US Pat. No. 9,619,172

METHOD AND SYSTEM FOR MANAGING CHANGED BLOCK TRACKING AND CONTINUOUS DATA PROTECTION REPLICATION

EMC IP Holding Company LL...

1. A method comprising:
performing, by a source side host, continuous data protection replication to replicate data to one or more target side hosts
in a data protection environment;

transitioning, by the source side host, from the continuous data protection replication to changed block tracking replication
in the data protection environment; and

performing, by the source side host, the changed block tracking replication to replicate the data to the one or more target
side hosts in the data protection environment.

US Pat. No. 9,590,805

LADDER-BASED CRYPTOGRAPHIC TECHNIQUES USING PRE-COMPUTED POINTS

EMC IP Holding Company LL...

1. A method comprising:
receiving, by a first computing device, a first input value and a second input value, wherein the first input value comprises
a fixed point on a curve and wherein the second input value comprises a scalar value;

obtaining, by the first computing device, a set of pre-computed values, wherein each pre-computed value is computed as the
first input value multiplied by a given multiple in a set of multiples comprising powers of 2;

performing, by the first computing device, a cryptographic process to generate a cryptographic value which comprises a scalar
multiplication of the first input value and the second input value;

wherein performing the cryptographic process comprises performing an iterative scalar multiplication process in which each
iteration of the iterative scalar multiplication process is implemented using a single point add operation to multiply a bit
of the second input value with one of the pre-computed values in the set of pre-computed values to generate a temporary value
which is updated after each iteration of the iterative scalar multiplication process, wherein a final temporary value which
results from a last iteration of the iterative scalar multiplication process comprises said cryptographic value;

utilizing, by the first computing device, the cryptographic value to generate a secure message or a digital signature; and
transmitting, by the first computing device, the secure message or digital signature to a second computing device over a computer
network to enable secured communications between the first and second computing devices over the computer network using the
secure message or digital signature.

US Pat. No. 9,491,060

INTEGRATED WIRELESS SENSOR NETWORK (WSN) AND MASSIVELY PARALLEL PROCESSING DATABASE MANAGEMENT SYSTEM (MPP DBMS)

EMC IP Holding Company LL...

1. A method for managing at least one sensor network comprised of a plurality of sensors, said method comprising:
obtaining measurement data and context data from said plurality of sensors;
storing said obtained measurement data and context data using a Massively Parallel Processing Database Management System;
and

managing said at least one sensor network from outside of said at least one sensor network using said Massively Parallel Processing
Database Management System, wherein said step of managing said at least one sensor network comprises a context-aware adaptation
of one or more sensors in said at least one sensor network based on individual requirements of a plurality of applications,
wherein said step of managing said at least one sensor network comprises evaluating a data quality of said obtained measurement
data relative to one or more predefined percentages of error and adjusting, based on said evaluated data quality, one or more
of a number of active sensors, a measurement sensing rate and a measurement sending rate.

US Pat. No. 9,491,241

DATA STORAGE SYSTEM WITH NATIVE REPRESENTATIONAL STATE TRANSFER-BASED APPLICATION PROGRAMMING INTERFACE

EMC IP Holding Company LL...

1. A data storage system, comprising:
one or more storage nodes configured to attach to a computer network to provide network-attached storage for the computer
network;

a first application programming interface providing data storage functionality at a file level in the one or more network-attached
storage nodes for a first set of application programs operating in the computer network;

a second application programming interface providing data storage functionality at a level other than the file level in the
one or more network-attached storage nodes for a second set of application programs operating in the computer network, wherein
the second application programming interface comprises one or more native representational state transfer-based application
programming interfaces that export one or more categories of data storage functionalities to enable development of one or
more customized application programming interfaces to extend customized data storage functionality in the one or more network-attached
storage nodes; and

at least one processing device on which the one or more storage nodes and the first and second application programming interfaces
are implemented.

US Pat. No. 9,545,006

CONFIGURABLE SYSTEM BOARD

EMC IP Holding Company LL...

1. A system board comprising:
at least one microprocessor coupled to the system board;
a first circuit board region populated with a first model voltage regulator circuit, wherein the first model voltage regulator
circuit is configured to provide electrical power to the at least one microprocessor using one or more conductive traces;
and

a second circuit board region unpopulated and configured to receive a second model voltage regulator circuit, wherein the
second model voltage regulator circuit, when populated, is further configured to provide electrical power to the at least
one microprocessor using the one or more conductive traces via the second circuit board region, wherein the one or more conductive
traces electrically couple together the first model voltage regulator circuit at the first circuit board region and the second
model voltage regulator circuit at the second circuit board region.

US Pat. No. 9,519,590

MANAGING GLOBAL CACHES IN DATA STORAGE SYSTEMS

EMC IP HOLDING COMPANY LL...

11. A system for use in managing global caches in data storage systems, the system comprising a processor configured to:
access a cache entry of a global cache of a data storage system upon receiving a request to perform an I/O operation on a
storage object, wherein the cache entry is associated with the storage object, wherein accessing the cache entry includes
acquiring a lock, holding a reference to the cache entry, releasing the lock, and providing the cache entry to a client, wherein
the global cache includes a set of buffer cache objects managed by a set of buffer cache descriptors, wherein the storage
object includes a file of a file system, wherein the cache entry includes information regarding metadata of the file system;

determine whether the I/O operation is associated with a sequential access indicating a high probability of the cache entry
being accessed at least two times in a time period; and

delay, based on the determination, releasing the reference to the cache entry by the client for the time period, wherein delaying
releasing the reference to the cache entry includes delaying adding information regarding the cache entry to a reusable list
of cache entries configured to provide the cache entries for reuse by the data storage system, wherein the client accesses
the cache entry during the time period without removing the cache entry from the reusable list and without acquiring and releasing
the lock.

US Pat. No. 9,563,426

PARTITIONED KEY-VALUE STORE WITH ATOMIC MEMORY OPERATIONS

EMC IP Holding Company LL...

1. A method performed by a server for performing a memory operation in a partitioned key-value store, comprising:
receiving a request from an application for at least one atomic memory operation, wherein said application executes on a compute
node having a client of said partitioned key-value store and said atomic memory operation comprises a memory address identifier
of a memory location of said client; and

in response to said atomic memory operation, said server employing one or more remote memory operations to perform one or
more of (i) reading a client-side memory location identified by said memory address identifier and storing one or more key-value
pairs from said client-side memory location in a local key-value store of said server; and (ii) obtaining one or more key-value
pairs from said local key-value store of said server and writing said obtained one or more key-value pairs into said client-side
memory location identified by said memory address identifier,

wherein program control returns to said application when said server receives said request from said application for said
atomic memory operation such that said application performs one or more additional tasks while said server performs said one
or more remote memory operations.

US Pat. No. 9,622,394

ELECTROMAGNETIC INTERFERENCE CONTAINMENT SYSTEM

EMC IP Holding Company LL...

1. A chassis, comprising:
a flash module comprising a cover and an integrated connector, the flash module comprising:
a printed circuit board (PCB) disposed therein; and
a thermal interface material (TIM) disposed between a component of the PCB and a cover of the flash module;
a metal stiffener;
an electromagnetic interference (EMI) gasket; and
a midplane, wherein the flash module is connected to the midplane using the integrated connector;
wherein the integrated connector extends past the cover of the flash module;
wherein, when the flash module is connected to the midplane, the cover of the flash module is in direct contact with the EMI
gasket and wherein the metal stiffener is interposed between the EMI gasket and the midplane.

US Pat. No. 9,485,655

PROVIDING POWER CONTROL TO AN ELECTRONIC DEVICE USING AUTHENTICATION

EMC IP Holding Company LL...

1. A method of operating an electronic device, the method comprising:
receiving, by the electronic device, a “turn off” command from a user of the electronic device, the “turn off” command directing
the electronic device to turn off;

in response to the “turn off” command, invoking, by the electronic device, an authentication operation to authenticate the
user, the authentication operation providing an electronic power control authentication result indicating whether the electronic
device considers the user to be an authorized operator of the electronic device; and

performing, by the electronic device, a power control operation in response to the electronic power control authentication
result, the power control operation (i) powering down location identification circuitry of the electronic device when the
electronic power control authentication result indicates that the electronic device considers the user to be an authorized
operator of the electronic device, and (ii) maintaining power to the location identification circuitry of the electronic device
when the electronic power control authentication result indicates that the electronic device considers the user not to be
an authorized operator of the electronic device;

wherein invoking the authentication operation to authenticate the user includes:
in response to the “turn off” command, prompting the user to input a user credential,
after prompting the user, receiving the user credential from the user and performing an evaluation operation on the user credential
to determine whether the user is an authorized operator of the electronic device, and

outputting the electronic power control authentication result based on the evaluation operation to indicate whether the electronic
device considers the user to be an authorized operator of the electronic device;

the method further comprising:
incrementing a counter which stores a current count of unsuccessful authentication attempts in response to each determination
that the user is not an authorized operator of the electronic device,

resetting the counter in response to a determination that the user is an authorized operator of the electronic device, and
performing a remedial operation when the current count of unsuccessful authentication attempts stored by the counter reaches
a predefined threshold;

wherein the electronic device includes memory which stores firmware; and
wherein performing the remedial operation includes:
disabling the electronic device from performing an upgrade to the firmware until the electronic device receives a “proper
reset” command.

US Pat. No. 9,477,407

INTELLIGENT MIGRATION OF A VIRTUAL STORAGE UNIT TO ANOTHER DATA STORAGE SYSTEM

EMC IP Holding Company LL...

1. For a system comprising a first data storage system having a first plurality of virtual storage units, a second storage
system having a second plurality of virtual storage units, and at least one host device connected to the first data storage
system and the second data storage system, a method comprising:
for at least a first virtual storage unit of the first plurality of virtual storage units, quantifying an impact on performance
of the first data storage system by the at least first virtual storage unit, comprising:

for a first functional component of the first data storage system, determining a first component utilization score indicative
of a utilization of the first functional component by the first virtual storage unit;

for a second functional component of the first data storage system, determining a second component utilization score indicative
of a utilization of the second functional component by the first virtual storage unit; and

combining the first and second component utilization scores to produce a utilization score for the first virtual storage unit
indicative of an impact on performance of the first data storage system by the first virtual storage unit;

determining whether to migrate data of the at least first virtual storage unit from the first data storage system to a second
data storage system based at least in part on the quantified impact of the at least first virtual storage unit; and

performing a migration of the data of the first virtual storage unit from the first data storage system to the second data
storage system, wherein, concurrently to performance of the migration, the at least one host device maintains access to data
of the first virtual storage unit.

US Pat. No. 9,519,564

TRACE SAVING INTERVALS

EMC IP Holding Company LL...

1. A method of managing an application error comprising:
by a processor:
defining, by an interval definition module, a temporal interval associated with an occurrence of one or more received traces
characterizing behavior of an application related to an application error, each of the one or more received traces including
a priority, the temporal interval initiated upon receipt of a first trace of the one or more received traces and continuing
for a predetermined amount of time, the one or more received traces occurring without stimulation from the interval definition
module;

when one or more subsequent traces occur within the temporal interval after the first trace, comparing the priorities of the
subsequent traces to identify a set of traces with a priority above a certain priority threshold, the set of traces includes
a first trace, a highest priority trace, and a last trace, wherein the highest priority trace is designated by (i) comparing
the priority of each of the traces to the priority of other traces in the set of traces, and (ii) designating, as the highest
priority trace, a single trace having priority that is greater than or equal to the priority of the other traces in the set
of traces, wherein for two or more traces having equal priority, the first-received trace of the two or more traces having
equal priority is designated as the highest priority trace; and

saving the identified set of traces to a common memory, and not saving the subsequent traces not identified as having a priority
above a certain priority threshold, the saved set of traces being available to facilitate determining at least one of an error
source and an error correction.

US Pat. No. 9,516,010

AUTHENTICATING A USER WHILE THE USER OPERATES A CLIENT APPARATUS AND POSSESSES AN ELECTRONIC CARD

EMC IP Holding Company LL...

1. A method of performing authentication, the method comprising:
receiving, by processing circuitry, an authentication request from a user operating a client apparatus;
in response to the authentication request, performing, by the processing circuitry, an analysis of a set of credentials obtained
from the client apparatus, the set of credentials including an authentication factor acquired by the client apparatus from
an electronic card in possession of the user, the electronic card being separate from the client apparatus; and

based on the analysis of the set of credentials, outputting, by the processing circuitry, an authentication result indicating
whether the processing circuitry deems the user operating the client apparatus to be authentic;

wherein the client apparatus is a smart phone operated by the user, the smart phone having near field communication circuitry;
wherein performing the analysis of the set of credentials includes:
obtaining, as the authentication factor acquired by the client device from the electronic card, a mobile payment credential
from the electronic card via the near field communication circuitry of the smart phone, and

verifying the mobile payment credential against an expected mobile payment credential assigned to the user;
wherein performing the analysis of the set of credentials further includes:
prior to obtaining the mobile payment credential from the electronic card, receiving an initial set of credentials from the
client apparatus and performing an initial authentication operation based on the initial set of credentials, and

in response to a result of the initial authentication operation indicating that authentication of the user is unsuccessful
and prior to obtaining the mobile payment credential from the electronic card, providing a scan command to the smart phone
to direct the user to scan the electronic card using the near field communication circuitry of the smart phone; and

wherein performing the initial authentication operation includes:
performing, as the initial authentication operation, (i) a risk-based authentication operation using, as input, the initial
set of credentials to generate a risk score, and (ii) comparing the risk score to a risk score threshold, the scan command
directing the user to scan the electronic card being provided to the smart phone in response to the risk score exceeding the
risk score threshold.

US Pat. No. 9,524,218

LEVERAGE FAST VP EXTENT-LEVEL STATISTICS WITHIN CDP ENVIRONMENTS

EMC IP HOLDING COMPANY LL...

5. The method of claim 1 including reading statistical meta data periodically from production storage array.

US Pat. No. 9,483,358

SYNTHETIC BLOCK BASED BACKUP

EMC IP Holding Company LL...

1. A method for protecting data, comprising:
taking a first snapshot of a physical volume using a native snapshot program, wherein the first snapshot comprises a plurality
of data blocks;

transmitting the plurality of data blocks from the physical volume to a deduplicated storage device;
identifying a parent virtual container stored on the deduplicated storage device, wherein the parent virtual container comprises
a blank virtual machine disk (“VMDK”) file;

populating the parent virtual container block-by-block with the plurality of data blocks received from the physical volume;
taking a second snapshot of the physical volume using the native snapshot program, wherein the second snapshot comprises a
second plurality of blocks;

identifying a plurality of changed blocks from the second plurality of blocks, wherein the changed blocks comprise blocks
that have changed since taking the first snapshot of the physical volume;

identifying a child virtual container linked to the parent virtual container, wherein the child virtual container is stored
on the deduplicated storage device;

transmitting the plurality of changed blocks to deduplicated storage device;
populating the child virtual container with the plurality of changed blocks;
creating a fast copy of the parent virtual container and the linked child virtual container;
consolidating the copy of the parent virtual container and the copy of the linked child virtual container based on the format
of the parent virtual container to form a consolidated copy on the deduplicated storage device;

deleting the parent virtual container and the child virtual container linked to the parent in accordance with a policy identifying
an amount of restore points; and

mounting the consolidated copy from the deduplicated storage device.

US Pat. No. 9,503,123

RANDOM ACCESS TO COMPRESSED DATA USING BITWISE INDICES

EMC IP Holding Company LL...

1. A method, comprising:
obtaining a compressed file and a bitwise mapping between at least a portion of individual bits in said compressed file and
corresponding portions of an uncompressed version of said compressed file, wherein said bitwise mapping comprises a pointer
to an individual bit in said compressed file corresponding to a given portion of said uncompressed version of said compressed
file; and

decompressing at least a portion of said compressed file starting from said individual bit referenced by said pointer.

US Pat. No. 9,603,280

FLASH MODULE

EMC IP HOLDING COMPANY LL...

1. A flash module, comprising:
a top cover and a bottom cover;
a printed circuit board (PCB) comprising memory, solid state storage, a storage controller configured to manage the memory
and the solid state storage, and at least one integrated connector; and

a capacitor, wherein the capacitor is configured to power at least the storage controller when the flash module is disconnected
from an external power source;

wherein the solid state storage comprises a plurality of solid state storage chips, wherein a first portion of the plurality
of solid state storage chips are mounted on a top surface of the PCB and a second portion of the plurality of solid state
storage chips are mounted on a bottom surface of the PCB, and wherein the memory comprises a plurality of memory chips, wherein
a first portion of the plurality of memory chips are mounted on the top surface of the PCB and a second portion of the plurality
of memory chips are mounted on the bottom surface of the PCB.

US Pat. No. 9,524,217

FEDERATED RESTORES OF AVAILABILITY GROUPS

EMC IP Holding Company LL...

1. A system for federated restores of availability groups, the system comprising:
a processor-based application, which when executed on a computer, will cause the processor to:
back up an availability group from a node in a cluster of nodes based on an identifier of the cluster of nodes;
output information associated with at least one database replica in any availability group which is backed up based on the
identifier of the cluster of nodes in response to a user request for the information; and

restore a user-selected database replica to a user-selected node in the cluster of nodes based on a user selecting at least
some of the information.

US Pat. No. 9,501,290

TECHNIQUES FOR GENERATING UNIQUE IDENTIFIERS

EMC IP Holding Company LL...

1. A method of generating and using a unique identifier comprising:
receiving a request from a client to generate a token representing a data item;
responsive to receiving the request, performing first processing by a token driver that generates the unique identifier and
that generates the token using the unique identifier, wherein said token driver comprises code of the first processing executed
by a first of a plurality of processors to generate the token, said first processing including:

obtaining a shared value that is a common value used by the plurality of processors;
obtaining a processor identifier of the first processor;
obtaining a container identifier identifying a memory location;
obtaining a time value denoting an amount of time that has elapsed since the first processor was last booted;
generating a unique identifier using a plurality of values including the shared value, the processor identifier, the container
identifier and the time value; and

generating the token using the unique identifier.

US Pat. No. 9,491,035

CLOUD SERVICES DIRECTORY PROTOCOL

EMC IP Holding Company LL...

1. A method comprising the steps of:
sending a cloud service discovery request to a plurality of cloud service providers in a cloud computing system, wherein the
plurality of cloud service providers comprises one or more cloud service providers operating external to a network from which
the cloud service discovery request is sent and one or more cloud service providers operating internal to the network from
which the cloud service discovery request is sent, wherein the cloud service discovery request comprises one or more cloud
service-provider selectable criteria scoring ranges for one or more proposed cloud services, wherein scores in each of the
criteria scoring ranges that are selectable by a cloud service provider are predetermined by a sender of the service discovery
request, and wherein the cloud service discovery request comprises a capability query, a cost query, a trust query, a location
query, and a service level query;

receiving one or more cloud service discovery responses from one or more of the plurality of cloud service providers for the
one or more proposed cloud services, wherein each of the one or more cloud service discovery responses comprises scores selected
by the given cloud service provider from the criteria scoring ranges predetermined by the sender of the cloud service discovery
request for each of the one or more proposed cloud services, and wherein each of the one or more cloud service discovery responses
comprises a capability reply, a cost reply, a trust reply, a location reply, and a service level reply that respectively correspond
to the capability query, the cost query, the trust query, the location query, and the service level query;

computing a weighted appropriateness score for each of the proposed cloud services based on the cloud service-provider selected
scores in each cloud service discovery response; and

automatically engaging at least one of the proposed cloud services based on the weighted appropriateness scores;
wherein the above steps are performed by at least one processing device comprising a processor coupled to a memory.

US Pat. No. 9,477,675

MANAGING FILE SYSTEM CHECKING IN FILE SYSTEMS

EMC IP Holding Company LL...

1. A method for use in managing file system checking in file systems, the method comprising:
evaluating metadata of a file system upon receiving a request to perform file system checking on the file system, wherein
evaluating the metadata of the file system includes evaluating information stored in a persistent storage organized for storing
information associated with performing file system checking on the file system, wherein the information stored in the persistent
storage includes information regarding file system checking performed previously on the file system;

based on the evaluation, determining whether file system checking has been performed previously on the file system; and
based on the determination, performing file system checking on the file system, wherein performing the file system checking
on the file system includes resuming file system checking of the file system by using the information stored in the persistent
storage regarding the file system checking performed previously on the file system upon determining that the file system checking
performed previously on the file system has not been completed successfully.

US Pat. No. 9,501,229

MULTI-TIERED COARRAY PROGRAMMING

EMC IP Holding Company LL...

1. A coarray programming method, comprising the steps of:
obtaining an index address identifying a memory element in a memory array in a multi-tiered storage environment, wherein said
multi-tiered storage environment comprises at least one of said memory elements on at least two different storage tiers,

wherein said memory array is shared by a plurality of processes and a given process of said plurality of processes has an
image of variables of said given process, wherein said coarray programming method makes one or more of said variables visible
on more than one of said images, and wherein said index address comprises an identifier of a given storage tier within said
multi-tiered storage environment where said memory element is stored; and

converting said index address to one or more of a path name, an object name and a key value based on said identified given
storage tier to access said memory element.

US Pat. No. 9,477,431

MANAGING STORAGE SPACE OF STORAGE TIERS

EMC IP Holding Company LL...

1. A method for use in managing storage space of storage tiers, the method comprising:
evaluating storage space utilization characteristics of a storage tier of a set of storage tiers in a storage system prior
to starting a next iteration of relocation of a set of slices from a first storage tier to a second storage tier included
in the set of storage tiers, wherein the storage space utilization characteristics of the storage tier includes a rate at
which storage space has been allocated for writing data in the storage tier since a last iteration of relocation of a set
of slices, wherein a slice is a logical representation of a subset of physical disk storage, wherein the storage system includes
a processor; and

based on the evaluation, dynamically adjusting reservation of headroom storage space in each storage tier of the set of storage
tiers prior to starting the next iteration of relocation of the set of slices, wherein headroom storage space in a storage
tier is decreased upon determining that a current storage space utilization of the storage tier is less than a previous storage
space utilization of the storage tier and headroom storage space in a storage tier is increased upon determining that a current
storage space utilization of the storage tier is more than a previous storage space utilization of the storage tier, wherein
the current storage space utilization of a storage tier indicates an amount of storage space of the storage tier that has
been allocated during a current iteration of relocation of slices, wherein the previous storage space utilization of a storage
tier indicates an amount of storage space of the storage tier that has been allocated during a previous iteration of relocation
of slices, wherein the headroom storage space indicates a portion of the total amount of storage space of the storage tier
that has been reserved as unused storage space in the storage tier, wherein the portion of the total amount of storage space
reserved as the headroom storage space is adjusted based on minimum and maximum threshold values, wherein the headroom storage
space reserved in a storage tier of the set of storage tiers enables the storage tier to accommodate allocation of storage
space required for relocating slices into the storage tier and writing new data in the storage tier by a write I/O request.

US Pat. No. 9,563,511

PERFORMING INPUT/OUTPUT OPERATIONS ON A SET OF STORAGE DEVICES BASED ON SCALABLE INPUT/OUTPUT CREDITS

EMC IP Holding Company LL...

1. In data storage equipment, a method of performing input/output (I/O) operations on a set of storage devices, the method
comprising:
configuring the data storage equipment to (i) allow host I/O operations to start on the set of storage devices while a credit
tally for the set of storage devices is less than a predefined credit quota and (ii) block host I/O operations from starting
on the set of storage devices while the credit tally for the set of storage devices is greater than the predefined credit
quota;

after configuring the data storage equipment and during a first operational time period in which a rebuild procedure is not
being performed on the set of storage devices, (i) allocating host I/O credits at equal weight to the credit tally upon starting
first host I/O operations on the set of storage devices and (ii) de-allocating the host I/O credits at equal weight from the
credit tally upon completion of the first host I/O operations on the set of storage devices; and

after the first operational time period and during a second operational time period in which the rebuild procedure is being
performed on the set of storage devices, (i) allocating host I/O credits at greater than equal weight to the credit tally
upon starting second host I/O operations on the set of storage devices and (ii) de-allocating the host I/O credits at greater
than equal weight from the credit tally upon completion of the second host I/O operations on the set of storage devices.

US Pat. No. 9,477,691

MULTI-LATENCY DATA MANAGEMENT

EMC IP Holding Company LL...

