Patent Grant
10210073
A distributed storage system may include a plurality of storage devices (e.g., storage arrays) to provide data storage to a plurality of nodes. The plurality of storage devices and the plurality of nodes may be situated in the same physical location, or in one or more physically remote locations. A distributed storage system may include data protection systems that back up production site data by replicating production site data on a secondary backup storage system. The production site data may be replicated on a periodic basis and/or may be replicated as changes are made to the production site data. The backup storage system may be situated in the same physical location as the production storage system, or in a physically remote location.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
One aspect provides a method of operating a storage system. Writeable snapshot replicas of a production site of the storage system are periodically generated during a snapshot interval. The production site includes a production volume, a production memory, and at least one production application. Input/output (I/O) requests of the at least one production application are saved during the snapshot interval. A test environment is initiated with the writeable snapshot, the test environment comprising a test volume, a test memory, and at least one test application. The at least one test application is run in the test environment and the saved I/O requests of the at least one production application are replayed to the at least one test application in the test environment. Output data is provided from the test environment to the writeable snapshot.
Another aspect provides a system that includes a processor and memory storing computer program code that when executed on the processor causes the processor to operate a storage system. The storage system is operable to perform the operations of periodically generating writeable snapshot replicas of a production site of the storage system are during a snapshot interval. The production site includes a production volume, a production memory, and at least one production application. Input/output (I/O) requests of the at least one production application are saved during the snapshot interval. A test environment is initiated with the writeable snapshot, the test environment comprising a test volume, a test memory, and at least one test application. The at least one test application is run in the test environment and the saved I/O requests of the at least one production application are replayed to the at least one test application in the test environment. Output data is provided from the test environment to the writeable snapshot.
Another aspect provides a computer program product including a non-transitory computer readable storage medium having computer program code encoded thereon that when executed on a processor of a computer causes the computer to operate a storage system. The computer program product includes computer program code for periodically generating writeable snapshot replicas of a production site of the storage system are during a snapshot interval. The production site includes a production volume, a production memory, and at least one production application. Input/output (I/O) requests of the at least one production application are saved during the snapshot interval. A test environment is initiated with the writeable snapshot, the test environment comprising a test volume, a test memory, and at least one test application. The at least one test application is run in the test environment and the saved I/O requests of the at least one production application are replayed to the at least one test application in the test environment. Output data is provided from the test environment to the writeable snapshot.
Objects, aspects, features, and advantages of embodiments disclosed herein will become more fully apparent from the following detailed description, the appended claims, and the accompanying drawings in which like reference numerals identify similar or identical elements. Reference numerals that are introduced in the specification in association with a drawing figure may be repeated in one or more subsequent figures without additional description in the specification in order to provide context for other features. For clarity, not every element may be labeled in every figure. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating embodiments, principles, and concepts. The drawings are not meant to limit the scope of the claims included herewith.
Before describing embodiments of the concepts, structures, and techniques sought to be protected herein, some terms are explained. In some embodiments, the term “I/O request” or simply “I/O” may be used to refer to an input or output request. In some embodiments, an I/O request may refer to a data read or data write request. In some embodiments, the term “storage system” may encompass physical computing systems, cloud or virtual computing systems, or a combination thereof. In some embodiments, the term “storage device” may refer to any non-volatile memory (NVM) device, including hard disk drives (HDDs), solid state drivers (SSDs), flash devices (e.g., NAND flash devices), and similar devices that may be accessed locally and/or remotely (e.g., via a storage attached network (SAN)). In some embodiments, the term “storage device” may also refer to a storage array including multiple storage devices.
Referring to the example embodiment shown in
In certain embodiments, Site I 100a and Site II 100b may be remote from one another. In other embodiments, Site I 100a and Site II 100b may be local to one another and may be connected via a local area network (LAN). In some embodiments, local data protection may have the advantage of minimizing data lag between target and source, and remote data protection may have the advantage of being robust in the event that a disaster occurs at the source site.
In particular embodiments, data protection system 100 may include a failover mode of operation, wherein the direction of replicated data flow is reversed. In particular, in some embodiments, Site I 100a may behave as a target site and Site II 100b may behave as a source site. In some embodiments, failover may be triggered manually (e.g., by a user) or automatically. In many embodiments, failover may be performed in the event of a disaster at Site I 100a. In some embodiments, both Site I 100a and Site II 100b may behave as source site for some stored data and may behave simultaneously as a target site for other stored data. In certain embodiments, a portion of stored data may be replicated from one site to the other, and another portion may not be replicated.
In some embodiments, Site I 100a corresponds to a production site (e.g., a facility where one or more hosts run data processing applications that write data to a storage system and read data from the storage system) and Site II 100b corresponds to a backup or replica site (e.g., a facility where replicated production site data is stored). Thus, in some embodiments, Site II 100b may be responsible for replicating production site data and may enable rollback of data of Site I 100a to an earlier point in time. In some embodiments, rollback may be used in the event of data corruption of a disaster, or alternatively in order to view or to access data from an earlier point in time.
Described embodiments of Site I 100a may include a source host 104, a source storage system (or “storage array”) 108, and a source data protection appliance (DPA) 112 coupled via a first storage area network (SAN). Similarly, in some embodiments, Site II 100b may include a target host 116, a target storage system 120, and a target DPA 124 coupled via a second SAN. In some embodiments, each SAN may include one or more devices (or “nodes”) that may be designated an “initiator,” a “target”, or both. For example, in some embodiments, the first SAN may include a first fiber channel switch 148 and the second SAN may include a second fiber channel switch 168. In some embodiments, communication links between each host 104 and 116 and its corresponding storage system 108 and 120 may be any appropriate medium suitable for data transfer, such as fiber communication channel links. In many embodiments, a host communicates with its corresponding storage system over a communication link, such as an InfiniBand (IB) link or Fibre Channel (FC) link, and/or a network, such as an Ethernet or Internet (e.g., TCP/IP) network that may employ, for example, the iSCSI protocol.
