can be separated from the domain of the computer system906Across one or more boundaries, such as physical boundaries, logical boundaries, network boundaries, security boundaries, restricted access control mechanisms, etc. Therefore, the system900At least as far as computer systems are concerned, it is a distributed system902and remote management system908Implemented in a separate computational domain.
In some embodiments, remote management computer domain910It may include a cloud computing environment with a remote management system908implement. e.g. remote management system908Can be implemented in the system and/or cloud computing environment of a cloud service provider, such as a cloud service provider302z
your computer equipment914Can include any computing device configured for use by a user to access a remote management system908.for example, your computer device914Can be a user's personal computer, laptop, tablet, smartphone, or any other computing device configured with instructions (e.g., applications, mobile applications, etc.) configured to guide their computing device users914To perform one or more of the functions described here on your computing device, including communicating with remote management systems908Remotely access and manipulate one or more storage devices904one,904andUse remote management system908.Exemplary Operation of User Computing Device914Described here.
your computer equipment914A sample attachment illustrating authorized remote access to a remote management system908and computer systems902.other access devices, such as authorized applications or desktop processes, can achieve similar behavior by communicating with remote management systems908Remotely access and manipulate one or more storage devices904one,904andcomputer system902Use remote management system908.
your computed domain916is the computing domain where the user uses the computing device914implement. your computed domain916It is independent of the remote management computing domain910and the field of computer systems906. such as the user's computed domain916It can be separated from the remote management computer domain910and the field of computer systems906Across one or more boundaries, such as physical boundaries, logical boundaries, networks, security boundaries, limited access control mechanisms, etc.
your computer equipment914and the user's computing device920In some examples, they may represent different computing devices. In other examples, the user's computing device914and the user's computing device920It can represent the same computer device in different computer domains at different times. For example, your computer equipment920Can represent a computer device operating in a computer system domain906and your computer equipment914Can represent the same computer device running in the user's computer domain916Independent of computer system domain906.
as the picture shows
system900Can be configured to control access to one or more storage devices904one,904andcomputer system902.computer system902Can be configured to control access to one or more storage devices904one,904andFrom computer system domain906.computer system902and remote management system908Can be configured to control access to one or more storage devices904one,904andoutside the computer system domain906Use remote management system908. Exemplary Computer System Components and Operation902and remote management system908Control local and remote access to one or more storage devices904one,904andcomputer system902It will now be described.
computer system902Can be configured to use any suitable access control mechanism to control local access to one or more storage devices904one,904andFrom computer system domain906.for example, computer systems902A token exchange mechanism may be implemented where a user identity token or other appropriate IT system authorizes the user's authentication data902Who is certified in the field of computer systems906Can be used to obtain a local access token that can be used to access and manipulate one of the storage devices904one,904and.native access tokens can contain any data useful for controlling access to elements904one,904andFor example, data representing a user ID, the user's specified permissions, and/or the specified permissions of a client running on one of the storage devices904one,904and(For example, a client running on one of the storage devices using the API904one,904and). As will be described herein, computer systems902Can be configured to use the same access control mechanism (for example, the same access token mechanism) used to control local access to one or more storage devices904one,904andControl remote access to one of the media904one,904andWhen access is requested outside the domain of the computer system906Use remote management system908.
system900Can be configured to implement a token access authorization process to grant authorized users access to the cloud storage platform924, to access one or more storage devices904one,904andvia cloud storage platform. System Token Access Authorization Flow900Can provide a better user experience, as users may not need to re-enter user credentials to access one or more storage devices904one,904and. Additional details of the token access authorization process will now be described.
In some embodiments, the cloud storage platform924A user who can authorize a user's computer device914(such as your device) to access cloud storage platforms924. For example, a cloud storage platform924A user who can authorize a user's computer device914Access cloud storage platform924By downloading from the user's computing device914, the user credentials associated with the user. After the cloud storage platform receives the user credentials,924User credentials can be submitted to the authentication endpoint926Used for authentication.
authentication endpoint926User credentials can be checked, such as access to Active Directory. Active Directory can be maintained locally on the authentication endpoint926or in a location away from the authentication endpoint926). After accessing Active Directory, the authentication endpoint926Can determine if user credentials are persisted in Active Directory. Active Directory can store the credentials of users authorized to access cloud storage platforms924.