1. A data management system comprising:
a multi-latency logical data store comprising a first data store having a first data latency and a second data store having
a second data latency substantially different than the first data latency; and

a controller associated with the multi-latency logical data store;
wherein the controller is configured to manage the multi-latency logical data store utilizing a plurality of multi-latency
data sets each of which provides at least one multi-latency link between at least a portion of a data set from the first data
store and at least a portion of a data set from the second data store;

wherein one or more of the plurality of multi-latency data sets each comprises a multi-latency table providing at least one
multi-latency link between at least a portion of a table from the first data store and at least a portion of a table from
the second data store; and

wherein the data management system is implemented using at least one processing device comprising a processor coupled to a
memory.

US Pat. No. 9,496,897

METHODS AND APPARATUS FOR GENERATING AUTHENTICATED ERROR CORRECTING CODES

EMC IP Holding Company LL...

1. A method performed by an encoder for generating one or more encoded symbols via an authenticated error correcting code,
comprising:
applying a Luby Transform (LT) code to a plurality of message symbols to produce one or more intermediate symbols using a
cryptographic pseudo random number generator (PRNG) to select the plurality of message symbols to combine to produce said
one or more intermediate symbols;

encrypting said one or more intermediate symbols to produce one or more encrypted symbols;
computing an authentication value over one or more of said one or more encrypted symbols using a secret-key scheme based on
a secret key shared by said encoder and a decoder of said one or more encoded symbols; and

appending said authentication value to said corresponding one or more encrypted symbols to form said one or more encoded symbols.

US Pat. No. 9,497,257

FILE LEVEL REFERRALS

EMC IP HOLDING COMPANY LL...

1. A method for accessing data, comprising:
receiving, by a first file server, an I/O request for a virtual machine disk from a client, wherein the first file server
comprises a repository storing a virtual directory comprising symbolic links to a plurality of virtual machine disks;

determining, by the first file server, if the requested virtual machine disk is stored on a the first file server;
redirecting the client, by the first file server, to a second file server and a third file server if the virtual machine disk
is not in the first file server, wherein redirecting the client comprises:

sending, by the first file server, an error mount message to the client;
receiving, by the first file server, a request for the virtual machine disk's location from the client; and
sending, by the first file server, a first symbolic link from the virtual directory of a second server location associated
with the second file server and a second symbolic link from the virtual directory of a third server location associated with
the third file server to the client; and

transmitting, by the first file server, portions of the virtual machine disk file to the client from both the second file
server and the third file server.

US Pat. No. 9,506,821

SYSTEM AND METHOD FOR CONTROLLING FAN SPEED

EMC IP Holding Company LL...

1. A computer-implemented method comprising:
determining an internal temperature of a computing device having one or more non-disk drive devices and one or more disk drive
devices, wherein determining an internal temperature includes determining a midplane temperature via one or more temperature
sensors mounted on a midplane assembly of the computing device;

determining a power consumption factor for the computing device, wherein determining the power consumption factor includes
determining a total power consumption of the computing device, determining a total power consumption of the one or more non-disk
drive devices of the computing device and within the computing device, and further includes subtracting, from the total power
consumption of the computing device, the total power consumption of the one or more non-disk drive devices, wherein the one
or more non-disk drive devices includes at least one of a storage controller and a link controller card;

determining an airflow factor for the computing device indicating a total quantity of air moving through the computing device,
including monitoring a rotational speed of one or more cooling fans to determine a volume of air moved per fan rotation;

generating an approximated ambient air temperature based upon the internal temperature and midplane temperature, power consumption
factor, and the airflow factor, wherein generating an approximated ambient air temperature includes determining a differential
temperature based upon the power consumption factor, and the airflow factor, and subtracting the differential temperature
from the internal temperature to define the approximated ambient air temperature;

determining a workload factor for the computing device; and
controlling a fan speed for each of an exhaust fan, a supply fan, a microprocessor cooling fan and a memory system cooling
fan associated with the computing device based at least in part upon the approximated ambient air temperature and the workload
factor.

US Pat. No. 9,706,687

ELECTRONIC EQUIPMENT CHASSIS HAVING STORAGE DEVICES AND OTHER MODULES CONFIGURED FOR FRONT-ACCESS REMOVABILITY

EMC IP Holding Company LL...

1. An electronic equipment chassis comprising:
a housing having a front portion and a rear portion;
first and second rows of cooling modules disposed at respective upper and lower levels of the front portion; and
a plurality of storage devices arranged in the front portion between the first and second rows of cooling modules;
wherein the electronic equipment chassis has a rack mount configuration for mounting of the electronic equipment chassis in
an electronic equipment rack;

wherein at least a subset of the cooling modules and at least a subset of the storage devices are configured for each such
cooling module and storage device to be individually removable from the chassis through a vertical plane of the front portion
of the housing;

a given one of the cooling modules of the subset of cooling modules thereby being removable from the chassis through the vertical
plane of the front portion of the housing separately from one or more other ones of the cooling modules in a same one of the
first and second rows as the given one of the cooling modules; and

a given one of the storage devices of the subset of storage devices thereby being removable from the chassis through the vertical
plane of the front portion of the housing separately from one or more other ones of the storage devices.

US Pat. No. 9,654,467

TIME SYNCHRONIZATION SOLUTIONS FOR FORWARD-SECURE ONE-TIME AUTHENTICATION TOKENS

EMC IP Holding Company LL...

1. A token-side method for generating a passcode from a user authentication token for presentation to an authentication server,
comprising:
receiving a request to generate said passcode at a current device time of said user authentication token;
detecting, by at least one processing device of said user authentication token that generates said passcode, a previous forward
clock attack during said generation of said passcode, wherein a third party actor implemented said forward clock attack by
altering a device time of said user authentication token to a time that is later than said current device time of said user
authentication token, accessing at least one passcode that is valid at said time that is later than said current device time
and restoring said device time to a substantially current time of said forward clock attack, wherein said forward clock attack
is detected by determining whether said current device time of said user authentication token is less than a last used device
time indicating a last time that said user authentication token was used to produce a last passcode, wherein said last used
device time is stored as part of a state of said user authentication token, wherein said last used device time is updated
to said current device time during said generation of said user authentication passcode; and

communicating, by said user authentication token, an indication of said forward clock attack to said authentication server,
wherein said authentication server re-synchronizes with said user authentication token in response to said indication from
said user authentication token of said forward clock attack.

US Pat. No. 9,507,732

SYSTEM AND METHOD FOR CACHE MANAGEMENT

EMC IP Holding Company LL...

1. A computer-implemented method comprising:
associating a tracking file with a multi-portion data file, wherein the multi-portion data file is a single data file with
multiple portions located on a data array, wherein the tracking file is configured to monitor the status of each portion of
the multi-portion data file;

modifying at least one portion of the multi-portion data file via a first virtual machine executed on a first physical machine
of a plurality of physical machines;

updating the tracking file to reflect the modification of the at least one portion of the multi-portion data file, wherein
the tracking file includes which physical machine of the plurality of physical machines modified each portion of the multi-portion
data file, and further includes an indication whether cache data associated with the first virtual machine was modified while
the first virtual machine was migrated and executed on a second physical machine of the plurality of physical machines;

migrating the first virtual machine from the first physical machine to the second physical machine, and migrating the first
virtual machine from the second physical machine back to the first physical machine; and

determining if at least one portion of the multi-portion data file is valid for the first physical machine, wherein the at
least one portion of the multi-portion data file is valid for the first physical machine if the at least one portion of the
multi-portion data file was not modified by a host other than the first physical machine indicated by the tracking file.

US Pat. No. 9,483,355

TRACKING COPY SESSIONS

EMC IP Holding Company LL...

1. A method of copying data from an initial logical volume to at least one other logical volume, comprising:
initializing a table-with entries corresponding to different portions of the initial logical volume, wherein each of the entries
is initialized with a first value indicative of an absence of write requests;

following initializing the table, providing a second value different from the first value to an entry in the table corresponding
to a portion of the initial logical volume to which a write operation is performed, the second value indicative of a write
request;

establishing a current set of extents, wherein the first value is provided to entries in the table that correspond to portions
of the initial logical volume indicated by the current set of extents;

determining if any of the entries in the table is set to the second value while establishing the current set of extents;
invalidating previously-established sets of extents corresponding to entries in the table that are set to the second value;
and

copying the data of the initial logical volume corresponding to the current set of extents to the at least one other logical
volume, wherein copying all the data is aborted in response to any of the entries in the table corresponding to the current
set of extents having the second value.

US Pat. No. 9,513,829

TRANSACTION LOGGING USING ROUND-ROBIN BLOCK ALLOCATION AND I/O SIZE BASED PARTITIONS

EMC IP Holding Company LL...

1. A method for storing data in a log of a data storage system, the method comprising:
receiving, from a requestor, a set of three or more sequential requests, each request specifying data to be written to a data
object served by the data storage system;

placing the data specified by respective ones of the requests into respective lockable units of storage for the log such that
the data of no two sequential requests are stored within the same lockable unit, wherein each lockable unit is constructed
and arranged to be locked for access by a writer when being written and to be unlocked when not being written, and wherein
each of the lockable units is configured to store data specified by multiple requests; and

acknowledging, to the requestor, completion of each of the requests in response to placing the data specified by the respective
request in one of the lockable units of storage.

US Pat. No. 9,503,468

DETECTING SUSPICIOUS WEB TRAFFIC FROM AN ENTERPRISE NETWORK

EMC IP Holding Company LL...

1. A method comprising:
generating a database comprising information corresponding to each of multiple connections between one or more destinations
external to an enterprise network and one or more hosts within the enterprise network, wherein said multiple connections occur
over a given period of time, and wherein the information in the database comprises a timestamp corresponding to a respective
connection between a destination external to the enterprise network and a host within the enterprise network;

removing a given destination from the information in the database upon a determination that the given destination has not
been contacted by a host within the enterprise network over a specified duration of time;

processing multiple additional connections between one or more destinations external to the enterprise network and one or
more hosts within the enterprise network with one or more filtering operations to produce one or more filtered connections,
wherein said multiple additional connections occur subsequent to said given period of time, and wherein said processing comprises:

applying a white-list of one or more destinations to said multiple additional connections to preclude one or more of said
multiple additional connections associated with said white-list destinations from said filtered connections;

identifying one or more of said multiple additional connections associated with a user bookmark to preclude from said filtered
connections: and

folding each of said destinations to a second-level sub-domain to filter one or more services employing a random string as
a sub-domain, wherein said one or more services correspond to one or more of said multiple additional connections; and

analyzing said one or more filtered connections against the database to identify, from the one or more filtered connections,
a connection to a destination external to the enterprise network that is not included in the information in the database;

wherein said generating, said removing, said processing, and said analyzing are carried out by at least one computing device.

US Pat. No. 9,495,668

COMPUTING SOLUTIONS TO A PROBLEM INVOLVING INVERSION OF A ONE-WAY FUNCTION

EMC IP Holding Company LL...

1. A method comprising:
receiving, at a first processing device from a second processing device, a request for access to a given resource controlled
by the first processing device;

sending, from the first processing device to the second processing device, a set of values responsive to receiving the request
for access to the given resource, the set of values being usable to compute a solution to a first problem involving inversion
of a first one-way function;

receiving, at the first processing device from the second processing device, a given value representing a potential solution
to the first problem;

providing, at the first processing device, access to the given resource by the second processing device responsive to verifying
the given value as a valid solution to the first problem; and

utilizing, at the first processing device, the given value as an input for computing a solution to a second problem involving
inversion of a second one-way function;

wherein a valid solution to the second problem uses as input the valid solution to the first problem; and
wherein the set of values comprises a supplementary value specific to a particular instance of the first one-way problem and
the second processing device, the supplementary value being used as an input to the first one-way function by the second processing
device.

US Pat. No. 9,495,210

LOGICAL DEVICE MODEL

EMC IP Holding Company LL...

1. A method for providing a logical device model comprising:
providing a plurality of logical devices, at least one of said plurality of logical devices being a kernel mode logical device
provided by a first provider executing in kernel space and at least one of said plurality of logical devices being a user
mode logical device provided by a second provider executing in user space; and

establishing a relationship between the first provider and the second provider wherein the first provider is a consumer of
a logical device provided by the second provider, said logical device model including said relationship, wherein the first
provider, as a consumer of the logical device provided by the second provider, sends requests, which are directed to the logical
device provided by the second provider, to code of an application programming interface that transfers runtime control to
the second provider to execute code of the second provider in connection with processing the requests, wherein the logical
device model comprises a logical device runtime stack representing a runtime call chain including the kernel mode logical
device, the user mode logical device and a second user mode logical device provided by a third provider executing in user
space, wherein the runtime call chain includes a plurality of runtime calls each transferring runtime control from code of
a logical device consumer to code of a logical device provider, whereby the kernel mode logical device is a consumer of the
user mode logical device and the user mode logical device is further a consumer of the second user mode logical device, wherein
the second provider, that provides the user mode logical device as a consumer of the second user mode logical device provided
by the third provider, sends other requests, which are directed to the second user mode logical device provided by the third
provider, to code of the application programming interface that transfers runtime control to the third provider to execute
code of the third provider in connection with processing the other requests.

US Pat. No. 9,557,932

METHOD AND SYSTEM FOR DISCOVERING SNAPSHOT INFORMATION BASED ON STORAGE ARRAYS

EMC IP Holding Company LL...

1. A system for discovering snapshot information based on storage arrays, each storage array comprising a disk storage system
containing a plurality of disk drives, the system comprising:
a processor-based application executed on a computer and configured to:
identify first snapshot information associated with a first storage array by executing an application program interface associated
with the first storage array to discover data associated with each snapshot of a plurality of snapshots stored on the first
storage array, wherein at least one snapshot of the plurality of snapshots is a foreign snapshot;

identify second snapshot information associated with a second storage array by executing an application program interface
associated with the second storage array to discover data associated with each snapshot of a plurality of snapshots stored
on the second storage array, the application program interface associated with the second storage array being different from
the application program interface associated with the first storage array; and

output the identified first snapshot information and the identified second snapshot information via a user interface.

US Pat. No. 9,615,111

COMPLEXITY-ADAPTIVE COMPRESSION OF COLOR IMAGES USING BINARY ARITHMETIC CODING

EMC IP Holding Company LL...

1. A method of compressing single color image data stored in memory, the method comprising, for each of a set of pixels of
the single color image data:
generating, by a processor coupled to the memory, a prediction error equal to a difference between the single color image
data at that pixel and a predicted value of the single color image data at that pixel;

separating the prediction error into multiple factors;
selecting a respective context model for each of the multiple factors into which the prediction error at that pixel has been
separated; and

encoding the prediction error based on the context model selected for each of the multiple factors to generate compressed
image data.

US Pat. No. 9,497,062

SYSTEM AND METHOD FOR SECURE STORAGE, TRANSFER AND RETRIEVAL OF CONTENT ADDRESSABLE INFORMATION

EMC IP Holding Company LL...

1. A method of managing a plurality of digital assets stored in a computer system comprising at least a first computer, each
of the plurality of digital assets accessible via a corresponding identifier generated based on at least a portion of the
contents of the digital asset, the plurality of digital assets comprising a first digital asset, the first digital asset comprising
encrypted data and having associated metadata, wherein the first digital asset is stored in an encrypted format, the method
comprising acts of:
(A) creating a first descriptor file that comprises at least some of the metadata associated with the first digital asset,
including the corresponding identifier of the first digital asset, and at least one searchable keyword that describes the
encrypted data of the first digital asset; and

(B) storing the first descriptor file on the computer system, wherein the first descriptor file is accessible as one of the
plurality of digital assets via a corresponding identifier for the first descriptor file generated based on at least a portion
of the contents of the first descriptor file, and wherein the first descriptor file is stored in an unencrypted format; and

(C) creating the corresponding identifier for the first descriptor file, the corresponding identifier being a unique identifier
comprising information that identifies the first descriptor file as belonging to a class of digital assets that comprise metadata
relating to other digital assets.

US Pat. No. 9,563,423

SYSTEM AND METHOD FOR SIMULTANEOUS SHARED ACCESS TO DATA BUFFERS BY TWO THREADS, IN A CONNECTION-ORIENTED DATA PROXY SERVICE

EMC IP Holding Company LL...

1. A method comprising:
receiving a catalog of available transport paths from a client over a fibre channel network, the transport paths established
based on fibre channel protocol;

detecting availability of destination port associated with a virtual connection between the client and a server communicating
using SCSI (Small Computer System Interface) over the fibre channel network by a server fibre channel adapter,

the virtual connection identifying one of the available transport paths for the communication using SCSI;
in response to determining that a head buffer of a data stream is not empty, reading data from a head of a singly linked list
of the data stream by a consumer process thread while a producer process thread has access to the singly linked list of the
data stream,

the data stream storing data received via the virtual connection from the client,
each item in the singly linked list corresponding to a data buffer, the consumer process thread and the producer process thread
having simultaneous access to individual data buffers of the singly linked list of the data stream without having to wait
to obtain a lock;

forwarding the data read from the head of the singly linked list to the destination port by the consumer process thread; and
sending response data received from the destination port to the client via the one available path of the virtual connection
by the producer process thread.

US Pat. No. 9,537,777

ADJUSTING INPUT/OUTPUT OPERATION ARRIVAL TIMES TO REPRESENT A TOKEN BUCKET THAT ENFORCES MAXIMUM RATE AND BURST SIZE LIMITS

EMC IP Holding Company LL...

1. A computer-implemented method of using an input/output time parameter to represent a number of tokens in a token bucket
in order to enforce a maximum rate limit for input/output operations directed to a storage resource, comprising executing,
on at least one processor, the steps of:
setting a minimum permitted input/output operation inter-arrival time period to an inverse of the maximum rate limit;
processing an initially received input/output operation by setting the input/output time parameter to an arrival time of the
initial input/output operation; and

processing each subsequently received input/output operation by
setting an inter-arrival time period parameter to a difference between an arrival time of the received input/output operation
and the input/output time parameter,

determining whether the inter-arrival time period parameter is less than the minimum permitted input/output operation inter-arrival
time, and

in response to determining that the inter-arrival time period parameter is not less than the minimum permitted input/output
operation inter-arrival time, determining that there is at least one token available in the token bucket and accordingly allowing
the input/output operation to be performed on the storage resource, and decrementing the number of tokens in the token bucket
by adding the minimum permitted input/output operation inter-arrival time to the input/output time parameter.

US Pat. No. 9,507,787

PROVIDING MOBILITY TO VIRTUAL STORAGE PROCESSORS

EMC IP Holding Company LL...

1. A method of providing mobility to virtual storage processors (VSPs), the method comprising:
operating a source VSP on a physical storage processor, the physical storage processor having a first network address, the
source VSP having a second network address different from the first network address and providing host access to multiple
source data objects via the second network address;

receiving, by processing circuitry, a VSP move command from a user, the VSP move command specifying the source VSP and a destination;
identifying, by the processing circuitry and in response to the VSP move command, the multiple source data objects which are
configured to store data from the context of the source VSP, the multiple source data objects residing in a source storage
pool; and

after the multiple source data objects are identified, (i) transforming the multiple source data objects into multiple destination
data objects which are configured to store data from the context of a destination VSP at the destination, the multiple destination
data objects residing in a destination storage pool which is different from the source storage pool, and (ii) providing host
access to the multiple source data objects, residing in the destination storage pool, via the second network address,

wherein the physical storage processor on which the source VSP operated is a first physical storage processor, wherein the
destination VSP resides on a second physical storage processor having a third network address, and wherein the third network
address is different from the first network address and the second network address.

US Pat. No. 9,509,688

PROVIDING MALICIOUS IDENTITY PROFILES FROM FAILED AUTHENTICATION ATTEMPTS INVOLVING BIOMETRICS

EMC IP Holding Company LL...

1. A method of providing malicious identity profiles, the method comprising:
storing, by processing circuitry, unsuccessful authentication entries in a database, the unsuccessful authentication entries
including (i) descriptions of failed attempts to authenticate users and (ii) biometric records captured from the users during
the failed attempts to authenticate the users;

generating, by the processing circuitry, a set of malicious identity profiles based on the descriptions and the biometric
records of the unsuccessful authentication entries stored in the database, each malicious identity profile including a profile
biometric record for comparison with new biometric records during new authentication attempts; and

outputting, by the processing circuitry, the set of malicious identity profiles;wherein generating the set of malicious identity profiles includes:
performing comparison operations on the descriptions and the biometric records of the unsuccessful authentication entries
to group at least some of the unsuccessful authentication entries into sets of similar unsuccessful authentication entries,
each set of similar unsuccessful authentication entries including multiple unsuccessful authentication entries which are alike
based on a set of similarity scores resulting from the comparison operations, and

forming the set of malicious identity profiles from at least some of the sets of similar unsuccessful authentication entries;wherein forming the set of malicious identity profiles from at least some of the sets of similar unsuccessful authentication
entries includes:
creating suspicion profiles from the sets of similar unsuccessful authentication entries, each suspicion profile including
a particular profile biometric record created from a particular set of similar unsuccessful authentication entries, and

collecting historical data from the database for each created suspicion profile; andwherein the method further comprises:
distributing, as the set of malicious identity profiles, the suspicion profiles and suspicion scores which are assigned to
the suspicion profiles to a set of adaptive-authentication servers through a computerized network, each adaptive-authentication
server being constructed and arranged to perform adaptive-authentication (i) which includes biometric authentication as an
adaptive-authentication factor and (ii) which is based on the malicious identity profiles.

US Pat. No. 9,558,445

INPUT VALIDATION TECHNIQUES

EMC IP Holding Company LL...

1. A method for processing inputs comprising:
providing a plurality of rules engines, wherein each of the plurality of rules engines is written in a different programming
language;

performing input validation processing of a first set of one or more inputs by a first of the plurality of rules engines using
a first portion of validation rules, wherein said first set of one or more inputs are user inputs obtained from a user interface
and in connection with provisioning storage for a logical entity in a data storage system, wherein each of the validation
rules includes a message identifier associated with an error message, and each of the validation rules includes validation
criteria comprising required validation criteria and optionally comprising optional validation criteria, wherein a specified
input needs to meet the required criteria and additionally needs to meet the optional validation criteria, if specified, to
be successfully validated in accordance with said each validation rule, wherein said optional validation criteria of at least
one of the validation rules includes any of: a minimum length of an input, a maximum length of an input, and an expression
denoting an acceptable pattern or format of an input, wherein a plurality of message catalogues include text of a same set
of error messages for a plurality of spoken languages, the plurality of message catalogues each using a same set of message
identifiers whereby a same one of the message identifiers in each of the plurality of message catalogues is associated with
text of a same error message in a different one of the plurality of spoken languages; and

responsive to the input validation processing by the first rules engine determining that the first set of one or more inputs
is valid, performing processing including:

transforming at least one of the first set of one or more inputs and producing a second set of one or more inputs as a result
of said transforming; and

performing input validation processing of the second set of one or more inputs by a second of the plurality of rules engines
using the second portion of the validation rules.

US Pat. No. 9,507,829

STORAGE OPTIMIZATION FOR SOCIAL NETWORKS

EMC IP Holding Company LL...

1. A method, comprising:
storing user data in a plurality of data centers of a computing system, wherein the user data comprises shared data that is
shared between users of the computing system; and

performing a storage allocation process to optimize storage of the user data in the data centers of the computing system,
wherein performing a storage allocation process comprises:

determining a ranking of each data center in the computing system for at least one user of the computing system, wherein determining
a ranking comprises ranking a given data center as a function of a sum of access ratio values of friends of the at least one
user, whose data is stored in the given data center, wherein an access ratio value of a given friend of the at least one user
comprises a ratio of (i) a number of times that the given friend whose data is stored in the given data center has accessed
the shared data of the at least one user to (ii) a number of data uploads of shared data that the at least one user has made
to the computing system; and

selecting a data center to store user data of the at least one user, based at least in part on the determined rankings of
the data centers for the at least one user, to reduce an average access delay experienced by the friends of the at least one
user in accessing the shared data of the at least one user;

wherein one or more of the storing and performing steps are performed under control of at least one processing device.

US Pat. No. 9,477,425

MANAGING OBJECT DELETION

EMC IP Holding Company LL...

1. A method for use in managing object deletion in a storage system comprising a server component communicatively coupled
to communicate with one or more clients of the storage system and communicatively coupled to manage a storage array component
comprising a disk array, the method comprising:
the server component repeatedly polling the storage array component for updated information about the storage system;
at the server component, receiving an information set from the storage array component as part of the updated information
received as a result of the repeated polling, the information set identifying an object to be deleted from a system management
model that is descriptive of the storage system;

in response to receiving the information set, applying an iterative process to determine other objects in the system management
model that are affected by deletion of the object, the other objects being unidentified in the information set;

and automatically deleting the object from the system management model,
wherein the acts of polling, receiving, applying and deleting are performed autonomously by the server component, independently
of any communication initiating performance of such acts from the one or more clients or any users or other entities,

wherein the server component comprises a first provider of services, and the storage array component comprises an operating
system and an interface, wherein the interface derives the information set from information received from the operating system,
and wherein the first provider receives the information set from the interface and initiates the iterative process.

