WO2013071087A1 - Single sign on for cloud - Google Patents
Single sign on for cloud Download PDFInfo
- Publication number
- WO2013071087A1 WO2013071087A1 PCT/US2012/064425 US2012064425W WO2013071087A1 WO 2013071087 A1 WO2013071087 A1 WO 2013071087A1 US 2012064425 W US2012064425 W US 2012064425W WO 2013071087 A1 WO2013071087 A1 WO 2013071087A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication system
- user
- protocol
- consumer unit
- request
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
Definitions
- the present invention relates generally to a system for management of information technology systems.
- Cloud computing enables convenient, on-demand network access to a shared pool of configurable computing resources, for example, networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction.
- cloud computing provides computation, applications, data access, and storage services for the end-user.
- the end-user does not require knowledge of the physical location and configuration of the system that delivers the services.
- the end-user is able to pay for the computation, applications, data access, and storage services based on the amount of usage rather than having to purchase and manage dedicated computation, applications, data access, and storage resources.
- Clouds are developed as stand-alone platforms and include hardware and applications necessary to perform required services for the end-users.
- clouds are known as platforms.
- the term “cloud” for the purpose of this application also encompasses the term “platform.”
- the term “off-site cloud” is used to refer to a public cloud, which is a cloud that is accessible on the Internet.
- the term “in-house cloud” is used to refer to a private cloud, which is not generally accessible on the Internet.
- Examples of the services include software as a service (“SAAS”), platform as a service (“PAAS”), and infrastructure as a service (“IAAS”).
- SAAS software as a service
- PAAS platform as a service
- IAAS infrastructure as a service
- SAAS users pay a fee on a recurring basis to access and use specific applications.
- PAAS the user leases access to an entire platform, for example, a customer resource management platform.
- IAAS the user leases access to certain infrastructure, for example, a physical or virtual server with particular computational and/or storage capabilities.
- Clouds employ virtualization to perform tasks.
- the virtualization creates virtual machines running on the hardware, the virtual machines running applications.
- Each virtual machine has security features of some kind to give some users access to portions of the virtual machine but deny access to other users.
- each application running on a virtual machine has additional security to give some users access to portions of the application but deny access to other users.
- Some systems may have thousands of virtual machines, applications, and users. Further, one user may require access to thousands of virtual machines. This can make standard authentication impractical because of the large number of devices that users have to authenticate with. Further, differing operating systems and domains used by the user, the cloud infrastructure, and the virtual machines in the cloud, complicate the authorization and authentication process.
- tenants subscribe to services provided by a cloud provider.
- the tenants can be other organizations with their own identity management system.
- the tenants may want the cloud provider to use their own existing identity management system to authenticate their users instead of registering each of the tenant's users in the cloud provider's identity management system.
- a system for single sign on to a cloud comprises a cloud service provider and a tenant.
- the cloud service provider comprises a consumer unit and a portal.
- the consumer unit provides an interface for a user to connect to the cloud service provider.
- the portal provides a cloud service to the user, the portal comprising a first authentication system that issues a security token request and that is connected to the consumer unit.
- the tenant comprises the user and a second authentication system.
- the second authentication system signs the security token request.
- the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
- a system for single sign on to a cloud comprises a cloud service provider and a tenant.
- the cloud service provider comprises a consumer unit, a portal, and a first authentication system.
- the consumer unit provides an interface for a user to connect to the cloud service provider.
- the portal provides a cloud service to the user, the portal comprising a second authentication system connected to the consumer unit.
- the first authentication system connected to the consumer unit.
- the tenant comprises the user and a third authentication.
- the third authentication system connected to the user.
- the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
- the first authentication system is federated with the third authentication system.
- a method for single sign on to a cloud system is disclosed.
- a consumer unit of a cloud provider receiving a request from a user for a cloud service.
- the consumer unit requesting a portal to provide access to the cloud service based on the request from the user.
- a first authentication system of the portal requesting a security token from the consumer unit using a first protocol, the request by the first authentication system based on the request by the consumer unit.
- the consumer unit translating the security token request from the first protocol to a second protocol.
- the consumer unit requesting a second authentication system to sign the requested security token using the second protocol.
- the consumer unit receiving the signed security token.
- the consumer unit translating the signed security token from the second protocol to the first protocol.
- the consumer unit sending the signed security token to the portal using the first protocol.
- the portal providing the cloud service to the user based on the signed security token.
- a machine -readable tangible and non-transitory medium with information recorded thereon wherein the information, when read by a machine, causes the machine to perform the following steps.
- a consumer unit of a cloud provider receiving a request from a user for a cloud service.
- the consumer unit requesting a portal to provide access to the cloud service based on the request from the user.
- a first authentication system of the portal requesting a security token from the consumer unit using a first protocol.
- the request by the authentication system based on the request from the consumer unit.
- the consumer unit translating the security token request from the first protocol to a second protocol.
- the consumer unit requesting a second authentication system to sign the requested security token using the second protocol.
- the consumer unit translating the signed security token from the second protocol to the first protocol.
- the consumer unit sending the signed security token to the portal using the first protocol.
- the portal providing the cloud service to the user based on the signed security token.
- FIG. 1 illustrates a cloud system according to an embodiment.
- FIG. 2 illustrates another cloud system according to an embodiment.
- FIG. 3 illustrates yet another cloud system according to an embodiment.
- FIG. 4A-B illustrate how WS-Trust and WS-Policy are used along with different WS-* specifications implemented in the areas of Security, Reliability, and Transactions, according to an exemplary embodiment.
- FIG. 5 illustrates the programming model with WSIT according to an exemplary embodiment.
- FIG. 6 illustrates a method for the cloud portion of single sign on to a cloud provider according to an exemplary embodiment.
- FIG. 7 illustrates a method for the tenant portion of single sign on to a cloud provider according to an exemplary embodiment..
- FIG. 8 illustrates a general computer architecture according to an exemplary embodiment.
- FIG. 1 illustrates a cloud system 100.
- the cloud system 100 comprises a cloud service provider 102 and first and second tenants 120 that subscribe to the cloud service.
- the cloud service provider 102 comprises a portal 105 that comprises one or more portlets 110, a cloud service engine 115 that provides cloud services, and an authentication system 135.
- the tenants comprise users 125 that use the cloud and an authentication system 130.
- the tenants 120 may be, for example, companies, or departments in a company, and the users may be the employees of the company.
- the cloud service provider 102 and the tenants 120 may be on the same network or intranet. Alternatively, the tenants 120 may be connected to the cloud service provider 102 via the Internet.
- the authentication mechanisms of the tenant include, for example, Lightweight Directory Access Protocol (LDAP) and Active Directory Federation Services (ADFS).
- LDAP Lightweight Directory Access Protocol
- ADFS Active Directory Federation Services
- a user 125 authenticates with the authentication system 130 of the tenant.
- a user 125 also authenticates with the authentication system 135 of the portal.
- a separate authentication is further required for each portlet 110.
- the user 125 may provide numerous user names and passwords before using the cloud service.
- federated authentication system In a federated authentication system a common set of policies, practices, and protocols are put in place to manage the identity and trust among users and devices across organizations and domains.
- Identity federation enables users of one domain to access securely data or systems of another domain seamlessly, and without the need for completely redundant user administration. This process is known as Single sign on. Federation is enabled using open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use cases. Typical use-cases involve things such as cross-domain; web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management, and cross-domain user attribute exchange.
- ADFS provides such federated services using claims based authentication.
