A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

A method for computational storage may include receiving, at a storage device, a modified version of a portion of data, generating, at the storage device, a restored portion of data from the modified version of the portion of data, and performing, at the storage device, an operation on the restored portion of data. The method may further include receiving, at the storage device, a request to perform the operation on the portion of data. The generating may include decompressing the modified version of the portion of data. The generating may include decrypting the modified version of the portion of data. The method may further include sending, from the storage device, a result of the operation on the restored portion of data. The operation may include a filtering operation. The operation may include a scanning operation. The method may further include dividing data to generate the portion of data.

In some examples, a system detects recovery, from an unavailable state, of a communication link between a first storage system that includes a first storage volume and a second storage system that includes a second storage volume that is to be a synchronized version of the first storage volume, where while the communication link is in the unavailable state the second storage volume is in an offline state and the first storage volume is in an online state. In response to detecting the recovery of the communication link, the system sends a first tracking metadata for the first storage volume from the first storage system to the second storage system, and in response to receipt of the first tracking metadata at the second storage system that maintains a second tracking metadata for the second storage volume, the system transitions the second storage volume from the offline state to a controlled online state, and initiates a synchronization process to synchronize the second storage volume with the first storage volume.

Example implementations can involve a system, which can involve a server configured to distribute role decision condition expressions created based on user input to one or more storage devices; and the one or more storage devices, which can involve a processor, configured to, for receipt of a request, determine user identification information, request source environment information and requested contents from the request; determine a role from the role decision condition expressions based on the user identification information and request source environment information; and determine whether or not the request can be executed based on the role.

A method for authorizing I/O (input/output) commands in a storage cluster is provided. The method includes generating a token responsive to an authority initiating an I/O command, wherein the token is specific to assignment of the authority and a storage node of the storage cluster. The method includes verifying the I/O command using the token, wherein the token includes a signature confirming validity of the token and wherein the token is revocable.

Example object storage systems, bookkeeping engines, and methods provide quota usage monitoring for control entities, such as accounts, users, and buckets. An object data store is configured to enable control entities to access data objects associated with each control entity. Data objects are mapped to the control entities and the data objects are processed to identify object usage values corresponding to each combination of data object and control entity. Total usage values are calculated for each control entity and used to determine a data object access response for a target data object and associated control entities.

Technologies are provided to ensure integrity of erasure coded data that is subject to read and write access from distributed processes. Multiple processes that access erasure coded data can be coordinated in an efficient, scalable and fault-tolerant manner so that integrity of the original data is maintained. The Technologies include a fault-tolerant access coordination protocol that ensures exclusive write access by a client. The coordination protocol achieves scalability by not relying on centralized components, and achieves efficiency and performance by piggy-packing access coordination messages on operations of the underlying erasure coding protocol.

A security solution having a system, a method, or a computer program for protecting contents in a target storage device that is arranged to be removable from a storage system having a unique combination of a system complex key (SCK) and a system identification (SID). The solution includes receiving a request to remove the target storage device from the storage system, where the storage system may have a plurality of storage devices each containing the identical combination of system complex key (SCK) and system identification (SID), and receiving a system complex key password (SCKP). The solution includes comparing the system complex key password (SCKP) to the system complex key (SCK) in the storage system, determining whether the system complex key password (SCKP) matches the system complex key (SCK) in the storage system, and suspending all read or write operations to the target storage device when the system complex key password (SCKP) matches the system complex key (SCK) in the storage system.

In some examples, fabric driven NVMe subsystem zoning may include receiving, from a non-volatile memory express (NVMe) Name Server (NNS), a zoning specification that includes an indication of a host that is to communicate with a given NVMe subsystem of an NVMe storage domain. Based on the zoning specification, the host may be designated as being permitted to connect to the given NVMe subsystem of the NVMe storage domain. An NVMe connect command may be received from the host. Based on the designation and an analysis of the NVMe connect command, a connection may be established between the given NVMe subsystem of the NVMe storage domain and the host.

Examples described herein relate to a network interface device comprising an interface to memory and circuitry. In some examples, the circuitry is to: determine a number of data units stored in a page in the memory and based on no data unit stored in a page of memory, permit storage of a data unit in the page in the memory.