US Pat. No. 9,552,258

METHOD AND SYSTEM FOR STORING DATA IN RAID MEMORY DEVICES

EMC IP Holding Company LL...

1. A redundant array of independent disk (RAID) memory storage system comprising:
data storage blocks arranged in said array in a first plurality of data rows and a second plurality of data columns, wherein
parity data is stored in additionally defined parity blocks, wherein numbers of blocks in respective columns are different;

wherein at least some of said parity data is row parity data placed in a column of row parity data wherein at least some of
said parity data is diagonal parity data placed in diagonal parity blocks in a diagonal parity column, wherein the number
of said blocks comprising each row parity set is larger than the number of said data blocks comprising each diagonal parity
set.

US Pat. No. 9,723,744

INFORMATION TECHNOLOGY RACKS WITH INTEGRATED DATA SIGNAL AND POWER DISTRIBUTION

EMC IP Holding Company LL...

1. An information technology (IT) rack comprising: IT appliances housed by the IT rack; a plurality of backplanes, wherein
each backplane of the plurality of backplanes comprises appliance-interfacing connectors, and wherein insertion of the IT
appliances into the IT rack causes mating of backplane-interfacing connectors of the IT appliances with the appliance-interfacing
connectors; and a centrally located interface to which the appliance-interfacing connectors are wired, wherein the centrally
located interface determines a connectivity of the IT appliances, wherein each backplane of the plurality of backplanes comprises
a surface that faces away from the IT appliances in the IT rack, wherein
an appliance-interfacing connector is located on the surface that faces away from the IT appliances, and wherein the appliance-interfacing
connector, located on the surface that faces away from the IT appliances, is connected to a corresponding backplane-interfacing
connector of the IT appliances using a bridging connector.

US Pat. No. 9,552,405

METHODS AND APPARATUS FOR RECOVERY OF COMPLEX ASSETS IN DISTRIBUTED INFORMATION PROCESSING SYSTEMS

EMC IP Holding Company LL...

1. A method comprising:
generating a snapshot of a first portion of a complex asset at a first site of a distributed information processing system;
sending the snapshot to a second site of the distributed information processing system; and
replicating a second portion of the complex asset at the second site;
wherein the first portion of the complex asset comprises one or more virtual machines provided by one or more hypervisors
of a virtualization platform of the first site;

wherein the second portion of the complex asset comprises:
at least a first storage element surfaced through the one or more hypervisors of the virtualization platform of the first
site; and

at least a second storage element surfaced through a storage platform of the first site, with the storage platform being external
to the virtualization platform such that the second storage element is not visible to or controllable by the one or more hypervisors
of the virtualization platform of the first site;

wherein recovery of the complex asset is implemented at the second site utilizing the snapshot of the first portion of the
complex asset and the replicated second portion of the complex asset;

wherein the generating and sending are performed responsive to a request to create a complex asset bookmark; and
wherein the method further comprises:
pausing the one or more virtual machines of the first portion of the complex asset;
preparing the second portion of the complex asset by locking the second storage element responsive to pausing the one or more
virtual machines of the first portion of the complex asset;

creating the complex asset bookmark responsive to preparing the second portion of the complex asset; and
writing the complex asset bookmark to a replica journal at the second site.

US Pat. No. 9,485,310

MULTI-CORE STORAGE PROCESSOR ASSIGNING OTHER CORES TO PROCESS REQUESTS OF CORE-AFFINED STREAMS

EMC IP Holding Company LL...

8. A method of operating a multi-core processor of a network attached storage system to process requests from host computers
for services of a file system service, the method including, at each of a set of cores of the multi-core processor:
maintaining endpoints of respective connection-layer connections to the hosts to affine respective streams of network traffic
with the core;

dynamically and preferentially assign execution threads of the core to process file system service requests of the streams
affined with the core; and

co-operate with other cores of the set of cores to dynamically and non-preferentially (a) assign execution threads of the
core to process file system service requests of the streams affined with the other cores, and (b) assign execution threads
of the other cores to process file system service requests of the streams affined with the core.

US Pat. No. 9,519,441

AUTOMATED STORAGE PROVISIONING AND MANAGEMENT USING A CENTRALIZED DATABASE

EMC IP Holding Company LL...

1. An apparatus comprising:
a centralized database; and
at least one processing device implementing a selection algorithm for automated provisioning and management of a plurality
of storage arrays based on information collected from the storage arrays and stored in the centralized database;

wherein the storage arrays are associated with respective storage systems, each of the storage systems being associated with
a different service provider, each service provider having multiple tenants; and

wherein the centralized database is implemented in a centralized storage provisioning and management system configured to
control provisioning and management of the service provider storage systems utilizing information collected from the service
provider storage systems, the centralized storage provisioning and management system being further configured to associate
user identifiers with respective tenants of each of the service providers and to control user access to the storage systems
associated with the different service providers in a manner that allows the centralized storage provisioning and management
system to track resource usage;

the centralized storage provisioning and management system comprising a centralized control path implemented apart from the
service provider storage systems and a plurality of localized control paths implemented in respective ones of the service
provider storage systems; and

the centralized storage provisioning and management system providing storage provisioning and management functionality for
the different service providers in accordance with a software-as-a-service model in which the centralized storage provisioning
and management system exclusively controls provisioning and management of the storage arrays associated with the respective
service provider storage systems;

wherein the service provider storage systems offload local provisioning and management functionality to the centralized storage
provisioning and management system; and

wherein responsive to the storage arrays having different numbers of connections to one or more storage area network switches,
the selection algorithm utilizes information relating to occupancy levels of the storage arrays and the numbers of connections
to the storage area network switches to choose placement for new storage.

US Pat. No. 9,507,798

CENTRALIZED LOGGING FOR A DATA STORAGE SYSTEM

EMC IP Holding Company LL...

1. A method of logging events in a data storage system, the method comprising:
running a logging server on a storage processor of the data storage system;
receiving, by the logging server, log entries from multiple logging clients running on respective other storage processors
of the data storage system, each log entry generated by one of the logging clients in response to an event occurring on the
storage processor on which the logging client runs and including a first timestamp referenced to a clock on the storage processor
on which the logging client runs;

applying, by the logging server, a second timestamp to each of the log entries received from the logging clients, each second
timestamp referenced to a common clock accessible to the storage processor on which the logging server runs;

persistently storing, by the logging server, the log entries including the respective first and second timestamps to a centralized
log store;

queuing the log entries in a cache of storage processors running the logging clients; and
instructing the logging clients to send the queued log entries to a standby logging server, the standby logging server being
configured to apply the second timestamp to received log entries and persistently store these log entries in the centralized
log store.

US Pat. No. 9,495,119

STATIC LOAD BALANCING FOR FILE SYSTEMS IN A MULTIPATH I/O ENVIRONMENT

EMC IP HOLDING COMPANY LL...

1. A computer-implemented method of load balancing over data paths between a file server and a storage controller of a storage
system, the storage system including a storage array storing logical units of storage, the storage controller providing the
file server with access to the logical units of the storage in the storage array, and a file system is striped across a sequence
of a certain number of the logical units of the storage so that sequential read or write access to a file in the file system
sequentially accesses the certain number of logical units of storage for concurrent transfer of read or write data between
the file server and the storage controller over more than one of the data paths between the file server and the storage controller,
the method comprising a data processor of the file server executing computer instructions stored on a non-transitory computer-readable
storage medium to perform the steps of:
(a) programming the data processor with a facility for providing mappings between the certain number of logical units of the
storage and the data paths between the file server and the storage controller for read or write access to the certain number
of logical units of the storage;

(b) upon mounting the file system to enable read-write access to the file system, invoking the facility to obtain a next mapping
between the certain number of logical units of the storage and the data paths between the file server and the storage controller
for read or write access to the certain number of logical units of the storage, and then

(c) upon read or write access of the file server to the data storage of a file in the mounted file system, using the next
one of the mappings between the certain number of logical units of the storage and the data paths between the file server
and the storage controller to select and use one of the data paths for conveying data read from or written to the file in
the mounted file system.

US Pat. No. 9,495,409

TECHNIQUES FOR PERFORMING DATA VALIDATION

EMC IP Holding Company LL...

1. A method for processing a request comprising:
receiving a request from a client, wherein a first storage device has a first snapshot taken at a first point in time, wherein
said request is received subsequent to the first point in time and requests restoration of the first storage device to its
first snapshot;

responsive to receiving the request, performing first processing to process the request to restore the first storage device
to its first snapshot, the first processing including:

communicating with one or more providers for information in connection with the request;
performing validation processing using the information obtained from the one or more providers to determine whether one or
more restrictions are violated, each of said one or more restrictions identifying a required state of one or more objects
for performing the request;

determining whether any of said one or more restrictions are violated;
performing processing to restore the first storage device to its first snapshot responsive to determining that none of the
one or more restrictions are violated; and

performing one or more actions responsive to determining that any of said one or more restrictions are violated, and wherein
a first of said restrictions specifies that a first storage device is not restored to one of its snapshots if said first storage
device has a mirroring relationship that is active with a primary copy of data of the storage device that is mirrored in a
second copy whereby synchronization processing is performed to keep said second copy synchronized with said primary copy,
and wherein said validation processing includes:

determining whether the mirroring relationship for the first device is active; and
if it is determined that the mirroring relationship for the first device is active, determining that there has been a restriction
violation and not to restore the first storage device to its first snapshot.

US Pat. No. 9,477,421

SYSTEM AND METHOD FOR STORAGE MANAGEMENT USING ROOT AND DATA SLICES

EMC IP Holding Company LL...

15. A computing system for a server including a processor and memory configured to perform operations comprising:
defining an initial root slice for a storage system;
defining a first data slice for the storage system;
identifying the location of the first data slice of the storage system within the initial root slice;
assigning an initial allocation of storage space within the storage system to a given user, as determined by an initial analysis
of the given user's requirement for storage space;

performing a real-time analysis of the given user's dynamically fluctuating requirement for storage space;
wherein the real-time analysis determines whether the initial allocation of storage space should be modified;
receiving a request as a result of the real-time analysis to modify the initial allocation of storage space for the given
user; and

modifying the initial allocation of storage space in real-time for the given user, by dynamically assigning or de-assigning
a supplemental data slice on an as needed basis;

wherein assigning the supplemental data slice requires a determination as to whether the supplemental data slice can be assigned
within the storage system without defining an additional root slice for the storage system, wherein the additional root slice
is divided into uniform subportions, and wherein the determination as to whether the supplemental data slice can be assigned
within the storage system without defining the additional root slice for the storage system includes determining whether all
subportions of the initial root slice are utilized, and

if all subportions of the initial root slice are not utilized, then the supplemental data slice can be assigned within the
storage system without defining the additional root slice for the storage system, and

if all subportions of the initial root slice are utilized, then the supplemental data slice cannot be assigned within the
storage system without defining the additional root slice for the storage system.

US Pat. No. 9,578,777

UNIVERSAL MEZZANINE CONNECTOR

EMC IP HOLDING COMPANY LL...

1. A computing system comprising: a low-profile chassis comprising a motherboard disposed therein, the system configured to
accommodate installation of a circuit board having a height that is dimensionally smaller than the height of a standard height
PCI Express board; and
at least one circuit board that is standard height PCI Express dimensionally compliant coupled to the motherboard within the
chassis; wherein the circuit board is coupled to the motherboard by an adapter and a co-edge connector that provides for edge-to-edge
electrical connection of a longitudinal edge of the circuit board with the adapter and reduces the height of the installation
permitting the circuit board to fit within the chassis; wherein a rivet with compressible arms is pushed into a thruway on
the co-edge connector and a hole on the circuit board until the arms are expanded around a depressed circumference flange.

US Pat. No. 9,525,754

TASK-BASED APPROACH TO EXECUTION, MONITORING AND EXECUTION CONTROL OF ACTIONS

EMC IP HOLDING COMPANY LL...

1. A method comprising:
receiving, at a computer, a request for a resource over an interface from a client;
returning the resource from the computer to the client in response to receiving the request, the resource being an atom (Extensible
Markup Language (XML)) representation comprising links to a plurality of actions that can be performed on the resource;

receiving, at the computer, an action selected from the plurality of actions to be performed on the resource comprising receiving
a Hypertext Transfer Protocol (HTTP) POST command to a link of the action with a payload for the action, the action being
received from the client;

in response to receiving the action, returning a unique task instance comprising information about the action, returning the
unique task instance comprising returning a unique task instance comprising:

a URI (uniform resource identifier) of the resource;
current execution status of the action;
URI links to affected resources that are other resources affected by the action and are included in the task instance; and
a URI to the task instance;
enabling the client to poll the resource periodically after receiving the action; and
enabling the client to access the affected resources.

US Pat. No. 9,483,520

ANALYTIC DATA FOCUS REPRESENTATIONS FOR VISUALIZATION GENERATION IN AN INFORMATION PROCESSING SYSTEM

EMC IP Holding Company LL...

1. An apparatus comprising:
an analytics controller configured for communication with one or more data sources;
wherein the analytics controller comprises:
an analytic data focus representation module; and
a visualization generator coupled to the analytic data focus representation module;
the analytic data focus representation module being configured to derive a plurality of analytic data focus representations
from the one or more data sources;

the visualization generator being configured to generate visualizations based at least in part on the analytic data focus
representations;

wherein the analytic data focus representations comprise respective intermediate, multidimensional and updatable representations
bridging the one or more data sources with the visualizations, and describing multiple informational dimensions of a corresponding
set of one or more informational elements;

wherein at least one of the analytic data focus representation module and the visualization generator is configured to establish
a plurality of linkages with each such linkage associating one or more of the analytic data focus representations with one
or more of the visualizations;

wherein the analytic data focus representation module is configured for:
responding to a change in a specification of a given one of the analytic data focus representations by accessing the one or
more data sources from which the given analytic data focus representation is derived;

responding to a change in a specification of a given one of the analytic data focus representations by implementing corresponding
changes in one or more of the visualizations linked to the given analytic data focus representation;

responding to a change in a specification of a given one of the visualizations by implementing corresponding changes in one
or more of the analytic data focus representations linked to the given visualization; and

responding to a change in at least one of the specification of the given analytic data focus representation and the specification
of the given visualization by altering at least one of the plurality of linkages associating one or more of the analytic data
focus representations with one or more of the visualizations;

wherein the analytics controller is implemented using at least one processing device comprising a processor coupled to a memory;
and

wherein the apparatus communicates with one or more other processing devices over at least one network.

US Pat. No. 9,535,800

CONCURRENT DATA RECOVERY AND INPUT/OUTPUT PROCESSING

EMC IP Holding Company LL...

1. A method for recovering data to a primary storage system, the method comprising:
receiving a request to recover a logical unit (“LU”) on the primary storage system to a specified point-in-time;
creating a difference between respective snapshot images having pointers to an original volume of the LU and a LU backup taken
at the specified point-in-time, wherein the LU backup is stored on a backup storage system, wherein the difference identifies
a plurality of LU regions which have changed and contain different data between the LU and the LU backup since the point-in-time;

intercepting a plurality of read/write request input/outputs (“IOs”) for the LU;determining whether individuals of the IOs are for an LU region identified in the difference;
determining whether an individual write request of the write requests is for a LU region identified in the difference; and
determining whether the individual write request is aligned or not aligned with a region size of the LU region, and if not
aligned, reading data associated with the region from the LU backup on the backup storage system, restoring the data to the
LU on the primary storage system, and executing the write request on the LU on the primary storage system after the data is
restored.

US Pat. No. 9,507,851

METHODS AND SYSTEMS FOR PROVIDING RECOMMENDATION INFORMATION

EMC IP Holding Company LL...

1. A method for providing recommendation information from a network application service, the method comprising:
receiving, by a server, user activity data relating to a first data object of a plurality of data objects in a network application
service, the user activity data comprising at least a first user command performed on the first data object and a second user
command performed on the first data object, the first user command being a different type of command than the second user
command;

storing, by the server, the user activity data in a structured storage model comprising a plurality of nodes representing
a plurality of items including the first data object, and at least one edge representing the first user command and a sequence
indicator relating to the plurality of items, wherein the sequence indicator indicates when the first user command is performed
relative to another sequence indicator which indicates when the second user command is performed;

determining at least one inference relating to the first data object using the structured storage model, the at least one
inference being based on at least one edge in the structured storage model representing at least one of the first user command
and the second user command; and

storing the at least one determined inference relating to the first data object as recommendation metadata of the first data
object;

receiving, by the server, a recommendation search criteria relating to the first data object
retrieving, by the server, recommendation information corresponding to the recommendation search criteria, wherein the recommendation
information is based on at least one inference determined from the structured storage model; and

transmitting, by the server, the recommendation information.

US Pat. No. 9,507,535

OFFLOADING RAID UPDATE OPERATIONS TO DISK CONTROLLERS

EMC IP Holding Company LL...

1. In a storage system including a redundant array of disks having an array controller, each disk of the redundant array of
disks including a disk controller apart from the array controller, a method of updating data stored on the redundant array
of disks, the method comprising:
receiving, by the disk controller of a particular disk of the redundant array of disks, a request to update particular data
stored in a block on the particular disk, the request including an input value;

reading, by the disk controller of the particular disk, the particular data from the block on the particular disk;
performing, by the disk controller of the particular disk, an update operation on the particular data stored in the block
on the particular disk, the update operation including a swapping operation involving the particular data and the input value
and serving to produce an update result; and

writing, by the disk controller of the particular disk, the update result to the block on the particular disk;
wherein the input value includes a replacement value;
wherein performing the update operation on the particular data stored in the block on the particular disk includes:
generating a difference value which is a difference between the particular data and the replacement value, the difference
value serving as the update result, and

sending the difference value to the array controller.

US Pat. No. 9,552,259

DYNAMIC PROVISIONING OF SNAPSHOTS

EMC IP Holding Company LL...

1. A method for dynamic provisioning of snapshots in a data backup system with a software defined storage (SDS), the method
comprising:
receiving a snapshot provisioning request including a user selection of snapshot objectives by a dynamic snapshot module;
dynamically converting a file system reference in the snapshot provisioning request by mapping the file system reference to
a logical unit number (LUN) of the SDS;

dynamically consolidating the snapshot provisioning request to the mapping and snapshot frequency;
discarding data and parameters not required to configure the operations of the SDS; and
passing the consolidated snapshot provisioning request to the SDS to provision snapshots.

US Pat. No. 9,535,685

SMARTLY IDENTIFYING A VERSION OF A SOFTWARE APPLICATION FOR INSTALLATION

EMC IP Holding Company LL...

1. A computer-implemented method of identifying a version of a software application for installation on computerized equipment,
the method comprising:
receiving, by the computerized equipment, an electronic communication containing a software version database which identifies
different versions of the software application;

performing, by the computerized equipment, an update assessment operation based on the software version database to determine
whether there exists newer versions of the software application available for installation on the computerized equipment;
and

providing, by the computerized equipment, an electronic notification to a user of the computerized equipment in response to
a result of the update assessment operation indicating that there exists newer versions of the software application available
for installation on the computerized equipment, the electronic notification identifying, for installation on the computerized
equipment, a particular newer version of the newer versions of the software application available for installation on the
computerized equipment;
wherein an installed version of the software application is currently installed on the computerized equipment;wherein the result of the update assessment operation indicates that a first newer version and a second newer version of the
software application are available for installation on the computerized equipment, the second newer version having been released
more recently than the first newer version;wherein providing the electronic notification to the user includes:
supplying, as the electronic notification, an electronic instruction to the user which instructs the user to install the first
newer version on the computerized equipment rather than the second newer version which was released more recently that the
first newer version;
wherein the method further comprises:
after supplying the electronic instruction to the user, receiving an upgrade command from the user to install the first newer
version on the computerized equipment rather than the second newer version which was released more recently that the first
newer version, and installing the first newer version on the computerized equipment in place of the installed version of the
software application to upgrade the software application;
wherein the computerized equipment is a data storage array having an array of storage devices;wherein the method further comprises:
performing, on behalf of a set of host computers which is external to the computerized equipment, host initiated input/output
(I/O) operations to store host data in and load host data from the array of storage devices while the computerized equipment
performs the update assessment operation and provides the electronic notification to the user; and
wherein receiving the electronic communication containing the software version database includes:
acquiring a catalogue file containing version entries identifying the different versions of the software application, each
version entry including a version identifier which uniquely identifies a respective version of the software application.

US Pat. No. 10,037,279

HOST DEVICE CACHING OF A BUSINESS PROCESS DATA

EMC IP HOLDING COMPANY LL...

1. A method comprising:in a network comprising a storage array and a host computer, wherein the host computer comprises a flash memory cache, and the storage array comprises physical storage drives on which data is stored, and the data stored on the physical storage drives is presented by the storage array as being stored on logical storage devices:
associating a first logical storage device of the logical storage devices with a business process;
responsive to a first IO to the first logical storage device:
determining that the first IO is associated with the business process;
responsive to determining that the first IO is associated with the business process, attaching the first logical storage device to the host computer flash memory cache; and
copying data associated with the first IO from the storage array to the host computer flash memory cache, thereby enabling the data associated with the first IO to be available from the host computer flash memory cache; and
responsive to a second IO to a second logical storage device:
determining that the second IO is not associated with the business process; and
responsive to determining that the second IO is not associated with the business process, not attaching the second logical storage device to the host computer flash memory cache.

US Pat. No. 9,854,690

3U “T” SHAPED CHASSIS DESIGN WITH RAIL FEATURES

EMC IP HOLDING COMPANY LL...

1. A rack unit for providing a server to be mounted within a storage rack, the rack unit comprising: a chassis comprising
a set of low-profile drawer slides mounted thereto, the drawer slides configured for mounting the rack unit within the storage
rack, the set of low-profile drawer slides configured for mounting upon rails of the storage rack; wherein, opposing sides
of the chassis comprise at least two dimensions of separation (WU, WU+2R) therebetween, one of the dimensions of separation (WU+2R) providing a wide section of the chassis, the other of the dimensions of separation (WU) providing a narrow section of the chassis, and the wide section and the narrow section form a T-shaped; and wherein the
wide section is configured to receive four 3.5 inch hard drives in a side-by-side configuration, and a combined width of the
rails and the narrow section is equal to the wide section; and wherein the rack unit comprises dimensions for one of a 1U,
2U, 3U, 4U, 5U, 6U and 7U rack unit.

US Pat. No. 9,999,154

FLASH MODULE

EMC IP Holding Company LL...

1. A system, comprising:a flash module, comprising:
a top cover and a bottom cover;
a printed circuit board (PCB) comprising memory, solid state storage, a storage controller configured to manage the memory and the solid state storage, and at least one integrated connector;
a capacitor, wherein the capacitor is configured to power at least the storage controller when the flash module is disconnected from an external power source; and
a latch assembly, comprising:
a housing having an opening and an inner cavity formed therein;
a pull member having a first end and a second end, wherein the second end of the pull member is disposed within the housing;
a reversing link having a first end and a second end disposed within the housing, wherein the first end of the reversing link is pivotally coupled to the second end of the pull member and a portion of the reversing link is pivotally coupled to the housing; and
a latch member movable between a latched position and an unlatched position, the latch member having a first end and a second end disposed within the housing, wherein the latch member is pivotally coupled to the housing and the second end of the reversing link is configured to engage the first end of the latch member; and
a chassis having an opening formed therein, the opening configured to receive the flash module, the chassis comprising:
a retaining pin coupled to the housing, wherein the retaining pin protrudes into the inner cavity of the housing and the second end of the latch member is configured to engage the retaining pin.

US Pat. No. 10,051,764

ELECTRONIC EQUIPMENT CHASSIS HAVING STORAGE DEVICES AND OTHER MODULES CONFIGURED FOR FRONT-ACCESS REMOVABILITY

EMC IP Holding Company LL...

