Secure cloud-based storage system management that includes: establishing, within a cloud-based services provider and based on one or more user credentials, a cloud-based user session to execute one or more commands on a remote storage system that includes physical storage devices; extending, based on using an access token based on the one or more user credentials to securely issue the one or more data storage operations to the remote storage system, the cloud-based user session to the remote storage system.

An apparatus comprises at least one processing device that is configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The at least one processing device is further configured to detect a reduction in performance of one or more of the input-output operations over one or more paths of the plurality of paths, to identify a physical initiator component corresponding to the one or more paths, and to notify the storage system about the reduction in performance and the identified physical initiator component. The at least one processing device is also configured to receive a notification from the storage system indicating one or more virtual initiator instances of a plurality of virtual initiator instances corresponding to the identified physical initiator component, and to deactivate the one or more virtual initiator instances.

An illustrative method includes a data protection system detecting a request to perform a restricted operation with respect to a recovery dataset configured to be used by a storage system to recover from a data corruption event within the storage system, monitoring, in response to the request, for an occurrence of a predetermined set of one or more authorization events performed with one or more hardware tokens, and preventing the restricted operation from being executed until the each of the one or more authorization events included in the predetermined set occurs.

An illustrative method includes a data protection system identifying one or more input operations and one or more output operations performed between a source and a storage system, identifying an anomaly in a relationship between the one or more input operations and the one or more output operations, and determining, based on the identifying of the anomaly, that the storage system is possibly being targeted by a security threat.

A storage device, and a method for operating a storage device. In some embodiments, the storage device includes storage media, and the method includes: determining, by the storage device, that the storage device is in a first fault state from which recovery is possible by power cycling the storage device or by formatting the storage media; determining, by the storage device, that the storage device is in a second fault state from which partial recovery is possible by operating the storage device with reduced performance, with reduced capacity, or in a read-only mode; and operating the storage device with reduced performance, with reduced capacity, or in the read-only mode.

A method for storing data may include receiving user data at a group of storage devices, wherein the storage devices are interconnected, erasure coding the user data into redundancy blocks at the group of storage devices, and storing the redundancy blocks on at least two of the storage devices. The erasure encoding may be distributed among at least two of the storage devices. The redundancy blocks may be arranged in reliability groups. The redundancy blocks may be grouped by the storage devices independently of the partitioning of the user data by the user. The method may further include recovering data based on redundancy blocks. A storage device may include a storage medium, a network interface configured to communicate with one or more other storage devices, and a storage processing unit configured to erasure code user data into redundancy blocks cooperatively with the one or more other storage devices.

Virtual first logical volumes are provided to a host, a virtual second logical volume correlated with any one of the first logical volumes is created in a storage node in correlation with a storage control module disposed in the storage node, a correspondence relationship between the first and second logical volumes is managed as mapping information, a storage node which is an assigning distribution of an I/O request is specified on the basis of the mapping information in a case where the I/O request in which the first logical volume is designated as an I/O destination is given from the host, the I/O request is assigned to the storage control module of its own node in a case where the specified storage node is its own node, and the I/O request is assigned to another storage node in a case where the specified storage node is another storage node.

A system with storage memory and a processing device has a logical deletion to physical erasure time bound. The system dereferences data, responsive to a direction to delete the data. The system monitors physical blocks in storage memory for live data and the dereferenced data. The system cooperates garbage collection with monitoring the physical blocks, so that at least a physical block having the dereferenced data is garbage collected and erased within a logical deletion to physical erasure time bound.

A method includes transmitting a solicitation message to target storage units of a plurality of storage units of a storage network, where the solicitation message solicits the target storage units to store encoded data slices of a first data segment of data, and where the message is not sent to other storage units of the plurality of storage units. The method further includes receiving favorable responses from at least some of target storage units, and determining an error coding function based on an amount of the favorable responses and data storage requirements for the first data segment. The method further includes encoding the first data segment in accordance with the error coding function to produce a plurality of encoded data slices. The method further includes outputting the plurality of encoded data slices to storage units of the at least some of the target storage units for storage therein.

Embodiments are directed towards a controller that provides individual network accessibility to a storage drive. The controller may include a first connector operative to couple with a storage-drive connector, a second connector operative to couple with a backplane connector of a multi-storage-drive chassis, memory, and processor. The controller may convert communication received through the first connector into an Ethernet protocol for output through the second connector, and convert communication received through the second connector into a storage-drive protocol for output through the first connector. A physical shape of the controller may fit adjacent to the storage-drive connector and occupy less space than is bounded by peripheral edges of an end of a separate housing of a storage drive coupled to the storage-drive connector. The controller may manage power provided to the storage drive and may coordinate with other controllers to manage power-up sequences of multiple storage drives.