In some embodiments, each storage system 108 and 120 may include storage devices for storing data, such as disks or arrays of disks. Typically, in such embodiments, storage systems 108 and 120 may be target nodes. In some embodiments, in order to enable initiators to send requests to storage system 108, storage system 108 may provide (e.g., expose) one or more logical units (LU) to which commands are issued. Thus, in some embodiments, storage systems 108 and 120 may be SAN entities that provide multiple logical units for access by multiple SAN initiators. In some embodiments, an LU is a logical entity provided by a storage system for accessing data stored therein. In some embodiments, a logical unit may be a physical logical unit or a virtual logical unit. In some embodiments, a logical unit may be identified by a unique logical unit number (LUN).
In the embodiment shown in
As shown in
In some embodiments, source host 104 may act as a SAN initiator that issues I/O requests through host device 140 to LU A 136 using, for example, SCSI commands. In some embodiments, such requests may be transmitted to LU A 136 with an address that includes a specific device identifier, an offset within the device, and a data size.
In some embodiments, source DPA 112 and target DPA 124 may perform various data protection services, such as data replication of a storage system, and journaling of I/O requests issued by hosts 104 and/or 116. In some embodiments, when acting as a target DPA, a DPA may also enable rollback of data to an earlier point-in-time (PIT), and enable processing of rolled back data at the target site. In some embodiments, each DPA 112 and 124 may be a physical device, a virtual device, or may be a combination of a virtual and physical device.
In some embodiments, a DPA may be a cluster of such computers. In some embodiments, use of a cluster may ensure that if a DPA computer is down, then the DPA functionality switches over to another computer. In some embodiments, the DPA computers within a DPA cluster may communicate with one another using at least one communication link suitable for data transfer, for example, an InfiniBand (IB) link, a Fibre Channel (FC) link, and/or a network link, such as an Ethernet or Internet (e.g., TCP/IP) link to transfer data via fiber channel or IP based protocols, or other such transfer protocols. In some embodiments, one computer from the DPA cluster may serve as the DPA leader. In some embodiments, the DPA cluster leader may coordinate between the computers in the cluster, and may also perform other tasks that require coordination between the computers, such as load balancing.
In certain embodiments, a DPA may be a standalone device integrated within a SAN. Alternatively, in some embodiments, a DPA may be integrated into storage system. In some embodiments, the DPAs communicate with their respective hosts through communication links suitable for data transfer, for example, an InfiniBand (IB) link, a Fibre Channel (FC) link, and/or a network link, such as an Ethernet or Internet (e.g., TCP/IP) link to transfer data via, for example, SCSI commands or any other protocol.
In various embodiments, the DPAs may act as initiators in the SAN. For example, in some embodiments, the DPAs may issue I/O requests using, for example, SCSI commands, to access LUs on their respective storage systems. In some embodiments, each DPA may also be configured with the necessary functionality to act as targets, e.g., to reply to I/O requests, such as SCSI commands, issued by other initiators in the SAN, including their respective hosts. In some embodiments, being target nodes, the DPAs may dynamically expose or remove one or more LUs. As described herein, in some embodiments, Site I 100a and Site II 100b may each behave simultaneously as a production site and a backup site for different logical units. As such, in some embodiments, DPA 112 and DPA 124 may each behave as a source DPA for some LUs and as a target DPA for other LUs, at the same time.
In the example embodiment shown in
In various embodiments, a protection agent may change its behavior for handling SCSI commands, for example as a result of an instruction received from the DPA. For example, in some embodiments, the behavior of a protection agent for a certain host device may depend on the behavior of its associated DPA with respect to the LU of the host device. In some embodiments, when a DPA behaves as a source site DPA for a certain LU, then during normal course of operation, the associated protection agent may split I/O requests issued by a host to the host device corresponding to that LU. Similarly, in some embodiments, when a DPA behaves as a target device for a certain LU, then during normal course of operation, the associated protection agent fails I/O requests issued by host to the host device corresponding to that LU.
In some embodiments, communication between protection agents 144 and 164 and a respective DPA 112 and 124 may use any protocol suitable for data transfer within a SAN, such as fiber channel, SCSI over fiber channel, or other protocols. In some embodiments, the communication may be direct, or via a logical unit exposed by the DPA.
In certain embodiments, protection agents may be drivers located in their respective hosts. Alternatively, in some embodiments, a protection agent may also be located in a fiber channel switch, or in any other device situated in a data path between a host and a storage system or on the storage system itself. In some embodiments, in a virtualized environment, the protection agent may run at the hypervisor layer or in a virtual machine providing a virtualization layer.
As shown in the example embodiment shown in
Some embodiments of data protection system 100 may be provided as physical systems for the replication of physical LUs, or as virtual systems for the replication of virtual LUs. For example, in one embodiment, a hypervisor may consume LUs and may generate a distributed file system on the logical units such as Virtual Machine File System (VMFS) that may generate files in the file system and expose the files as LUs to the virtual machines (each virtual machine disk is seen as a SCSI device by virtual hosts). In another embodiment, a hypervisor may consume a network based file system and exposes files in the Network File System (NFS) as SCSI devices to virtual hosts.
In some embodiments, in normal operation (sometimes referred to as “production mode”), DPA 112 may act as a source DPA for LU A 136. Thus, in some embodiments, protection agent 144 may act as a source protection agent, specifically by splitting I/O requests to host device 140 (“Device A”). In some embodiments, protection agent 144 may send an I/O request to source DPA 112 and, after receiving an acknowledgement from source DPA 112, may send the I/O request to LU A 136. In some embodiments, after receiving an acknowledgement from storage system 108, host 104 may acknowledge that the I/O request has successfully completed.
In some embodiments, when source DPA 112 receives a replicated I/O request from protection agent 144, source DPA 112 may transmit certain I/O information characterizing the write request, packaged as a “write transaction”, over WAN 128 to target DPA 124 for journaling and for incorporation within target storage system 120. In some embodiments, when applying write operations to storage system 120, target DPA 124 may act as an initiator, and may send SCSI commands to LU B 156.
In some embodiments, source DPA 112 may send its write transactions to target DPA 124 using a variety of modes of transmission, including (i) a synchronous mode, (ii) an asynchronous mode, and (iii) a snapshot mode.