- a trusted authority issues a signed security token containing a set of claims (credentials) which is given to an application, for example the cloud service provider 102 for validation.
- the application will authenticate the user if the security token is valid and signed by a trusted issuer, for example, authentication system 130 of the tenant 120.
- Claims-based identity simplifies application development because applications using this type of authentication do not have to verify all the credentials presented by the user. Instead letting the issuer to deal with all security issues involved eases the process of integration, migration, merger, federation, or building cloud applications.
- Single sign on has many benefits.
- Single sign on reduces the time taken by users in sign-on operations to individual domains and reduces the possibility of such sign on operations failing.
- Single sign on improves security through the reduced need for a user to handle and remember multiple sets of authentication information.
- Single sign on reduces the time taken, and improves the response, by system administrators to add and remove users to the system or modify the rights of the users.
- Single sign on improves security through the enhanced ability of system administrators to maintain the integrity of the user account configuration including the ability to inhibit or remove an individual user from having access to all system resources in a coordinated and consistent manner.
- authentication system 135 of the portal 105 and portlets 110 are a federated authentication system, for example, ADFS
- the authentication system of the tenant 120 is a compatible federated authentication system, for example, ADFS
- authentication at the portal can be performed by using tokens 150 provided by the authentication system 130.
- the tokens 150 are gathered from the authentication system 130 by the authentication system 135 without the need for the user 125 to provide additional user names or passwords.
- the authentication system 130 will only provide the tokens if the user 125 has previously authenticated with the authentication system 130.
- a federated, claims based architecture based on an ADFS system with the authentication system 135 acting as a federate Security Token Service (STS) and authentication system 130 acting as a federated Identity Provider would enable single sign on.
- STS federate Security Token Service
- STS federate Security Token Service
- the authentication systems 130 and 135 are not compatible, and, thus, it is difficult to implement a single sign on.
- FIGS. 2 and 3 illustrate cloud systems 200 and 300 that overcome the compatibility issues of the authentication systems 130 and 135.
- Both systems 200, 300 include a consumer unit 245, 345 that provides an interface between different authentication systems.
- the consumer communicates directly with an authentication system of tenants 220.
- the consumer communicates with a cloud authentication system 355 within the cloud that is compatible with and federated to an authentication system of the tenants 320.
- Both the systems 200 and 300 provide single-sign-on for the users 225, 325 of the tenants 220, 320 using federated identity management.
- the cloud system 200 comprises cloud service provider 202 and first and second tenants 220 that subscribe to the cloud service.
- the cloud service provider 202 comprises a cloud portal 205 that further comprises many portlets 210, a cloud service engine 215 that provides cloud services, and an authentication system 235.
- the tenants comprise users 225 that use the cloud, and an authentication system 230.
- the cloud system 200 further comprises the consumer unit 245.
- the consumer unit 245 forms a mediator between the authentication system 230 and the authentication system 235.
- a user 225 needing to use the cloud service engine 215 contacts the consumer unit 245.
- the consumer unit 245 in turn contacts the authentication system 235 of the portal 205.
- a user 225 authenticates with the authentication system 230 of the tenant.
- the user 225 may provide a user name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 230.
- the user 225 contacts the consumer unit 245 with an access request 260 for a cloud service.
- the consumer unit 245 contacts the authentication system 235 of the portal 205 and requests access to one of the portlets 210.
- the authentication system 235 responds by requesting a specific form of token for the user 225.
- the consumer unit 245 identifies the tenant to which the user 225 belongs, and contacts the authentication system 230 of that tenant.
- the consumer unit 245 issues a token request 249 to request the specific form of token 250 from the authentication system 230.
- the authentication system 230 checks that the user is authenticated for the services of the corresponding tenant. If the user 225 is authenticated, the authentication system 230 completes and signs the token 250 and sends the token back to the consumer unit 245.
- the consumer unit 245 forwards the completed and signed token to the authentication system 235.
- the authentication system 235 provides access to the portlets 210 for the user 225 to access the cloud service engine 215. Thus, by using the system of FIG. 2, the user 225 only needs to authenticate with the corresponding authentication system 230 before using the cloud service engine 215.
- a trust structure has to be established between the authentication system 230, the authentication system 235, and the consumer unit 245.
- the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN).
- Trust can be established by using various cryptographic means to sign the tokens that are passed from the authentication system 230 to the authentication system 235. For example, a decryption key may be required by the authentication system 230 to validate signatures on the signed tokens.
- the authentication system 230 may store the keys in a key store.
- the authentication system 230 may also encrypt the token requests, and provide a public key so that only the authentication system 235 is capable of signing the requested token 250.
- Trust can be established by the authentication system 235 by requesting specific information known to the authentication system 230, for example, a user name, a code issued to the user, a title for the user etc. Each specific piece of information is a claim in the claim based authentication system. The above claim information is provided to the authentication system 235 before the user 225 attempts to use the cloud service engine 215, so that the authentication system 235 can verify the claim.
- the authentication system 230 acts as an identity provider.
- Identity providers are adapted to validate various user credentials, such as user names and passwords, and certificates, and are adapted to issue tokens.
- the authentication system 230 is, for example, an ADFS component provided by Microsoft Corporation, a Shibboleth® identity provider provided by the Internet2TM advanced networking consortium, or any other service adapted to act as an Identity provider.
- the authentication system 235 has to request the tokens and verify the tokens when the tokens are received.
- the authentication system 235 is, for example, an ADFS component, a Shibboleth® service provider, or any other service adapted to act as a requester and verifier of tokens.
- the portal is a LiferayTM Portal.
- LiferayTM is a free and open source enterprise portal written in Java and distributed under the GNU Lesser General Public License.
- the LiferayTM Portal is adapted to provide the authentication system 235 and request and verify the tokens.
- the consumer unit 245 is adapted to communicate with the authentication system 230 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
- the consumer 245 is also adapted to communicate with the authentication system 235 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
- the consumer unit 245 translates the token requests by the authentication system 235 from the protocol of the authentication system 235 to the protocol of the authentication system 230, and translates the tokens from the authentication system 230 from the protocol of the authentication system 230 to the protocol of the authentication system 235 if the protocols are different.
- the consumer unit 245 automatically detects the types of the authentication systems 230, 235, and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens.
- the authentication system 230 and the authentication system 235 can use different protocols.
- the user 225 accesses the consumer 245 using a web browser and internet protocol. For example, the user 225 enters a web address corresponding to the internet address of the consumer 245 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 245 by using the web browser. In some embodiments, in response to the request by the user 225 the consumer 245 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 245 does not provide a response to the request by the user 225 until authentication is complete.
- the cloud system 300 comprises cloud service provider 302 and first and second tenants 320 that subscribe to the cloud service.
- the cloud service provider 302 comprises a cloud portal 305 that further comprises many portlets 310, a cloud service engine 315 that provides cloud services, and an authentication system 335.
- the tenants comprise users 325 that use the cloud and an authentication system 330.
- the cloud system 300 is similar to the cloud system 200 but further comprises a cloud authentication system 355.
- the consumer unit 345 forms a mediator between the cloud authentication system 355 and the authentication system 335.
- a user 325 needing to use the cloud service engine 315 contacts the consumer unit 345 with an access request 360.
- the consumer unit 345 contacts the authentication system 330 for access to the cloud service requested by the user 325. If a security token is required for the user 325 to access the cloud service engine 315, the authentication system 330 sends a token request 349 to the consumer unit 345.
- the consumer unit 345 contacts the authentication system 355 for access to the cloud services provided by cloud service engine 315.
