Systems, methods, and data storage devices for data recovery from network storage systems are described. The data storage device may include a host data channel for data transfer with the host and a network data channel for data transfer with the network storage system over a network. Responsive to a read error when reading a data unit, the data storage device establishes a secure data transfer connection with the network storage system to request the failed data unit from the network storage system. The data unit retrieved from the network storage system may be used to respond to the original read request and restore the data unit in the data storage device.

Establishing data reliability groups within a geographically distributed data storage environment is presented herein. A system can comprise a processor; and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising: partitioning geographically distributed data storage zones into reliability groups, in which a reliability group of the reliability groups comprises a group of storage zones comprising a defined amount of the geographically distributed data storage zones; and facilitating a replication of data of the group of storage zones using a portion of remaining data of the group of storage zones.

Techniques for adaptive re-keying of encrypted data are provided. For example, a method comprises the following steps. Utilization information associated with a storage system is obtained, wherein the storage system comprises a set of storage devices. The method dynamically selects a re-keying process from a plurality of different re-keying processes based on at least a portion of the obtained utilization information. At least a portion of the set of storage devices are re-keyed in accordance with the selected re-keying process.

A system is provided with a software controller; a storage platform capable of storing stored blocks of data and having a central processing unit; a controller monitoring and isolation tool embedded in the software controller; and a storage monitoring and isolation tool embedded in the storage platform that is capable of locking down a memory partition on the storage platform. The system also includes a memory for storing computer instructions and a host computer coupled with the memory, wherein the host computer, responsive to executing the computer instructions, performs certain operations. The operations include extracting orchestration configurations through the controller monitoring and isolation tool and relaying the orchestration configurations to the storage monitoring and isolation tool. The operations include correlating using the controller monitoring and isolation tool and the storage monitoring and isolation tool actual locations for incoming data for a customer, and monitoring performance of the storage platform with the storage monitoring and isolation tool. The operations also include tying the stored blocks of data to a physical memory on which the stored blocks of data reside; and providing a passcode to the customer though the controller monitoring and isolation tool that has to be presented to the controller monitoring and isolation tool and the storage monitoring and isolation tool to store data.

An information handling system includes a virtual network access module configured to access a virtual network drive that has a first partition in a local storage resource and a second partition in a remote storage resource. In response to detection of an exception, a processor may trigger an exception handler that directs a service processor to initialize a network stack. The processor initializes a mailbox to transmit a mailbox request to retrieve network configuration settings to be used in the initialization of the network stack. The service processor transmits a request to the processor to initialize the mailbox, and initializes the network stack based on the network configuration settings. Subsequent to the initialization of the network stack, a universal network device interface request may be sent to mount and secure communication with the virtual network drive.

A method for managing processing power in a storage system is provided. The method includes providing a plurality of blades, each of a first subset having a storage node and storage memory, and each of a second, differing subset having a compute-only node. The method includes distributing authorities across the plurality of blades, to a plurality of nodes including at least one compute-only node, wherein each authority has ownership of a range of user data.

A technique for controlling access to a set of memory mapped control registers. The apparatus has processing circuitry for executing program code to perform data processing operations, and a set of memory mapped control registers for storing control information used to control operation of the processing circuitry. Further, a lockdown register used to store a lockdown value. The processing circuitry is arranged to execute store instructions to perform write operations to a memory address space . Thethe processing circuitry is arranged to prevent a write operation being performed to change the control information in the memory mapped control registers . This significantly reduces the prospect of an attacker seeking to exploit a software vulnerability to change the control information in the memory mapped control registers.

A method for managing processing power in a storage system is provided. The method includes providing a plurality of blades, each of a first subset having a storage node and storage memory, and each of a second, differing subset having a compute-only node. The method includes distributing authorities across the plurality of blades, to a plurality of nodes including at least one compute-only node, wherein each authority has ownership of a range of user data.

A processor can determine that a set of the memory cells is controlled by signals from a first portal. The processor can determine a function of a second portal in a relationship between the first portal and the second portal. The processor can cause, in response to a determination that the function of the second portal is a specific function, a memory control circuitry to be configured so that a subset, of the set, is controlled also by signals from the second portal. The processor can determine a function of a third portal in a relationship between the first portal and the third portal. The processor can cause, in response to a determination that the function of the third portal is the specific function, the memory control circuitry to be configured so that the subset, of the set, is controlled also by signals from the third portal.

Secure access to data on a storage system via direct connection to an internal fabric of the storage system may be provided. A storage system interface (SSI) may validate each I/O communication originating on the host system before allowing a corresponding I/O communication to be transmitted on the internal fabric. The validation may include applying predefined rules and/or ensuring that the I/O communication conforms to one or more technologies, e.g., NVMe. The SSI may be configured to encrypt I/O communications originating on a host system and to decrypt I/O communications received from the storage system, for example, in embodiments in which data is encrypted in flight from the host system to physical storage devices, and data may be encrypted at rest in memory of the storage system and/or on physical storage devices.