In some embodiments, in synchronous mode, source DPA 112 may send each write transaction to target DPA 124, may receive back an acknowledgement from the target DPA 124, and in turn may send an acknowledgement back to protection agent 144. In some embodiments, in synchronous mode, protection agent 144 may wait until receipt of such acknowledgement before sending the I/O request to LU 136.
Thus, in some embodiments such as described herein, in continuous mode, every write I/O to a production volume may be intercepted and sent to both the production volume and a replica volume. Thus, in some embodiments, continuous mode may provide a very low Recovery Point Objective (RPO), meaning that data on a replica volume lags data on the production volume by only a short time period (e.g., a few seconds). In some embodiments, RPO is an amount of data that the user is willing to lose in case of production disaster (e.g., an amount of time between replications). In some embodiments (e.g., for particularly important data), continuous mode may provide an RPO of zero (e.g., data on the replica volume is the same as data on the production volume) and high granularity of points in time (PITs) for restoring the production volume (e.g., since continuous replication may generate a replica each time there is a write operation to the production volume).
In some embodiments, in asynchronous mode, source DPA 112 may send an acknowledgement to protection agent 144 upon receipt of each I/O request, before receiving an acknowledgement back from target DPA 124.
In some embodiments, in snapshot mode, source DPA 112 may receive several I/O requests and combine them into an aggregate “snapshot” or “batch” of write activity performed in the multiple I/O requests, and may send the snapshot to target DPA 124 for journaling and incorporation in target storage system 120. In some embodiments, in snapshot mode, source DPA 112 may send an acknowledgement to protection agent 144 upon receipt of each I/O request, before receiving an acknowledgement back from target DPA 124.
Thus, in some embodiments, in snapshot mode, snapshot replicas of a production volume may be periodically generated, and changes in data may be tracked between consecutive snapshot replicas. For example, one or more write operations may modify data on the production volume between generation of snapshot replicas. In some embodiments, regions of the production volume that are modified, and the changed data written to the regions, may be tracked. In some embodiments, when a new snapshot replica is generated, modified regions may be read from the production volume and sent to the replica volume.
In some embodiments, a snapshot replica may be a differential representation of a volume. For example, the snapshot may include pointers to the original volume, and may point to log volumes for locations of the original volume that store data changed by one or more I/O requests. In some embodiments, snapshots may be combined into a snapshot array, which may represent different images over a time period (e.g., for multiple PITs).
In some embodiments, data protection system may include one or more consistency groups. In some embodiments, a consistency group may treat source volumes (e.g., production volumes) and target volumes (e.g., backup volumes) as a single logical entity for data replication and migration.
As described herein, in some embodiments, in normal operation, LU B 156 may be used as a backup of LU A 136. In such embodiments, while data written to LU A 136 by host 104 is replicated from LU A 136 to LU B 156, target host 116 should not send I/O requests to LU B 156. In some embodiments, to prevent such I/O requests from being sent, protection agent 164 may act as a target site protection agent for host device B 160 and may fail I/O requests sent from host 116 to LU B 156 through host device B 160. In some embodiments, in a recovery mode, target DPA 124 may undo the write transactions in journal LU 176 so as to restore the target storage system 120 to an earlier state.
Referring to
Referring to both
Since the journal contains the “undo” information necessary to rollback storage system 120, in some embodiments, data that was stored in specific memory locations at a specified point in time may be obtained by undoing write transactions that occurred subsequent to such point in time (PIT).
In some embodiments, each of the four streams may hold a plurality of write transaction data. In some embodiments, as write transactions are received dynamically by the target DPA, the write transactions may be recorded at the end of the DO stream and the end of the DO METADATA stream, prior to committing the transaction.
In some embodiments, a metadata stream (e.g., UNDO METADATA stream or the DO METADATA stream) and the corresponding data stream (e.g., UNDO stream or DO stream) may be kept in a single stream by interleaving metadata and data.
Some described embodiments may validate that point-in-time (PIT) data replicas (e.g., data replicated to LU B 156) are valid and usable, for example to verify that the data replicas are not corrupt due to a system error or inconsistent due to violation of write order fidelity. In some embodiments, validating data replicas can be important, for example, in data replication systems employing incremental backup where an undetected error in an earlier data replica may lead to corruption of future data replicas.
In conventional systems, validating data replicas can increase the journal lag, which may increase a recovery time objective (RTO) of a data protection system (e.g., an elapsed time between replicas or PITs). In such conventional systems, if the journal lag time is significant, the journal may become full and unable to account for data changes due to subsequent transactions. Further, in such conventional systems, validating data replicas may consume system resources (e.g., processor time, memory, communication link bandwidth, etc.), resulting in reduced performance for system tasks.
Referring back to
In an illustrative embodiment, an enhanced copy may include application data, the application itself, application configuration data, application metadata, and runtime settings. For example, the application itself (e.g., an executable image of a particular version of the application) may be stored to be able to restore/access the data with the correct application version, which in some examples includes the application itself and the applications that generated the data copies. In some examples, the application configuration data enables the application to be run from the enhanced copy. In some examples, runtime settings enable the environment to be mimicked or restored.
In some embodiments, application metadata may include application operational settings, number of instances, scale out parameters, availability information, and other information that describes the operating environment of a host running the application. In some embodiments, the application metadata may also include parameters to connect to additional resources or data sources, such as databases, object stores, data volumes, file systems, or any service that the application was consuming at the time. In some embodiments, the application metadata may further include metadata providing information about resources used by the application, for example IDs, names, and/or types. In some embodiments, the enhanced copy may also include metadata about itself, for example a timestamp, size, and compression/archiving type. In some embodiments, the application metadata may further include parameters controlling whether to restore all of the above features/services, or partial of the features/services, restore only the data instead of the executable image of the application. In some embodiments, the parameters may also control the way the runtime environment is set up. For example, a restoration for a development environment may not restore all the runtime services or may restore them at a lower service level agreement (SLA), etc.
In some embodiments, runtime settings enable the environment to be mimicked, including allocation of proper processing resources (e.g., processor, memory, storage, operating system, network stack, proper system clock). In some embodiments, certain services that were utilized or connected with may also be restored based on the application metadata. In some embodiments, it is therefore possible to restore a full working copy of the application of a particular point in time, rather than just the application data.