After determining that the user credentials are obtained from the cloud storage platform924They are also saved in the authentication endpoint Active Directory926Create an identity authorization package and upload it to the cloud storage platform924.Otherwise, after determining that user credentials are received from the cloud storage platform924They are not maintained in Authentication Endpoint Active Directory926An unauthorized identity packet may be created and uploaded to the cloud storage platform. In some ways, an unauthorized identity packet could mean that the user does not have permission to access the cloud storage platform924.
After downloading the identity authorization package, the cloud storage platform924Users can be granted access to cloud storage platforms. Conversely, after the cloud storage platform receives an unauthorized identity data packet,924may deny you access to your computer equipment914.Cloud storage platform924Can be configured to selectively grant access to cloud storage platforms924in any of the ways described herein.
In some embodiments, the cloud storage platform924may be sent to the user's computing device914, information related to a set of storage devices904one,904andUser registered. In certain aspects, information associated with a set of storage devices904one,904andAfter authorizing access to the cloud storage platform, it can be sent924.In some other aspects, the information can include a holistic view of a set of storage devices904one,904andappears on the user's computing device914.
After uploading storage device related information904one,904and, cloud storage platform924may receive (such as from your computer device914) access requests (e.g. via cloud storage platforms924) applications running on one of the media904one,904and. In some implementations, the request may be received based on at least a partial selection of one of the storage devices904one,904andDisplayed in the fleet view on the user's computing device914.
When you receive a request to access an application running on one of your storage devices904one,904and, cloud storage platform924An access token can be obtained and transferred to a storage device (e.g.904oneor storage device904and) has received an access request. The access token may be configured to be used by the storage device to grant a user access to the storage device without requiring the user to re-enter the user's credentials.
In some aspects, an access token may contain information about the identity of the user (e.g., user credentials that previously authorized the user to access the cloud storage platform924) and storage device identity information. For example, when the request is to access a storage device904one, the storage device identity information contained in the access token can be associated with the storage device904one.Otherwise, when the request is to access a storage device904and, the storage device identity information contained in the access token can be associated with the storage device904AND.
In the first example implementation, a cloud storage platform924The access token can be obtained in response to the request by generating the access token on the cloud storage platform924. For example, a cloud storage platform924Access tokens can be generated using previously authenticated user identity information to access the cloud storage platform924and a storage device identifier (eg, storage device ID).
In the second example implementation, a cloud data storage platform924An access token can be obtained by submitting it to the identity authorization endpoint926, the access token request. Identity Authorization Endpoint926Whether a user is authorized to access an application running on a storage device may be determined based at least in part on Active Directory, which maintains an association between a registered user and the storage device, user identity information for the user, and storage identity information stored by the device. After authorizing access to the requested storage device, the identity authorization endpoint926An access token including user identity information of the user and storage device identity information of the storage device may be generated. The access token generated by the identity authorization endpoint926Can upload to cloud storage platform924.Otherwise, after determining that the user does not have access to the required storage device, the identity authorization endpoint926A token can be generated that denies a user access to a storage device. Tokens that deny users access to storage devices can be uploaded to cloud storage platforms924.
After obtaining the access token, the cloud storage platform924Access tokens can be uploaded to storage904one,904andAccess from the user's computing device914.storage devices (such as mass storage devices904oneor storage device904and) to receive an access token from the cloud storage platform924Access tokens can be validated based at least in part on a cloud identity provider such as an identity authorization endpoint926), Active Directory associated storage device, user identity information, and storage device identity information.
For example, storage devices904oneAccess tokens can be validated when they contain information identifying the cloud identity provider (for example, information indicating that the access token was obtained from an identity authorization endpoint)926) when storing device identity information (for example, identity information associated with a storage device904one) corresponds to the ID of the storage device904onewhere the user identity information corresponds to the user identity maintained in the active directory associated with the storage device904one(such as Active Directory running on a domain of computer systems906). Therefore the storage device904oneUsers can be granted access to storage devices904oneAfter validating the access token. When a user accesses a storage device904one, the user can use the client computing device914Perform read, write and/or modify operations on storage devices (such as configuration or management operations)904onevia cloud storage platform924.
Vice versa, when the storage device904oneDetermine that the information in the access token does not match the cloud identity provider (for example, the information in the access token does not indicate that the access token was obtained from the identity authorization endpoint926) the storage device identity information contained in the access token does not match the identifier associated with the storage device904oneor the user's credentials do not match the user identity stored in Active Directory on the storage device904one, the access token can be denied. As a result, users may be denied access to storage devices904one.