15. A method comprising:configuring an electronic equipment chassis to include at least one row of dual in-line memory modules disposed at one of an upper level and a lower level of a front portion of a housing of the chassis;
configuring the electronic equipment chassis to further include a plurality of storage devices arranged in the front portion of the housing adjacent said at least one row of dual in-line memory modules; and
removing at least a subset of the dual in-line memory modules and at least a subset of the storage devices from the chassis through a vertical plane of the front portion of the housing;
wherein the electronic equipment chassis has a rack mount configuration for mounting of the electronic equipment chassis in an electronic equipment rack;
a given group of the dual in-line memory modules of the subset of dual in-line memory modules being removable from the chassis through the vertical plane of the front portion of the housing separately from one or more other groups of the dual in-line memory modules in a same one of the one or more rows as the given group of the dual in-line memory modules and separately from any of the storage devices; and
a given one of the storage devices of the subset of storage devices being removable from the chassis through the vertical plane of the front portion of the housing separately from one or more other ones of the storage devices and separately from any of the groups of dual in-line memory modules.

US Pat. No. 10,152,428

VIRTUAL MEMORY SERVICE LEVELS

EMC IP HOLDING COMPANY LL...

1. An apparatus comprising:a physical memory;
physical storage comprising a plurality of types of storage devices, each type differentiated from the other types by performance;
at least one CPU (central processing unit) with applications running thereon, each application having a service level assigned thereto, the at least one CPU generating a first data access request associated with a first one of the applications, the first data access request comprising a virtual address;
a TLB (translation lookaside buffer) responsive to the first data access request to determine that the virtual address does not correspond to a physical address in a physical memory, and to select a page for eviction from the memory to physical storage in order to free space for use in servicing the first request,
wherein the selected page is paged-out to a type of storage device that is selected by the TLB based on the service level of the application associated with the selected page.

US Pat. No. 10,064,305

STANDARD FORM FACTOR ELECTRONIC MODULE CARRIER COMPRISING MULTIPLE SEPARATELY-REMOVABLE SUB-CARRIERS

EMC IP Holding Company LL...

1. An electronic module carrier comprising:a carrier housing having a front portion and a rear portion; and
a plurality of sub-carriers configured for separate insertion into and removal from respective sub-carrier slots in the front portion of the carrier housing;
wherein each of the sub-carriers is configured to support at least one non-volatile memory module; and
wherein a given one of the sub-carriers comprises:
a slidable tray configured for attachment of a corresponding one of the non-volatile memory modules thereto; and
a sub-carrier latching mechanism coupled to a front portion of the slidable tray and configured to allow the slidable tray to be secured in place within the carrier housing when the slidable tray is fully inserted into its corresponding sub-carrier slot in the front portion of the carrier housing.

US Pat. No. 9,535,977

OBJECT BUILDING FOR AN AGGREGATE OBJECT CLASS REQUEST

EMC IP Holding Company LL...

1. A method for providing an object to a client device, comprising:
receiving, by an object storage device, an aggregate object class request from the client device, the aggregate object class
request requesting object data associated with at least two distinct and unrelated object classes of an object data model
associated with the object storage device;

accessing, by the object storage device, property files associated with the at least two distinct and unrelated object classes;
retrieving, by the object storage device and from the property files associated with the at least two distinct and unrelated
object classes, object data associated with the aggregate object class request;

wherein retrieving from the property files associated with the at least two distinct and unrelated object classes, object
data associated with the aggregate object class request includes providing hierarchically arranged object classes, the hierarchically
arranged object classes representing data storage management object classes, the data storage management object classes being
at least one of a disk object class, a RAID object class, an enclosure object class, and a storage processor object class;
and

identifying, by the object storage device, the object data to the client device in response to the aggregate object class
request; wherein:

in response to receiving the aggregate object class request from the client device, receiving, by the object storage device,
an aggregate property file associated with the aggregate object class request, the aggregate property file defining a mapping
with at least two object class property files associated with the at least two distinct and unrelated object classes of the
object data model; and

accessing the property files associated with the at least two distinct and unrelated object classes comprises accessing, by
the object storage device, the at least two property files mapped by the aggregate property file,

wherein the at least two distinct object classes include a requested object class,
wherein the object data model is arranged hierarchically, with the requested object class inheriting properties from a super
class disposed above the requested object class in the object data model, and

wherein retrieving the object data includes hierarchically traversing the object data model by (i) searching a first property
file associated with the requested object class for a particular property of the requested object class, (ii) in response
to the first property file not including the particular property, searching a second property file associated with the super
class, the requested class inheriting the particular property from the super class, and (iii) obtaining the particular property
from the second property file.

US Pat. No. 9,632,876

BACKUP APPLIANCE REPLICATION TO PROVIDE VIRTUAL MACHINE RECOVERY AT A REMOTE SITE

EMC IP Holding Company LL...

1. A method of protecting data, comprising:
receiving a backup appliance configuration data associated with a first backup appliance associated with a first virtual machine
environment at a host site, wherein the backup appliance configuration data at least indicates that the first backup appliance
is configured with an IP address associated with the host site and an IP address associated with a remote replication site;
and

replicating the backup appliance configuration data to the remote replication site,
wherein the backup appliance configuration data includes data usable at the remote replication site to provide at the remote
replication site a replicated backup appliance that is associated with a second virtual machine environment at the remote
replication site, wherein the IP address associated with the remote replication site is used to register the replicated backup
appliance and enables the replicated backup appliance to access backup data stored by the first backup appliance and to use
said backup data stored by the first backup appliance to recover to hosts at the remote replication site one or more virtual
machines associated with the first virtual machine environment.

US Pat. No. 9,571,698

METHOD AND SYSTEM FOR DYNAMIC COMPRESSION MODULE SELECTION

EMC IP Holding Company LL...

1. A computer-implemented method for compressing each block in a data set that comprises a plurality of data blocks, the method
comprising:
deduplicating a data set received by a backup storage management server from a client device across a network, the data set
comprising a plurality of data blocks;

receiving an uncompressed first data block of the deduplicated data set by a compression management module of the backup storage
management server;

pre-processing a sample data block of the data set to determine projected compression efficacy for the first data block, wherein
the pre-processing comprises determining a count of repeated byte sequences within the sample data block;

selecting automatically by the compression management module a compression module from a plurality of compression modules
to apply to the sample data block based on the determined count of repeated byte sequences within the sample data block, wherein
automatically selecting a compression module comprises:

selecting a fast compression module from the plurality of compression modules as a default compression module;
applying the fast compression module to a sample portion of the sample data block, generating a compressed sample;
determining a compression rate for the compressed sample;
in response to determining that the compression rate for the compressed sample generated using the fast compression module
is less than or equal to ten percent, selecting the fast compression module for compressing the first data block,

in response to determining that the compression rate for the compressed sample generated using the fast compression module
is greater than ninety percent reduction of data in the sample portion, selecting the fast compression module for compressing
the first data block,

in response to determining that the compression rate for the compressed sample generated using the fast compression module
is greater than ten percent and less than or equal to ninety percent reduction of data, individually applying each of the
remaining plurality of compression modules to the sample portion of the sample data block, generating a plurality of compressed
samples, and selecting the compression module whose compressed sample in the plurality of compressed samples has a most efficient
compression among the plurality of compressed samples;

analyzing resources utilized to compress the sample portion of the sample data block;
in response to determining that the amount of resources used to compress the sample portion of the sample data block exceeds
a resource utilization constraint, selecting the fast compression module, otherwise selecting a slow compression module;

compressing the first data block with the selected compression module to generate a first compressed data block; and
storing the first compressed data block in a storage device.

US Pat. No. 9,507,947

SIMILARITY-BASED DATA LOSS PREVENTION

EMC IP Holding Company LL...

1. A method of performing data loss prevention on content from a content source, the method comprising:
generating, by processing circuitry, multiple variants from the content, the multiple variants including a set of variants
for each parsed word of the content, each variant of the set (i) including multiple characters and (ii) differing from other
variants of the set by at least one character;

performing, by the processing circuitry, evaluation operations to determine whether any of the variants includes sensitive
data; and

in response to the evaluation operations, performing, by the processing circuitry, a control operation which (i) releases
all of the parsed words of the content to a destination when none of the variants is determined to include sensitive data,
and (ii) blocks at least one parsed word of the content from reaching the destination when at least one variant is determined
to include sensitive data;
wherein generating the multiple variants from the content includes:
applying a set of predefined transformations from a transformation database to the content from the content source to form
the multiple variants.

US Pat. No. 9,542,255

TROUBLESHOOTING BASED ON LOG SIMILARITY

EMC IP Holding Company LL...

1. A method for trouble shooting based on log similarity, the method comprising:
extracting log patterns from a plurality of log files in response to having collected the plurality of log files from at least
one system with troubles, each log pattern describing a regular expression to which a log message in a log file among the
plurality of log files conforms;

building a pattern repository using the log patterns extracted;
mapping each of the plurality of log files to an n-dimensional vector based on the pattern repository; and
clustering a plurality of n-dimensional vectors to which each of the plurality of log files is mapped into at least one group,
wherein each of the at least one group indicates one trouble type of the at least one system;

wherein the mapping each of the plurality of log files to an n-dimensional vector based on the pattern repository comprises:
with respect to a log file j among the plurality of log files,

matching each line of log message k in the log file j to a corresponding log pattern pk in the pattern repository;

transforming the log file j into a sequence fj of the corresponding log pattern pk; and

mapping the sequence fj to an n-dimensional vector;

wherein dimension n of the n-dimensional vector is proportional to the amount of log patterns in the pattern repository;
wherein mapping the sequence fj to an n-dimensional vector comprises: with respect to a log pattern pi in the pattern repository,

calculating an eigenvalue tfidfi,j, , wherein tfidfi,j=tfi,j×idfi; the eigenvalue tfidfi,j associated with the sequence fj and the log pattern pi, and the eigenvalue tfidfi,j associated with an occurrence frequency of the log pattern pi in a plurality of sequences corresponding to the plurality of log files; and

treating the eigenvalue tfidfi,j as the ith component in the n-dimensional vector to build the n-dimensional vector.

US Pat. No. 10,058,004

INTERLOCK ASSEMBLY

EMC IP Holding Company LL...

1. An openable IT component configured to be mounted within an IT rack, the openable IT component comprising: a shell assembly; a drawer assembly configured to receive a plurality of IT sub-components; a slide assembly configured to slidably position the drawer assembly within the shell assembly between a fully closed position and a fully opened position; a fixed support rail configured to position the shell assembly within the IT rack, and an interlock assembly configured to prevent the opening of other IT components within the IT rack while the openable IT component is not in the fully closed position, wherein the interlock assembly includes: an interlock window; and a collapsible link assembly, wherein the interlock window is positioned within the shell assembly and is configured to be displaceable in a first direction in response to the drawer assembly being slid out of the fully closed position, and wherein the collapsible link assembly is positioned within the fixed support rail.

US Pat. No. 9,537,845

DETERMINING AUTHENTICITY BASED ON INDICATORS DERIVED FROM INFORMATION RELATING TO HISTORICAL EVENTS

EMC IP Holding Company LL...

1. A method comprising:
storing in a memory of a first processing device information relating to one or more historical events visible to the first
processing device and a second processing device, the one or more historical events being associated with at least a first
authentication session between the first processing device and the second processing device; and

in a second authentication session between the first processing device and the second processing device:
generating, in the first processing device, an indicator derived from at least a portion of the stored information; and
transmitting the indicator from the first processing device to the second processing device;
wherein the stored information comprises at least one of:
a time at which a given historical event of the first authentication session occurred; and
a location at which the given historical event of the first authentication session occurred;
wherein the indicator permits the second processing device to determine authenticity of the first processing device by verifying
the indicator using information stored at the second processing device relating to the one or more historical events, the
information stored at the second processing device relating to the one or more historical events being stored at the second
processing device prior to receipt of the indicator by the second processing device;

wherein the indicator comprises a single bit value indicating whether the given historical event occurred during a first interval
within a second interval, the second interval being longer than and containing the first interval;

wherein the first interval and the second interval have respective predefined lengths; and
wherein the second interval ends at a current time.

US Pat. No. 9,516,039

BEHAVIORAL DETECTION OF SUSPICIOUS HOST ACTIVITIES IN AN ENTERPRISE

EMC IP Holding Company LL...

1. A method comprising:
processing log data derived from data sources associated with an enterprise network over a given period of time, wherein the
enterprise network comprises multiple host devices, and wherein the data sources comprise at least a domain controller, a
virtual private network server, a web proxy, and a dynamic host configuration protocol server;

creating a whitelist that is customized to the enterprise network, wherein said whitelist comprises multiple external destinations
determined to have been contacted by a given number of the multiple host devices over a temporal training period, wherein
the given number of the host devices is in excess of a predetermined threshold number of host devices;

filtering the identified external destinations of the whitelist from the processed log data;
extracting one or more network traffic features from said filtered log data on a per host device basis, wherein said extracting
comprises:

determining a network traffic pattern associated with the multiple host devices based on said processing; and
identifying said one or more network traffic features representative of a host device based on the determined network traffic
pattern;

clustering the multiple host devices into one or more groups based on said one or more network traffic features; and
identifying an anomaly associated with one of the multiple host devices by comparing said host device to the one or more groups
across the multiple host devices of the enterprise network;

wherein said processing, said creating, said filtering, said extracting, said clustering, and said identifying are carried
out by at least one computing device.

US Pat. No. 9,542,397

FILE BLOCK ADDRESSING FOR BACKUPS

EMC IP HOLDING COMPANY LL...

1. A method for managing data in a computing system, the method comprising:
initiating a backup of data stored in storage of the computing system, wherein the data includes a plurality of files;
generating a backup stream that includes the backup of the data by encapsulating the plurality of files into a series of records
wherein each record includes one or more blocks, wherein the backup is stored in a storage associated with a backup server;

creating an offset map for the data in the backup, wherein the offset map identifies files included in the backup and starting
locations of the records included in each of the files in the backup;

storing the offset map in association with the backup; and
configuring a destination suitable for restoring the data in the backup;
issuing a request for at least a sub-set of a file to an application from a user interface associated with a backup client,
wherein the application makes a request for the sub-set of the file from the destination;

intercepting the request from the application, by a filter driver, for the sub-set of the file, wherein the filter driver
communicates the intercepted request to a backup client that identifies identify the records in the backup corresponding to
the request using the offset map associated with the backup;

restoring at least the sub-set of the file identified in the intercepted request from the backup to the destination and providing
at least the sub-set of the file in a response to the intercepted request, wherein the sub-set of the file is located using
the offset map.

US Pat. No. 10,089,308

METHOD FOR USING REDUNDANT DATA ELIMINATION TO ACCELERATE STORAGE SYSTEM SCANNING

EMC IP Holding Company LL...

1. A method for use in a computer system comprising at least one mapping layer that makes available a plurality of storage objects, and a storage system that stores data in each of the plurality of storage objects in one or more data blocks, the method comprising:reducing space usage on the storage system, using a redundant data elimination tool, of at least some redundant data by sharing at least one of the data blocks among multiple storage objects;
generating information about the at least one of the data blocks shared among multiple storage objects, wherein the information identifies the storage objects that include shared data blocks;
assigning to the plurality of storage objects a scanning priority based at least in part on the information about the at least one of the data blocks shared among multiple storage objects, wherein a higher scanning priority is assigned for storage objects having redundant data blocks shared among multiple storage objects over storage objects that do not include a shared data block; and
performing, using at least one scanning tool, at least one scanning operation on at least some of the plurality of storage objects wherein ones of the storage objects having a higher scanning priority are scanned prior to ones of the objects having a lower scanning priority.

US Pat. No. 9,600,368

METHOD AND SYSTEM FOR SERVICE-AWARE PARITY PLACEMENT IN A STORAGE SYSTEM

EMC IP HOLDING COMPANY LL...

1. A non-transitory computer readable medium comprising instructions, which when executed by a processor perform a method,
the method comprising:
receiving a service notification specifying a target storage device (SD), wherein the target SD is one of a plurality of SDs;
after receiving the service notification:
receiving a request to write data to persistent storage, wherein the persistent storage comprises the plurality of SDs;
servicing the request wherein none of the data that is written as part of servicing the request is stored on the target SD;
performing a modified garbage collection operation, wherein the modified garbage collection operation comprises:
identifying a live Redundant Array of Independent Disks (RAID) stripe in the persistent storage, wherein the live RAID stripe
comprises data blocks and a parity block;

writing a new RAID stripe to a new location in the persistent storage, wherein the new RAID stripe comprises a second parity
block and second data blocks, wherein at least one of the second data blocks stores a copy of a portion of data from the live
RAID stripe, wherein the second parity block is stored on the target SD; and

issuing a removal notification when the modified garbage collection operation is completed, wherein the removal notification
indicates that the target SD may be removed from the persistent storage.

US Pat. No. 9,509,694

PARALLEL ON-PREMISES AND CLOUD-BASED AUTHENTICATION

EMC IP HOLDING COMPANY LL...

1. A computer-implemented method, comprising:
receiving a download request from a client computer system to download a document stored in a first on premised storage server
coupled to the client computer system via a network, the first storage server coupled with a second cloud-based storage server
via the network, the download request including a first token associated with the first storage server and a second token
associated with the second storage server;

causing the download request to be authenticated based on the first token and the second token, wherein the authentication
of the download request is based on authenticating the first token in parallel with authenticating the second token; and

authorizing the client computer system to download the document based on successful authentication.

US Pat. No. 9,600,354

VTL ADAPTIVE COMMIT

EMC IP Holding Company LL...

1. A computer-implemented method, the method comprising:
writing a plurality of sets of one or more remote procedure call (RPC) data objects and a plurality of RPC commits to a file
system, each RPC commit corresponding to a set of one or more RPC data objects, and each set of one or more RPC data objects
having a first size;

receiving a plurality of RPC statuses, each RPC status corresponding to a RPC commit of the plurality of RPC commits;
determining a first latency time between writing a first RPC commit corresponding to a first set of one or more RPC data objects
and receiving a corresponding first RPC status;

determining a second size of a second set of one or more RPC data objects based on the first latency time; and
writing the second set of one or more RPC data objects with the second size to the file system.

US Pat. No. 9,535,622

SCALABLE DISTRIBUTED SLICE BROKER

EMC IP Holding Company LL...

1. A computer-implemented method comprising:
defining a master slice pool within a backend storage array of a storage system, wherein the master slice pool includes a
plurality of data storage slices;

assigning a first portion of the plurality of data storage slices to a first frontend system included within the storage system,
thus defining a first frontend slice pool;

allocating one or more data storage slices included within the first frontend slice pool to one or more storage objects associated
with the first frontend system;

determining a quantity of unused data storage slices allocated within the first frontend slice pool; and
adjusting allocation of the quantity of unused data storage slices within the first frontend slice pool based upon a target
slice level of the quantity of unused data storage slices allocated within the first frontend slice pool.

US Pat. No. 9,612,774

METADATA STRUCTURES FOR LOW LATENCY AND HIGH THROUGHPUT INLINE DATA COMPRESSION

EMC IP Holding Company LL...

1. A method of managing storage in a data storage system, the method comprising:
writing data blocks to a storage device of the data storage system, pluralities of the data blocks being organized into macroblocks
having a fixed size;

generating macroblock metadata describing the data blocks organized in the macroblocks;
compressing a subset of the macroblock metadata;
in response to an access request, decompressing a portion of the subset of the macroblock metadata that was compressed; and
providing access to data blocks organized in the macroblocks using the decompressed portion of the subset of the macroblock
metadata.

US Pat. No. 9,589,230

ENTITY LOCATION TRACEABILITY AND PREDICTION

EMC IP Holding Company LL...

1. A method comprising:
obtaining data corresponding to one or more activities associated with a subject entity, wherein the one or more activities
are associated with respective temporal parameters;

determining at least one location of the subject entity for a selected instance or time period based on the Obtained data,
wherein the at least one location of the subject entity comprises at least one of a past, present and future location of the
subject entity, and wherein the determination comprises:

assigning weight values to respective portions of the obtained data based at least in part on the temporal parameters, wherein
the weight values range between a low entity location-predictive weight value to a high entity location-predictive weight
value, and wherein the portions of the data form a plurality of data paths;

adding the assigned weight values along each data path to compute a plurality of data path weight values;
selecting the at least one location of the subject entity based on a selection of one of the plurality of data path weight
values;

determining a probability that the subject entity is at the selected location, wherein determining the probability that the
subject entity is at the selected location comprises calculating a ratio between the data path weight value corresponding
to the selected location of the subject entity and a highest possible data path weight value for the data path corresponding
to the selected location of the subject entity; and

assigning the probability to the selected location of the subject entity;
wherein one or more of the above steps are performed by at least one processing device.

US Pat. No. 9,563,648

DATA ANALYTICS PLATFORM OVER PARALLEL DATABASES AND DISTRIBUTED FILE SYSTEMS

EMC IP Holding Company LL...

1. A method, comprising:
embedding in each of a plurality of distributed processing segments a library or other shared object comprising one or more
data analytical functions;

receiving by a master node a data analysis request;
creating by the master node a plan to generate a response to the request;
assigning to each of the plurality of distributed processing segments a corresponding portion of the plan to be performed
by that segment, including by invoking as indicated in the assignment one or more data analytical functions embedded in the
processing segment;

obtaining, by the master node, metadata associated with one or more portions of the plan to be performed by one or more corresponding
segments, wherein the master node obtains the metadata from a central metadata store wherein the metadata identifies a location
data corresponding to the one or more portions of the plan and at least a part of one or more data analytic processing to
be performed in connection with processing the corresponding one or more portions of the plan;

sending, by the master node to each of the plurality of distributed processing segments for which a portion of the plan is
assigned, the corresponding portion of the plan to be performed by that segment and the metadata, wherein the metadata is
used to locate or access a subset of data on which the segment is to perform an indicated processing;

receiving, from each of the plurality of distributed processing segments for which a portion of the plan is assigned, a corresponding
result of processing the portion of the plan; and

generating, a master response to the data analysis request based at least in part on the corresponding result of processing
the portion of the plan received from each of the plurality of distributed processing segments for which a portion of the
plan is assigned.

US Pat. No. 9,559,999

METHOD AND SYSTEM FOR PROCESSING LARGE SCALE EMAILS AND LIMITING RESOURCE CONSUMPTION AND INTERRUPTION THEREFROM

EMC IP Holding Company LL...

1. A computer-implemented method for reducing sending large scale emails, the method comprising:
in response to a first email received from a sender to be sent to a plurality of recipients, determining a distribution cost
of the first email based on content of the first email and the plurality of recipients, wherein the first email is a reply-all
email in response to an earlier email of an email thread sent to the plurality of recipients;

determining a number of reply-all emails in the email thread that were exchanged within a predetermined period of time;
causing an email client application to present a first graphical user interface (GUI) page to the sender prompting a confirmation
from the sender, the first GUI page including a size of the first email and a number of recipients, wherein the first GUI
is presented when the distribution cost of the first email is above a first predetermined threshold, and when the number of
reply-all emails in the email thread exceeds a second predetermined threshold;

in response to a positive confirmation from the sender, transmitting the first email to the plurality of recipients; and
deferring delivery of the first email for a second predetermined period of time if the number of reply-all emails exchanged
within the predetermined past period of time exceeds the second predetermined threshold.

US Pat. No. 9,535,844

PRIORITIZATION FOR CACHE SYSTEMS

EMC IP HOLDING COMPANY LL...

1. A method comprising:
receiving a first request to read first data;
determining the first data is not available in a cache device;
requesting the first data from a first storage device;
determining to promote the first data to cache based at least in part upon a first priority level associated with the first
storage device;

copying the first data received from the first storage device to a cache promotion staging data structure, the cache promotion
staging data structure comprising information about pending cache promotions;

receiving a second request to read second data;
determining the second data is not available in the cache device;
requesting the second data from a second storage device;
determining to promote the second data to cache based at least in part upon a second priority level associated with the second
storage device;

determining there are insufficient resources to copy the second data to the cache promotion staging data structure;
determining to replace the first data in the cache promotion staging data structure with the second data based at least in
part upon comparing the first priority level associated with the first storage device to the second priority level associated
with the second storage device;

replacing, in the cache promotion staging data structure, the first data with the second data received from the second storage
device, wherein replacing the first data in the cache promotion staging data structure causes the first data not to be moved
to the cache device; and

moving the second data from the cache promotion staging data structure to the cache device.

US Pat. No. 9,529,548

ARRAY-BASED REPLICATION IN DATA STORAGE SYSTEMS

EMC IP Holding Company LL...

