Multiple stateful virtualized computing instances (e.g., containers) are provided with concurrent access (e.g., read and/or write access) to a shared persistent storage location, such as a persistent volume (PV). This multiple-access capability is provided by a container volume driver that generates and maintains an interval tree data structure for purposes of tracking and managing attempts by containers to simultaneously read/write to the PV.

A storage system includes a host device including a host processor and a secure element distinguished from the host processor, and a storage device that includes a first memory area accessed by the host processor, and a second memory area distinguished from the first memory area and accessed by the secure element. The host processor includes a first replay protected memory block (RPMB) key and a first RPMB counter for a first RPMB subsystem of the host processor. The secure element includes a second RPMB key and a second RPMB counter for a second RPMB subsystem of secure element. The first memory area includes a third RPMB key, a third RPMB counter and a first data space of the first RPMB sub-system. The second memory area includes a fourth RPMB key, a fourth RPMB counter and a second data space of the second RPMB sub-system.

Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. Such functions can include data access control functions, data manipulation functions, and the like. The owner of an object collection maintained by the object storage service can specify code execution environment rules that can give privileges to the execution of such functions such as by allowing the functions to access external services or the requesting user's private resources. In this manner, owners of the object collection are provided with greater control over how the object collection is accessed.

Scalable storage cluster mirroring is disclosed. A compute instance comprising a processor device determines that storage segments have been modified on a first storage node of a plurality of storage nodes in a first cluster of storage nodes at a first data modification rate. In response to determining that the storage segments have been modified on the first storage node at the first data modification rate, a first mirror process that is configured to copy storage segments from an identified storage node to a mirrored cluster of storage nodes is initiated, and a storage node identifier that identifies the first storage node is communicated to the first mirror process.

A method and apparatus for controlling access to memory is disclosed. In one implementation, a memory controller may receive a memory access request that may include a virtual memory address, a device identifier (ID) and a protected access indicator. Additionally, the memory controller can receive page table entries including a physical memory address based on the virtual memory address and a security attribute associated with the physical memory address. The memory controller may access a memory based on the physical memory address, the security attribute, the protected access indicator, and the device ID.

A method for execution by a storage network, the method begins by determining a failure rate of storage nodes of an active storage pool, establishing a number of standby storage nodes based on the determined failure rate, identifying resource identifiers for the failed storage node, selecting an available standby storage node, facilitating populating the selected available standby storage node with data slices associated with the failed storage node, utilizing the selected available standby storage node, facilitating population of a replacement storage node with the data slices from the selected available standby storage node and facilitating processing of further receive data access requests for data associated with the associated resource identifiers by utilizing the replacement storage node.

A device creates virtual storage bucket to abstract the data and the access from another device, and to secure the access using the IAM and the data using encryption and/or Mojette transform in order to generate encrypted/encoded data and transmits the data to another device. The other device saves the encrypted/encoded data for later transmitting the data to the same first device or another for decryption/decoding.

In some examples, a system detects recovery, from an unavailable state, of a communication link between a first storage system that includes a first storage volume and a second storage system that includes a second storage volume that is to be a synchronized version of the first storage volume, where while the communication link is in the unavailable state the second storage volume is in an offline state and the first storage volume is in an online state. In response to detecting the recovery of the communication link, the system sends a first tracking metadata for the first storage volume from the first storage system to the second storage system, and in response to receipt of the first tracking metadata at the second storage system that maintains a second tracking metadata for the second storage volume, the system transitions the second storage volume from the offline state to a controlled online state, and initiates a synchronization process to synchronize the second storage volume with the first storage volume.

According to one embodiment, a memory system includes a nonvolatile memory and a controller. The controller manages first account information to be used for authentication of a first account and second account information to be used for authentication of a second account. The controller receives third account information from a host device. When the third account information matches the first account information, the controller permits access to at least a partial storage area of the nonvolatile memory based on a request from the host device and transmits first data that includes the second account information to a first memory system.

Described herein are method and apparatus for servicing software components of nodes of a cluster storage system. During data-access sessions with clients, client IDs and file handles for accessing files are produced and stored to clients and stored (as session data) to each node. A serviced node is taken offline, whereby network connections to clients are disconnected. Each disconnected client is configured to retain its client ID and file handles and attempt reconnections. Session data of the serviced node is made available to a partner node (by transferring session data to the partner node). After clients have reconnected to the partner node, the clients may use the retained client IDs and file handles to continue a data-access session with the partner node since the partner node has access to the session data of the serviced node and thus will recognize and accept the retained client ID and file handles.