A system, apparatus and product comprising: a multi-tenant layer that comprises shared resources, wherein the shared resources are accessible to multiple tenants of the storage system, wherein the shared resources comprise shared logic resources and shared data resources; and multiple single-tenant layers, wherein each single-tenant layer is associated with a respective tenant of the multiple tenants, wherein each single-tenant layer comprises a database and business logic of the respective tenant, wherein a multi-tenant encryption scheme is configured to enable secure communications with the multiple tenants without divulging sensitive information to the multi-tenant layer.

Distributed storage nodes having specialized hardware can be pooled for servicing data requests. For example, a distributed storage system can include a group of storage nodes. The distributed storage system can determine a subset of storage nodes that include the specialized hardware based on status information received from the group of storage nodes. The specialized hardware can be preconfigured with specialized functionality. The distributed storage system can then generate a node pool that includes the subset of storage nodes with the specialized hardware. The node pool can be configured to perform the specialized functionality in relation to a data request.

A storage controller including: a host interface circuit receiving first, second, third and fourth requests corresponding to first, second, third and fourth logical addresses; a memory interface circuit communicating with first nonvolatile memories through a first channel and second nonvolatile memories through a second channel; a first flash translation layer configured to manage the first nonvolatile memories; and a second flash translation layer configured to manage the second nonvolatile memories, the first flash translation layer outputs commands corresponding to the first and fourth requests through the first channel, and the second flash translation layer outputs commands respectively corresponding to the second and third requests through the second channel, and a value of the first logical address is smaller than a value of the second logical address, and a value of the third logical address is smaller than a value of the fourth logical address.

Systems and methods are described for resource-efficient memory deduplication and write-protection. In an example, a method includes receiving, by a computing device having a processor, a request to assess deduplication for a plurality of candidate files. The computing device may perform one or more iterative steps for deduplication. The iterative steps may include: receiving, from the plurality of candidate files, a candidate file that is not write-protected; determining, based on a predetermined Bernoulli distribution, a decision to write-protect the candidate file; rendering the candidate file as a write-protected candidate file; determining, based on a review of other candidate files from the plurality of candidate files, that the write-protected candidate file can be deduplicated; and deduplicating the write-protected candidate file.

A system and method for compacting data that uses mismatch probability estimation to improve entropy encoding methods to account for, and efficiently handle, previously-unseen data in data to be compacted. Training data sets are analyzed to determine the frequency of occurrence of each sourceblock in the training data sets. A mismatch probability estimate is calculated comprising an estimated frequency at which any given data sourceblock received during encoding will not have a codeword in the codebook. Entropy encoding is used to generate codebooks comprising codewords for data sourceblocks based on the frequency of occurrence of each sourceblock. A “mismatch codeword” is inserted into the codebook based on the mismatch probability estimate to represent those cases when a block of data to be encoded does not have a codeword in the codebook. During encoding, if a mismatch occurs, a secondary encoding process is used to encode the mismatched sourceblock.

Embodiments of this application provide a hybrid-cloud data storage method and apparatus, a related device, and a cloud system. The data storage method includes: obtaining, by a gateway of a private cloud, to-be-stored data; determining partial data to be encrypted in the to-be-stored data, to obtain first target data; obtaining a first ciphertext obtained after the first target data is encrypted, the first target data being encrypted according to a first key provided by an encryption chip connected to the gateway; generating second target data including the first ciphertext according to the first ciphertext; generating a data slice corresponding to the second target data according to the second target data; and transmitting the data slice corresponding to the second target data to a public cloud for storage.

Systems and methods for logically organizing data for storage and recovery on a data storage medium using a multi-level format are described. Embodiments include systems and methods for protecting data stored on a data storage medium so that the data may be recovered without errors.

A secrecy system and a decryption method of on-chip data stream of nonvolatile FPGA are provided in the present invention. The nonvolatile memory module of the system is configured to only allow the full erase operation. After the full erase operation is finished, the nonvolatile memory module gets into the initial state. Only the operation to the nonvolatile memory module under the initial state is effective, and thereby the encryption region unit is arranged in the nonvolatile memory module. Only the decryption data written into the encryption region unit under the initial state can make the nonvolatile memory module to be readable, so that the decryption of the system is finished, which greatly improves the secrecy precision.

A cloud-based system for securely storing data, the system having a processor which obtains a source data file; splits it into at least three fragments; and uses an encryption key associated with the fragments to encrypt the fragments and distributes the encrypted fragments among at least three cloud storage providers, creates a pointer file containing information for retrieving the encrypted fragments. When a system user requests access to the data, the system uses the information stored in the pointer file to retrieve the stored encrypted fragments from the plurality of clouds; decrypts the fragments and reconstructs the data, and provides data access to the system user.

An edge accelerator card has a first interface, a second interface, a memory and a processor. The first interface is to couple to a server. The second interface is to couple to a storage system. The processor is to handle communication between the server and the storage system through the first interface and the second interface. The processor is to perform at least one task as directed by the storage system, using the memory and communication through at least the second interface.