1. A method comprising the steps of:
identifying a first set of physical storage devices in a first storage array of a data storage system for replication;
receiving at a replicator module, from a user, a specification of a storage pool in a second storage array of the data storage
system in accordance with which the first set of physical storage devices is to be replicated, wherein the user is an administrator
of the data storage system;

determining, by the replicator module, if the user-specified storage pool has sufficient storage capacity to accommodate the
first storage array;

in response to determining that the user-specified storage pool has insufficient storage capacity to accommodate the first
storage array, the replicator module returning an error message to the user; and

in response to determining that the user-specified storage pool has sufficient storage capacity to accommodate the first storage
array:

automatically creating, by the replicator module, a second set of physical storage devices of the second storage array from
the user-specified storage pool;

pairing, by the replicator module, at least one device of the first set of physical storage devices and one device of the
second set of physical storage devices;

receiving, by the replicator module, a request from the user to automatically generate logical unit (LUN) mapping and masking
designations;

automatically generating, by the replicator module, the LUN mapping and masking designations, wherein the LUN mapping and
masking designations are generated based at least in part on an existing zoning configuration associated with the first and
second storage arrays;

automatically assigning, by the replicator module, the LUN mapping and masking designations for the at least one pairing;
and

replicating, by the replicator module, data stored on the first set of physical storage devices to the user-specified storage
pool onto the second set of physical storage devices in accordance with the physical storage device pairing step and the LUN
mapping and masking assignment step;

wherein the steps of the method are performed by at least one processor device.

US Pat. No. 10,261,708

HOST DATA REPLICATION ALLOCATING SINGLE MEMORY BUFFERS TO STORE MULTIPLE BUFFERS OF RECEIVED HOST DATA AND TO INTERNALLY PROCESS THE RECEIVED HOST DATA

EMC IP Holding Company LL...

1. A method of performing host data replication between a local data storage system and a remote data storage system, comprising:storing host data received by the local data storage system from one or more host computers into a plurality of discontiguous received host data buffers within a local cache in the local data storage system, wherein contents of the host data buffers within the local cache is also stored into non-volatile storage of the local data storage system to persistently store the contents of the host data buffers in the local data storage system;
generating a local data buffer location list having a plurality of entries, wherein each entry in the local data buffer location list indicates a location and a length of a corresponding one of the received host data buffers in the local cache; and
in response to the local data buffer location list:
allocating a single buffer of contiguous local memory in a memory of the local data storage system, wherein the single buffer of contiguous local memory has a size that is at least as large as a total size of the received host buffers, and
performing at least one local internal data processing operation on the host data with at least one local data processing resource within the local data storage system while using the single buffer of contiguous local memory to store the host data from the received host data buffers.

US Pat. No. 9,594,911

METHODS AND APPARATUS FOR MULTI-FACTOR AUTHENTICATION RISK DETECTION USING BEACON IMAGES

EMC IP Holding Company LL...

1. A method for providing access to a protected resource, comprising the steps of:
receiving, by at least one processing device of an authentication server, a request from a browser executing on a user device
for a beacon image, wherein said beacon image is embedded in an access request page for said protected resource and wherein
said request comprises a communication between said user device and said authentication server indicating that said user device
requested access to said protected resource;

collecting data, using said at least one processing device, in response to said browser request for said beacon image from
said user device associated with said browser; and

providing, using said at least one processing device, said data for a risk assessment of said access request to said protected
resource.

US Pat. No. 9,515,989

METHODS AND APPARATUS FOR SILENT ALARM CHANNELS USING ONE-TIME PASSCODE AUTHENTICATION TOKENS

EMC IP Holding Company LL...

1. A method for transmitting a message from a sender to a receiver indicating a potential attack on a protected resource,
comprising:
obtaining said message, wherein a content of said message is not previously known to said receiver;
encrypting, using at least one hardware device, said message using an authenticated encryption scheme, wherein said authenticated
encryption scheme employs a secret key shared by said sender and said receiver, wherein said authenticated encryption scheme
comprises an integrity check of said message;

combining, using at least one hardware device, said message encrypted using said authenticated encryption scheme with a tokencode
generated by a security token to generate a one-time passcode, wherein said one-time passcode is based on a forward secure
pseudo random number derived from said secret key such that said secret key remains secure in a forward time direction; and

transmitting said one-time passcode to a receiver.

US Pat. No. 9,612,769

METHOD AND APPARATUS FOR AUTOMATED MULTI SITE PROTECTION AND RECOVERY FOR CLOUD STORAGE

EMC IP HOLDING COMPANY LL...

1. A method comprising:
receiving parameters for creation of a source volume for a host; and
creating the source volume with data protection according to the received parameters by
creating the source volume;
creating a target volume;
establishing a data protection group between the source volume and the target volume according to a data replication mode
configured on a data protection policy configured for a replication group; and

exporting the source volume to the host,
wherein establishing the data protection group between the source volume and the target volume according to a data replication
mode configured on a data protection policy configured for a replication group comprises:

adding the source volume and the target volume to the replication group;
initiating replication from the source volume to the target volume according to a policy; and
masking the source volume and the target volume,
wherein adding the source volume and the target volume to the replication group comprises associating a source storage array
with a target storage array, a replication technology, and a storage pool representing storage that will be used for data
replication,

wherein defining the replication group comprises:
selecting a source virtual storage array;
selecting a target virtual storage array; and
selecting a replication technology for data protection from the source virtual storage array to the target virtual storage
array.

US Pat. No. 9,600,358

SCALABLE MONITORING AND ERROR HANDLING IN MULTI-LATENCY SYSTEMS

EMC IP Holding Company LL...

9. A system comprising:
one or more processors; and
memory storing computer program code that when executed on one or more of the one or more processors causes the system to
perform the operations of:

gathering events from a multi-latency logical data store comprising a first data store having a first data latency and a second
related data store having a second data latency substantially different than the first data latency;

processing the gathered events, wherein the processing includes receiving correlating, and aggregating the gathered events;
and

providing notification of the processed gathered events toward downstream queues for consumption.

US Pat. No. 9,594,888

USER AUTHENTICATION DEVICE

EMC IP Holding Company LL...

1. A processorless user authentication device, comprising:
a chargeable device;
a photovoltaic panel for charging the chargeable device, wherein the photovoltaic panel is arranged such that the chargeable
device is charged when the photovoltaic panel is exposed to light;

an input mechanism for facilitating the release of charge from the chargeable device;
a non-volatile memory including a pre-produced sequence of one-time passwords;
a circuit board constructed and arranged for indexing into the non-volatile memory of the hardware device upon a request for
a one-time password to read the one-time password; and

an output device constructed and arranged to output a read one-time password, wherein the output device comprises a display
for displaying one-time passwords;

characterized in that indexing includes dividing a numeric value used for indexing by a number of one-time password elements
in the non-volatile memory, using the result as the offset to read a first one-time password from the non-volatile memory,
using the remainder of the division as an offset to read a second one-time password from the non-volatile memory, and exclusive-oring
the first one-time password and the second one-time password to produce the one-time password.

US Pat. No. 9,513,814

BALANCING I/O LOAD ON DATA STORAGE SYSTEMS

EMC IP Holding Company LL...

1. A method for use in balancing I/O load on data storage systems, the method comprising:
determining storage capability of each storage container of a set of storage containers included in a storage tier, wherein
the storage capability of a storage container indicates a maximum I/O load enabled for the storage container based on storage
performance characteristics of the storage container, wherein the set of storage containers include first and second storage
containers configured such that storage characteristics associated with the first storage container is different from storage
characteristics associated with the second storage container, wherein each storage container includes a set of slices;

evaluating I/O load of each storage container of the set of storage containers, wherein evaluating the I/O load includes determining
current I/O load and desired I/O load of each storage container, wherein the desired I/O load for a storage container is determined
based on a storage utilization ratio of the storage tier and the storage capability of the storage container; and

based on the evaluation, relocating a slice from the first storage container to the second storage container based on storage
capabilities of the first and second storage containers, wherein the slice is relocated from the first storage container to
the second storage container upon determining that the current I/O load of the first storage container is greater than the
desired I/O load for the first storage container and the current I/O load of the second storage container is less than the
desired I/O load for the second storage container indicating that the first storage container is over-utilized and the second
storage container is under-utilized, wherein the slice is relocated by using a temporary slice relocation list, wherein the
temporary slice relocation list includes a set of slices identified for relocation and temporarily holds the set of slices
prior to relocating the set of slices from a source storage container to a destination storage container, wherein the current
I/O load of each storage container is managed by relocating slices among the set of storage containers in order for each storage
container to achieve similar storage utilization, wherein storage utilization of each storage container of the set of storage
containers is changed by relocation of the slices among the set of storage containers for balancing I/O load across the storage
containers, wherein storage utilization of a storage container is determined based on total I/O load and storage capability
of the storage container.

US Pat. No. 9,600,307

DYNAMIC POLICY BASED PLACEMENT OF VIRTUAL MACHINES WITHIN AND ACROSS MULTIPLE DATA CENTERS

EMC IP HOLDING COMPANY LL...

1. A non-transitory computer readable medium comprising:
logic which monitors performance of a first data center;
logic which monitors performance of a second data center;
logic which monitors performance of individual hosts of a first cluster of hosts in the first data center;
logic which monitors performance of individual hosts of a second cluster of hosts in the second data center;
logic which generates an indication that a virtual machine needs to be located;
logic, responsive to the indication, which selects one of the first and second data centers based on monitored performance
of the first data center and monitored performance of the second data center;

logic which selects a host in the selected data center based on the monitored performance of individual hosts in the selected
data center; and

logic which instantiates or relocates the virtual machine to the selected host.

US Pat. No. 9,535,629

STORAGE PROVISIONING IN A DATA STORAGE ENVIRONMENT

EMC IP Holding Company LL...

1. A system for storage provisioning in a data storage environment, the system comprising:
a storage provisioning interface; and
computer-executable program code operating in memory coupled with a processor in communication with a database, wherein the
computer-executable program code is configured to enable a processor to execute logic to enable:

provisioning of a storage volume across network resources through the storage provisioning interface; wherein the storage
provisioning interface enables provisioning of network resources to enable presentation of a provisioned storage volume; wherein
the provisioned storage volume is enabled to be provisioned across a plurality of file, block, and object storage resources
across the network resources; wherein the provisioned storage volume is enabled to be a redundant distributed volume; and
wherein the provisioning enables orchestration of federated storage to heterogeneous storage platforms to support storage
and network components; wherein the heterogeneous storage platforms are enabled to include one or more file, block, and object
storage platforms; wherein if the storage resources include a block resource, a file resource, and an object resource, the
provisioned storage volume is enabled to be spread across at least the block resource, the file resource, and the object resource.

US Pat. No. 9,529,676

OPTIMIZING SPARE CAPACITY AND SPARE DISTRIBUTION

EMC IP Holding Company LL...

1. A method of configuring spare sections in a system having a plurality of devices and having a plurality of erasure encoding
groups, each of the devices having a plurality of sections and each of the groups having a plurality of members located on
the sections of the devices, the method comprising:
configuring the system to have a plurality of erasure encoding groups with no spare sections;
ordering the groups according to a total collision count that corresponds to a weighted sum of collision counts between each
of the groups and each other ones of the groups;

converting members of a subset of the groups into spare sections according to ordering of the groups, wherein the spare sections
initially contain no data and are used for reconstructing particular erasure coding groups after failure of one or more of
the devices corresponding to the particular erasure coding groups; and

determining if the spare sections for the system provide sufficient coverage for the system in response to failure of each
of the devices.

US Pat. No. 9,961,547

CONTINUOUS SEAMLESS MOBILE DEVICE AUTHENTICATION USING A SEPARATE ELECTRONIC WEARABLE APPARATUS

EMC IP Holding Company LL...

1. A method of performing a security operation, the method comprising:receiving, by processing circuitry, first activity data from a mobile device, the first activity data identifying activity by a user that is currently using the mobile device;
receiving, by the processing circuitry, second activity data from an electronic wearable apparatus, the second activity data identifying physical activity by a wearer that is currently wearing the electronic wearable apparatus; and
based on the first activity data received from the mobile device and the second activity data received from the electronic wearable apparatus, performing, by the processing circuitry, an assessment operation that provides an assessment result indicating whether the user that is currently using the mobile device and the wearer that is currently wearing the electronic wearable apparatus are the same person;wherein the mobile device is a smartphone, and the user is currently using the smartphone;wherein the electronic wearable apparatus is a smart worn device, and the wearer is currently wearing the smart worn device;wherein performing the assessment operation includes identifying an amount of correlation between the activity by the user and the physical activity by the wearer;wherein the processing circuitry includes confidence scoring circuitry;wherein identifying the amount of correlation between the activity by the user and the physical activity by the wearer includes:providing, by the confidence scoring circuitry, a confidence score that indicates a numerical measure of confidence that the user and the wearer are the same person;wherein the processing circuitry further includes hand identification circuitry which is coupled to the confidence scoring circuitry; andwherein identifying the amount of correlation between the activity by the user and the activity by the wearer further includes:providing, by the hand identification circuitry, hand identification data to the confidence scoring circuitry, the hand identification data being based on the first activity data and the second activity data and indicating one of: (i) the smartphone and the smart worn device residing at the same hand of the same person, (i) the smartphone and the smart worn device residing at both hands of the same person, (iii) the smartphone and the smart worn device residing at opposite hands of the same person, and (iv) unknown.

US Pat. No. 9,600,182

APPLICATION RESOURCE USAGE BEHAVIOR ANALYSIS

EMC IP Holding Company LL...

18. A system comprising:
a computer having a memory;
computer-executable program code operating in memory, wherein the computer-executable program code is configured for execution
of the following:

injecting shadow input/outputs (shadow IOs) into an IO stack of a host system space of a data storage system;
removing the shadow IOs from the data storage system;
storing the shadow IOs; and
analyzing the stored shadow IOs to determine application specific behavioral information about the data storage system.

US Pat. No. 9,558,566

LOSSLESS COMPRESSION OF FRAGMENTED IMAGE DATA

EMC IP Holding Company LL...

1. A system, comprising:
a processor configured to:
receive an input sequence of data comprising an original channel;
generate a new channel by performing a differential transform on the original channel, wherein the first data elements of
the new channel and the original channel are the same and wherein the remaining data elements of the new channel comprise
differences between consecutive data elements of the original channel; and

generate a compressed output by encoding the new channel with a variable length code adapted to the statistics of the data
elements of the new channel, wherein the compressed output is based on a selection of one or more thresholds according to
the data elements of the new channel; and

a memory that stores the compressed output.

US Pat. No. 9,542,280

OPTIMIZED RECOVERY

EMC IP Holding Company LL...

1. A method for restoring data, comprising:
determining an object to be recovered from a data resource system, wherein the data resource system stores a plurality of
hashes of stored objects that share the same content;

determining a representation of the object based at least in part on the plurality of hashes, wherein at least a portion of
the object to be recovered shares the same content as one or more other objects stored in the data resource system, and wherein
the representation of the object includes the shared content;

determining a best data resource system based at least in part on geographic distance; and
requesting the representation of the object from the best data resource system.

US Pat. No. 9,521,065

ENHANCED VLAN NAMING

EMC IP Holding Company LL...

1. A method of routing data in a system containing a plurality of networks and a plurality of devices, comprising:
obtaining, for each of the plurality of networks, a unique identifier associated with respective ones of the plurality of
networks, wherein the unique identifier associated with respective ones of the networks includes a root bridge ID for a root
bridge uniquely associated with respective ones of the plurality of networks;

obtaining a VLAN ID for at least one VLAN in each of the plurality of networks;
forming, for each of the plurality of networks, a unique VLAN name by concatenating the respective unique identifier to the
VLAN ID, wherein, in response to a change in topology, a new root bridge is determined and, in response to a value for the
new root bridge being less than a value for the old root bridge, the unique VLAN name is changed to remove the old root bridge
ID and to include the new root bridge ID; and

routing data through the system to provide communication between devices that are part of the same VLAN in different ones
of the plurality of networks.

US Pat. No. 9,860,347

DATA TRANSFER METHOD AND APPARATUS

EMC IP Holding Company LL...

1. A data transfer method, comprising:
receiving a data connection request to transfer a portion of data from a source device to a target device, wherein the portion
of data is enabled to be transferred using parallel data connections between the source device and the target device;

providing multiple ports from the source device, wherein the multiple ports are enabled to be dynamically allocated to transfer
data from the source device to the target device;

establishing, at the source device, a plurality of parallel data connections with the target device in response to the data
connection request from a client, the data connection request carrying information on a plurality of receiving ports enabled
by the target device; and

transferring the portion of data from the source device to the target device via the plurality of parallel data connections
using a network data management protocol (NDMP);

wherein each of the plurality of parallel data connections is enabled to compensate for a failure of one of the plurality
of parallel data connections.

US Pat. No. 9,820,405

OPTIMIZED SERVER DESIGN USING DENSE DIMM SPACING, WIDE HEATSINK, IMPROVED ROUTING CHANNELS, AND IMPROVED AIR DELIVERY TO REAR DEVICES

EMC IP Holding Company LL...

10. An apparatus comprising:
a circuit board having a first side and a second side;
a plurality of compliant pin memory sockets provided on the first side of the circuit board; and
a plurality of surface mount decoupling capacitors provided on the second side of the circuit board.

US Pat. No. 9,606,938

MANAGING CACHES IN STORAGE SYSTEMS

EMC IP Holding Company LL...

1. A method for use in managing caches in storage systems, the method comprising:
reserving a set of block entries for a limited use in a reserved block entries list of a storage system during initialization
of the storage system, wherein the reserved block entries list manages the set of block entries that are separate from a set
of cache entries organized in a cache of the storage system, wherein the reserved block entries list is used in addition to
the cache of the storage system to store data of the storage system and only upon unavailability of an available cache entry
in the cache, wherein a portion of a memory of the storage system is reserved as the cache, wherein the cache is accessed
by using a set of hash buckets, each hash bucket of the set of hash buckets including the set of cache entries, wherein a
different portion of the memory of the storage system is reserved for the reserved block entries list, wherein the reserved
block entries list is managed separately from the cache;

based on a criterion, determining whether a cache entry is available for use in the cache of the storage system, wherein determining
whether a cache entry is available for use in the cache of the storage system includes continuing to search for an available
cache entry in the cache for a specific number of times until an available cache entry is found prior to the specific number
of times exceeding a threshold value, wherein the threshold value is configured in the storage system, wherein the criterion
is used for determining a hash bucket from the set of hash buckets for searching for an available cache entry;

based on the determining, selecting a block entry as an available cache entry for use from the reserved block entries list
upon determining that the cache of the storage system does not include a cache entry available for use;

based on the determining, continuing to search the cache for an available cache entry upon determining that the reserved block
entries list does not include a cache entry available for use, wherein the cache is continually searched by randomly selecting
hash buckets from the set of hash buckets until an available cache entry is found; and

providing the available cache entry to a user of the cache for storing data of the storage system.

US Pat. No. 9,594,968

BIOMETRIC PROFILE CREATION

EMC IP Holding Company LL...

1. A system, comprising;
a network interface;
a memory; and
a controller which includes controlling circuitry coupled to the memory, the controlling circuitry being constructed and arranged
to:

obtain a biometric input comprising a plurality of biometric attributes distinct to a user;
based on a first selection process, select a subset of biometric attributes in the obtained biometric input, wherein the number
of biometric attributes selected is less than the total number of biometric attributes in the obtained biometric input;

based on the subset of selected biometric attributes, create a biometric profile for the user;
delete non-selected biometric attributes in the obtained biometric input such that, in the event the biometric profile is
compromised, the biometric profile is revoked and replaced with a new biometric profile comprising one or more biometric attributes
from the non-selected attributes;

select, using a second selection process, at least one of the attributes within the profile, wherein selected profile attributes
are currently active for use in authentication and non-selected profile attributes are currently inactive for use in authentication,
wherein the second selection process is configured to select at least one different attribute periodically as the currently
active attribute for use in authentication;

receive an authentication request in connection with the user, wherein the authentication request comprises biometric attributes
associated with the user; and

perform an authentication operation based on the authentication request and the selected profile attributes.

US Pat. No. 9,588,716

METHOD AND SYSTEM FOR BACKUP OPERATIONS FOR SHARED VOLUMES

EMC IP Holding Company LL...

1. A system for backup operations for shared volumes, the system comprising:
a processor-based application executed on a computer and configured to:
identify a shared volume used by a virtual machine, the shared volume being scheduled for a backup operation by a first distributed
system node;

identify a second distributed system node that has a responsibility for sending control signals to the shared volume for performing
a backup operation;

save an association of the second distributed system node to the shared volume;
transfer, to the first distributed system node from the second distributed system node, the responsibility for sending control
signals to the shared volume to the first distributed system node;

execute, by the first distributed system node, the backup operation for the shared volume in response to receiving the responsibility
for sending the control signals to the shared volume from the second distributed system node; and

transfer, based on the saved association, the responsibility for sending control signals to the shared volume back to the
second distributed system node.

US Pat. No. 9,537,748

FINDING SHORTEST PATH IN MULTI-ACCESS NODES IN CLOUD SERVICE

EMC IP Holding Company LL...

1. A method to reduce latency in cloud services, comprising:
obtaining a plurality of nodes, connected via a network to a host, and associated with a tenant within the cloud, wherein
the plurality of nodes comprise physical servers storing data of the tenant, and are configured as a group to provide the
cloud services to the tenant, and during an initial period each of the nodes provide the cloud services to the tenant;

after the initial period, issuing from the host over the network a command to each node of the plurality of nodes to obtain
a plurality of hop counts, wherein a hop count comprises a number of hops between the host and a node;

associating the plurality of hop counts to the plurality of nodes, each node thereby being associated with a particular hop
count of the plurality of hop counts;

comparing the particular hop count associated with each node against a threshold hop count to group a subset of the plurality
of nodes into a local node group, each node in the local node group having an associated particular hop count that is less
than or equal to the threshold hop count;

testing a node in the local node group to determine if the node is available to provide the cloud services to the tenant;
if the node is available, allowing the node in the local node group to participate in providing the cloud services to the
tenant, and excluding nodes outside the local node group from participating in providing the cloud services to the tenant
based on each node outside the local node group having an associated particular hop count that is greater than the threshold
hop count; and

if the node in the local node group is not available and the local node group comprises no other nodes that are available,
allowing a node outside the local node group to participate in providing the cloud services to the tenant.

US Pat. No. 9,606,870

DATA REDUCTION TECHNIQUES IN A FLASH-BASED KEY/VALUE CLUSTER STORAGE

EMC IP HOLDING COMPANY LL...

1. A method comprising:
splitting empty RAID stripes into sub-stripes;
storing pages into the sub-stripes based on a compressibility score;
reading pages from 1-stripes;
writing to a free location in a S-stripe compressed pages, wherein S>0;
testing each page for compressibility;
giving each page a compressibility score, S; and
finding S*N pages with the same compressibility score,
wherein each 1-stripe comprises N pages of data and K pages of parity, where K>1 and N>1 and N equals the number of disks
minus K,

wherein each S-stripe comprises includes S*N+S*K sub-pages, and
wherein storing pages into the sub-stripes based on a compressibility score comprises storing pages with the same compressibility
score in the same sub-stripe.

US Pat. No. 9,591,099

SERVER CONNECTION ESTABLISHMENT OVER FIBRE CHANNEL USING A BLOCK DEVICE ACCESS MODEL

EMC IP Holding Company LL...

1. A computer-implemented method executed by a server for connecting with a client over a Fibre Channel (FC) network, the
method comprising:
receiving, from the client over the FC network, a first Small Computer System Interface (SCSI) request to establish a virtual
connection, wherein the first SCSI request is packaged as a FC frame, wherein a SCSI logical block address (LBA) field of
the SCSI command descriptor block (CBD) of the first SCSI request includes an indication that the first SCSI request is to
establish a virtual connection;

assigning, by the server, an identifier to the virtual connection, wherein assigning an identifier to the virtual connection
comprises selecting, by the server, a transport path from a catalog of transport paths for the virtual connection;

responding to the first SCSI request by sending a first SCSI response, including the virtual connection identifier to the
client over the FC network according to a FC protocol, an identifier of the server, and at least one of a generation number
of the virtual connection or a verifier value of the virtual connection, wherein the first SCSI response is packaged as a
FC frame;

receiving, from the client, a second SCSI request including the virtual connection identifier and a descriptor for a server
process at the server, wherein the second SCSI request is packaged as a FC frame; and

associating the virtual connection with a server process at the server corresponding to the server process descriptor.

US Pat. No. 9,542,205

CONFIGURING A DATA CENTER

EMC IP Holding Company LL...