In some embodiments, one or more storage devices, such as mass storage devices904one,904and, you can enable and configure single sign-on remote access. Configuration may be performed in any suitable manner, such as by an administrator or other user with appropriate privileges accessing the storage device and configuring it for remote single sign-on access. This configuration may include downloading and installing on the storage device a single endpoint connection computing instance that configures the storage device to perform one or more functions described herein to facilitate remote single sign-on to the storage device. A single-connection computing instance may take any suitable form, such as a lightweight single-connection application configured to occupy a minimal footprint and/or load time. In addition to the cloud storage platform's login screen, a single login instance can be used to bypass one or more login screens traditionally provided by storage devices924Request and receive user credentials to authenticate storage devices.
In some examples, storage devices may be individually enabled for single-connection remote access, such that some storage devices are enabled while others are not. This can give storage device operators the flexibility to determine how anyone can access the storage device. In some examples, single sign-on remote access to a storage device is configured to be available generally to all users seeking to access the storage device, or may be configured to be available only to a subset of users seeking to access the storage device.
In some embodiments, the storage device904one,904andMay receive single sign-on consent messages associated with users and/or storage devices904one,904and.For example, you may agree to provide your credentials once to access a cloud storage platform924(such as authorizing access to applications running on cloud storage platforms904one,904and) and can extend authorization to access cloud storage platforms (for example, using the same
storage device904one,904andMay store personal login information associated with users and/or storage devices904one,904andso that upon receipt of the access token, the storage device904one,904andIt may be determined whether to grant the user access based at least in part on the access token (eg, when the user has previously selected single sign-on) or prompt the user for credentials (eg, when the user has connected from using). In some implementations, single sign-on information may be preserved so that any subdomains associated with the user-consented root domain (for example, a set of storage devices associated with a subdomain) can also be accessed using single sign-on without obtaining the subdomain Single sign-on protocol for each storage device in the domain.
Verify storage device access token904one,904andUser access to applications running on the media can be granted as an additional permission904one,904and.Authorization can be referred to as an additional authorization, because this authorization is in addition to the authorization granted to the user to access the cloud storage platform924.Access tokens facilitate additional authorization without prompting the user for user credentials to access the storage device904one,904and(e.g. skip the storage device login screen904one,904and). Therefore, use the access token authorization process described in conjunction with
In some examples, one or more system components900Can be configured to log system actions900.For example, the system900May include an event logging service that logs system operations900.In such examples, one or more system components900Can be configured to prevent the use of hashtag snooping to access information about access tokens used by the system900. For example, the event logger can be configured to recognize and ignore (i.e., not log) access token-related operations, such as by specifying access token-specific hash tags and not logging operations with hash tags associated with them .
in operation1002, the cloud storage platform authorizes your device users to access the cloud storage platform. model1002This can be done by any of the methods described in this document. For example, the cloud storage platform may obtain the user's user credentials from the user's device, and may authenticate the user to connect to the cloud storage platform in any appropriate manner based on the user's credentials, such as by sending the user's credentials to the authentication endpoint identity address, Receive the user's identity authorization from the authentication endpoint, and authorize the user to access the cloud storage platform according to the identity authorization received from the authentication endpoint ID card.
in operation1004, the cloud storage platform sends the relevant information of the storage device set associated with the user to the user device. model1004This can be done by any of the methods described in this document. For example, information related to a set of storage devices may be transmitted when a user authorizes access to a cloud storage platform. In some embodiments, the information may include an overall view of a set of storage devices associated with the user for display on the user's device.
in operation1006, the cloud storage platform receives, through the cloud storage platform, a request from a user device for an application running on the storage device. model1006This can be done by any of the methods described in this document. For example, a request to access an application running on a storage device via a cloud storage platform can be received based at least in part on selecting a storage device from a set of storage devices included in the queue view. In some implementations, the storage device may be remote from the cloud storage platform (eg, the storage device may reside on a computer system domain separate from the remote management domain where the cloud storage platform resides).
in operation1008, the cloud storage platform receives the access token in response to the request from the user device. The access token may include user identity information of the user and storage device identity information of the storage device. model1008This can be done by any of the methods described in this document. For example, in some implementations, the cloud storage platform may generate an access token in response to a request based at least in part on the user identity information of the user and the storage device identity information of the storage device. In some other implementations, the cloud storage platform may submit an access token request to and receive an access token from the identity authorization endpoint.