In an illustrative embodiment, when an application is restored, an operating environment or execution environment will be established and configured based on the application metadata, including allocating proper resources, even setting up a system clock reflecting the time of the capture and copying. In some embodiments, a virtual machine may be provisioned and configured based on the application metadata, which mimics substantially the same operating environment at the time of the copying or capturing of the corresponding snapshot. In some embodiments, an executable image of the application is then executed within the operating environment and the application data is loaded into the memory and accessible by the application.
In some embodiments, it is therefore advantageously possible create a copy of the application in which the configurations, settings and environment (including clocks) appear to the developer to be moved back to those of the run time environment at the time of interest (e.g., a time at which a problem or bug was detected), even if available services have changed or been removed. In some embodiments, it becomes possible to provide the developer with a copy of the application where the environment is identical to the environment at the time of the problem or bug. In some embodiments, an enhanced copy ensures that even if the enhanced copy is dormant for a lengthy amount of time (e.g., several years), that the data can still be accessed.
Some embodiments may generate and employ enhanced copies such as described in U.S. patent application Ser. No. 14/978,351, filed on Dec. 22, 2015, entitled “STORING APPLICATION DATA AS AN ENHANCED COPY,” which is incorporated by reference herein in its entirety, and which describes automated integration between a platform as a service (PaaS) and a data protection system that performs compute services concurrently with data services (e.g., restore, backup, etc.).
Referring to
In some embodiments, production site 302 may periodically write snapshot replicas to replica site 322. In some embodiments, replica site 322 may include one or more replica volumes 324 containing one or more snapshot replicas 326. In some embodiments, snapshot replicas 326 may be differential snapshot replicas (e.g., representing only data changed on production volume 306 from the time of a previous snapshot replica). In other embodiments, at least one snapshot replica may be a replica of the entire production volume 306. In various embodiments, snapshot replicas 326 may be generated using a variety of data protection methods or processes, such as, for example, backup, replication, mirroring, snapshots, clones, copying, archiving, file system versioning, traffic replay or other similar technologies. In some embodiments, each snapshot replica may be complete copies, partial copies, differential copies, incremental copies, or any transformation of data representation including but not limited to compression, deduplication and encryption.
In some embodiments, each snapshot replica may represent a point-in-time (PIT) to which production volume 306 may be restored. In embodiments where each snapshot replica 326 is an enhanced copy, each enhanced copy snapshot replica may also represent a PIT to which production application 304 and production memory 310 may be restored. As will be described, in some embodiments, enhanced copy snapshot replicas 326 may be writable snapshot replicas.
Further, some embodiments may detect bugs or problems in a production application (e.g., 304). For example, some embodiments may automatically detect and test (or debug) faults, problems, bugs or other anomalies of production site 302, for example such as described in U.S. patent application Ser. No. 15/087,817, filed on Mar. 31, 2016, entitled “PROACTIVE DEBUGGING,” which is incorporated by reference herein in its entirety.
In some embodiments, a snapshot replica of the time at which the problem occurred (or before) may be used to initiate test site 312 to enable debugging of the production application. Thus, in some embodiments, an enhanced copy snapshot replica may represent a PIT of production application 304, production volume 306, and production memory 310 that may be initiated on test application 314, test volume 316 and test memory 320 to enable debugging without removing production site 302 from normal production service. As will be described, in some embodiments, test volume 316 may employ production data (e.g., data 308) for testing. In embodiments where production data 308 is of a sensitive nature (e.g., medical record data, financial data, classified data, etc.), test volume 316 may employ obfuscated data 318, which may be an obfuscated version of production data 308.
For example, after a problem or bug is detected in production site 302, test site 312 may be initiated using an enhanced copy snapshot replica 326 from a time before (e.g., earlier than) the time the problem of bug occurred. For example, the most recent enhanced copy snapshot replica 326 may be employed to initiate test site 312. In some embodiments, by employing an enhanced copy snapshot replica, test site 312 may be advantageously initiated as a copy of production site 302, including the application, application configurations, settings and environment (including clocks) at, or just before, the time at which the problem or bug was detected.
In an embodiment, recent I/O requests and other data traffic received by production application 304 may be stored in order to be replayed to test application 314 after initiating test site 312 to a PIT using an enhanced copy snapshot replica. In such an embodiment, requests made to the production application 304 since the time of the most recent enhanced copy snapshot replica 326 may be stored. Thus, in some embodiments, test site 312 may be operated from a time before the problem was detected to a time at which the problem was detected.
Some embodiments may load test volume 316 with non-production data (e.g., development test data or backend data). For example, in situations where a problem or bug is related to interactions between services or to an amount of traffic, it may not be necessary to obtain and use actual production data. However, in situations where a problem of bug may be related to the data itself, problems or bugs may not be able to be tested without using the production data. In some embodiments, if the production data is of a sensitive nature, test site 312 may employ obfuscated production data before allowing developers capability to view and test (or debug) the test environment.
As described herein, in some embodiments, enhanced copy snapshot replicas 326 may also include memory snapshots (e.g., data from production memory 310). In some embodiments, memory snapshots store a copy of production memory 310 at any PIT, allowing test site 312 to be instantiated using that memory, thus allowing test site 312 to run at the same context the snapshot was taken.
Further, as described herein, in some embodiments enhanced copy snapshot replicas 326 may be implemented as writable snapshots. In some embodiments, writable snapshots enable data system 300 to make an immediate copy of the production environment (e.g., production site 302) and begin altering it (e.g., as test site 312). Referring to
Referring to
In some embodiments, at block 508, if the production environment (e.g., production site 302) includes sensitive data (e.g., financial data, classified data, medical data, or other confidential or sensitive data), then at block 510 the memory snapshot data (e.g., the memory snapshot generated at block 406 of
In some embodiments, at block 508, if the production environment (e.g., production site 302) does not include sensitive data, then process 500 proceeds to block 516.
In some embodiments, at block 518, the test application (e.g., test application 314) is run based upon the data provided to the test volume (e.g., test volume 316) and the test memory (e.g., test memory 320). In some embodiments, at block 518, I/O requests are replayed. For example, the developer may be able to run any inputs to the production application (e.g., production application 304) after the snapshot replica was created (e.g., at block of
In some embodiments, process 500 may be performed upon user request to test system 300. In some embodiments, process 500 may be performed automatically upon an error occurrence in the production environment (e.g., production site 302).