1. A method for configuring a data center, comprising:
obtaining a function call corresponding to data to be configured based on a template for configuring the data center;
wherein the template is a set of resource model instances used to describe a configuration;
obtaining a vendor driver corresponding to the data based on the template for configuring the data center;
wherein obtaining the function call corresponding to the data based on the template for configuring the data center comprises:
dividing the template into a sub-template for configuring compute data, a sub-template for configuring network data, and a
sub-template for configuring storage data respectively for the compute data, wherein the network data and the storage data
included in the data; and

obtaining a function call corresponding to the compute data, a function call corresponding to the network data, and a function
call corresponding to the storage data respectively based on the sub-template for configuring compute data, the sub-template
for configuring network data, and/or the sub-template for configuring storage data; and

configuring the data by the vendor driver by executing the function call;
wherein prior to obtaining the function call corresponding to the data based on the template for configuring the data center:
determining an execution order of the function call corresponding to the compute data, the function call corresponding to
the network data, and the function call corresponding to the storage data based on a predetermined configuration order of
the compute data, the network data and the storage data;

wherein prior to determining the execution order:
storing at least one of a pre-defined template or a template created by a user in a template repository; and
determining from the template repository an appropriate template required for configuring the data center.

US Pat. No. 9,535,624

DUPLICATE MANAGEMENT

EMC IP Holding Company LL...

1. A method of managing duplicate segments from a segmented file storage system including:
indexing each of a plurality of segments with a correspondingly associated key, the index including an identification of a
first data location where a first segment is stored;

identifying a duplicate segment associated with a duplicate key matching a first key associated with the first segment and
stored in a second data location;

determining whether the duplicate segment is an undesired duplicate segment based at least in part on an amount of time that
has passed since an operation associated with the duplicate segment;

eliminating the duplicate segment if the duplicate segment is determined to be an undesired duplicate segment, wherein the
duplicate segment is an undesired duplicate segment in the event the amount of time has passed since the operation associated
with the duplicate segment; and

retaining the duplicate segment if the duplicate segment is not determined to be an undesired duplicate segment, wherein the
duplicate segment is not an undesired duplicate segment in the event the amount of time has not passed since the operation
associated with the duplicate segment.

US Pat. No. 9,552,432

LIGHTWEIGHT APPLIANCE FOR CONTENT RETRIEVAL

EMC IP Holding Company LL...

1. A method for lightweight retrieval of content, comprising:
receiving, at a server having an in-memory index, a request to retrieve a photograph from a storage system, wherein the photograph
includes image content and the storage system is different and distinct from the sever;

interpreting the request at the in-memory index, wherein the in-memory index identifies a hierarchical data structure associated
with the request, the hierarchical data structure comprising metadata associated with the requested photograph;

retrieving the metadata for the requested photograph, wherein the metadata resides on a solid state drive (“SSD”);
identifying a source at the storage system, the source comprising one of a multi-image container file on a hard disk drive
(“HDD”) and a photo cache on the SSD, wherein the multi-image container file has a system-wide fixed size based on a user
behavior;

determining an offset for the image content within the multi-image container file from the metadata, wherein the offset is
associated with a node in the hierarchical data structure;

retrieving the image content from the source; and
displaying the image content and associated metadata on a display.

US Pat. No. 9,535,955

MODIFYING QUERIES AND RULES FOR PROFILE FETCHING AND RISK CALCULATION

EMC IP Holding Company LL...

1. A method comprising:
comparing at least one aspect of a query to access a data store to one or more rule sets associated with the data store to
determine at least one potential access path within the data store for responding to the query, wherein said comparing the
at least one aspect is carried out prior to executing said query on the data store;

comparing information pertaining to an entity responsible for submission of the query to risk information pertaining to one
or more entities to determine a level of risk associated with the entity, wherein said risk information comprises an established
risk level attributed to (i) one or more internet protocol addresses pertaining to the one or more entities and (ii) one or
more account identifiers pertaining to the one or more entities, wherein said comparing comprises comparing the one or more
internet protocol addresses pertaining to the one or more entities to (a) a white list of internet protocol addresses and
(b) a list of internet protocol addresses linked to fraudulent activity, and wherein said comparing the information is carried
out prior to executing said query on the data store;

generating a modified version of the query based on information derived from the at least one potential access path within
the data store for responding to the query, wherein said generating comprises re-formatting one or more Rete-based rules to
reduce response data resulting from the query, and wherein said generating the modified version of the query is carried out
prior to executing said query on the data store;

calculating a risk score associated with the modified version of the query based on (i) the level of risk associated with
the entity responsible for submission of the query, (ii) one or more aspects of the modified version of the query, and (iii)
a correlation between the level of risk associated with the entity and at least one of one or more historical use cases and
one or more policy parameters, wherein said calculating is carried out prior to executing said modified version of the query
on the data store;

determining, based on the risk score, one or more of multiple authentication operations to be implemented prior to executing
the modified version of the query on the data store; and

implementing the one or more authentication operations prior to executing the modified version of the query on the data store.

US Pat. No. 9,529,828

AUTOMATING CONFIGURATION AND MIGRATING CONFIGURATIONS OF ASSETS IN A STORAGE AREA NETWORK

EMC IP Holding Company LL...

1. A method comprising:
generating an element representing an event in a storage system migration project;
adding one or more assets to the element;
generating a migration group within the element including a sub-set of the one or more assets from the element; and
determining a source asset and a target asset from the one or more assets;
wherein one or more assets in the sub-set are to be configured;
wherein the element comprises an event window used in connection with planning the storage system migration project;
wherein the sub-set of the one or more assets includes the source asset and the target asset grouped together in the migration
group to permit a configuration of the source asset and a configuration of the target asset to be managed together, and to
permit management of an assignment between at least two assets;

wherein assignments on the target asset are automatically configured based on the configuration of the source asset, a script
is automatically generated to update the configuration on at least one of the source asset and the target asset, the one or
more assets added to the element further comprise an associated asset that is automatically configured, and the event window
displays a time period when the event is occurring; and

wherein the generating the element, adding, generating the migration group and determining steps are executed via at least
one processor coupled to a memory.

US Pat. No. 9,633,065

EFFICIENT DATA REHYDRATION

EMC IP Holding Company LL...

1. A system for an efficient data rehydration comprising:
an interface configured to receive a restore list comprising a plurality of storage locations and lengths for performing a
data rehydration; and

a computer processor configured to:
retrieve, from one or more storage nodes, a data set indicated by the restore list, wherein the plurality of storage locations
and lengths indicate chunks from a client system stored as part of a full or as an incremental backup session on a storage
device attached to a storage node of the one or more storage nodes, wherein the restore list is created by coalescing files
as they are added to the restore list, wherein coalescing comprises merging the files in the event that the files reside at
adjacent points in the full or the incremental backup session;

transfer the data set to a save node; and
verify the transfer of the data set.

US Pat. No. 9,602,341

SECURE MULTI-TENANT VIRTUAL CONTROL SERVER OPERATION IN A CLOUD ENVIRONMENT USING API PROVIDER

EMC IP Holding Company LL...

1. A method of sharing resources in a virtualized environment, comprising:
managing distributed resources of the virtualized environment using at least one virtual array;
providing an application programming interface (API) provider that manages interfacing between a plurality of virtual control
servers and the at least one virtual array, wherein each of the virtual control servers manages one or more virtual machines
and wherein at least one of the virtual control servers manages a set of the virtual machines different from a set of the
virtual machines managed by an other one of the virtual control servers;

receiving, at the API provider, requests from the plurality of virtual control servers;
identifying, at the API provider, resources of the at least one virtual array that are responsive to the requests; and
reporting relevant resources and event or alert information concerning the distributed resources of the virtual array individually
to each of the plurality of virtual control servers from the API provider, the relevant resources being separately responsive
to each of the requests from the plurality of virtual control servers, wherein different ones of the virtual control servers
receive different relevant resources of the at least one virtual array and receive different event or alert information.

US Pat. No. 9,594,674

METHOD AND SYSTEM FOR GARBAGE COLLECTION OF DATA STORAGE SYSTEMS USING LIVE SEGMENT RECORDS

EMC IP Holding Company LL...

1. A computer-implemented method for garbage collection of a storage system, the method comprising:
scanning, by a garbage collector executed by a processor, a plurality of containers in a storage device of a storage system,
each of the containers containing a plurality of segments that constitute a plurality of files, wherein each file is represented
by a file tree having a plurality of segments in a plurality of levels in a hierarchical structure;

creating a plurality of container live segment records (LSRs) corresponding to one of the containers, each of the container
LSRs including a plurality of segment LSRs corresponding to a plurality of segments contained therein;

after the segment LSRs of the container LSRs have been created for all segments of the containers, sequentially traversing
the segment LSRs of the container LSRs based on levels of segments specified in the corresponding segment LSRs to determine
and indicate in the corresponding segment LSRs whether the segments are live segments; and

after all of the segment LSRs of the container LSRs have been traversed, performing a garbage collection operation to reclaim
storage space of segments that are not live segments indicated in the segment LSRs of the container LSRs, without traversing
the file system namespace again.

US Pat. No. 9,594,753

FRAGMENTATION REPAIR OF SYNTHETIC BACKUPS

EMC IP Holding Company LL...

1. A method, comprising:
computing, by one or more processors, a locality measure with respect to a first group of segments comprising a portion of
a file stored on a storage device, wherein the locality measure is based at least in part on a number of containers associated
with the first group of segments;

comparing, by the one or more processors, the computed locality measure to a repair criteria, wherein the repair criteria
comprises a static threshold and a dynamic criteria, the dynamic criteria being determined based at least in part on a locality
value with respect to one or more second groups of segments that share one or more of the number of containers associated
with the first group of segments, wherein the locality value is based at least in part on a number of containers associated
with the one or more second groups of segments;

determining, by the one or more processors, based at least in part on the comparing of the computed locality measure to the
repair criteria whether to repair fragmentation of segments comprising the first group of segments; and

repairing fragmentation of the first group of segments based at least in part on determining that the computed locality measure
satisfies the repair criteria.

US Pat. No. 9,563,628

METHOD AND SYSTEM FOR DELETION HANDLING FOR INCREMENTAL FILE MIGRATION

EMC IP Holding Company LL...

1. A system for deletion handling for incremental file migration, the system comprising:
one or more processors; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed cause the one or more processors
to:

connect to a source device via a Network Data Management Protocol;
initiate a Network Data Management Protocol incremental backup operation;
receive data from the source device via the Network Data Management Protocol backup operation;
identify modified directories in the data received from the source device via the Network Data Management Protocol;
add the identified modified directories to a revised directory table;
create a list of files, each file in the list being identified from modified directories added to the revised directory table;
connect to a storage device via the Network Data Management Protocol;
initiate a Network Data Management Protocol restore operation on the storage device; and
delete, from the storage device, any files associated with at least one directory in the storage device corresponding to at
least one of the identified modified directories that are absent from the created list of files via the Network Data Management
Protocol restore operation.

US Pat. No. 9,542,153

SYSTEM AND METHOD FOR TIERING DATA STORAGE

EMC IP Holding Company LL...

1. A computer-implemented method comprising:
monitoring temporal usage of a data portion within a storage system over a defined monitoring period, wherein the monitoring
period is defined based upon, at least in part, a defined number of cycles of utilization & the data portion, wherein the
defined number of cycles provides a temporal usage prediction while minimizing retiering latency, wherein the storage system
includes a plurality of data tiers, wherein one data point is generated for each cycle & the defined number of cycles;

defining a temporal-usage pattern for the data portion for the defined monitoring period based upon at least two data points
generated during at least two cycles of utilization;

wherein the temporal-usage pattern for the data portion of the defined monitoring period is based upon four data points generated
during four cycles of utilization;

predicting at least one of an increase of activity for the data portion and a decrease of activity for the data portion for
a future time based, at least in part, upon the temporal-usage pattern;

automatically retiering the data portion amongst the plurality of data tiers prior to the predicted at least one of the increase
of activity and the decrease of activity for the future time based, at least in part, upon the temporal-usage pattern; and

automatically retiering the data portion amongst the plurality of data tiers after expiry of the predicted at least one of
the increase of activity and the decrease of activity for the future time; and

automatically offtiering the data portion from the plurality of data tiers to a remote data tier after expiry of the predicted
decrease of activity for the future time based, at least in part, upon the temporal-usage pattern, wherein the remote data
tier is an archive.

US Pat. No. 9,542,063

MANAGING ALERT THRESHOLDS

EMC IP Holding Company LL...

1. A method for use in managing alert thresholds, the method comprising:
providing a graphical user interface (GUI) comprising a utilization bar associated with allocation of data storage in a data
storage system, wherein the utilization bar includes an alert threshold slider comprising an integrated warning thumb, and
wherein the utilization bar comprises a current data storage allocation area and a remaining unallocated data storage space
area in the data storage system;

displaying an existing setting for a severity setting of an alert threshold, wherein the existing setting for the severity
setting is an icon displayed integrally with the integrated warning thumb, wherein the icon is selected from among a plurality
of different graphical severity indicators, and wherein the alert threshold slider indicates the alert threshold; and

allowing a user to view and change the existing setting for the severity setting of the alert threshold using an integrated
slider setting dialog pop-up, wherein the integrated slider setting dialog pop-up pops-up and is displayed next to the icon
of the integrated warning thumb by hovering over the integrated warning thumb portion of the alert threshold slider, wherein
the integrated slider setting dialog pop-up includes the plurality of graphical severity indicators, a numerical input GUI
element for setting the alert threshold to a numerical value, and an alert threshold check box, wherein each of the plurality
of different graphical severity indicators is associated with a respective particular severity setting, and wherein the severity
setting is user selectable and the existing setting for the severity setting is the icon of the plurality graphical severity
indicators currently selected by the user via the integrated slider setting dialog pop-up.

US Pat. No. 9,535,801

XCOPY IN JOURNAL BASED REPLICATION

EMC IP Holding Company LL...

1. A system for data replication, the system comprising: a storage medium
a do data stream wherein the do data stream contains data corresponding to data of IOs split from a production site;
do meta data where the do metadata indicates what data of the do stream should be written to an image to move the image to
different points in time;

an undo data stream, wherein the undo data stream is a stream that contains data that may be used to roll the image of the
storage medium to earlier points in time;

undo meta data wherein the undo metadata stream has undo metadata that indicates what data of the do stream should be written
to an image to move the image to an earlier point in time;

the image on the storage medium; and
computer-executable logic operating in memory, wherein the computer-executable program logic is configured for execution of:
reading the do metadata stream to determine what data is to be written from the do data stream to the image of the storage
medium to move the image to a point in time;

xcopying data from the image on the storage medium to the undo data stream using a first xcopy command; wherein the parameters
for the first xcopy command are created based on the read do meta data; wherein the read do meta data stream indicates is
to be overwritten on the storage medium from the do data stream;

xcoping the portion of the do stream determined to be over written by other portions of the do stream to the undo data stream
using a second xcopy command; wherein the parameters for the second xcopy command are created based on the data in the do
meta data stream to make the data corresponding to the portion of the do stream determined to be over written appear as a
set of logical units;

xcopying data from the do data stream to the image on the storage medium using an third xcopy command; wherein the parameters
for the third xcopy command are created based on what data the read do meta data stream indicates is to be written to the
image on the storage medium to make the data from the do data stream appear as a set of logical units, wherein each xcopying
is able to copy the data of multiple replicated IOs with a single xcopy command;

updating the do meta data in the do metadata stream and updating data the undo meta data in the undo metadata stream to indicate
that the xcopying has occurred and the image on the storage medium has been rolled to a new point-in-time.

US Pat. No. 9,535,806

USER-DEFINED STORAGE SYSTEM FAILURE DETECTION AND FAILOVER MANAGEMENT

EMC IP Holding Company LL...

1. A computer-implemented method of providing user-defined failure detection and failover management, comprising executing,
on at least one processor, the steps of:
providing, by an active storage system, external storage to at least one application executing on a computer, the external
storage provided to the application through a storage service provided by the active storage system to the computer over a
network, the active storage system obtained by a customer from a storage system vendor,

loading, into a memory of the computer
i) a plurality of user-defined storage system management functions, wherein the user-defined storage system management functions
were developed by the customer of the storage system vendor, wherein the user-defined storage system management functions
are communicable with the application executing on the computer and operable to monitor storage system state parameters indicating
a current state of the active storage system, and wherein the storage system state parameters are stored in a set of system
environment parameters located in the memory of the computer;

ii) a plurality of vendor-defined storage system management functions, wherein the vendor-defined storage system management
functions were obtained by the customer from the storage system vendor, wherein the vendor-defined storage system management
functions are communicable with the active storage system, and wherein the vendor-defined storage system management functions
are operable to maintain the storage system state parameters by storing a current state of the active storage system into
the storage system state parameters; and

detecting and processing a plurality of storage failure conditions by executing the user-defined storage system management
functions and the vendor-defined storage system management functions on the computer to provide user-defined failure detection
and failover management.

US Pat. No. 9,992,903

MODULAR RACK-MOUNTABLE IT DEVICE

EMC IP Holding Company LL...

19. A 1U rack-mountable computing device comprising:a storage component configured to include one or more storage devices, wherein the storage component includes a first electrical connector assembly;
a processing component configured to include one or more microprocessors and be releasably coupleable to the storage component, wherein the processing component includes a second electrical connector assembly configured to releasably couple directly to the first electrical connector assembly of the storage component;
an input/output component configured to couple the 1U rack-mountable computing device to a network infrastructure and be releasably coupleable to the processing component; and
a coupling system configured to releasably couple the storage component, the processing component, and the input/output component;
wherein the network infrastructure includes one or more of: an Ethernet infrastructure, a fiber channel infrastructure, and an infiniband infrastructure; and
wherein the one or more storage devices includes one or more of: at least one hard disk drive, and at least one solid state storage device.

US Pat. No. 9,588,815

ARCHITECTURE FOR DATA COLLECTION AND EVENT MANAGEMENT SUPPORTING AUTOMATION IN SERVICE PROVIDER CLOUD ENVIRONMENTS

EMC IP Holding Company LL...

1. An apparatus comprising:
at least one processing platform comprising:
virtualization infrastructure;
an assurance layer comprising a first grouping of components, wherein the first grouping of components comprises a deterministic
functional grouping of components determined in accordance with system configuration parameters; and

an analytic layer comprising a second grouping of components, wherein the second grouping of components comprises an indeterministic
functional grouping of components that is independent of the system configuration parameters;

wherein the assurance and analytic layers are configured to provide data collection and event management functionality to
support automation relating to resources of the virtualization infrastructure and associated workloads;

wherein the deterministic functional grouping of components is configured to implement first portions of the data collection
and event management functionality;

wherein the indeterministic functional grouping of components is configured to implement second portions of the data collection
and event management functionality;

wherein the deterministic functional grouping of components of the assurance layer is arranged in a hierarchy of components
comprising at least the following levels:

a lower level comprising a collector component and a component based on a third-party software development kit;
an intermediate level comprising a topology discovery module, an element management system, a software-defined network controller,
and a network function virtualization infrastructure component; and

a higher level comprising a network functions virtualization infrastructure topology component, an encompassing topology component,
and a root cause analysis module having an associated behavioral model; and

wherein the processing platform is implemented using at least one processing device comprising a processor coupled to a memory.

US Pat. No. 9,525,551

RANDOMLY SKEWING SECRET VALUES AS A COUNTERMEASURE TO COMPROMISE

EMC IP Holding Company LL...

1. A method of authenticating a first cryptographic device by second cryptographic device, the method comprising the steps
of:
storing in the second cryptographic device an alternative version of a secret value associated with the first cryptographic
device in place of the secret value itself as a countermeasure to compromise of the secret value;

in conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, determining
in the second cryptographic device the secret value based at least in part on the alternative version of the secret value;
and

authenticating the first cryptographic device utilizing the determined secret value in the second cryptographic device;
wherein the first cryptographic device comprises a time-synchronous authentication token and the second cryptographic device
comprises an authentication server;

wherein the secret value comprises a randomized clock drift vector of the time-synchronous authentication token;
wherein the randomized clock drift vector is randomized by selection of said clock drift vector from a range between a minimum
clock drift vector and a maximum clock drift vector; and wherein the alternative version of the secret value comprising the
randomized clock drift vector comprises information specifying the minimum clock drift vector and the maximum clock drift
vector.

US Pat. No. 9,613,330

IDENTITY AND ACCESS MANAGEMENT

EMC IP Holding Company LL...

1. A computer-implemented process for automated fulfillment of change requests used to manage access-control records of business
sources, the business sources being applications and/or data collections on respective endpoint computers and using the access-control
records to control user access to and use of the applications and/or data collections by computer system users, comprising:
(1) performing an initial configuration process, including:
(A) in an Automatic Fulfillment (AF) server:
(i) creating endpoint connectors on the AF server for communications with respective endpoint computers;
(ii) selecting respective sets of supported change-request commands for the endpoint connectors; and
(iii) for each supported change-request command of each endpoint connector, defining (a) respective required and optional
parameters and (b) endpoint type specific implementation details for a respective native command used to communicate the change-request
command to the respective endpoint computer;

(B) in a Compliance Manager (CM) server:
(i) running discovery to find new endpoint computers and create metadata therefor in the CM server, the discovery including
receiving information from the AF server for the endpoint connectors and the respective endpoint computers;

(ii) for each of the supported change-request commands to be automated, filling in mappings for at least all required parameters,
and enabling the command;

(iii) enabling the endpoint computers for automated change-request fulfillment;
(iv) creating endpoint bindings to bind the endpoint computers to the respective business sources; and
(v) ensuring that the business sources use an automated change-request fulfillment process that uses the endpoint connectors
of the AF server; and

(2) during subsequent operation in which change requests are generated for respective target business sources, performing
respective instances of the automated change-request fulfillment process for each of the change requests by:

(C) at the CM server:
(i) executing a set of checks to determine that the automated change-request fulfillment process is enabled and has command
parameter mappings for a configured change-request command to be used to communicate the change request to the target business
source;

(ii) based on the set of checks being satisfied, transmitting the configured change-request command to the AF server, the
change-request command identifying an endpoint computer bound to the target business source; and

(D) at the AF server:
(i) receiving the change-request command from the CM server;
(ii) based on the identity of the endpoint computer in the received change-request command, selecting the respective endpoint
connector for the identified endpoint computer and enqueueing the change-request command on the selected endpoint connector;
and

(iii) by the identified endpoint connector when processing the enqueued change-request command, issuing the corresponding
native command defined for the change-request command to the endpoint computer to effect the requested change on the target
business source.

US Pat. No. 9,600,409

METHOD AND SYSTEM FOR GARBAGE COLLECTION IN A STORAGE SYSTEM BASED ON LONGEVITY OF STORED DATA

EMC IP HOLDING COMPANY LL...

1. A non-transitory computer readable medium comprising instructions, which when executed by a processor perform a method,
the method comprising:
receiving a first request to write data to persistent storage;
in response to the first request and after determining that the data is non-persistent data, writing the data to a first block
in the persistent storage; and

performing a modified garbage collection operation comprising:
selecting a frag page in a second block;
determining that the frag page comprises persistent data, wherein the first frag page comprises persistent data when the first
frag page is live, and

migrating, based on the determination that the first frag page comprises persistent data, the first frag page to a third block
in the persistent storage,

wherein the third block is distinct from the first block and wherein the third block does not include any non-persistent data,
and

receiving a second request to write second data to the persistent storage, wherein the second request comprises information
which indicates that the second data is persistent data; and

in response to the second request, writing the second data to the third block in the persistent storage.

US Pat. No. 9,602,283

DATA ENCRYPTION IN A DE-DUPLICATING STORAGE IN A MULTI-TENANT ENVIRONMENT

EMC IP Holding Company LL...

1. A method comprising:
assigning a plurality of tenant keys to a plurality of tenants, each tenant being assigned a specific tenant key of the plurality
of tenant keys;

storing in a storage system a plurality of raw data objects backed up for the plurality of tenants;
storing in the storage system a plurality of fingerprints, corresponding to the plurality of raw data objects, in a single
use key encrypted format;

wrapping, by a hardware processor, the plurality of fingerprints with a storage system key held by the storage system;
receiving, from a first tenant, a request to retrieve data backed up on the storage system for the first tenant, the request
comprising a set of fingerprints corresponding to a set of raw data objects to retrieve, and a first tenant key assigned to
the first tenant, the set of fingerprints being in the single use key encrypted format and wrapped with the first tenant key;

unwrapping, using the first tenant key, the received set of fingerprints to retrieve the set of raw data objects corresponding
to the received set of fingerprints;

transmitting the set of raw data objects to the first tenant; and
removing the first tenant key from the storage system.

US Pat. No. 9,542,125

MANAGING DATA RELOCATION IN STORAGE SYSTEMS

EMC IP Holding Company LL...