- the authentication system 355 in-turn contacts the appropriate authentication system 330 of the tenants.
- the authentication system 355 is selected to use the same protocols as the authentication system 330. Therefore, there is no compatibility issue between the authentication system 330 and the authentication system 355
- the user 325 authenticates with the authentication system 330 at the tenant.
- the user 325 may provide a u ser name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 330.
- the user 325 contacts the consumer unit 345.
- the consumer unit 345 contacts the authentication system 335 of the portal 305 and requests access to the portlets 310.
- the authentication system 335 responds by requesting a specific form of token for the user 325.
- the consumer unit 345 contacts the authentication system 355 of the cloud provider.
- the consumer unit 345 requests the specific form of token from the authentication system 355.
- the authentication system 355 identifies the tenant 320 for the user 325 and contacts the respective authentication system 330 to request a token 350 for the user 325, based on the token 350 requested by the consumer unit 345.
- the authentication system 330 checks to see that the user is authenticated for the services of the corresponding tenant 320. If the user 325 is authenticated, the authentication system 330 completes and signs the token and sends the token 350 back to the authentication system 355.
- the authentication system 355 completes the token requested by the consumer unit 345 based on the token issued by the authentication system 330 and issues the token 350 to the consumer unit 345.
- the consumer unit 345 forwards the completed and signed token 350 to the authentication system 335.
- the authentication system 335 provides access to the portlets 310 for the user 325 to access the cloud service engine 315. Thus, by using the system of FIG. 3, the user 325 only needs to authenticate with the corresponding authentication system 330 before using the cloud service engine 315.
- a trust structure has to be established between the authentication system 330, the authentication system 335, authentication system 355, and the consumer unit 345.
- the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN).
- TLS Transport Layer Security
- SSL Secure Sockets Layer
- VPN virtual private network
- the trust can be established by using various cryptographic means to sign the tokens 350 that are passed from the authentication system 330 to the authentication system 335, and the tokens 350 passed from the authentication system 335 to the authentication system 335. For example, decryption keys may be required to validate signatures on the issued tokens.
- the authentication system 330 may store the keys in a key store.
- the authentication system 330 may also encrypt the token requests, and provide a public key so that only the authentication system 355 and/or the authentication system 335 is capable of signing the requested token.
- the consumer unit 345 is adapted to communicate with the authentication system 330 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
- the consumer 345 is also adapted to communicate with the authentication system 355 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
- the consumer unit 345 translates the token requests by the authentication system 335 from the protocol of the authentication system 335 to the protocol of the authentication system 355 and translates the tokens from the authentication system 355 from the protocol of the authentication system 355 to the protocol of the authentication system 335 if the protocols are different.
- the consumer unit 345 automatically detects the types of the authentication systems 335, 355 and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens. Thus, the authentication system 335 and the authentication system 355 can use different protocols.
- the user 325 accesses the consumer 345 using a web browser and internet protocol. For example, the user 325 enters a web address corresponding to the internet address of the consumer 345 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 345 using the web browser. In some embodiments, in response to the request by the user 325 the consumer 345 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 345 does not provide a response to the request by the user 325 until authentication is complete.
- the consumer units 245, 345 can be implemented, for example, using the Java based WS-trust protocol and the Web service Interoperability technologies (WSIT).
- WSIT Web service Interoperability technologies
- WSIT is an open-source project for the next-generation of Web service technologies.
- WSIT provides interoperability between Java Web Services and Microsoft's Windows Communication Foundation.
- WSIT consists of Java programming language APIs that enable advanced WS-* features to be used in a way that is compatible with, for example, Microsoft's Windows Communication Foundation (WCF) as used by Microsoft .NET ® .
- WCF Windows Communication Foundation
- the interoperability between different products is accomplished by implementing a number of Web Services specifications, like JAX-WS that provides interoperability between Java Web Services and Microsoft Windows Communication Foundation.
- WSIT implements the following WS-* protocols
- FIG. 4A illustrates WS-Trust, WS-Policy that are used.
- the major components are the JAX-WS RI - the core Web services platform 405 and an implementation of Reliability 415, Security 410, and Transactions 420 for WS-* specifications and interoperability with .NET 3.0/3.5
- the Java API for XML Web Services JAX-WS RI provides the Core Web services platform 405. This includes all the SOAP message functionality, including WS-Addressing and MTOM.
- the JAX-WS RI is an implementation of the JAX-WS specification.
- WSIT implements support for Security 410, Reliability 415, and Transactions 420, using the protocols and mechanisms defined by several WS-* specifications, on this Core layer 405. This allows a Java client to communicate with a Java endpoint using these protocols. In addition these protocols also enable interoperability with the Windows Communication Foundation component of .NET 3.0/3.5 frameworks, and therefore, provide access to the ADFS APIs.
- FIG. 4B illustrates the different WS-* specifications implemented in the areas of Security 410, Reliability 415, and Transactions 420.
- WS-Security 425 provides a basic framework for SOAP message level security in Web services.
- WS-Trust 430 defines a framework for issuing, renewing, and validating security tokens, and brokering trust relationships within different trust domains.
- WS- Secure Conversation 435 increases the overall performance and security by defining semantics for secure message exchange for multiple message exchanges.
- WS-Security Policy 440 enables Web service endpoints to specify their security requirements to potential clients in an interoperable manner.
- WS-Reliable Messaging 445 defines a messaging protocol to identify, track, and manage the reliable message delivery between two parties, a source and a destination.
- WS-Reliable Messaging Policy 450 enables a Web service endpoint to indicate that a reliable message delivery is required.
- WS-Coordination 455 provides an extensible framework for defining coordination context and types for protocols that coordinate distributed actions.
- WS- Atomic Transactions 460 provides the definition of transaction context and atomic transaction coordination type that is to be used with the framework defined by WS-Coordination. This enables transactions flowing over Web services.
- Metadata section 465 identifies the mechanisms that allow the Security, Reliability, and Transactional capabilities of an endpoint to be published and consumed by a client in an interoperable manner.
- WSPolicy 470 defines a general-purpose framework to express the capabilities of an endpoint.
- WS-Metadata Exchange and WS-Transfer are used by the client to retrieve the information about the endpoint.
- FIG. 5 illustrates the programming model with WSIT.
- the programming model leverages the existing JAX-WS and EJB programming models and allows us to define Security, Reliability, and Transactional capability on the endpoints by bundling an additional configuration file with the application.
- the configuration file can be easily generated using the NetBeans integrated development environment 505 or can be written by hand 510, or using any other integrated development environment 510 that has inbuilt WSIT or with WSIT plug-in added.
- an optional WSIT configuration file 520 may be used to specify certain client-side parameters such the locations of trust and keystores.
- FIG. 6 illustrates a method 600 for single sign on to a cloud provider.
- the method begins at step 605.
- the consumer of the cloud provider receives a request for a cloud service from an user of a tenant.
- the consumer may be, for example, consumer unit 245 or 345.
- the consumer may be a web page portal, and the request may be in the form of a web page request.
- the method proceeds to step 610.
- step 610 the consumer requests the cloud service from a portal of the cloud provider, for example, portal 205, 305.
- a portal of the cloud provider for example, portal 205, 305.
- the authentication system of the portal determines if a security token is required. If a security token is required, the method proceeds to step 620. If a security token is not required, the method proceeds to step 650.
- the authentication system of the portal generates a token request and sends the token request to consumer using a first protocol.
- the first protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS.
- the token request contains a list of the information that the authentication system of the portal expects to see in the returned signed token.