Although not shown in
In some embodiments, running the test application on an obfuscated environment and also obfuscates the application memory structure. In some embodiments, if the test application includes one or more data services (e.g., object stores, relational databases, etc.) this data may also be obfuscated, allowing consistency across services. In some embodiments, the obfuscation occurs upon reading the data from the source (e.g., the data service or the replica site). In some embodiments, data obfuscation allows users to mask sensitive data such that various users would be able to run an application on the data, but without viewing the sensitive data. In some embodiments, upon copying the data set to the test environment, the data is obfuscated.
In some embodiments, obfuscation may work most beneficially for applications having a relatively well known memory structure such that internal variables and individual fields of data can be identified and obfuscated. For example, Java® Virtual Machine applications may be employed, since the location of internal application variables in memory is known. In addition, in some embodiments, obfuscation may work most beneficially for data having well-defined patterns, for example credit card numbers or serial IDs that have distinctive patterns that can be identified and validated for correctness before obfuscating them.
In some described embodiments, hosts 104 and 116 of
Processes 400 and 500 (
The processes described herein are not limited to the specific embodiments described. For example, processes 400 and 500 are not limited to the specific processing order shown in
Processor 602 may be implemented by one or more programmable processors executing one or more computer programs to perform the functions of the system. As used herein, the term “processor” describes an electronic circuit that performs a function, an operation, or a sequence of operations. The function, operation, or sequence of operations may be hard coded into the electronic circuit or soft coded by way of instructions held in a memory device. A “processor” may perform the function, operation, or sequence of operations using digital values or using analog signals. In some embodiments, the “processor” can be embodied in an application specific integrated circuit (ASIC). In some embodiments, the “processor” may be embodied in a microprocessor with associated program memory. In some embodiments, the “processor” may be embodied in a discrete electronic circuit. The “processor” may be analog, digital or mixed-signal. In some embodiments, the “processor” may be one or more physical processors and/or one or more “virtual” (e.g., remotely located or “cloud”) processors.
Various functions of circuit elements may also be implemented as processing blocks in a software program. Such software may be employed in, for example, one or more digital signal processors, microcontrollers, or general purpose computers. Described embodiments may be implemented in hardware, a combination of hardware and software, software, or software in execution by one or more physical and/or one or more virtual processors.
Some embodiments may be implemented in the form of methods and apparatuses for practicing those methods. Described embodiments may also be implemented in the form of program code, for example, stored in a storage medium, loaded into and/or executed by a machine, or transmitted over some transmission medium or carrier, such as over electrical wiring or cabling, through fiber optics, or via electromagnetic radiation. A non-transitory machine-readable medium may include but is not limited to tangible media, such as magnetic recording media including hard drives, floppy diskettes, and magnetic tape media, optical recording media including compact discs (CDs) and digital versatile discs (DVDs), solid state memory such as flash memory, hybrid magnetic and solid state memory, non-volatile memory, volatile memory, and so forth, but does not include a transitory signal per se. When embodied in a non-transitory machine-readable medium and the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the method.
When implemented on a processing device, the program code segments combine with the processor to provide a unique device that operates analogously to specific logic circuits. Such processing devices may include, for example, a general purpose microprocessor, a digital signal processor (DSP), a reduced instruction set computer (RISC), a complex instruction set computer (CISC), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a programmable logic array (PLA), a microcontroller, an embedded controller, a multi-core processor, and/or others, including combinations of one or more of the above. Described embodiments may also be implemented in the form of a bitstream or other sequence of signal values electrically or optically transmitted through a medium, stored magnetic-field variations in a magnetic recording medium, etc., generated using a method and/or an apparatus as recited in the claims.