in operation1010, the cloud storage platform sends the access token to the storage device, which is used by the storage device to authenticate the user, and authorizes the user to access the application running on the storage device through the cloud storage platform. model1010This can be done by any of the methods described in this document. For example, in addition to authorizing users to access cloud storage platforms, additional authorization can be used to grant users of user devices access to applications running on the storage device. Access tokens facilitate additional authorization without prompting the user for user credentials. Access applications running on storage devices.
in operation1102, the identity authorization endpoint receives an access token request from the cloud storage platform for the user of the user device to access the application running on the storage device. In some implementations, the storage device may be remote from the cloud storage platform, and the request may include user identity information of the user and storage device identity information of the storage device. model1102This can be done by any of the methods described in this document.
in operation1104, an identity authorization endpoint that determines whether a user of a user device is authorized to access an application running on the storage device based at least in part on Active Directory, the user's user identity information, and the device's stored identity information. model1104This can be done by any of the methods described in this document.
in operation1106, the Identity Authorization endpoint generates an access token after determining that the user's device user is authorized to access applications running on the storage device. In some aspects, the access token can include user identity information for the user and storage device identity information for the storage device. model1106This can be done by any of the methods described in this document.
in operation1108, the identity authorization endpoint submits the access token to the cloud storage platform. model1108This can be done by any of the methods described in this document.
in operation1202, the storage device may receive single sign-on consent information associated with the user and/or the storage device. model1202This can be done by any of the methods described in this document. For example, you may agree to provide your cloud storage platform access credentials once (such as being authorized to access applications running on the cloud storage platform), and your cloud storage platform access authorization can be renewed (such as x. Using the access token as above said
in operation1204, the storage device may store personal login information associated with the user and/or the storage device such that upon receipt of the access token, the storage device may base, at least in part, the access token (for example, when the user has previously decided to single sign on ) or require the user to enter their credentials (for example, when the user has not previously selected single sign-on). model1204This can be done by any of the methods described in this document. In some implementations, single sign-on information may be preserved so that any subdomains associated with the user-consented root domain (for example, a set of storage devices associated with a subdomain) can also be accessed using single sign-on without obtaining the subdomain Single sign-on protocol for each storage device in the domain.
in operation1206, the storage device can receive and store configuration information. model1206This can be done by any of the methods described in this document. For example, a storage device can obtain information about the current configuration of a connection from a remote management system908which contains information about cloud storage platforms924and/or identity authorization endpoint926Storage devices can use this to authenticate access tokens received from cloud storage platforms924. For example, the configuration information may include cloud identity provider information that the storage device may use to verify that the cloud identity provider is the source of the access token. Additionally or alternatively, the configuration information may indicate configuration information of the access token, such as the format and/or data contained in the access token.
in operation1208, the storage device receives an access token from a cloud storage platform remote from the storage device. In some aspects, an access token can include cloud identity provider information, user identity information, and storage device identity information. model1208This can be done by any of the methods described in this document.
in operation1210The storage device validates the access token based at least in part on the cloud identity provider information, the active directory, the user identity information, and the storage device identity information. model1210This can be done by any of the methods described in this document. For example, the storage device can determine whether the cloud identity provider information contained in the access token matches the identity authorization endpoint926Judging whether the storage device identity information contained in the access token corresponds to the storage device, and judging whether the user identity information is included in the active directory of the storage device. In some aspects, the access token may be validated after verifying that the cloud identity provider information contained in the access token matches the identity authorization endpoint926After it is determined that the storage device identity information contained in the access token corresponds to the storage device, and after it is determined that the user identity information is contained in the active directory of the storage device. This allows the storage device to verify the authenticity of the access token and determine whether to grant the user access or request further user authentication.
in operation1212, the storage device grants the user access to applications running on the storage device after validating the access token. model1212This can be done by any of the methods described in this document.
A user requesting access to a cloud storage platform and/or storage device may include any entity that may request access to a cloud storage platform and/or storage device. For example, a user may be a human user of one or more system components900or other computing devices, computing instances (for example, desktop software, firmware, or hardware instances), IoT endpoints, or any other entity configured to request access to cloud storage platforms and/or storage devices.