- the token request may be generated from a policy file.
- the consumer receives the token request using the first protocol and translates the token request to a second protocol.
- the second protocol is the protocol expected by the authentication system of the tenant.
- the second protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS.
- the information contained in the token request in the second protocol is the same as the information contained in the request in the first protocol.
- step 630 the consumer sends the token request using the second protocol to an authentication system of the tenant of the user.
- the authentication system of the tenant of the user performs steps 715-725, as discussed below.
- the method proceeds to step 635.
- the cloud system 300 the consumer does not send the token request to an authentication system of the tenant of the user.
- the consumer sends the token request to an authentication system of the cloud service provider, for example, authentication system 355 that is federated with the authentication system of the tenant of the user.
- the authentication system of the cloud service provider signs the token based on communication with the authentication system of the tenant of the user.
- the authentication system of the cloud service provider then returns the signed token to the consumer and the method proceeds to step 635.
- step 635 the consumer receives the token signed by the authentication system of the tenant using the second protocol and translates the token request to the first protocol.
- the method proceeds to step 640.
- step 640 the consumer sends the signed token to the authentication system of the Portal using the first protocol.
- the method proceeds to step 645.
- step 645 the authentication system of the Portal determines if the signed token is valid. If the signed token is valid, the method proceeds to step 650. If the token is not valid, the method proceeds to step 655.
- the portal provides the cloud service to the user and the method terminates.
- the portal denies access of the cloud service to the user and the method terminates.
- FIG. 7 illustrates a method 700 for single sign on to a cloud provider.
- the method begins at step 705.
- the user authenticates at the tenant authentication system.
- the method proceeds to step 710.
- step 710 the user sends request to the consumer of the cloud provider to request a cloud service.
- the method proceeds to step 715.
- the tenant authentication system receives a request for a security token from the cloud service provider.
- the method proceeds to step 720.
- step 720 the tenant authentication system checks that the user is authenticated, and signs the token request. When the request for the security token has been signed, the method proceeds to step 725.
- the tenant authentication system sends the signed request to cloud service authentication system.
- the method proceeds to step 730.
- the user receives access to the cloud service from the cloud provider.
- FIG. 8 depicts a general computer architecture on which the present embodiments can be implemented and has a functional block diagram illustration of a computer hardware platform that includes user interface elements.
- the computer may be a general purpose computer or a special purpose computer.
- the computer 800 can be used to implement any components of the systems 100, 200 and 300.
- authentication systems 130, 135, 230, 235, 330, 335 the consumer units 245, 335 can all be implemented on a computer such as computer 800, by using the hardware, software program, firmware, or a combination of these components of the computer 800.
- only one computer 800 is shown, for convenience, the computer functions relating to single sign on may be implemented in a distributed fashion on a number of similar platforms, to distribute the processing load.
- the computer 800 includes COM ports 850 connected to and from a network to facilitate data communications.
- the computer 800 also includes a central processing unit (CPU) 820, in the form of one or more processors, for executing program instructions.
- the exemplary computer platform includes an internal communication bus 810, program storage and data storage of different forms, for example, disk 870, read only memory (ROM) 830, or random access memory (RAM) 840, for various data files to be processed and/or communicated by the computer, as well as possibly program instructions to be executed by the CPU.
- the computer 800 also includes an I/O component 860, supporting input/output flows between the computer and other components such as user interface elements 880.
- the computer 800 may also receive programming and data via network communications.
- aspects of the methods and systems for single sign on according to an embodiment may be embodied in program elements.
- Program aspects of the embodiments may be thought of as "products” or “articles of manufacture” typically in the form of executable code and/or associated data that is carried on or embodied in a type of machine-readable medium.
- Tangible non-transitory “storage” type media include any or all of the memory or other storage for the computers, processors or the like, or associated modules thereof, such as various semiconductor memories, tape drives, disk drives and the like, which may provide storage at any time for the program elements.
- All or portions of the program elements may at times be communicated through a network such as the Internet or various other telecommunication networks. Such communications, for example, may enable loading of the software from one computer or processor into another, for example, from a management server or host computer into the hardware platform(s) of a computing environment or other system.
- Other types of media that may carry the program elements include optical, electrical and electromagnetic waves, such as used across physical interfaces between local devices, through wired, and optical networks and over various wireless links.
- the physical elements that carry such waves, such as wired or wireless links, optical links, or the like, also may be considered as media carrying the software.
- terms such as computer or machine "readable medium” refer to any medium that participates in providing instructions to a processor for execution.
- a machine -readable medium may take many forms, including but not limited to, a tangible storage medium, a carrier wave medium, or physical transmission medium.
- Nonvolatile storage media include, for example, optical or magnetic disks, such as any of the storage devices in any computer(s) or the like, which may be used to implement the single sign on system or any of the components of the single sign on systems as shown in the drawings.
- Volatile storage media include dynamic memory, such as a main memory of such a computer platform.
- Tangible transmission media include coaxial cables, copper wire and fiber optics, including the wires that form a bus within a computer system.
- Carrier-wave transmission media can take the form of electric or electromagnetic signals, or acoustic or light waves such as those generated during radio frequency (RF) and infrared (IR) data communications.
- RF radio frequency
- IR infrared
- Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, solid state disk magnetic tape, any other magnetic medium, a CD-ROM, DVD, Blue-RayTM or DVD-ROM, any other optical medium, punch cards paper tape, any other physical storage medium with patterns of holes, a RAM, a PROM and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave transporting data or instructions, cables or links transporting such a carrier wave, or any other medium from which a computer can read programming code and/or data.
- Many of these forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to a processor for execution.
Abstract
Systems and methods for single sign on to a cloud. The system includes a cloud service provider and a tenant. The cloud service provider has a consumer unit and a portal. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal providing a cloud service to the user, the portal has a first authentication system that issues a security token request and that is connected to the consumer unit. The tenant includes the user and a second authentication system. The second authentication system signs the security token request. The consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
Description
SINGLE SIGN ON FOR CLOUD
TECHNICAL FIELD
[0001] The present invention relates generally to a system for management of information technology systems.
BACKGROUND
[0002] Cloud computing enables convenient, on-demand network access to a shared pool of configurable computing resources, for example, networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction. For one or more end-users that are attached to the shared pool of configurable computing resources that comprise a cloud, cloud computing provides computation, applications, data access, and storage services for the end-user. The end-user does not require knowledge of the physical location and configuration of the system that delivers the services. Further, the end-user is able to pay for the computation, applications, data access, and storage services based on the amount of usage rather than having to purchase and manage dedicated computation, applications, data access, and storage resources.
[0003] Clouds are developed as stand-alone platforms and include hardware and applications necessary to perform required services for the end-users. In some contexts, clouds are known as platforms. The term "cloud" for the purpose of this application also encompasses the term "platform." The term "off-site cloud" is used to refer to a public cloud, which is a cloud that is accessible on the Internet. The term "in-house cloud" is used to refer to a private cloud, which is not generally accessible on the Internet.
[0004] Examples of the services include software as a service ("SAAS"), platform as a service ("PAAS"), and infrastructure as a service ("IAAS"). In SAAS, users pay a fee on a recurring basis to access and use specific applications. In PAAS, the user leases access to an entire platform, for example, a customer resource management platform. In IAAS, the user leases access to certain infrastructure, for example, a physical or virtual server with particular computational and/or storage capabilities.