Various elements, which are described in the context of a single embodiment, may also be provided separately or in any suitable subcombination. It will be further understood that various changes in the details, materials, and arrangements of the parts that have been described and illustrated herein may be made by those skilled in the art without departing from the scope of the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5170480 | Mohan et al. | Dec 1992 | A |
| 5249053 | Jain | Sep 1993 | A |
| 5388254 | Betz et al. | Feb 1995 | A |
| 5499367 | Bamford et al. | Mar 1996 | A |
| 5526397 | Lohman | Jun 1996 | A |
| 5864837 | Maimone | Jan 1999 | A |
| 5879459 | Gadgil et al. | Mar 1999 | A |
| 5990899 | Whitten | Nov 1999 | A |
| 6042652 | Hyun et al. | Mar 2000 | A |
| 6065018 | Beier et al. | May 2000 | A |
| 6143659 | Leem | Nov 2000 | A |
| 6148340 | Bittinger et al. | Nov 2000 | A |
| 6174377 | Doering et al. | Jan 2001 | B1 |
| 6174809 | Kang et al. | Jan 2001 | B1 |
| 6203613 | Gates et al. | Mar 2001 | B1 |
| 6260125 | McDowell | Jul 2001 | B1 |
| 6270572 | Kim et al. | Aug 2001 | B1 |
| 6272534 | Guha | Aug 2001 | B1 |
| 6287965 | Kang et al. | Sep 2001 | B1 |
| 6467023 | DeKoning et al. | Oct 2002 | B1 |
| 6574657 | Dickinson | Jun 2003 | B1 |
| 6621493 | Whitten | Sep 2003 | B1 |
| 6804676 | Bains, II | Oct 2004 | B1 |
| 6947981 | Lubbers et al. | Sep 2005 | B2 |
| 7043610 | Horn et al. | May 2006 | B2 |
| 7051126 | Franklin | May 2006 | B1 |
| 7076620 | Takeda et al. | Jul 2006 | B2 |
| 7111197 | Kingsbury et al. | Sep 2006 | B2 |
| 7117327 | Hirakawa et al. | Oct 2006 | B2 |
| 7120768 | Mizuno et al. | Oct 2006 | B2 |
| 7130975 | Suishu et al. | Oct 2006 | B2 |
| 7139927 | Park et al. | Nov 2006 | B2 |
| 7159088 | Hirakawa et al. | Jan 2007 | B2 |
| 7167963 | Hirakawa et al. | Jan 2007 | B2 |
| 7203741 | Marco et al. | Apr 2007 | B2 |
| 7222136 | Brown et al. | May 2007 | B1 |
| 7296008 | Passerini et al. | Nov 2007 | B2 |
| 7328373 | Kawamura et al. | Feb 2008 | B2 |
| 7353335 | Kawamura | Apr 2008 | B2 |
| 7360113 | Anderson et al. | Apr 2008 | B2 |
| 7426618 | Vu et al. | Sep 2008 | B2 |
| 7519625 | Honami et al. | Apr 2009 | B2 |
| 7519628 | Leverett | Apr 2009 | B1 |
| 7546485 | Cochran et al. | Jun 2009 | B2 |
| 7590887 | Kano | Sep 2009 | B2 |
| 7606940 | Yamagami | Oct 2009 | B2 |
| 7719443 | Natanzon | May 2010 | B1 |
| 7757057 | Sangapu et al. | Jul 2010 | B2 |
| 7840536 | Ahal et al. | Nov 2010 | B1 |
| 7840662 | Natanzon | Nov 2010 | B1 |
| 7844856 | Ahal et al. | Nov 2010 | B1 |
| 7860836 | Natanzon et al. | Dec 2010 | B1 |
| 7882266 | Natanzon et al. | Feb 2011 | B2 |
| 7934262 | Natanzon et al. | Apr 2011 | B1 |
| 7958372 | Natanzon | Jun 2011 | B1 |
| 8037162 | Marco et al. | Oct 2011 | B2 |
| 8041940 | Natanzon et al. | Oct 2011 | B1 |
| 8060713 | Natanzon | Nov 2011 | B1 |
| 8060714 | Natanzon | Nov 2011 | B1 |
| 8103937 | Natanzon et al. | Jan 2012 | B1 |
| 8108634 | Natanzon et al. | Jan 2012 | B1 |
| 8205009 | Heller et al. | Jun 2012 | B2 |
| 8214612 | Natanzon | Jul 2012 | B1 |
| 8250149 | Marco et al. | Aug 2012 | B2 |
| 8271441 | Natanzon et al. | Sep 2012 | B1 |
| 8271447 | Natanzon et al. | Sep 2012 | B1 |
| 8332687 | Natanzon et al. | Dec 2012 | B1 |
| 8335761 | Natanzon | Dec 2012 | B1 |
| 8335771 | Natanzon et al. | Dec 2012 | B1 |
| 8341115 | Natanzon et al. | Dec 2012 | B1 |
| 8370648 | Natanzon | Feb 2013 | B1 |
| 8380885 | Natanzon | Feb 2013 | B1 |
| 8392680 | Natanzon et al. | Mar 2013 | B1 |
| 8429362 | Natanzon et al. | Apr 2013 | B1 |
| 8433869 | Natanzon et al. | Apr 2013 | B1 |
| 8438135 | Natanzon et al. | May 2013 | B1 |
| 8464101 | Natanzon et al. | Jun 2013 | B1 |
| 8478955 | Natanzon et al. | Jul 2013 | B1 |
| 8495304 | Natanzon et al. | Jul 2013 | B1 |
| 8510279 | Natanzon et al. | Aug 2013 | B1 |
| 8521691 | Natanzon | Aug 2013 | B1 |
| 8521694 | Natanzon | Aug 2013 | B1 |
| 8543609 | Natanzon | Sep 2013 | B1 |
| 8583885 | Natanzon | Nov 2013 | B1 |
| 8600945 | Natanzon et al. | Dec 2013 | B1 |
| 8601085 | Ives et al. | Dec 2013 | B1 |
| 8627012 | Derbeko et al. | Jan 2014 | B1 |
| 8683592 | Dotan et al. | Mar 2014 | B1 |
| 8694700 | Natanzon et al. | Apr 2014 | B1 |
| 8706700 | Natanzon et al. | Apr 2014 | B1 |
| 8712962 | Natanzon et al. | Apr 2014 | B1 |
| 8719497 | Don et al. | May 2014 | B1 |