Various exemplary embodiments have been described in the foregoing description with reference to the accompanying drawings. It will, however, be evident that various modifications and changes may be made therein and additional embodiments may be implemented without departing from the scope of the present invention as defined in the appended claims. For example, certain features of one embodiment described herein may be combined or substituted with features of another embodiment described herein. Accordingly, the specification and drawings are to be regarded as indicative rather than restrictive.
FAQs
How do I find a US patent by name? ›
Go to the USPTO's online database. In the pull-down field menu, select "Assignee Name" if searching for company name or "Inventor Name" if searching for Inventor name.
How do I buy expired patents? ›How to buy an expired patent. Once you've located a patent that has expired, you can contact the patent owner and negotiate a sale. You can buy the invention and all rights to it, including the patent. You then renew the patent by paying the lapsed fees.
How many years does a patent last? ›154 to provide that the term of a patent (other than a design patent) begins on the date the patent issues and ends on the date that is twenty years from the date on which the application for the patent was filed in the United States or, if the application contains a specific reference to an earlier filed application ...
How can you tell if a patent is expired? ›After the patent expires, the invention is available to all. To determine if a patent is still in force, you will need access to the USPTO's website. You can find most of the information in the text-based display, but not all. You will need to look at the patent image, which is in PDF format.
How do I access a US patent? ›- Patent Public Search.
- Global Dossier.
- Patent Application Information Retrieval (PAIR)
- Public Search Facility.
- Patent and Trademark Resource Centers (PTRCs)
- Patent Official Gazette.
- Common Citation Document (CCD)
- Search International Patent Offices.
A patent attorney will usually charge between $8,000 and $10,000 for a patent application, but the cost can be higher. In most cases, you should budget between $15,000 and $20,000 to complete the patenting process for your invention.
Do all patents expire? ›Eventually, patents do expire. While a patent will remain in force for a period of time, eventually it is considered to be no longer in effect. The patented invention then becomes freely usable by others. Patent terms, if maintained correctly, vary but generally go for up to 20 years.
Do all patents expire after 10 years? ›For design patents, patent protection lasts for 15 years after the date when the patent was granted. (Design patents issued from applications filed before May 13, 2015 have a 14-year term.) For plant patents, patent protection lasts for 20 years after the date when the patent application was filed.
What happens if you buy a patent? ›As the US Patent and Trademark Office (USPTO) explains, Ownership of a patent gives the patent owner the right to exclude others from making, using, offering for sale, selling, or importing into the United States the invention claimed in the patent. 35 U.S.C. 154(a)(1).
Can I use an abandoned patent? ›The simple answer is YES. When a patent expires or is abandoned, you (i.e., the public) are allowed to make and use the invention described in the patent. The patent owner's invention has been dedicated to the public. It's free for all to use.
How much does a 20 year patent cost? ›
How much does a 20 year non-provisional cost? A non-provisional patent application should cost between $7,000 and $14,000. Prices vary depending on the law firm. The owner of a patent is protected for 20 years after filing a patent application.
What are the 3 types of patents? ›- There are three types of patents - Utility, Design, and Plant.
- Utility Patent.
- Design Patent.
- Plant Patent.
- Examine the schedule or list of patent right.
- Verify the patent right with the help of certificates of patents.
- Ensure that the patents have registered in the name of the client.
- Patent right are developed by the research work.
A patent becomes public domain (free for use by the public) upon its expiration, which is defined as 20 years from the patent's earliest non-provisional filing date.
Is it worth buying expired patents? ›Benefits of Expired Patents for Sale
When someone purchases an expired patent, it is less work for the buyer, as all work has already been completed by the previous owner. This allows the new owner to focus on improving the quality and functionality of the invention.
According to the United States Patent and Trademark Office (USPTO), it takes about 22 months to get patent approval after going through the steps to file a patent. If you're eligible for a prioritized examination for plant and utility patents, known as Track One, you might get approval in six to 12 months.
How do I use Google patent search? ›- Enter a patent publication or application number, such as US9014905B1 , 9014905 , or US 14/166,502.
- Enter freeform text, such as autonomous vehicle camera. ...
- Paste a large block of text, such as a paragraph, to run the Prior Art Finder keyword extractor to suggest search terms.
The vast majority of utility patent applications will encounter a hard path to success. Utility patent filers should not be discouraged. Instead, utility patent applicants should be well-informed and realistic on the long and expensive process of obtaining a utility patent.