[0005] In recent times, as IT systems proliferate to support business processes, users and system administrators are faced with an increasingly complicated interface to accomplish their job functions. Users typically have to sign-on to multiple systems, necessitating an equivalent
number of sign-on dialogues, each of which may involve different usernames and authentication information. System administrators are faced with managing user accounts within each of the multiple systems to be accessed in a coordinated manner in order to maintain the integrity of security policy enforcement.
[0006] Clouds employ virtualization to perform tasks. The virtualization creates virtual machines running on the hardware, the virtual machines running applications. Each virtual machine has security features of some kind to give some users access to portions of the virtual machine but deny access to other users. Further, each application running on a virtual machine has additional security to give some users access to portions of the application but deny access to other users. Some systems may have thousands of virtual machines, applications, and users. Further, one user may require access to thousands of virtual machines. This can make standard authentication impractical because of the large number of devices that users have to authenticate with. Further, differing operating systems and domains used by the user, the cloud infrastructure, and the virtual machines in the cloud, complicate the authorization and authentication process.
[0007] In one conventional configuration, tenants subscribe to services provided by a cloud provider. The tenants can be other organizations with their own identity management system. The tenants may want the cloud provider to use their own existing identity management system to authenticate their users instead of registering each of the tenant's users in the cloud provider's identity management system.
SUMMARY
[0008] The systems and methods described herein attempt to overcome the drawbacks discussed above.
[0009] In one embodiment, a system for single sign on to a cloud comprises a cloud service provider and a tenant. The cloud service provider comprises a consumer unit and a portal. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal provides a cloud service to the user, the portal comprising a first authentication system that issues a security token request and that is connected to the consumer unit. The tenant comprises the user and a second authentication system. The second authentication system signs the security token request. The consumer unit is adapted to communicate with the first authentication system
using a first protocol and adapted to communicate with the second authentication system using a second protocol.
[0010] In another embodiment, a system for single sign on to a cloud comprises a cloud service provider and a tenant. The cloud service provider comprises a consumer unit, a portal, and a first authentication system. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal provides a cloud service to the user, the portal comprising a second authentication system connected to the consumer unit. The first authentication system connected to the consumer unit. The tenant comprises the user and a third authentication. The third authentication system connected to the user. The consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol. The first authentication system is federated with the third authentication system.
[0011] In yet another embodiment, a method for single sign on to a cloud system is disclosed. A consumer unit of a cloud provider receiving a request from a user for a cloud service. The consumer unit requesting a portal to provide access to the cloud service based on the request from the user. A first authentication system of the portal requesting a security token from the consumer unit using a first protocol, the request by the first authentication system based on the request by the consumer unit. The consumer unit translating the security token request from the first protocol to a second protocol. The consumer unit requesting a second authentication system to sign the requested security token using the second protocol. The consumer unit receiving the signed security token. The consumer unit translating the signed security token from the second protocol to the first protocol. The consumer unit sending the signed security token to the portal using the first protocol. The portal, providing the cloud service to the user based on the signed security token.
[0012] In still yet another embodiment, a machine -readable tangible and non-transitory medium with information recorded thereon, wherein the information, when read by a machine, causes the machine to perform the following steps. A consumer unit of a cloud provider receiving a request from a user for a cloud service. The consumer unit requesting a portal to provide access to the cloud service based on the request from the user. A first authentication system of the portal, requesting a security token from the consumer unit using a first protocol. The request by the authentication system based on the request from the consumer unit. The consumer unit, translating the security token request from the first protocol to a second protocol.
The consumer unit requesting a second authentication system to sign the requested security token using the second protocol. The consumer unit translating the signed security token from the second protocol to the first protocol. The consumer unit sending the signed security token to the portal using the first protocol. The portal providing the cloud service to the user based on the signed security token.
[0013]
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] The accompanying drawings constitute a part of this specification and illustrate an embodiment of the invention, and together with the specification, explain the invention.
[0015] FIG. 1 illustrates a cloud system according to an embodiment.
[0016] FIG. 2 illustrates another cloud system according to an embodiment.
[0017] FIG. 3 illustrates yet another cloud system according to an embodiment.
[0018] FIG. 4A-B illustrate how WS-Trust and WS-Policy are used along with different WS-* specifications implemented in the areas of Security, Reliability, and Transactions, according to an exemplary embodiment.
[0019] FIG. 5 illustrates the programming model with WSIT according to an exemplary embodiment.
[0020] FIG. 6 illustrates a method for the cloud portion of single sign on to a cloud provider according to an exemplary embodiment.
[0021] FIG. 7 illustrates a method for the tenant portion of single sign on to a cloud provider according to an exemplary embodiment..
[0022] FIG. 8 illustrates a general computer architecture according to an exemplary embodiment.
DETAILED DESCRIPTION
[0023] FIG. 1 illustrates a cloud system 100. The cloud system 100 comprises a cloud service provider 102 and first and second tenants 120 that subscribe to the cloud service. The cloud service provider 102 comprises a portal 105 that comprises one or more portlets 110, a cloud service engine 115 that provides cloud services, and an authentication system 135. The tenants comprise users 125 that use the cloud and an authentication system 130. The tenants 120 may be, for example, companies, or departments in a company, and the users may be the employees of the company. There may be any number of tenants connected to the cloud service
provider 102. The cloud service provider 102 and the tenants 120 may be on the same network or intranet. Alternatively, the tenants 120 may be connected to the cloud service provider 102 via the Internet.
[0024] The authentication mechanisms of the tenant include, for example, Lightweight Directory Access Protocol (LDAP) and Active Directory Federation Services (ADFS). The first and second tenants 120 and the portal 105 may be on different domains, therefore, the tenant authentication methods cannot be used to authenticate a user in another tenant or at the portal 105.
[0025] To use the services provided by the tenant 120, including the services provided by the cloud service provider 102, a user 125 authenticates with the authentication system 130 of the tenant. To use a cloud service, a user 125 also authenticates with the authentication system 135 of the portal. In some embodiments, a separate authentication is further required for each portlet 110. Thus, the user 125 may provide numerous user names and passwords before using the cloud service.
[0026] In a federated authentication system a common set of policies, practices, and protocols are put in place to manage the identity and trust among users and devices across organizations and domains. Identity federation enables users of one domain to access securely data or systems of another domain seamlessly, and without the need for completely redundant user administration. This process is known as Single sign on. Federation is enabled using open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use cases. Typical use-cases involve things such as cross-domain; web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management, and cross-domain user attribute exchange. ADFS provides such federated services using claims based authentication.
[0027] In claims based authentication, a trusted authority (Issuer) issues a signed security token containing a set of claims (credentials) which is given to an application, for example the cloud service provider 102 for validation. The application will authenticate the user if the security token is valid and signed by a trusted issuer, for example, authentication system 130 of the tenant 120. Claims-based identity simplifies application development because applications using this type of authentication do not have to verify all the credentials presented by the user. Instead letting the issuer to deal with all security issues involved eases the process of integration, migration, merger, federation, or building cloud applications.
[0028] Single sign on has many benefits. Single sign on reduces the time taken by users in sign-on operations to individual domains and reduces the possibility of such sign on operations failing. Single sign on improves security through the reduced need for a user to handle and remember multiple sets of authentication information. Single sign on reduces the time taken, and improves the response, by system administrators to add and remove users to the system or modify the rights of the users. Single sign on improves security through the enhanced ability of system administrators to maintain the integrity of the user account configuration including the ability to inhibit or remove an individual user from having access to all system resources in a coordinated and consistent manner.