1. A method for use in managing data relocation in storage systems, the method comprising:
monitoring performance of a storage system during relocation of storage objects from a storage tier to another storage tier
in the storage system by managing an amount of time required to relocate the storage objects in the storage system, wherein
a storage object includes a slice, wherein the performance indicates a system load of the storage system and is determined
by computing data relocation elapsed time for each storage object that is relocated in the storage system, wherein the data
relocation elapsed time for a storage object indicates time taken to relocate data of the storage object, wherein the system
load indicates a level of I/O activity in the storage system;

based on the determination, dynamically adjusting a rate at which data of subsequent storage objects is relocated in the storage
system, wherein adjusting the rate includes changing a number of the subsequent storage objects selected for relocation based
on the determination of the data relocation elapsed time of the storage objects, wherein adjusting the rate includes increasing
the number of subsequent storage objects selected for relocation resulting into an increase in the rate at which data is relocated
in the storage system upon determining a low level of I/O activity in the storage system and decreasing the number of subsequent
storage objects selected for relocation resulting into a decrease in the rate at which data is relocated in the storage system
upon determining a high level of I/O activity in the storage system; and

based on the adjusted rate, relocating storage objects in the storage system.

US Pat. No. 9,535,575

DYNAMICALLY-CONFIGURED DASHBOARD

EMC IP Holding Company LL...

1. A method of automatically displaying data storage system widgets to a user within a graphical user interface of a data
storage system management application running on a computing device, the method comprising:
during operation of the data storage system management application, repeatedly calculating, by the computing device, relevancy
scores for a plurality of available data storage system widgets based on expected needs of the user;

during operation of the data storage system management application, repeatedly selecting, by the computing device, a set of
widgets having highest calculated relevancy scores from the plurality of available widgets; and

during operation of the data storage system management application, repeatedly displaying the selected set of widgets to the
user on a display screen, the displayed widgets each presenting data storage system management data to the user.

US Pat. No. 9,529,804

SYSTEMS AND METHODS FOR MANAGING FILE MOVEMENT

EMC IP Holding Company LL...

1. A system comprising:
a first storage including a first set of filers, the first storage configured to receive a request to access a file of a first
set of files from a client device;

a second storage including a second set of filers;
a set of file manager nodes connected to the first storage and the second storage, each file manager node comprising a processor,
the set of file manager nodes configured to:

move the first set of files from the first storage to the second storage based on content data of the first set of files,
wherein at least one of the set of file manager nodes is configured to search for a keyword in content included in the first
storage for the content data to identify the first set of files to be moved, the keyword not being recorded in metadata associated
with each of the first set of files;

receive the request to access the file from the first storage, the request being sent by the first storage according to at
least one of a round-robin arrangement, a load-balancing arrangement, a distributed arrangement, and a fail-over arrangement;
and

recall the file from the second storage to the first storage based on the received request to access the file and a recall
policy; and

a metadata filer comprising a different processor from the set of file manager nodes, the metadata filer being connected to
the set of file manager nodes and configured to store data pertaining to movement of the first set of files.

US Pat. No. 9,514,407

QUESTION GENERATION IN KNOWLEDGE-BASED AUTHENTICATION FROM ACTIVITY LOGS

EMC IP Holding Company LL...

1. A method of generating knowledge-based authentication (KBA) questions, the method comprising:
obtaining, from a user device, an activity log of a user, the activity log including pointers to a set of external fact sources;
deriving external facts from each external fact source of the set of external fact sources; and
generating a set of KBA questions from the external facts;
wherein the activity log of the user includes a web browsing history of the user,
wherein the pointers to the set of external fact sources include a list of addresses, within the web browsing history, of
websites corresponding to the respective addresses and previously visited by the user, the set of external fact sources including
the websites addressed by the list of addresses,

wherein deriving the set of external facts includes accessing, over a network, each of the websites addressed by the list
of addresses and acquiring the external facts from the websites, and

wherein the KBA questions are generated by a KBA server from content of websites distinct from the user device, pointed to
by the web browsing history on the user device, and visited by the KBA server connecting to the websites over the network.

US Pat. No. 9,503,442

CREDENTIAL-BASED APPLICATION PROGRAMMING INTERFACE KEYS

EMC IP Holding Company LL...

1. A method comprising:
obtaining a credential associated with a particular access control interval;
determining an application programming interface (API) key based at least in part on the credential, wherein the API key is
used to control access to a protected resource over a network;

utilizing the API key in an API key enrollment protocol; and
repeating the obtaining, determining and utilizing for one or more additional instances of the API key enrollment protocol
corresponding to respective ones of one or more additional access control intervals;

wherein the obtaining, determining, utilizing and repeating are performed by at least one processing device comprising a processor
coupled to a memory.

US Pat. No. 9,619,429

STORAGE TIERING IN CLOUD ENVIRONMENT

EMC IP Holding Company LL...

1. A method, comprising:
allocating a plurality of performance-based storage nodes and a plurality of capacity-based storage nodes of a data storage
system in a network environment to one or more tiered resource pools such that, for a given pool of the one or more tiered
resource pools, the performance-based storage nodes and the capacity-based storage nodes allocated to the given pool are addressable
via a given virtual address assigned to the given pool; and

managing access of the performance-based storage nodes and the capacity-based storage nodes in the one or more tiered resource
pools by a plurality of compute nodes, wherein access to the performance-based storage nodes and the capacity-based storage
nodes is managed transparent to the compute nodes via a given storage policy;

wherein at least portions of the compute nodes, the performance-based storage nodes, and the capacity-based storage nodes
are operatively coupled via a plurality of network devices;

wherein the managing step further comprises at least one of creating and migrating a storage volume in response to a request
from one of the plurality of compute nodes;

wherein creating the storage volume further comprises:
collecting network topology information from the plurality of network devices, and selecting an appropriate one of the performance-based
storage nodes and the capacity-based storage nodes based at least in part on the given storage policy and the network topology
information;

communicating with the selected appropriate one of the performance-based storage nodes and the capacity-based storage nodes
to allocate storage capacity thereon; and

sending, to the compute node that requested creation of the storage volume, the given virtual address of the tiered resource
pool in which the selected appropriate one of the performance-based storage nodes and the capacity-based storage nodes is
allocated; and

wherein one or more of the allocating and managing steps are automatically performed under control of at least one processing
device.

US Pat. No. 9,612,746

ALLOCATION METHOD FOR MEETING SYSTEM PERFORMANCE AND APPLICATION SERVICE LEVEL OBJECTIVE (SLO)

EMC IP HOLDING COMPANY LL...

1. An apparatus comprising:
a data storage system comprising:
a plurality of non-transitory data storage devices each having a performance capability, where ones of the storage devices
having a common performance capability are grouped together in a storage tier and the data storage system includes multiple
storage tiers;

a processor which presents logical storage devices to an application, the logical storage devices being backed by the non-transitory
storage devices, ones of the logical storage devices being grouped together in a storage group, each storage group being associated
with a service level objective, where the data storage system includes multiple storage groups; and

a data movement engine configured to:
calculate a projection of extents of data into ones of the storage tiers to improve satisfaction of the service level objectives
of the storage groups while maintaining stable system performance, the projection based on a calculation for each extent comprising:

expected activity of the extent;
an amount by which the storage group associated with the extent is missing its service level objective, and
a cost of more completely satisfying that service level objective of the storage group associated with the extent; and
allocate storage capacity in accordance with the calculated projections.

US Pat. No. 9,612,756

DATA STORAGE SYSTEM WITH PARALLEL HANDLING OF SUB-I/O REQUESTS FOR INDIVIDUAL HOST I/O REQUESTS

EMC IP Holding Company LL...

1. A method of operating a data storage system, comprising:
receiving a host I/O request from a host-side interface of the data storage system, the host I/O request specifying a range
of logical block addresses (LBAs) of a mapped logical unit (MLU) of storage presented to an external host computer by the
host-side interface, the MLU being mapped through a device-side interface to a plurality of underlying logical units of storage;

obtaining, in response to receiving the host I/O request, mapping information for a plurality of extents of the underlying
logical units of storage, the extents being mapped to respective sub-ranges of the range of LBAs, the host-side interface
being configured to transfer the extents during a subsequent transfer phase;

concurrently issuing to the device-side interface, using the mapping information, a plurality of sub-I/O requests for the
extents of the underlying logical units of storage, the device-side interface providing respective transfer initiation responses
for the sub-I/O requests to initiate transfer of the respective extents; and

receiving the transfer initiation responses from the device-side interface and forwarding the transfer initiation responses
to the host-side interface to cause the respective extents to be transferred by the host-side interface in the transfer phase,

wherein:
the extents have a logical order according to an address order of the respective sub-ranges of the range of LBAs, and the
host-side interface is configured to transfer the extents in the logical order during the transfer phase;

the transfer initiation responses are returned in an initial order independent of the logical order of the respective extents;
and

forwarding the transfer initiation responses includes selectively re-ordering the transfer initiation responses as necessary
to provide the transfer initiation responses to the host-side interface in the logical order of the respective extents,

and wherein selectively re-ordering the transfer initiation responses includes:
detecting an out-of-order transfer initiation response for one of the extents, the one extent being preceded in the logical
order by a preceding extent for which a transfer initiation response has not yet been received;

refraining from forwarding the out-of-order transfer initiation response to the host-side interface;
at a later time when the transfer initiation response for the preceding extent has been received and forwarded to the host-side
interface, re-issuing the sub-I/O request for the one extent to the device-side interface, the device-side interface subsequently
providing a second transfer initiation response for the re-issued sub-I/O request; and

receiving the second transfer initiation response from the device-side interface and forwarding the second transfer initiation
response to the host-side interface to cause the one extent to be transferred by the host-side interface in the transfer phase.

US Pat. No. 9,600,377

PROVIDING DATA PROTECTION USING POINT-IN-TIME IMAGES FROM MULTIPLE TYPES OF STORAGE DEVICES

EMC IP Holding Company LL...

1. A method comprising:
receiving a user protection policy which determines parameters for snapshots stored at a first storage device and a second
storage device;

storing, at the first storage device, snapshots of a first volume in accordance with the user protection policy;
sending a portion of the snapshots of the first volume from the first storage device to the second storage device in accordance
with the user protection policy, wherein the snapshots stored at the second storage device have less granularity than the
snapshots stored at the first storage device;

receiving a request to restore data of the first volume to a first point-in-time;
in response to receiving the request, determining if the data at the first point-in-time is stored at the first storage device
or at the second storage device;

restoring the data of the first volume at the first point-in-time by using a journal and a first snapshot of the first volume
stored at the first storage device if the data is stored at the first storage device; and

restoring the data of the first volume at the first point-in-time by using a second snapshot of the volume stored at the second
storage device if the data is stored at the second storage device and not stored at the first storage device.

US Pat. No. 9,542,326

MANAGING TIERING IN CACHE-BASED SYSTEMS

EMC IP Holding Company LL...

1. A method for use in managing tiering in a cache-based system, wherein the cache-based system comprises a first data storage
tier and a second data storage tier configured such that the performance characteristics associated with the second tier is
superior to the performance characteristics associated with the first tier, further wherein the cache-based system comprises
a cache separate to the first and second tiers, still further wherein a data group is stored on the first data storage tier
and additionally comprises a number of data units associated with the data group that are stored in cache and the first data
storage tier, the method comprising:
collecting cache activity data in connection with the number of data units stored in the cache;
collecting non-cache activity data in connection with the data group stored on the first data storage tier, wherein the data
group stored on the first data storage tier comprises a plurality of data units including the number of data units that are
stored in cache and the first data storage tier;

determining a temperature of the data group based on the cache activity data in combination with the non-cache activity data,
wherein the cache activity data relates to activity in connection with the number of data units stored in the cache, further
wherein the non-cache activity relates to activity in connection with the data group stored on the first data storage tier;
and

based on the determined temperature of the data group, the number of data units stored in cache that are associated with the
data group and the performance characteristics associated with the second data storage tier, determining to migrate the data
group from the first data storage tier to the second data storage tier.

US Pat. No. 9,529,545

MANAGING DATA DEDUPLICATION IN STORAGE SYSTEMS BASED ON STORAGE SPACE CHARACTERISTICS

EMC IP Holding Company LL...

1. A method for use in managing data deduplication in storage systems based on storage space characteristics, the method comprising:
receiving a request to deduplicate a data object;
identifying a candidate data object for deduplicating the data object;
evaluating characteristics of storage tiers on which the data object and the candidate data object reside, wherein the data
object resides on a first storage tier and the candidate data object resides on a second storage tier, wherein a data storage
system includes the first storage tier and the second storage tier configured such that performance characteristics associated
with the first storage tier are different from performance characteristics associated with the second storage tier; and

based on the evaluating, selecting a master deduplicated copy from a group consisting of the data object and the candidate
data object, wherein the data object is selected as the master deduplicated copy upon determining that performance characteristics
associated with the first storage tier are higher than performance characteristics associated with the second storage tier,
wherein the candidate data object is selected as the master deduplicated copy upon determining that performance characteristics
associated with the second storage tier are higher than performance characteristics associated with the first storage tier;
and

based on the selecting, applying a deduplicating technique to the data object and the candidate data object, wherein the data
object is deduplicated to the candidate data object by updating mapping information of the data object to point to the candidate
data object upon selection of the candidate data object as the master deduplicated copy, wherein the candidate data object
is deduplicated to the data object by updating mapping information of the candidate data object to point to the data object
upon selection of the data object as the master deduplicated copy.

US Pat. No. 9,612,734

RANDOM ACCESS BROWSER SCROLLING FOR LARGE PAGES

EMC IP Holding Company LL...

1. A method, performed by a computing device, of rendering a document in a graphical user interface (GUI) window of a display
device, the document having a plurality of equally-spaced records, the method comprising:
loading into system memory of the computing device a set of records of the plurality of equally-spaced records which are to
be visible in the GUI window;

placing the loaded set of records within a dynamic markup page for display within the GUI window;
placing a container within the dynamic markup page, the container representing non-visible records of the plurality of equally-spaced
records, the container having a height representative of a combined height of the represented non-visible records; and

displaying, on the display device, a scroll bar adjunctive to the GUI window, the scroll bar allowing a user of the computing
device to scroll to any arbitrary position in the document for display within the GUI window;
wherein:
the loaded set of records are at a beginning of the plurality of equally-spaced records within the document, the non-visible
records following the loaded set of records within the document;

placing the container within the dynamic markup page includes placing the container in a location of the dynamic markup page
following the loaded set of records;

displaying the scroll bar includes displaying a slider of the scroll bar, the slider being positioned at a topmost position
of the scroll bar;

placing the container within the dynamic markup page further includes setting the height of the container to be equal to a
number of the non-visible records multiplied by a record height, the number of the non-visible records being equal to the
plurality minus a size of the loaded set of records, the record height being a height in pixels corresponding to the equal-spacing
of the plurality of records within the document;

the method further comprises:
receiving a scroll command from the user via the scroll bar indicating that the user wishes to scroll down through the document;
loading into system memory additional records of the document following the loaded set of records, there being exactly n additional
records;

displaying a new set of records within the GUI window, the new set of records including at least one record of the additional
records;

modifying the container within the markup page to have a shorter height, the shorter height equaling the height minus a product
of n and the record height;

redisplaying the scroll bar adjunctive to the GUI window, the redisplayed scroll bar having the slider positioned at a position
below the topmost position of the scroll bar; and

periodically evaluating whether the user has scrolled the slider of the scroll bar to a position indicating that the user
wishes to see records of the document that are not loaded within system memory;

loading the additional records, displaying the new set of records, modifying the container, and redisplaying the scroll bar
are performed in response to an evaluation that the user has scrolled the slider of the scroll bar to a position indicating
that the user wishes to see records of the document that are not loaded within system memory, the evaluation having been performed
as part of the periodically evaluating; and

periodically evaluating is performed at periodic intervals of one second.

US Pat. No. 9,614,829

DEAUTHENTICATION IN MULTI-DEVICE USER ENVIRONMENTS

EMC IP Holding Company LL...

1. A method comprising:
establishing secure communications with at least a subset of a plurality of user devices associated with a particular user;
generating an exclusive authentication token for utilization by each of the plurality of user devices to unlock secure functionality
associated with that device;

providing the exclusive authentication token to only a subset of the plurality of user devices at a given time; and
forcing deauthentication of any of the plurality of user devices that do not currently have possession of the exclusive authentication
token;

wherein the establishing, generating, providing and forcing are performed by a deauthentication server implemented by at least
one processing device comprising a processor coupled to a memory;

wherein the deauthentication server in conjunction with forcing deauthentication of any of the plurality of user devices that
do not currently have possession of the exclusive authentication token causes each such user device to perform a lock operation
that limits subsequent access to that user device by unauthenticated users; and

wherein providing the exclusive authentication token to only a subset of the plurality of user devices at a given time comprises:
retrieving the exclusive authentication token from one of the user devices; and
providing the exclusive authentication token to another of the user devices.

US Pat. No. 9,537,705

GLOBAL SPACE REDUCTION GROUPS

EMC IP Holding Company LL...

1. A method for storing data, comprising:
receiving information about a plurality of clients;
grouping clients into client groups based on the information, wherein the client groups have an intermittent connection to
an intermediate shared server, said intermediate shared server comprising an intermediate shared storage;

asynchronously receiving deduplicated data from a client group on the intermediate shared server, wherein the data is received
at a time convenient for the client group;

deduplicating the data a second time on the intermediate shared server;
storing the data in the intermediate shared storage as non-volatile data;
transferring the data to a server; and
storing the data in a server storage, wherein the stored data includes only single instance data.

US Pat. No. 9,516,112

SENDING ALERTS FROM CLOUD COMPUTING SYSTEMS

EMC IP Holding Company LL...

1. A method for sending an alert message from a cloud computing system to an external system, comprising:
collecting at least one alert for the cloud computing system;
determining a time for sending the at least one alert as an alert message to the external system;
determining a transmission type of the alert message;
preparing the alert message according to the transmission type;
determining whether the alert message is transmissible in unaltered form according to the determined transmission type;
after determining that the alert message is not transmissible in unaltered form according to the determined transmission type
partitioning the alert message into a plurality of partitioned messages, wherein each of the partitioned messages is independent;
and

sending the plurality of partitioned messages to the external system.

US Pat. No. 9,507,887

ADAPTIVE TECHNIQUES FOR WORKLOAD DISTRIBUTION ACROSS MULTIPLE STORAGE TIERS

EMC IP Holding Company LL...

1. A method for performing data storage optimizations comprising:
determining a reserved workload for a first of a plurality of storage tiers, each of the plurality of storage tiers characterized
by a set of one or more attributes, wherein said first storage tier includes performance characteristics which are any of
incomplete, unknown, and unable to be predictively modeled for various workloads, said plurality of storage tiers including
the first tier and a remaining set of one or more additional storage tiers;

modeling performance of a first workload distributed among the remaining set of storage tiers, wherein said first workload
represents a total workload less the reserved workload;

determining one or more data movements in accordance with said modeling, each of said one or more data movements moving a
data portion from a first physical device of one of the plurality of storage tiers to a second physical device of another
of the plurality of storage tiers; and

performing at least a first of the one or more data movements that moves a data portion between two of the plurality of storage
tiers, and wherein said determining the reserved workload further comprises:

selecting a second storage tier from the remaining set, wherein said second storage tier is ranked as having a minimum classification
ranking of all storage tiers in the remaining set; and

determining a difference between a first average observed response time for the first storage tier and a modeled average response
time for the second storage tier.

US Pat. No. 9,501,544

FEDERATED BACKUP OF CLUSTER SHARED VOLUMES

EMC IP HOLDING COMPANY LL...

1. A method for backing up a clustered server environment, the method comprising:
initiating a backup process on a master node in a cluster, the master node comprising at least a first active workload;
identifying a slave node in the cluster for the backup process, the slave node comprising at least a second active workload,
the first active workload being different than the second active workload;

creating consecutive backups of the master node and the slave node by:
updating a first set of data files associated with the first active workload on a cluster shared volume and taking a first
snapshot of the cluster shared volume; and

updating, in response to the first snapshot being taken, a second set of data files associated with the-second active workload
on the cluster shared volume and taking a second snapshot of the cluster shared volume; and

storing the backups of the first active workload residing on the master node and the second active workload residing on the
slave node to a backup location.

US Pat. No. 10,349,550

GUIDERAIL FOR A CABINET, CHASSIS AND CABINET

EMC IP Holding Company LL...

1. A guiderail (1) for use in a cabinet (100), the guiderail (1) being constructed and arranged to mount in the cabinet (100) and to support a chassis (2) which can accommodate storage processing units (3) with different dimensions, the guiderail (1) comprising:a main body part (10) for supporting the chassis (2) when the chassis (2) is inserted in the cabinet (100) along the guiderail (1); and
an extended part (20) for fixing the storage processing units (3) extending from the chassis (2), wherein the extended part extends beyond the main body part.

US Pat. No. 9,558,200

CAPACITY FORECASTING FOR A DEDUPLICATING STORAGE SYSTEM

EMC IP Holding Company LL...

1. A system for managing a storage system, comprising:
a memory storing instructions; and
a processor coupled to the memory to execute the instructions from the memory, the processor being configured to:
receive storage system information from a deduplicating storage system that comprises one or more storage units;
in response to the storage system information satisfying generation criteria including the deduplicating storage system capacity
being above a threshold, determine a storage capacity forecast using a regression analysis based at least in part on fitting
a predictive model to historical data of storage capacity usage included in the storage system information, wherein the regression
analysis includes selecting, from a plurality of regressions, a best fitting regression based on an R-squared value to forecast
a capacity threshold date for each of the storage units, wherein the capacity threshold date forecasts a date the storage
unit reaches a total storage capacity threshold;

wherein the historical data of storage capacity usage includes data corresponding to total storage capacity used on particular
days of a week, and the predictive model includes a first predictive model for a first day of the week and a second predictive
model, different from the first predictive model, for a second day of the week; and

in response to the storage capacity forecast satisfying a preset capacity criteria, manage files stored on at least one of
the one or more storage units based at least in part on one or more file management policies and a ranked list the one or
more storage units, wherein the ranked list is ranked according to the forecasted capacity threshold date of the storage unit.

US Pat. No. 9,515,996

DISTRIBUTED PASSWORD-BASED AUTHENTICATION IN A PUBLIC KEY CRYPTOGRAPHY AUTHENTICATION SYSTEM

EMC IP Holding Company LL...

1. A method comprising:
storing in a plurality of servers of an authentication system respective shares of a private key;
receiving in the authentication system a message comprising a password encrypted using a public key corresponding to the private
key; and

performing distributed password-based authentication in the authentication system based at least in part on the encrypted
password utilizing the shares of the private key stored in the respective servers;

wherein the message comprises a request message formatted in accordance with a Kerberos PKINIT protocol extension that has
been modified to support password-based authentication by configuring the request message to include a message element that
incorporates the encrypted password;

wherein an unmodified version of the Kerberos PKINIT protocol extension is configured to utilize public key signatures as
a mechanism for authentication;

wherein the request message comprises an (a, b, c)-formatted authentication service request message of the Kerberos PKINIT
protocol extension that has been modified to incorporate the encrypted password;

wherein the modified (a, b, c)-formatted authentication service request message of the Kerberos PKINIT protocol extension
comprises a modified authentication service request message ASREQ*=(a, b*, c), where message elements a and c are the same as in an unmodified authentication service request message ASREQ and message element b* incorporates the encrypted password; and

wherein the method is implemented by at least one processing device comprising a processor coupled to memory.

US Pat. No. 9,501,226

I/O PERFORMANCE QUOTAS

EMC IP Holding Company LL...

1. A method, of controlling I/O operations with a storage device, comprising:
establishing a quota that corresponds to a maximum amount of data to store on the storage device in a given amount of time
for at least one of a plurality of storage groups corresponding to a group of logical volumes accessing the storage device
via particular ports of the storage device, wherein the quota is set and enforced using the particular ports of the storage
device corresponding to the at least one of a plurality of storage groups;

determining if processing an I/O operation at the particular ports would cause the quota to be exceeded;
performing the I/O operation if the quota is not exceeded;
incrementing a credit value in response to there not being an I/O operation to perform, wherein the credit value is incremented
by an amount corresponding to an amount of quota that would have been used had there been an I/O operation; and

performing I/O operations when the quota is exceeded in response to the credit value being greater than zero.

US Pat. No. 9,918,296

METHOD AND DEVICE FOR POSITIONING

EMC IP Holding Company LL...

