公开(公告)号：US20250063047A1

公开(公告)日：2025-02-20

申请号：US18449920

申请日：2023-08-15

Applicant: Dell Products, L.P.

Inventor： Brandon Myers ,  Eric T. Stouch ,  Gregory W. Lazar ,  Kristian Comer

IPC: H04L9/40

Abstract: Systems and methods for providing secure temporary privileged access to computing devices configured in a cluster are disclosed. According to one embodiment, an Information Handling System (IHS) includes a cluster configured with multiple computing devices, and computer-executable instructions to obtain a temporary key, and distribute the temporary key to each of the computing devices, wherein each of the computing devices stores its copy of the key. Using the temporary key, the instructions establish a temporary secure communication channel with each of the computing devices, perform a task on each of the computing devices using the secure communication channel, and cancel the secure communication channel when the task is finished.

公开(公告)号：US20240086335A1

公开(公告)日：2024-03-14

申请号：US17942410

申请日：2022-09-12

Applicant: Dell Products L.P.

Inventor： Charles W. Kaufman ,  Xuan Tang ,  George Papadopoulos ,  Vasu Subramanian ,  Jamie Pocas ,  Naizhong Chiu ,  Gregory W. Lazar

IPC: G06F12/14 ,  G06F9/455 ,  G06F21/60 ,  H04L9/08

CPC classification number: G06F12/1408 ,  G06F9/45558 ,  G06F21/602 ,  H04L9/0822 ,  G06F2009/45583 ,  G06F2212/1052

Abstract: Techniques for providing increased support for deduplication and compression of encrypted storage volumes. The techniques include receiving, at a storage virtual machine (VM), a data encryption key (DEK) associated with encrypted volume data, in which the DEK is wrapped in a key encryption key (KEK). The techniques include receiving, at the storage VM from a client virtual machine (VM), a write request specifying the encrypted volume data. The techniques include obtaining, by the storage VM, the KEK from a key management system (KMS) embedded on the storage VM. The techniques include unwrapping, by the storage VM, the DEK using the KEK, and decrypting, by an IO decryptor hosted by the storage VM, the encrypted volume data using the DEK. The techniques include performing, by the storage VM, data reduction operations on the decrypted volume data, and storing, by the storage VM, the data-reduced volume data on a storage array.

公开(公告)号：US11954239B2

公开(公告)日：2024-04-09

申请号：US17562150

申请日：2021-12-27

Applicant: Dell Products L.P.

Inventor： Gregory W. Lazar

IPC: G06F21/78 ,  G06F3/06 ,  G06F21/60 ,  H04L9/40

CPC classification number: G06F21/78 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/067 ,  G06F21/602 ,  H04L63/166

Abstract: A drive subsystem engages in data communication with a storage controller by establishing first and second communication ports, wherein the second port is configured for decryption and forwarding of decrypted communications to the first port. The drive subsystem receives and processes data communications having selective encryption and identification of target port, by (1) for a security command containing secret data (e.g. a passphrase) enabling operation of a target drive, receiving the security command at the second port, decrypting the security command and forwarding it to the first port for delivery to the target drive, and (2) for data commands by which the storage controller stores and retrieves data to/from the target drive, receiving the data commands in non-encrypted form at the first port directly from the storage controller for delivery to the target drive.

公开(公告)号：US20230205936A1

公开(公告)日：2023-06-29

申请号：US17562150

申请日：2021-12-27

Applicant: Dell Products L.P.

Inventor： Gregory W. Lazar

IPC: G06F21/78 ,  G06F21/60 ,  G06F3/06

CPC classification number: G06F21/78 ,  G06F21/602 ,  H04L63/166 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/067

Abstract: A drive subsystem engages in data communication with a storage controller by establishing first and second communication ports, wherein the second port is configured for decryption and forwarding of decrypted communications to the first port. The drive subsystem receives and processes data communications having selective encryption and identification of target port, by (1) for a security command containing secret data (e.g. a passphrase) enabling operation of a target drive, receiving the security command at the second port, decrypting the security command and forwarding it to the first port for delivery to the target drive, and (2) for data commands by which the storage controller stores and retrieves data to/from the target drive, receiving the data commands in non-encrypted form at the first port directly from the storage controller for delivery to the target drive.

公开(公告)号：US20250039087A1

公开(公告)日：2025-01-30

申请号：US18225787

申请日：2023-07-25

Applicant: Dell Products L.P.

Inventor： Gregory W. Lazar ,  Vasudevan Subramanian ,  Weixing Wang ,  Animesh Singh

IPC: H04L45/741 ,  G06F11/14 ,  H04L45/745

Abstract: A distributed data storage system includes clusters of data storage appliances interconnected by an inter-cluster (IC) network having an IC namespace. Storage processing (SP) nodes exchange management traffic using mesh network (MN) addresses of a separate MN namespace. Gateways provide IC tunnels for routing management traffic among the clusters using IC network addresses. Operation includes, in each gateway for traffic from a local SP node destined for a remote SP node of another cluster, (1) performing a routing check based on a routing rule associating an MN destination address with a dummy MN address further associated with a respective IC tunnel, (2) applying a tunnel configuration rule of the IC tunnel associating the MN destination address with the IC network address of a remote gateway for the remote SP, and (3) forwarding the traffic on the respective IC tunnel using the IC network address of the remote gateway.

公开(公告)号：US20240346186A1

公开(公告)日：2024-10-17

申请号：US18133736

申请日：2023-04-12

Applicant: Dell Products L.P.

Inventor： Gregory W. Lazar

IPC: G06F21/78 ,  G06F21/60 ,  G06F21/85

CPC classification number: G06F21/78 ,  G06F21/602 ,  G06F21/85

Abstract: A drive subsystem engages in data communication with a storage controller by establishing logic for selectively decrypting data communications based on identification of a controller encryption port as source port in received data communications. Data communications from the storage controller are processed by (1) for data commands, based on a non-encrypting port being identified as the source port, delivering the received data commands without decryption to the target drive, and (2) for a security command containing secret data enabling operation of the target drive, based on the controller encryption port being identified as the source port, decrypting the security command and delivering the decrypted security command to the target drive.