| 8725691 | Natanzon | May 2014 | B1 |
| 8725692 | Natanzon et al. | May 2014 | B1 |
| 8726066 | Natanzon et al. | May 2014 | B1 |
| 8738613 | Natanzon et al. | May 2014 | B2 |
| 8745004 | Natanzon et al. | Jun 2014 | B1 |
| 8751828 | Raizen et al. | Jun 2014 | B1 |
| 8769336 | Natanzon et al. | Jul 2014 | B1 |
| 8805786 | Natanzon | Aug 2014 | B1 |
| 8806161 | Natanzon | Aug 2014 | B1 |
| 8825848 | Dotan et al. | Sep 2014 | B1 |
| 8832399 | Natanzon et al. | Sep 2014 | B1 |
| 8850143 | Natanzon | Sep 2014 | B1 |
| 8850144 | Natanzon et al. | Sep 2014 | B1 |
| 8862546 | Natanzon et al. | Oct 2014 | B1 |
| 8892835 | Natanzon et al. | Nov 2014 | B1 |
| 8898112 | Natanzon et al. | Nov 2014 | B1 |
| 8898409 | Natanzon et al. | Nov 2014 | B1 |
| 8898515 | Natanzon | Nov 2014 | B1 |
| 8898519 | Natanzon et al. | Nov 2014 | B1 |
| 8914595 | Natanzon | Dec 2014 | B1 |
| 8924668 | Natanzon | Dec 2014 | B1 |
| 8930500 | Marco et al. | Jan 2015 | B2 |
| 8930947 | Derbeko et al. | Jan 2015 | B1 |
| 8935498 | Natanzon | Jan 2015 | B1 |
| 8949180 | Natanzon et al. | Feb 2015 | B1 |
| 8954673 | Natanzon et al. | Feb 2015 | B1 |
| 8954796 | Cohen et al. | Feb 2015 | B1 |
| 8959054 | Natanzon | Feb 2015 | B1 |
| 8977593 | Natanzon et al. | Mar 2015 | B1 |
| 8977826 | Meiri et al. | Mar 2015 | B1 |
| 8996461 | Natanzon et al. | Mar 2015 | B1 |
| 8996480 | Frank et al. | Mar 2015 | B2 |
| 8996827 | Natanzon | Mar 2015 | B1 |
| 9003138 | Natanzon et al. | Apr 2015 | B1 |
| 9026696 | Natanzon et al. | May 2015 | B1 |
| 9031913 | Natanzon | May 2015 | B1 |
| 9032160 | Natanzon et al. | May 2015 | B1 |
| 9037818 | Natanzon et al. | May 2015 | B1 |
| 9063994 | Natanzon et al. | Jun 2015 | B1 |
| 9069479 | Natanzon | Jun 2015 | B1 |
| 9069709 | Natanzon et al. | Jun 2015 | B1 |
| 9081754 | Natanzon et al. | Jul 2015 | B1 |
| 9081842 | Natanzon et al. | Jul 2015 | B1 |
| 9087008 | Natanzon | Jul 2015 | B1 |
| 9087112 | Natanzon et al. | Jul 2015 | B1 |
| 9104529 | Derbako et al. | Aug 2015 | B1 |
| 9110914 | Frank et al. | Aug 2015 | B1 |
| 9116811 | Derbeko et al. | Aug 2015 | B1 |
| 9128628 | Natanzon et al. | Sep 2015 | B1 |
| 9128855 | Natanzon et al. | Sep 2015 | B1 |
| 9134914 | Derbeko et al. | Sep 2015 | B1 |
| 9135119 | Natanzon et al. | Sep 2015 | B1 |
| 9135120 | Natanzon | Sep 2015 | B1 |
| 9146878 | Cohen et al. | Sep 2015 | B1 |
| 9152339 | Cohen et al. | Oct 2015 | B1 |
| 9152578 | Saad et al. | Oct 2015 | B1 |
| 9152814 | Natanzon | Oct 2015 | B1 |
| 9158578 | Derbeko et al. | Oct 2015 | B1 |
| 9158630 | Natanzon | Oct 2015 | B1 |
| 9160526 | Raizen et al. | Oct 2015 | B1 |
| 9177670 | Derbeko et al. | Nov 2015 | B1 |
| 9189339 | Cohen et al. | Nov 2015 | B1 |
| 9189341 | Natanzon et al. | Nov 2015 | B1 |
| 9201736 | Moore et al. | Dec 2015 | B1 |
| 9223659 | Natanzon et al. | Dec 2015 | B1 |
| 9225529 | Natanzon et al. | Dec 2015 | B1 |
| 9235481 | Natanzon et al. | Jan 2016 | B1 |
| 9235524 | Derbeko et al. | Jan 2016 | B1 |
| 9235632 | Natanzon | Jan 2016 | B1 |
| 9244997 | Natanzon et al. | Jan 2016 | B1 |
| 9256605 | Natanzon | Feb 2016 | B1 |
| 9274718 | Natanzon et al. | Mar 2016 | B1 |
| 9275063 | Natanzon | Mar 2016 | B1 |
| 9286052 | Solan et al. | Mar 2016 | B1 |
| 9305009 | Bono et al. | Apr 2016 | B1 |
| 9323750 | Natanzon et al. | Apr 2016 | B2 |
| 9330155 | Bono et al. | May 2016 | B1 |
| 9336094 | Wolfson et al. | May 2016 | B1 |
| 9336230 | Natanzon | May 2016 | B1 |
| 9367260 | Natanzon | Jun 2016 | B1 |
| 9378096 | Erel et al. | Jun 2016 | B1 |
| 9378219 | Bono et al. | Jun 2016 | B1 |
| 9378261 | Bono et al. | Jun 2016 | B1 |
| 9383937 | Frank et al. | Jul 2016 | B1 |
| 9389800 | Natanzon et al. | Jul 2016 | B1 |
| 9405481 | Cohen et al. | Aug 2016 | B1 |
| 9405684 | Derbeko et al. | Aug 2016 | B1 |
| 9405765 | Natanzon | Aug 2016 | B1 |
| 9411535 | Shemer et al. | Aug 2016 | B1 |
| 9459804 | Natanzon et al. | Oct 2016 | B1 |
| 9460028 | Raizen et al. | Oct 2016 | B1 |
| 9471579 | Natanzon | Oct 2016 | B1 |
| 9477407 | Marshak et al. | Oct 2016 | B1 |
| 9501542 | Natanzon | Nov 2016 | B1 |
| 9507732 | Natanzon et al. | Nov 2016 | B1 |
| 9507845 | Natanzon et al. | Nov 2016 | B1 |
| 9514138 | Natanzon et al. | Dec 2016 | B1 |
| 9524218 | Veprinsky et al. | Dec 2016 | B1 |
| 9529885 | Natanzon et al. | Dec 2016 | B1 |
| 9535800 | Natanzon et al. | Jan 2017 | B1 |
| 9535801 | Natanzon et al. | Jan 2017 | B1 |
| 9547459 | BenHanokh et al. | Jan 2017 | B1 |
| 9547591 | Natanzon et al. | Jan 2017 | B1 |
| 9552405 | Moore et al. | Jan 2017 | B1 |
| 9557921 | Cohen et al. | Jan 2017 | B1 |
| 9557925 | Natanzon | Jan 2017 | B1 |
| 9563517 | Natanzon et al. | Feb 2017 | B1 |
| 9563684 | Natanzon et al. | Feb 2017 | B1 |