1. A method of positioning, comprising:
capturing, by image capturing equipment of a portable device, a visually encoded tag in an environment;
decoding the visually encoded tag to obtain an identification for generating the visually encoded tag;
determining a location of the portable device in the environment by querying a predefined library using the identification,
the library recording correspondences between a set of identifications for generating visually encoded tags and a set of locations
in the environment;

determining a destination location from the portable device;
presenting, on the portable device, navigation information for moving from the location of the portable device to the destination
location;

determining an angle at which the image capturing equipment has captured the visually encoded tag;
obtaining, from the library, orientation information of the visually encoded tag in the environment; and
determining, based on the angle and the orientation information of the visually encoded tag, an orientation of the portable
device in the environment.

US Pat. No. 9,594,803

PARALLEL PROCESSING DATABASE TREE STRUCTURE

EMC IP Holding Company LL...

1. A method for executing queries in a parallel processing database system, comprising:
receiving a query at a master node, the master node comprising a database catalog including metadata;
deriving a plurality of query plans based at least in part on the query;
transmitting, to a plurality of worker nodes, corresponding ones of the plurality of query plans and associated query metadata,
wherein the query metadata includes information used in connection with executing the query plans; and

in the event that additional metadata is needed in connection with executing one of the plurality of query plans, receiving
a request for additional metadata corresponding to the query plan for which additional metadata is needed, wherein a parent
node is queried for the additional metadata, the parent node comprising a metadata cache, and in the event that the parent
node does not comprise the additional metadata, successive ancestor nodes are queried until the additional metadata is found
or until all successive ancestor nodes have been queried.

US Pat. No. 9,588,565

METHOD AND APPARATUS FOR DATA PROTECTION ON EMBEDDED FLASH DEVICES DURING POWER LOSS EVENTS

EMC IP Holding Company LL...

1. A method comprising:
monitoring, by a controller, signal activity of data being written to a data storage drive, by reading signals from a data
link of the data storage drive, and monitoring an input voltage of a primary power source for the data storage drive, the
data storage drive comprising a volatile cache memory and a nonvolatile storage medium and providing data storage for a data
storage system, wherein at times data is stored in the volatile cache memory for destaging to the data storage drive nonvolatile
storage medium;

detecting, by a comparator of the controller, an anomaly in the monitored signal activity wherein the anomaly comprises a
lack of signal activity of data being written to the data storage drive and a drop in the input voltage of the primary power
source that is indicative of a power loss of the primary power source, wherein if data is not being written to the data storage
drive, a power failure anomaly is detected;

based upon the detected anomaly, triggering destaging of data from the data storage drive volatile cache memory to the data
storage drive nonvolatile storage medium, and disconnecting a communication bus coupled to the data storage drive.

US Pat. No. 9,516,059

USING MOCK TOKENS TO PROTECT AGAINST MALICIOUS ACTIVITY

EMC IP Holding Company LL...

1. A method of fraud protection, the method comprising:
providing a first mock token to first suspected fraudster equipment in response to a first phishing attempt, the mock token
appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate token is provided to the
first suspected fraudster equipment in response to the first phishing attempt, and storing the first mock token in a first
database entry associated with the legitimate user and the first suspected fraudster;

providing a second mock token to a second suspected fraudster equipment in response to a second phishing attempt, the mock
token appearing to be a legitimate user token that identifies a legitimate user, wherein no legitimate token is provided to
the second suspected fraudster equipment in response to the second phishing attempt, and storing the second mock token in
a second database entry associated with the legitimate user and the second suspected fraudster;

subsequent to providing the first and second mock tokens, receiving, from suspected fraudster equipment, an authentication
request which includes one of the first and second mock tokens stored in the database, thereby identifying the suspected fraudster
equipment as a true fraudster; and

in response to receiving the authentication request which uses the mock token from the true fraudster, performing a set of
authentication server operations to protect against future activity by the true fraudster;

wherein each legitimate token is derived from a secret seed uniquely associated with a corresponding legitimate user account;
wherein providing the first mock token to the first suspected fraudster equipment in response to the first phishing attempt
includes providing log-in information falsely appearing to allow access to a legitimate user account; and

wherein the method further includes performing an authentication operation which detects an attempt to use of one of the first
and second mock tokens to prove authorization to access the legitimate user account; and

wherein performing the set of authentication server operations further includes performing a remedial operation in response
to detected use of the mock token,

wherein performing the remedial operation in response to detected use of one of the first and second mock tokens includes:
outputting a message to a set of authentication servers, the message identifying the fraudster equipment as a source of malicious
activity,

wherein the set of authentication servers includes a plurality of authentication servers which each control access to protected
resources.

US Pat. No. 10,149,415

ELECTROMAGNETIC RADIATION SHIELDING ENHANCEMENT FOR EXPANSION CARD ENCLOSURES

EMC IP HOLDING COMPANY LL...

1. A system, comprising:a conductive column that forms a first longitudinal side of an opening in a device housing card enclosure; and
a planar spring contact electrically coupled to the conductive column and that facilitates electrical contact between the conductive column and a first longitudinal side edge of a backplate surface panel of a backplate of an expansion card when the expansion card is inserted in the device housing card enclosure, wherein the planar spring contact deforms to force a second longitudinal side edge of the backplate surface panel in a first planar direction, relative to a plane of the backplate surface panel of the backplate, into an opposing shielding conductor that opposes the second longitudinal side edge of the backplate surface panel.

US Pat. No. 9,613,192

FLEXIBLE LICENSING ARCHITECTURE

EMC IP Holding Company LL...

1. A method of operating a computing device configured to run a particular software product, the software product including
a set of features, the method comprising:
upon a boot of the computing device, performing an analysis of a system configuration of the computing device, the analysis
producing values of a set of system configuration parameters;

storing the values of the set of system configuration parameters in a system configuration database;
upon receiving a command to run the particular software product, extracting the values of the system configuration parameters
from the system configuration database; and

for each feature of the set of features, performing an activation decision operation on that feature based on values of the
system configuration parameters, the activation decision operation resulting in one of a decision to activate that feature
and not activating that feature;
wherein:
the software product supports a storage system, a system configuration parameter of the software product being a platform
for the storage system, the platform indicating whether the storage system offers block-level services or a combination of
block-level and file-level services for making storage visible over a network; and

performing the activation decision operation on that feature based on values of the system configuration parameters includes
basing the activation decision on the platform of the storage system.

US Pat. No. 9,585,442

ZIP-LOCKER SYSTEM AND APPARATUS

EMC IP Holding Company LL...

1. A system comprising:
a zip-locker comprising a first portion and a second portion configured to fasten to an interconnect, at least one of the
first portion and the second portion having ratchet teeth formed an extending longitudinally on an outer surface thereof;
and

a zip-locker receiver, configured to ratchetably receive the zip-locker, comprising an aperture and a pawl disposed within
the aperture configured to complement and cooperate with the ratchet teeth of the zip-locker to prevent removal of the zip-locker
from the aperture of the zip-locker receiver at times the pawl of the zip-locker receiver is engaged with the ratchet teeth
of the zip-locker,

wherein the aperture comprises a flexible first arm and a flexible second arm configured to enable removal of the zip-locker
from the aperture, the flexible first arm and the flexible second arm configured to flex outward from a center of the aperture
upon application of a removal force to the zip-locker receiver, thereby enabling removal of the zip-locker from between the
flexible first arm and the flexible second arm.

US Pat. No. 9,588,703

METHOD AND APPARATUS FOR REPLICATING THE PUNCH COMMAND

EMC IP Holding Company LL...

1. A method comprising:
receiving, at a data protection appliance at a replication site, a punch command sent from a data protection appliance at
a production site, the punch command sent by the data protection appliance at the production site regardless of whether storage
at the replication site supports the punch command;

writing the punch command received from the data protection appliance at the production site in a journal at the replication
site;

applying, by the data protection appliance at the replication site, the punch command to storage at the replication site,
wherein the storage at the replication site comprises a thin logical volume, wherein the punch command is applied by the data
protection appliance at the replication site in response to the punch command received from the data protection appliance
at the production site, comprising:

determining whether the punch command is supported by the thin logical volume at the replication site prior to sending the
punch command to the thin logical volume at the replication site;

if the punch command is supported by the thin logical volume at the replication site, sending the punch command to the thin
logical volume at the replication site to free data from the storage; and

if the punch command is not supported by the thin logical volume at the replication site, sending a command to the thin logical
volume at the replication site to write zeros to a portion of the thin logical volume at the replication site indicated by
the punch command to free data from the storage; and

writing data being freed from the storage at the replication site to an undo stream of the journal at the replication site
in response to the punch application.

US Pat. No. 9,600,487

SELF HEALING AND RESTARTABLE MULTI-STEAM DATA BACKUP

EMC IP HOLDING COMPANY LL...

1. A method comprising:
receiving a multi-stream backup request associated with a dataset;
establishing a first session and a second session among a set of sessions;
associating a first stream identifier with the first session and a second stream identifier with the second session;
dynamically assigning sessions among the set of sessions with an upstream neighbor and a downstream neighbor based at least
in part on associated stream identifiers, wherein each session in the set of sessions has one upstream neighbor and one downstream
neighbor;

splitting the dataset into a first segment and a second segment among a set of segments based on sequential hash values, wherein
segments in the set of segments are associated with at least a segment identifier, a starting hash value, and an ending hash
value;

storing at least the segment identifier, the starting hash value, and the ending hash value for segments in the set of segments
in a segment location table;

assigning the first segment to the first session and the second segment to the second session;
in parallel, streaming the first segment by the first session to a first backup storage drive among a set of backup storage
drives and the second segment by the second session to a second backup storage drive among the set of backup storage drives,
wherein the streaming is based on tree-walking a segment, and wherein the tree-walking the segment is based on sequential
hash values of the segment; and

in response to streaming an entirety of a segment among the set of segments by a session among the set of sessions:
communicating among sessions in the set of sessions that the segment cannot be split; and
requesting a new segment by the session from at least one of the upstream neighbor of the session or the downstream neighbor
of the session.

US Pat. No. 9,596,292

CLIENT-SIDE SCRIPTS IN A SERVICE-ORIENTED API ENVIRONMENT

EMC IP Holding Company LL...

1. A method of processing data, comprising:
sending, from a client, a service request to a service, wherein fulfillment of the service request by the service requires
configuration at the client to comply with one or more requirements associated with a policy;

receiving, at the client, a communication from the service that includes a script sent by the service in response to the service
request, wherein the service is configured to include the script in the communication based at least in part on a determination
that fulfillment of the service request requires client configuration to comply with the one or more requirements associated
with the policy, and wherein the script is configured to determine, when executed, whether client configuration complies with
the one or more requirements associated with the policy; and

executing the script at the client to determine whether the configuration at the client complies with the one or more requirements
associated with the policy.

US Pat. No. 9,501,488

DATA MIGRATION USING PARALLEL LOG-STRUCTURED FILE SYSTEM MIDDLEWARE TO OVERCOME ARCHIVE FILE SYSTEM LIMITATIONS

EMC IP Holding Company LL...

1. A method for migrating a data file from a first storage tier to an archive storage tier, wherein said data file exceeds
one or more of performance limitations and capacity limitations of the archive storage tier, said method comprising:
writing said data file from said first storage tier to a plurality of sub-files on said archive storage tier using a parallel
log-structured file system middleware process that employs a write thread for each sub-file, wherein said parallel log-structured
file system middleware process executes on at least one processing device between said first storage tier and said archive
storage tier, wherein each of said plurality of sub-files satisfy said performance and capacity limitations of the archive
storage tier; and

storing said plurality of sub-files to the archive storage tier using said parallel log-structured file system.

US Pat. No. 9,626,305

COMPLEMENTARY SPACE REDUCTION

EMC IP HOLDING COMPANY LL...

1. A method for storing data, comprising:
using a first data deduplication method to space reduce data in a client;
transmitting the first deduplicated data from a client to an intermediate shared storage at a time convenient for the client;
storing the data in the intermediate shared storage as non-volatile data, wherein the intermediate shared storage includes
data from other clients;

using a global data deduplication method at the intermediate shared storage to space reduce data from both the client and
the other clients into a second deduplicated data;

transferring the second deduplicated data to a server; and
storing the data in a server storage, wherein the stored data includes only single instance data.

US Pat. No. 9,594,849

HYPOTHESIS-CENTRIC DATA PREPARATION IN DATA ANALYTICS

EMC IP Holding Company LL...

1. A method comprising:
obtaining at least one hypothesis associated with one or more data analytics tasks;
extracting one or more data sets, relevant to the hypothesis, from one or more data sources, wherein relevance to the hypothesis
is determined by one or more selected analytical methods, and wherein extracting the one or more data sets comprises utilizing
natural language processing to determine the one or more data sets relevant to the hypothesis;

generating one or more modified data sets, wherein generating the one or more modified data sets comprises transforming the
one or more extracted data sets by performing one or more transformation operations based on:

one or more characteristics of the hypothesis;
transformation history data maintained in a transformation history data store; and
one or more privacy constraints associated with the one or more data analytics tasks, wherein the one or more privacy constraints
specify one or more data access policies, and wherein the one or more data access policies are associated with respective
presentations of the modified data sets;

updating the transformation history data based on the one or more transformation operations performed on the one or more extracted
data sets;

generating a data analytic computing environment, wherein generating the data analytic computing environment comprises provisioning
an amount of computing resources based on one or more attributes of the one or more modified data sets, and wherein the provisioned
computing resources comprise execution components of physical and virtual computing resources; and

implementing the one or more modified data sets in the data analytic computing environment;
wherein the above steps are performed on one or more processing elements associated with a data analytics automation and provisioning
computing system.

US Pat. No. 9,588,685

DISTRIBUTED WORKFLOW MANAGER

EMC IP Holding Company LL...

1. A computer-executable method for orchestrating a workflow, including one or more steps, for provisioning a data service
on a data storage system, the data storage system including one or more sub-systems, the computer-executable method comprising:
orchestrating the execution of the workflow on the data storage system by:
analyzing the workflow to determine a dependency of each of the one or more steps for provisioning the data service wherein
analyzing includes detecting whether one or more portions of the workflow are enabled to be executed serially or in parallel;
and

based on the dependency of each of the one or more steps, scheduling the one or more steps for execution on the one or more
sub-systems of the data storage system, wherein a first step of the one or more steps scheduled on a first sub-system of the
one or more sub-systems is executed serially with a second step of the one or more steps scheduled on the first sub-system;

determining, at a sub-system of the sub-systems receiving a step of the one or more steps, whether to create a workflow based
on the step;

wherein the data storage system is enabled to dynamically add one or more steps to the workflow to enable the data storage
system to roll back one or more portions of the workflow.

US Pat. No. 9,569,367

CACHE EVICTION BASED ON TYPES OF DATA STORED IN STORAGE SYSTEMS

EMC IP Holding Company LL...

1. A computer-implemented method for improving cache utilization, the method comprising:
in response to receiving a request to store data, storing the data in one of a plurality of cache slots of a cache;
after storing the data, setting a status of the cache slot as write pending (WP) to indicate that the cache slot contains
data which needs to be written to a corresponding destination storage device;

determining an eviction type of the cached data based on whether the destination storage device is a local storage device
or a remote storage device, wherein the eviction type includes one of a normal eviction type and an immediate eviction type,
and the eviction type is determined to be an immediate eviction type if the destination storage device is a remote storage
device;

after copying data from the cache slot to the corresponding destination storage device, marking the cache slot with the determined
eviction type; and

in response to receiving another request to store data, evicting at least one of the cache slots according to an eviction
schedule determined based on the corresponding eviction type, wherein a cache slot with the immediate type is evicted prior
to a cache slot with the normal eviction type.

US Pat. No. 9,542,401

USING EXTENTS OF INDIRECT BLOCKS FOR FILE MAPPING OF LARGE FILES

EMC IP HOLDING COMPANY LL...

1. A method of operating a file server, the file server having data storage storing a file system, a data processor coupled
to the data storage for access to files in the file system, and non-transitory computer readable storage medium coupled to
the data processor and storing computer instructions, each of the files having an inode containing file attributes including
an indication of whether file mapping metadata of said each of the files includes either an extent of contiguous indirect
blocks or a tree of blocks, so that some of the files in the file system are mapped by one or more extents of contiguous indirect
blocks, and some of the files in the file system are mapped by one or more trees of blocks, and the computer instructions,
when executed by the data processor, perform a write operation to write data to a specified offset in a logical extent of
a specified file in the file system by the steps of:
(a) reading the inode of the specified file to obtain an indication of whether the file is mapped at the specified offset
by either an extent of contiguous indirect blocks or a tree of blocks, and

(b) using the indication of whether the file is mapped at the specified offset by either an extent of contiguous indirect
blocks or a tree of blocks to obtain, from the file mapping metadata, a pointer to a data block for containing data at the
specified offset of the specified file, and

(c) using the pointer to write data to the data block for containing data at the specified offset in the logical extent of
the specified file.

US Pat. No. 9,594,822

METHOD AND APPARATUS FOR BANDWIDTH MANAGEMENT IN A METRO CLUSTER ENVIRONMENT

EMC IP Holding Company LL...

9. A system for data replication, the system comprising:
a hardware processor;
a virtual service layer;
a first site and a second site coupled to the virtual service layer;
a third site communicatively coupled to the first and second sites; and
computer-executable program logic is configured for execution of:
replicating an I/O at the first site;
replicating the I/O from the first site to the second site by synchronous replication;
determining a load balancing related to replication of the I/O from the first site and the second site to a third site;
determining the load balancing of the first site and the second site according to a logical distribution of resources at the
first site and the second site;

determining the load balancing of the first site and the second site according to respective effective bandwidths of respective
links between the first site and the third site and the second site and the third site;

replicating a first portion of the I/O from the first site to the third site by a first asynchronous replication according
to the load balancing; and

replicating a second portion of the I/O from the second site to the third site by a second asynchronous replication according
to the load balancing.

US Pat. No. 9,588,906

REMOVING CACHED DATA

EMC IP Holding Company LL...

1. A method for removing cached data, comprising:
determining an activeness associated with a plurality of divided lists;
ranking the plurality of divided lists according to the activeness of the plurality of divided lists;
removing a predetermined amount of cached data from the plurality of divided lists in accordance with the ranking of the plurality
of divided lists when the used capacity in the cache area reaches a predetermined threshold; and

wherein removing the predetermined amount of cached data from the plurality of divided lists according to the ranking of the
plurality of the divided lists comprises:

cyclically determining a first removable amount of each of the plurality of divided lists in an ascending order, beginning
with the plurality of divided list ranked the bottommost, wherein the first removable amount is associated with the number
of plurality of divided lists, a ranking position of each plurality of divided list, the predetermined amount and the currently
already-removed amount in the ranked plurality of divided lists; and

removing the first removable amount of cached data starting from the cached data ranked the bottommost in each of the plurality
of divided lists, until the predetermined amount of cached data is removed.

US Pat. No. 9,563,684

REPLICATION COOKIE

EMC IP HOLDING COMPANY LL...

1. A system for executing instructions at a replication site, wherein the replication site replicates IO sent to one or more
storage mediums at a production site, the system comprising:
the replication site; wherein the replication site includes a journal, replicated storage and a cookie manager; and
computer-executable logic operating in memory, wherein the computer-executable program logic is configured for execution of:
receiving a cookie at the replication site, the cookie enabled to contain executable instructions;
sending the cookie to the cookie manager; and
executing the executable instructions contained in the cookie via the cookie manager on the replication site wherein the computer-executable
program logic is further configured for execution of: storing the cookie in a journal on the replication site; identifying
the cookie in the journal; upon execution of the cookie: creating an inverse cookie representing executable instructions to
undo the executions contained in the cookie; and storing the inverse cookie in the journal.

US Pat. No. 9,529,885

MAINTAINING CONSISTENT POINT-IN-TIME IN ASYNCHRONOUS REPLICATION DURING VIRTUAL MACHINE RELOCATION

EMC IP HOLDING COMPANY LL...

1. A method comprising:
pausing write I/Os for a second virtual machine running at a second site;
generating a snapshot of a first virtual machine running at a first site after pausing the write I/Os for the second virtual
machine;

generating a second bookmark for the second virtual machine;
resuming the write I/Os for the second virtual machine after generating the second bookmark;
rolling a second journal for the second virtual machine to a point-in-time of the second bookmark; and
generating, at the first site, a second snapshot of the second virtual machine for the point-in-time of the second bookmark
using the second journal;

pausing write I/Os for the first virtual machine;
generating a snapshot of the second virtual machine after pausing the write I/Os for the first virtual machine;
generating a first bookmark for the first virtual machine after generating the snapshot of the second virtual volume;
resuming the write I/Os for the first virtual machine;
rolling a first journal for the first virtual machine to the first bookmark; and
generating, at the second site, a first snapshot of the first virtual machine for a point-in-time of the first bookmark using
the first journal.

US Pat. No. 9,626,328

METHOD AND SYSTEM FOR ON-DEMAND AGGREGATED LOGGING FOR DISTRIBUTED SYSTEMS

EMC IP Holding Company LL...

1. A system for on-demand aggregated logging for distributed systems, the system comprising:
a processor-based application executed on a computer and configured to:
receive, by an aggregating logger, an identification of a logging condition via a first user interface, the logging condition
corresponding to a problem associated with at least one of a plurality of distributed systems components;

send, by the aggregating logger, the logging condition to each logging element of a plurality of logging elements, each logging
element being executed on a corresponding one of the plurality of distributed systems components;

receive, by the aggregating logger, a local log from at least one logging element of the plurality of logging elements when
a determination is made by the at least one logging element that a local runtime condition matches the logging condition received
by the at least one logging element, the local log being supplemented with information that identifies the logging condition
received by the at least one logging element;

create, by the aggregating logger, an aggregated log based on the local log and the supplemented information; and
output, via a second user interface, the aggregated log that enables resolution of a problem associated with the plurality
of distributed systems components.

US Pat. No. 9,619,264

ANTIAFINITY

EMC IP HOLDING COMPANY LL...

1. A computer implemented method for recovering from a crash of a system being replicated, the method comprising:
determining the amount of recovery time for a set of consistency groups due to a crash of each of a set of hypervisors; wherein
the recovery time corresponds to amount of time to resynchronize data being replicated by the consistency group due to the
crash of each of the set of hypervisors; wherein each of the hypervisors runs one or more data replication elements selected
from a group consisting of a splitter and a replication appliance for the set of consistency group; wherein each of the splitters
and replication appliances replicates one or more volumes of the set of consistency groups containing one or more replication
sets; wherein the splitter intercepts IO written to one or more volumes and replicates a copy of the intercepted IO; wherein
a volume running in a crashed hypervisor being replicated before the crash to a data replication appliance in the crashed
hypervisor needs to be resynchronized; wherein a volume running in the crashed hypervisor being replicated to a data replication
appliance in a different hypervisor does not need to be resynchronized;

creating an assignment of the one or more volumes to the replication appliances for the set of consistency groups and creating
an assignment of one or more replication appliances to the set of hypervisors for the set of consistency groups to minimize
an amount of recovery time by minimizing the amount of data needed to be resynchronized for each consistency group; wherein
the assignment of the one or more volumes to the set of replication appliances denotes which replication appliance replicates
which of the one or more volumes; wherein the assignment of one or more replication appliances to the set of hypervisors denotes
which replication appliance runs on which hypervisor.

US Pat. No. 9,515,947

METHOD AND SYSTEM FOR PROVIDING A VIRTUAL NETWORK-AWARE STORAGE ARRAY

EMC IP HOLDING COMPANY LL...

1. A multi-tenant storage array device comprising:
a processor-based storage array manager component executed on a computer for storing and managing data associated with a plurality
of tenants, wherein the storage array manager component is configured to:

provide a plurality of storage entities on the storage array device, wherein each of the plurality of storage entities is
associated with a tenant of the plurality of tenants;

generate, within a network virtualization edge (NVE) node of the storage array device, a virtual network instance (“VNI”)
for each storage entity of the plurality of storage entities, wherein the VNI includes a virtual network identifier (“VNID”);

generate, within the NVE node of the storage array device, a virtual network tunnel endpoint (“VTEP”) for each storage entity
of the plurality of storage entities, wherein the generated VTEP connects the corresponding generated VNI with one or more
tenant side VNIs of one or more tenants associated with the storage entity, and wherein the generated VTEP connects the corresponding
generated VNI with the one or more tenant side VNIs via one or more corresponding tenant side VTEPs; and

encapsulate content relating to the storage entity with the VNID for presentation to a tenant system of the tenant associated
with the storage entity over a transport network via the generated VTEP.