A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

Example implementations can involve a system, which can involve a server configured to distribute role decision condition expressions created based on user input to one or more storage devices; and the one or more storage devices, which can involve a processor, configured to, for receipt of a request, determine user identification information, request source environment information and requested contents from the request; determine a role from the role decision condition expressions based on the user identification information and request source environment information; and determine whether or not the request can be executed based on the role.

Technologies are provided to ensure integrity of erasure coded data that is subject to read and write access from distributed processes. Multiple processes that access erasure coded data can be coordinated in an efficient, scalable and fault-tolerant manner so that integrity of the original data is maintained. The Technologies include a fault-tolerant access coordination protocol that ensures exclusive write access by a client. The coordination protocol achieves scalability by not relying on centralized components, and achieves efficiency and performance by piggy-packing access coordination messages on operations of the underlying erasure coding protocol.

A security solution having a system, a method, or a computer program for protecting contents in a target storage device that is arranged to be removable from a storage system having a unique combination of a system complex key (SCK) and a system identification (SID). The solution includes receiving a request to remove the target storage device from the storage system, where the storage system may have a plurality of storage devices each containing the identical combination of system complex key (SCK) and system identification (SID), and receiving a system complex key password (SCKP). The solution includes comparing the system complex key password (SCKP) to the system complex key (SCK) in the storage system, determining whether the system complex key password (SCKP) matches the system complex key (SCK) in the storage system, and suspending all read or write operations to the target storage device when the system complex key password (SCKP) matches the system complex key (SCK) in the storage system.

In some examples, fabric driven NVMe subsystem zoning may include receiving, from a non-volatile memory express (NVMe) Name Server (NNS), a zoning specification that includes an indication of a host that is to communicate with a given NVMe subsystem of an NVMe storage domain. Based on the zoning specification, the host may be designated as being permitted to connect to the given NVMe subsystem of the NVMe storage domain. An NVMe connect command may be received from the host. Based on the designation and an analysis of the NVMe connect command, a connection may be established between the given NVMe subsystem of the NVMe storage domain and the host.

An illustrative method includes a storage management system ingesting a data item into a unified storage system via a storage system interface among a plurality of storage system interfaces associated with the unified storage system, determining, in response to the ingesting of the data item into the unified storage system, an operation based on the data item, and providing a notification of the operation to an orchestration system configured to manage an execution of the operation by a computing system associated with the unified storage system. In certain embodiments, the unified storage system may be implemented as compute-aware storage system such as a container orchestrator-aware storage system.

A computer-implemented method includes receiving a request to provision a set of storage volumes for a server cluster, wherein the request includes an identifier for the server cluster and generating a provisioning work ticket for each storage volume in the set of storage volumes, each provisioning work ticket including the identifier for the server cluster. The provisioning work tickets are provided to a message broker. Multiple volume provisioning instances are executed such that at least two of the volume provisioning instances operate in parallel with each other and such that each volume provisioning instance receives a respective provisioning work ticket from the message broker and attempts to provision a respective storage volume of the set of storage volumes for the server cluster in response to receiving the volume provisioning work ticket.

In an embodiment, a data processing method comprises detecting an approval of a change to an electronic configuration document that symbolically identifies one or more configurations of users, groups, and/or permissions relating to access to computer program artifacts that are stored in a first repository of a geographically distributed, replicated artifact repository system; the artifact repository system comprising one or more second repositories that are geographically remote with respect to the first repository and which replicate the first repository; in response to the detecting: obtaining the electronic configuration document and deriving, based on the electronic configuration document, a plurality of regional repository settings values for users, groups, and/or permissions relating to access to the computer program artifacts and for the one or more second repositories; transmitting the one or more settings values to the one or more second repositories and causing injection of the one or more settings values into one or more repository configuration settings of the second repositories.

Techniques are described for providing one or more clients with direct access to cached data blocks within a persistent memory cache on a storage server. In an embodiment, a storage server maintains a persistent memory cache comprising a plurality of cache lines, each of which represent an allocation unit of block-based storage. The storage server maintains an RDMA table that include a plurality of table entries, each of which maps a respective client to one or more cache lines and a remote access key. An RDMA access request to access a particular cache line is received from a storage server client. The storage server identifies access credentials for the client and determines whether the client has permission to perform the RDMA access on the particular cache line. Upon determining that the client has permissions, the cache line is accessed from the persistent memory cache and sent to the storage server client.

A memory system includes a memory device, a memory controller configured to control the memory device, and an interface device configured to perform an interfacing operation for transmission of a control signal and data between the memory device and the memory controller. The interface device activates a blocking function for the interfacing operation in response to a configuration command of the memory controller including a blocking activation signal and performs an interface configuration operation in response to an interface configuration command of the memory controller while the blocking function is activated.