[0029] If the authentication system 135 of the portal 105 and portlets 110 are a federated authentication system, for example, ADFS, and the authentication system of the tenant 120 is a compatible federated authentication system, for example, ADFS, then authentication at the portal can be performed by using tokens 150 provided by the authentication system 130.
[0030] In, for example, ADFS, the tokens 150 are gathered from the authentication system 130 by the authentication system 135 without the need for the user 125 to provide additional user names or passwords. The authentication system 130 will only provide the tokens if the user 125 has previously authenticated with the authentication system 130. For example, a federated, claims based architecture based on an ADFS system with the authentication system 135 acting as a federate Security Token Service (STS) and authentication system 130 acting as a federated Identity Provider would enable single sign on. However, in general, the authentication systems 130 and 135 are not compatible, and, thus, it is difficult to implement a single sign on.
[0031] FIGS. 2 and 3 illustrate cloud systems 200 and 300 that overcome the compatibility issues of the authentication systems 130 and 135. Both systems 200, 300 include a consumer unit 245, 345 that provides an interface between different authentication systems. In the system 200, the consumer communicates directly with an authentication system of tenants 220. In the system 300, the consumer communicates with a cloud authentication system 355 within the cloud that is compatible with and federated to an authentication system of the tenants 320. Both the systems 200 and 300 provide single-sign-on for the users 225, 325 of the tenants 220, 320 using federated identity management.
[0032] The cloud system 200 comprises cloud service provider 202 and first and second tenants 220 that subscribe to the cloud service. The cloud service provider 202 comprises a cloud portal 205 that further comprises many portlets 210, a cloud service engine 215 that
provides cloud services, and an authentication system 235. The tenants comprise users 225 that use the cloud, and an authentication system 230.
[0033] The cloud system 200 further comprises the consumer unit 245. The consumer unit 245 forms a mediator between the authentication system 230 and the authentication system 235. A user 225 needing to use the cloud service engine 215 contacts the consumer unit 245. The consumer unit 245 in turn contacts the authentication system 235 of the portal 205.
[0034] To use the tenant services, including gaining access to the cloud services, a user 225 authenticates with the authentication system 230 of the tenant. The user 225 may provide a user name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 230. When the user 225 is authenticated with the authentication system 230, the user 225 contacts the consumer unit 245 with an access request 260 for a cloud service. The consumer unit 245 contacts the authentication system 235 of the portal 205 and requests access to one of the portlets 210. The authentication system 235, responds by requesting a specific form of token for the user 225. The consumer unit 245 identifies the tenant to which the user 225 belongs, and contacts the authentication system 230 of that tenant. The consumer unit 245 issues a token request 249 to request the specific form of token 250 from the authentication system 230. The authentication system 230 checks that the user is authenticated for the services of the corresponding tenant. If the user 225 is authenticated, the authentication system 230 completes and signs the token 250 and sends the token back to the consumer unit 245. The consumer unit 245 forwards the completed and signed token to the authentication system 235. The authentication system 235 provides access to the portlets 210 for the user 225 to access the cloud service engine 215. Thus, by using the system of FIG. 2, the user 225 only needs to authenticate with the corresponding authentication system 230 before using the cloud service engine 215.
[0035] Before the system 200 can be accessed by the users 225, a trust structure has to be established between the authentication system 230, the authentication system 235, and the consumer unit 245. In some embodiments, the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN). Trust can be established by using various cryptographic means to sign the tokens that are passed from the authentication system 230 to the authentication system 235. For example, a decryption key may be required by the authentication system 230 to validate signatures on the signed tokens. The authentication system 230 may store the keys in a
key store. The authentication system 230 may also encrypt the token requests, and provide a public key so that only the authentication system 235 is capable of signing the requested token 250.
[0036] Trust can be established by the authentication system 235 by requesting specific information known to the authentication system 230, for example, a user name, a code issued to the user, a title for the user etc. Each specific piece of information is a claim in the claim based authentication system. The above claim information is provided to the authentication system 235 before the user 225 attempts to use the cloud service engine 215, so that the authentication system 235 can verify the claim.
[0037] In the above embodiment, the authentication system 230 acts as an identity provider. Identity providers are adapted to validate various user credentials, such as user names and passwords, and certificates, and are adapted to issue tokens.
[0038] In some embodiments, the authentication system 230 is, for example, an ADFS component provided by Microsoft Corporation, a Shibboleth® identity provider provided by the Internet2™ advanced networking consortium, or any other service adapted to act as an Identity provider.
[0039] The authentication system 235 has to request the tokens and verify the tokens when the tokens are received. In some embodiments, the authentication system 235 is, for example, an ADFS component, a Shibboleth® service provider, or any other service adapted to act as a requester and verifier of tokens.
[0040] In some embodiments, the portal is a Liferay™ Portal. Liferay™ is a free and open source enterprise portal written in Java and distributed under the GNU Lesser General Public License. In some embodiments, the Liferay™ Portal is adapted to provide the authentication system 235 and request and verify the tokens.
[0041] The consumer unit 245 is adapted to communicate with the authentication system 230 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. The consumer 245 is also adapted to communicate with the authentication system 235 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. In some embodiments, the consumer unit 245 translates the token requests by the authentication system 235 from the protocol of the authentication system 235 to the protocol of the authentication system 230, and translates the
tokens from the authentication system 230 from the protocol of the authentication system 230 to the protocol of the authentication system 235 if the protocols are different. In some embodiments, the consumer unit 245 automatically detects the types of the authentication systems 230, 235, and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens. Thus, the authentication system 230 and the authentication system 235 can use different protocols.
[0042] In some embodiments, the user 225 accesses the consumer 245 using a web browser and internet protocol. For example, the user 225 enters a web address corresponding to the internet address of the consumer 245 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 245 by using the web browser. In some embodiments, in response to the request by the user 225 the consumer 245 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 245 does not provide a response to the request by the user 225 until authentication is complete.
[0043] The cloud system 300 comprises cloud service provider 302 and first and second tenants 320 that subscribe to the cloud service. The cloud service provider 302 comprises a cloud portal 305 that further comprises many portlets 310, a cloud service engine 315 that provides cloud services, and an authentication system 335. The tenants comprise users 325 that use the cloud and an authentication system 330.
[0044] The cloud system 300 is similar to the cloud system 200 but further comprises a cloud authentication system 355. The consumer unit 345 forms a mediator between the cloud authentication system 355 and the authentication system 335. A user 325 needing to use the cloud service engine 315 contacts the consumer unit 345 with an access request 360. The consumer unit 345 contacts the authentication system 330 for access to the cloud service requested by the user 325. If a security token is required for the user 325 to access the cloud service engine 315, the authentication system 330 sends a token request 349 to the consumer unit 345. The consumer unit 345 contacts the authentication system 355 for access to the cloud services provided by cloud service engine 315. The authentication system 355 in-turn contacts the appropriate authentication system 330 of the tenants. The authentication system 355 is selected to use the same protocols as the authentication system 330. Therefore, there is no compatibility issue between the authentication system 330 and the authentication system 355
[0045] To use the tenant services, including gaining access to the cloud services, the user 325 authenticates with the authentication system 330 at the tenant. The user 325 may provide a u
ser name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 330. When the user 325 is authenticated with the authentication system 330, the user 325 contacts the consumer unit 345. The consumer unit 345 contacts the authentication system 335 of the portal 305 and requests access to the portlets 310. The authentication system 335, responds by requesting a specific form of token for the user 325. The consumer unit 345, contacts the authentication system 355 of the cloud provider. The consumer unit 345 requests the specific form of token from the authentication system 355. The authentication system 355 identifies the tenant 320 for the user 325 and contacts the respective authentication system 330 to request a token 350 for the user 325, based on the token 350 requested by the consumer unit 345. The authentication system 330 checks to see that the user is authenticated for the services of the corresponding tenant 320. If the user 325 is authenticated, the authentication system 330 completes and signs the token and sends the token 350 back to the authentication system 355. The authentication system 355 completes the token requested by the consumer unit 345 based on the token issued by the authentication system 330 and issues the token 350 to the consumer unit 345. The consumer unit 345 forwards the completed and signed token 350 to the authentication system 335. The authentication system 335 provides access to the portlets 310 for the user 325 to access the cloud service engine 315. Thus, by using the system of FIG. 3, the user 325 only needs to authenticate with the corresponding authentication system 330 before using the cloud service engine 315.