How much money do you need to ask for a patent? ›Attorney fees for drafting a provisional patent application can range from ₹20,000 to ₹35,000. You should probably apply for protection if you want to market your idea, process, method, or invention. Security depends on which markets you will work in and what needs to be protected.
How much money can you get from a patent? ›It depends on the technology and the industry, but an infringer might pay 0.5-5% of the wholesale price of the product. Each industry has their own standards, but in general patent royalties are 25% of the profit an infringer makes on each sale.
Do patents pay you? ›
A patent which grants ownership of an invention, but it won't pay you. There are a few ways you can generate a profit from your idea. A patent is an important document which grants ownership to an invention. However, simply owning a patent won't generate a dime for the inventor.
What is legally protected by a granted patent you will look at? ›In principle, the patent owner has the exclusive right to prevent or stop others from commercially exploiting the patented invention. In other words, patent protection means that the invention cannot be commercially made, used, distributed, imported or sold by others without the patent owner's consent.
Can you lose a patent? ›Inventors have a finite amount of time with which they can lawfully retain their patent rights. The revoking of these rights is irreversible. The principal channels through which an inventor can lose their patent rights are publication, sale or public use and neglect.
Can you keep a patent secret? ›Unlike a trade secret, a patented invention cannot be kept secret; the invention must be fully disclosed in the patent application. Also, unlike a trade secret, a patent protects against copying or reverse-engineering and independent creation of the invention.
Which of the options Cannot be patented? ›According to the Patents Act, inventions whose exploitation is contrary to public order or morality cannot be patented.
Can the owner of a patent sell it? ›The patent owner may give permission to, or license, other parties to use the invention on mutually agreed terms. The owner may also sell the right to the invention to someone else, who will then become the new owner of the patent.
What rights does a patent owner have? ›Ownership of a patent gives the patent owner the right to exclude others from making, using, offering for sale, selling, or importing into the United States the invention claimed in the patent.
Can you sell something that already has a patent? ›A patent indicates that the inventor (or patent owner) now has the right to make, use, import, sell, and offer for sale the invention for up to 20 years (the length of time that the patent is valid).
What voids a patent? ›The act states that a patent can be invalidated on the grounds of lack of novelty, lack of inventive step, obviousness, insufficiency, or bad faith. A patent can also be invalidated if the subject matter is not patentable, meaning it is not new, or if it does not meet the requirements of the act.
What breaks a patent? ›Patent infringement occurs when another party makes, uses, or sells a patented item without the permission of the patent holder. The patent holder may choose to sue the infringing party to stop his or her activities, as well as to receive compensation for the unauthorized use.
Can you sue someone on an expired patent? ›
Patent expired: patent owner has no more rights to prevent others from making, using, selling or importing, but can still sue for damages for any infringements that happened while the patent was in force and within six years of the filing of the complaint.
What patent is worth the most? ›The Valve is now considered the most valuable patent ever issued. Morse's valve is the most valuable patent in history. The patent is the most valuable patent because it has been used by more than a million people. The Morse valve's patent was issued almost immediately, despite the doubts surrounding its originality.
Does a poor man's patent work? ›The theory is, this postmarked envelope would act as evidence to be used in the event there was a dispute with someone else over the date in which the invention was first invented. The truth is – the poor man's patent was always a myth, but a myth that persisted.
What are 4 things that can be protected with a patent? ›...
The invention must also be:
- a product (example: a door lock)
- a composition (example: a chemical composition used in lubricants for door locks)
- a machine (example: a machine for making door locks)
- a process (example: a method for making door locks)
- an improvement on any of these.
- The invention must be statutory (subject matter eligible)
- The invention must be new.
- The invention must be useful.
- The invention must be non-obvious.
Utility patents are by far the most common type of patent. To date, over 11 million have been issued by the U.S. Patent and Trademark Office (USPTO). Utility patents are for utilitarian inventions such as machines, processes, compositions of matter, and articles of manufacture.
Can a court find a patent invalid? ›The burden of proof required to establish invalidity in an IPR is lower than required in district court. In an IPR, the patent challenger must establish invalidity by a preponderance of the evidence, but in a district court the same challenger must provide clear and convincing evidence.
How would you verify patents under verification of assets? ›(i) The auditor should examine the Patents Accounts to see whether it has been shown in the balance sheet or not. (ii) The verification of the existence of the patent should be done by examining the patent. It should be found out whether it has been registered or not.
