A method, computer system, and a computer program product for operating at least one storage server. The present invention may include receiving an access request for at least one storage volume of at least one storage server. The present invention may include collecting data for the at least one storage volume, wherein the at least one storage volume has a corresponding unique volume identifier. The present invention may include storing at least the data for the at least one storage volume and the unique volume identifier in a database, the data being comprised of metadata and subset data, wherein the metadata is comprised of configuration and status information for the at least one storage volume, and wherein the subset data is a set of predefined selection criteria based on a respective computer server.

A method, a computer program product, and a system of dynamically managing permissions of storage blocks. The method includes predicting at least one storage block that will be accessed by a user on a storage device and predicting a time window when the storage block will be accessed the user. The predictions can be performed by a machine learning model trained using the historical accesses and access times of the user. The method also includes granting the user an access to the storage block during the time window and monitoring whether the storage block is accessed by the user. The method also includes determining, based on the monitoring, that the user accessed the storage block, and revoking the access to the storage block granted to the user after a predetermined access time.

An example storage medium includes instructions that, when executed, cause a processor of a computing device to read, during start-up of the computing device, first configuration data from a first storage device of the computing device; read second configuration data from a second storage device of the computing device; determine that there is an inconsistency between the first configuration data and the second configuration data; check a tamper status of the computing device; based on the tamper status and the determination that there is an inconsistency between the first configuration data and the second configuration data: (i) clear a secure storage location of the computing device, the secure storage location storing data to access protected data; or (ii) replace the first configuration data on the first storage device of the computing device based on second data and continue the start-up of the computing device.

A plurality of processing entities in which a plurality of tasks are executed are maintained. Memory access patterns are determined for each of the plurality of tasks by dividing a memory associated with the plurality of processing entities into a plurality of memory regions, and for each of the plurality of tasks, determining how many memory accesses take place in each of the memory regions, by incrementing a counter associated with each memory region in response to a memory access. Each of the plurality of tasks are allocated among the plurality of processing entities, based on the determined memory access patterns for each of the plurality of tasks.

A solution is proposed for managing containers isolating corresponding application environments from one or more shared operating systems in a computing system. One or more relevant groups are determined among one or more candidate groups (each comprising private data in common among a plurality of the containers); the candidate groups are determined according to corresponding access commands submitted by the containers and the relevant groups are determined according to one or more relevance policies. The private data of the relevant groups are consolidated into corresponding shared data.

Cluster state information is generated in response to a request to establish a connection with a cloud service system. The cluster state information includes a first instance of a security token and host information. The cluster state information is provided to a web browser associated with a user. The web browser associated with the user is redirected to a cloud identity provider. The cloud identity provider is configured to provide to the cloud service system via the web browser associated with the user, the cluster state information that includes the first instance of the security token and the host information. A certificate is requested from the cloud service system. The cluster state information that includes a second instance of the security token is provided to the cloud service system. The cloud service system is configured to establish the connection based on comparison between the first instance of the security token and the second instance of the security token. The established connection enables the user to manage a secondary storage system via the cloud service system.

Techniques are provided for intrusion detection on a computer system. In an example, a computer host device is configured to access data storage of the computer system via a communications network. It can be determined that the computer host device is behaving anomalously because a first current access by the computer host device to the data storage deviates from a second expected access by the computer host device to the data storage by more than a predefined amount. Then, in response to determining that the computer host device is behaving anomalously, the computer system can mitigate against the computer host device behaving anomalously.

Processing circuitry may support a secure domain and a less secure domain, where secure information associated with a secure software process is prevented from being accessed by a less secure software process in the less secure domain. Shared resource is accessible to both secure and less secure software processes. In response to detection of an anomaly condition, allocation policy for the shared resource is switched from a shared allocation policy to a secure-biased allocation policy. The secure-biased allocation policy has a stronger bias of resource allocation to secure software processes than the shared allocation policy.

A storage device for booting a host computing device includes a first storage memory region having a first storage memory controller, a second storage memory region having a second storage memory controller, and a resilient boot controller. The resilient boot controller is configured to store boot code in the first storage memory region, prevent write access by the host computing device through the first storage memory controller to the first storage memory region, detect a reset of the host computing device through the input/output interface, copy at least a portion of the boot code from the first storage memory region to the second storage memory region, responsive to detection of the reset of the host computing device, and enable read access of the copied boot code by the host computing device through the second storage memory controller of the second storage memory region, responsive to the copy operation.

A system can determine to produce a storage device for a user identity indicative of a user. The system can determine a number of extra disks to include with the storage device as part of the production, the extra disks enabling further storage capacity for the storage device beyond a specified storage capacity, the determining of the number of extra disks being based on data from a group of data, the group of data comprising first cost data representative of a first cost associated with including the second number of extra disks, probability data representative of a probability that the further storage capacity beyond the specified storage capacity will be requested during a defined time period after the production, and second cost data representative of a second cost associated with installing the second number of extra disks after the storage device has been delivered to the user site.