| 9575851 | Natanzon et al. | Feb 2017 | B1 |
| 9575857 | Natanzon | Feb 2017 | B1 |
| 9575894 | Natanzon et al. | Feb 2017 | B1 |
| 9582382 | Natanzon et al. | Feb 2017 | B1 |
| 9588703 | Natanzon et al. | Mar 2017 | B1 |
| 9588847 | Natanzon et al. | Mar 2017 | B1 |
| 9594822 | Natanzon et al. | Mar 2017 | B1 |
| 9600377 | Cohen et al. | Mar 2017 | B1 |
| 9619543 | Natanzon et al. | Apr 2017 | B1 |
| 9632881 | Natanzon | Apr 2017 | B1 |
| 9665305 | Natanzon et al. | May 2017 | B1 |
| 9710177 | Natanzon | Jul 2017 | B1 |
| 9720618 | Panidis et al. | Aug 2017 | B1 |
| 9722788 | Natanzon et al. | Aug 2017 | B1 |
| 9727429 | Moore et al. | Aug 2017 | B1 |
| 9733969 | Derbeko et al. | Aug 2017 | B2 |
| 9737111 | Lustik | Aug 2017 | B2 |
| 9740572 | Natanzon et al. | Aug 2017 | B1 |
| 9740573 | Natanzon | Aug 2017 | B1 |
| 9740880 | Natanzon et al. | Aug 2017 | B1 |
| 9749300 | Cale et al. | Aug 2017 | B1 |
| 9772789 | Natanzon et al. | Sep 2017 | B1 |
| 9798472 | Natanzon et al. | Oct 2017 | B1 |
| 9798490 | Natanzon | Oct 2017 | B1 |
| 9804934 | Natanzon et al. | Oct 2017 | B1 |
| 9811431 | Natanzon et al. | Nov 2017 | B1 |
| 9823865 | Natanzon et al. | Nov 2017 | B1 |
| 9823973 | Natanzon | Nov 2017 | B1 |
| 9832261 | Don et al. | Nov 2017 | B2 |
| 9846698 | Panidis et al. | Dec 2017 | B1 |
| 9875042 | Natanzon et al. | Jan 2018 | B1 |
| 9875162 | Panidis et al. | Jan 2018 | B1 |
| 20020129168 | Kanai et al. | Sep 2002 | A1 |
| 20030048842 | Fourquin et al. | Mar 2003 | A1 |
| 20030061537 | Cha et al. | Mar 2003 | A1 |
| 20030110278 | Anderson | Jun 2003 | A1 |
| 20030145317 | Chamberlain | Jul 2003 | A1 |
| 20030196147 | Hirata et al. | Oct 2003 | A1 |
| 20040205092 | Longo et al. | Oct 2004 | A1 |
| 20040250032 | Ji et al. | Dec 2004 | A1 |
| 20040254964 | Kodama et al. | Dec 2004 | A1 |
| 20050015663 | Armangau et al. | Jan 2005 | A1 |
| 20050028022 | Amano | Feb 2005 | A1 |
| 20050049924 | DeBettencourt et al. | Mar 2005 | A1 |
| 20050172092 | Lam et al. | Aug 2005 | A1 |
| 20050273655 | Chow et al. | Dec 2005 | A1 |
| 20060031647 | Hirakawa et al. | Feb 2006 | A1 |
| 20060047996 | Anderson et al. | Mar 2006 | A1 |
| 20060064416 | Sim-Tang | Mar 2006 | A1 |
| 20060107007 | Hirakawa et al. | May 2006 | A1 |
| 20060117211 | Matsunami et al. | Jun 2006 | A1 |
| 20060161810 | Bao | Jul 2006 | A1 |
| 20060179343 | Kitamura | Aug 2006 | A1 |
| 20060195670 | Iwamura et al. | Aug 2006 | A1 |
| 20070033356 | Erlikhman | Feb 2007 | A1 |
| 20070055833 | Vu et al. | Mar 2007 | A1 |
| 20070180304 | Kano | Aug 2007 | A1 |
| 20070198602 | Ngo et al. | Aug 2007 | A1 |
| 20070198791 | Iwamura et al. | Aug 2007 | A1 |
| 20110295815 | Mandagere | Dec 2011 | A1 |
| 20120233123 | Shisheng | Sep 2012 | A1 |
| 20120284233 | Otani | Nov 2012 | A1 |
| 20150127611 | Westerman | May 2015 | A1 |
| 20170323110 | Griffith | Nov 2017 | A1 |
| Number | Date | Country |
|---|---|---|
| 1154356 | Nov 2001 | EP |
| WO 00 45581 | Aug 2000 | WO |
| Entry |
|---|
| U.S. Appl. No. 15/274,362, filed Sep. 23, 2016, Baruch et al. |
| U.S. Appl. No. 15/274,117, filed Sep. 23, 2016, Baruch. |
| U.S. Appl. No. 15/274,122, filed Sep. 23, 2016, Baruch et al. |
| U.S. Appl. No. 15/274,373, filed Sep. 23, 2016, Baruch et al. |
| U.S. Appl. No. 15/274,381, filed Sep. 23, 2016, Ayzenberg et al. |
| U.S. Appl. No. 15/275,677, filed Sep. 23, 2016, Baruch et al. |
| Gibson, “Five Point Plan Lies at the Heart of Compression Technology;” Tech Talk; Apr. 29, 1991; 1 Page. |
| Soules et al., “Metadata Efficiency in Versioning File Systems;” 2nd USENIX Conference on File and Storage Technologies; Mar. 31, 2003-Apr. 2, 2003; 16 Pages. |
| AIX System Management Concepts: Operating Systems and Devices; Bull Electronics Angers; May 2000; 280 Pages. |
| Soules et al., “Metadata Efficiency in a Comprehensive Versioning File System;” May 2002; CMU-CS-02-145; School of Computer Science, Carnegie Mellon University; 33 Pages. |
| “Linux Filesystems,” Sams Publishing; 2002; Chapter 1: Introduction to Filesystems pp. 17-22 and Chapter 3: Overview of Journaling Filesystems pp. 67-71; 12 Pages. |
| Bunyan et al., “Multiplexing in a BrightStor® ARCserve® Backup Release 11;” Mar. 2004; 4 Pages. |
| Marks, “Network Computing, 33;” Cover Story; Feb. 2, 2006; 8 Pages. |
| Hill, “Network Computing, NA;” Cover Story; Jun. 8, 2006; 9 Pages. |
| Microsoft Computer Dictionary, Fifth Edition; 2002; 3 Pages. |
| Wikipedia; Retrieved on Mar. 29, 2011 from http://en.wikipedia.org/DEFLATE: Deflate; 6 Pages. |
| Wikipedia; Retrieved on Mar. 29, 2011 from http://en.wikipedia.org/wiki/Huffman_coding: Huffman Coding; 11 Pages. |
| Wikipedia; Retrieved on Mar. 29, 2011 from http://en.wikipedia.org/wiki/LZ77: LZ77 and LZ78; 2 Pages. |