Do I get a certificate for my patent? ›Once your patent application has been approved by the USPTO, you'll receive a Notice of Allowance. Then, you must pay your issue fee before subsequently receiving your Issue Notification. The patent certificate with the USPTO seal will be mailed on the issue date.
Do patents expire after death? ›When the inventor dies, he no longer owns the patent, so there is nothing to transfer. However, if the inventor still owns the patent, he can transfer it through a will or trust. If the inventor did not have a will or trust, it will pass to heirs via intestacy law, like every other right.
What does a dead patent mean? ›
What is an expired patent? An expired patent means that it is no longer enforceable. So there is no risk of an infringing a dead patent. The owner cannot use a dead patent to stop others from copying or otherwise using the technology claimed in the patent.
Does a patent lose value? ›Because a patent has a definite life and known value, under U.S. accounting practices, it must be amortized. The process of amortization decreases the value of the patent, converting each annual decrease into an expense. A patent's useful life is 20 years because that is when it terminates.
How do I find old U.S. patents? ›United States Patent and Trademark Office (www.uspto.gov)
Copies of patents, patent applications, and many other patent-related filings are available on the USPTO web site. Patent searching can be done directly on the USPTO's web site. Full text and images are available for patents from 1976 to the most recent Tuesday.
- Enter a patent publication or application number, such as US9014905B1 , 9014905 , or US 14/166,502.
- Enter freeform text, such as autonomous vehicle camera. ...
- Paste a large block of text, such as a paragraph, to run the Prior Art Finder keyword extractor to suggest search terms.
Patents produced before 1976 can be tricky to find. If you have the patent number, or are searching for all the patents produced with a specific classification number, you can do this on the USPTO web site. Click on "Quick Search" in the green Issued Patents box.
How do I find abandoned patent applications? ›Searching for Abandoned Patents
When you have the patent number, you can search the USPTO Patent Application Information Retrieval website by patent number or application number. The listing in the PAIR database includes the patent's status.
This way invention is encouraged through the monopoly to the inventor and technological arts and sciences are advanced by the disclosure of the invention to the public. Therefore the content of a patent is publicly available information. In the United States, patent applications may also be public.
What are the three types of patents you can get in the US? ›- There are three types of patents - Utility, Design, and Plant.
- Utility Patent.
- Design Patent.
- Plant Patent.
Patent Number Searching
If you know the patent number use either Google Patents or the USPTO website to find the patent. Enter the patent number without commas and when using the USPTO website the patent number must be seven numbers in length (add preceding zero's if necessary).
A patent troll just scored a huge win against Google.
Can you do a free patent search? ›
The U.S. Patent & Trademark Office provides free patent searching of its public databases. Google Patents. A relatively easy database to search which PDF images available. Limited to U.S. patents and U.S. published applications.
How hard is it to do a patent search? ›Conducting a patent search on your own is not that difficult; in fact, many inventors and entrepreneurs conduct their own patent search to save money. However, if you have the budget for it, seeking professional assistance or using patent search software is always an excellent option for a more detailed search result.
How can I search for inventions that have already been patented? ›One way of checking whether or not your product or idea has already been invented and patented by somebody else is to consult the EPO's free search service Espacenet. The database contains more than 140 million patent documents ‒ both published patent applications and granted patents ‒ from around the world.
What does a patent number look like? ›Utility : Patent numbers consist of six, seven or eight digits. Enter the Patent number excluding commas and spaces and omit leading zeroes. Reissue : (e.g., Rennnnnn, RE000126) must enter leading zeroes between "RE" and number to create 6 digits.
What is a utility patent? ›A utility patent protects the way an article is used and works per 35 U.S.C. § 101. To obtain a utility patent, an inventor must file an application with the United States Patent and Trademark Office (USPTO) setting forth certain property claims to be examined. Utility patent applications can have multiple claims.
Can you take an abandoned patent? ›The simple answer is YES. When a patent expires or is abandoned, you (i.e., the public) are allowed to make and use the invention described in the patent. The patent owner's invention has been dedicated to the public.
Can you revive an abandoned patent? ›File your petition to revive no later than two months after the issue date of your Notice of Abandonment. If you didn't receive the Notice of Abandonment, file your petition within two months of learning of the abandonment and no later than six months after the abandonment date in TSDR.
What is an abandoned patent? ›An abandoned patent occurs when the inventor doesn't finish the patent process or fails to pay any required fees. With an abandoned patent, you get to take advantage of someone else's hard work.