[0046] Before the system 300 can be accessed by the users 325, a trust structure has to be established between the authentication system 330, the authentication system 335, authentication system 355, and the consumer unit 345. In some embodiments, the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN). In some embodiments, the trust can be established by using various cryptographic means to sign the tokens 350 that are passed from the authentication system 330 to the authentication system 335, and the tokens 350 passed from the authentication system 335 to the authentication system 335. For example, decryption keys may be required to validate signatures on the issued tokens. The authentication system 330 may store the keys in a key store. The authentication system 330 may also encrypt the token requests, and provide a public key so that only the authentication system 355 and/or the authentication system 335 is capable of signing the requested token.
[0047] The consumer unit 345 is adapted to communicate with the authentication system 330 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. The consumer 345 is also adapted to communicate with the authentication system 355 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. In some embodiments, the consumer unit 345 translates the token requests by the authentication system 335 from the protocol of the authentication system 335 to the protocol of the authentication system 355 and translates the tokens from the authentication system 355 from the protocol of the authentication system 355 to the protocol of the authentication system 335 if the protocols are different. In some embodiments, the consumer unit 345 automatically detects the types of the authentication systems 335, 355 and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens. Thus, the authentication system 335 and the authentication system 355 can use different protocols.
[0048] In some embodiments, the user 325 accesses the consumer 345 using a web browser and internet protocol. For example, the user 325 enters a web address corresponding to the internet address of the consumer 345 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 345 using the web browser. In some embodiments, in response to the request by the user 325 the consumer 345 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 345 does not provide a response to the request by the user 325 until authentication is complete.
[0049] In some embodiments, the consumer units 245, 345 can be implemented, for example, using the Java based WS-trust protocol and the Web service Interoperability technologies (WSIT). In one embodiment, a WSIT implementation of metro web services is used. WSIT is an open-source project for the next-generation of Web service technologies. WSIT provides interoperability between Java Web Services and Microsoft's Windows Communication Foundation. WSIT consists of Java programming language APIs that enable advanced WS-* features to be used in a way that is compatible with, for example, Microsoft's Windows Communication Foundation (WCF) as used by Microsoft .NET®. The interoperability between different products is accomplished by implementing a number of Web Services specifications, like JAX-WS that provides interoperability between Java Web Services and
Microsoft Windows Communication Foundation. WSIT implements the following WS-* protocols
WS -MetadataExchange
WS -Transfer
WS-Policy
WS-Security
WS-SecureConversation
WS-Trust
WS-SecurityPolicy
WS-ReliableMessaging
WS-RMPolicy
WS-Coordination
WS-AtomicTransaction
[0050] FIG. 4A illustrates WS-Trust, WS-Policy that are used. The major components are the JAX-WS RI - the core Web services platform 405 and an implementation of Reliability 415, Security 410, and Transactions 420 for WS-* specifications and interoperability with .NET 3.0/3.5
[0051] The Java API for XML Web Services JAX-WS RI provides the Core Web services platform 405. This includes all the SOAP message functionality, including WS-Addressing and MTOM. The JAX-WS RI is an implementation of the JAX-WS specification.
[0052] WSIT implements support for Security 410, Reliability 415, and Transactions 420, using the protocols and mechanisms defined by several WS-* specifications, on this Core layer 405. This allows a Java client to communicate with a Java endpoint using these protocols. In addition these protocols also enable interoperability with the Windows Communication Foundation component of .NET 3.0/3.5 frameworks, and therefore, provide access to the ADFS APIs.
[0053] FIG. 4B illustrates the different WS-* specifications implemented in the areas of Security 410, Reliability 415, and Transactions 420.
[0054] In Security 410, WS-Security 425 provides a basic framework for SOAP message level security in Web services. WS-Trust 430 defines a framework for issuing, renewing, and validating security tokens, and brokering trust relationships within different trust domains. WS- Secure Conversation 435 increases the overall performance and security by defining semantics
for secure message exchange for multiple message exchanges. WS-Security Policy 440 enables Web service endpoints to specify their security requirements to potential clients in an interoperable manner.
[0055] In Reliability, WS-Reliable Messaging 445 defines a messaging protocol to identify, track, and manage the reliable message delivery between two parties, a source and a destination. WS-Reliable Messaging Policy 450 enables a Web service endpoint to indicate that a reliable message delivery is required.
[0056] In Transactions, WS-Coordination 455 provides an extensible framework for defining coordination context and types for protocols that coordinate distributed actions. WS- Atomic Transactions 460 provides the definition of transaction context and atomic transaction coordination type that is to be used with the framework defined by WS-Coordination. This enables transactions flowing over Web services.
[0057] Metadata section 465 identifies the mechanisms that allow the Security, Reliability, and Transactional capabilities of an endpoint to be published and consumed by a client in an interoperable manner. WSPolicy 470 defines a general-purpose framework to express the capabilities of an endpoint.
[0058] The above extensible framework is then used to define the domain-specific policy assertions. WS-Metadata Exchange and WS-Transfer are used by the client to retrieve the information about the endpoint.
[0059] FIG. 5: illustrates the programming model with WSIT. The programming model leverages the existing JAX-WS and EJB programming models and allows us to define Security, Reliability, and Transactional capability on the endpoints by bundling an additional configuration file with the application.
[0060] The configuration file can be easily generated using the NetBeans integrated development environment 505 or can be written by hand 510, or using any other integrated development environment 510 that has inbuilt WSIT or with WSIT plug-in added. On the client side, an optional WSIT configuration file 520 may be used to specify certain client-side parameters such the locations of trust and keystores.
[0061] Most Servlet Containers that can be used with Liferay™ including Apache Tomcat™, Glassfish™ are supported by metro web services. Thus, if the portal 205, 305 is implemented using Liferay™, the portal can communicate with the consumer 245, 345 using metro web services and with ADFS authentication systems using WIST.
[0062] FIG. 6 illustrates a method 600 for single sign on to a cloud provider. The method begins at step 605. At step 605, the consumer of the cloud provider receives a request for a cloud service from an user of a tenant. The consumer may be, for example, consumer unit 245 or 345. The consumer may be a web page portal, and the request may be in the form of a web page request. When the request has been received the method proceeds to step 610.
[0063] At step 610, the consumer requests the cloud service from a portal of the cloud provider, for example, portal 205, 305. When the request has been sent the method proceeds to step 615.
[0064] At step 615, the authentication system of the portal, for example, authentication system 235, 335 determines if a security token is required. If a security token is required, the method proceeds to step 620. If a security token is not required, the method proceeds to step 650.
[0065] At step 620, the authentication system of the portal generates a token request and sends the token request to consumer using a first protocol. The first protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS. The token request contains a list of the information that the authentication system of the portal expects to see in the returned signed token. The token request may be generated from a policy file. When the request has been sent, the method proceeds to step 625
[0066] At step 625, the consumer receives the token request using the first protocol and translates the token request to a second protocol. The second protocol is the protocol expected by the authentication system of the tenant. The second protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS. The information contained in the token request in the second protocol is the same as the information contained in the request in the first protocol. When the translation is complete, the method proceeds to step 630.
[0067] At step 630, the consumer sends the token request using the second protocol to an authentication system of the tenant of the user. The authentication system of the tenant of the user performs steps 715-725, as discussed below. When the token request has been sent, the method proceeds to step 635.
[0068] In some embodiments, for example, the cloud system 300 the consumer does not send the token request to an authentication system of the tenant of the user. The consumer sends the token request to an authentication system of the cloud service provider, for example, authentication system 355 that is federated with the authentication system of the tenant of the
user. The authentication system of the cloud service provider signs the token based on communication with the authentication system of the tenant of the user. The authentication system of the cloud service provider then returns the signed token to the consumer and the method proceeds to step 635.
[0069] At step 635, the consumer receives the token signed by the authentication system of the tenant using the second protocol and translates the token request to the first protocol. When the translation of the token is complete, the method proceeds to step 640. At step 640, the consumer sends the signed token to the authentication system of the Portal using the first protocol. When the signed token has been sent, the method proceeds to step 645. At step 645, the authentication system of the Portal determines if the signed token is valid. If the signed token is valid, the method proceeds to step 650. If the token is not valid, the method proceeds to step 655.
[0070] At step 650, the portal provides the cloud service to the user and the method terminates. At step 655, the portal denies access of the cloud service to the user and the method terminates.
[0071] FIG. 7 illustrates a method 700 for single sign on to a cloud provider. The method begins at step 705. At step 705, the user authenticates at the tenant authentication system. When the authentication is complete, the method proceeds to step 710.
[0072] At step 710, the user sends request to the consumer of the cloud provider to request a cloud service. When the request has been sent, the method proceeds to step 715.
[0073] At step 715, the tenant authentication system receives a request for a security token from the cloud service provider. When the request for the security token has been received, the method proceeds to step 720.
[0074] At step 720, the tenant authentication system checks that the user is authenticated, and signs the token request. When the request for the security token has been signed, the method proceeds to step 725.
[0075] At step 725, the tenant authentication system sends the signed request to cloud service authentication system. When the signed security token has been sent, the method proceeds to step 730. At step 730, the user receives access to the cloud service from the cloud provider.
[0076] FIG. 8 depicts a general computer architecture on which the present embodiments can be implemented and has a functional block diagram illustration of a computer hardware
platform that includes user interface elements. The computer may be a general purpose computer or a special purpose computer. The computer 800 can be used to implement any components of the systems 100, 200 and 300. For example, authentication systems 130, 135, 230, 235, 330, 335 the consumer units 245, 335, can all be implemented on a computer such as computer 800, by using the hardware, software program, firmware, or a combination of these components of the computer 800. Although only one computer 800 is shown, for convenience, the computer functions relating to single sign on may be implemented in a distributed fashion on a number of similar platforms, to distribute the processing load.
[0077] The computer 800, for example, includes COM ports 850 connected to and from a network to facilitate data communications. The computer 800 also includes a central processing unit (CPU) 820, in the form of one or more processors, for executing program instructions. The exemplary computer platform includes an internal communication bus 810, program storage and data storage of different forms, for example, disk 870, read only memory (ROM) 830, or random access memory (RAM) 840, for various data files to be processed and/or communicated by the computer, as well as possibly program instructions to be executed by the CPU. The computer 800 also includes an I/O component 860, supporting input/output flows between the computer and other components such as user interface elements 880. The computer 800 may also receive programming and data via network communications.
[0078] Hence, aspects of the methods and systems for single sign on according to an embodiment, as discussed above, may be embodied in program elements. Program aspects of the embodiments may be thought of as "products" or "articles of manufacture" typically in the form of executable code and/or associated data that is carried on or embodied in a type of machine-readable medium. Tangible non-transitory "storage" type media include any or all of the memory or other storage for the computers, processors or the like, or associated modules thereof, such as various semiconductor memories, tape drives, disk drives and the like, which may provide storage at any time for the program elements.
[0079] All or portions of the program elements may at times be communicated through a network such as the Internet or various other telecommunication networks. Such communications, for example, may enable loading of the software from one computer or processor into another, for example, from a management server or host computer into the hardware platform(s) of a computing environment or other system. Other types of media that may carry the program elements include optical, electrical and electromagnetic waves, such as
used across physical interfaces between local devices, through wired, and optical networks and over various wireless links. The physical elements that carry such waves, such as wired or wireless links, optical links, or the like, also may be considered as media carrying the software. As used herein, unless restricted to tangible "storage" media, terms such as computer or machine "readable medium" refer to any medium that participates in providing instructions to a processor for execution.
[0080] Hence, a machine -readable medium may take many forms, including but not limited to, a tangible storage medium, a carrier wave medium, or physical transmission medium. Nonvolatile storage media include, for example, optical or magnetic disks, such as any of the storage devices in any computer(s) or the like, which may be used to implement the single sign on system or any of the components of the single sign on systems as shown in the drawings. Volatile storage media include dynamic memory, such as a main memory of such a computer platform. Tangible transmission media include coaxial cables, copper wire and fiber optics, including the wires that form a bus within a computer system. Carrier-wave transmission media can take the form of electric or electromagnetic signals, or acoustic or light waves such as those generated during radio frequency (RF) and infrared (IR) data communications. Common forms of computer-readable media, therefore, include, for example, a floppy disk, a flexible disk, hard disk, solid state disk magnetic tape, any other magnetic medium, a CD-ROM, DVD, Blue-Ray™ or DVD-ROM, any other optical medium, punch cards paper tape, any other physical storage medium with patterns of holes, a RAM, a PROM and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave transporting data or instructions, cables or links transporting such a carrier wave, or any other medium from which a computer can read programming code and/or data. Many of these forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to a processor for execution.
[0081] The embodiments described above are intended to be exemplary. One skilled in the art recognizes that numerous alternative components and embodiments that may be substituted for the particular examples described herein and still fall within the scope of the invention.
Claims
1. A system for single sign on to a cloud, the system comprising:
a cloud service provider comprising:
a consumer unit that provides an interface for a user to connect to the cloud service provider; and
a portal that provides a cloud service to the user, the portal comprising a first authentication system that issues a security token request, and the first authentication system is connected to the consumer unit; and
a tenant comprising:
the user; and
a second authentication system that signs the security token request, wherein the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
2. The system according to claim 1, wherein the consumer unit is adapted to request the cloud service from the portal based on a request for the cloud service from the user.
3. The system according to claim 1, wherein
the consumer unit is adapted to translate a security token request in the first protocol to a security token request in the second protocol; and the consumer unit is adapted to translate a signed security token in the second protocol to a signed security token in the first protocol.
4. The system according to claim 3, wherein
the consumer unit is adapted to receive the security token request in the first protocol from the first authentication system based on a request for the cloud service from the user; and the consumer unit is adapted to send the security token request in the second protocol to the second authentication system.
5. The system according to claim 1, the portal comprising a plurality of portlets, and the portal adapted to assign the user to a one of the plurality of portlets to provide the cloud service.
6. The system according to claim 1, wherein the second authentication system is adapted to authenticate the user.
7. A system for single sign on to a cloud, the system comprising:
a cloud service provider comprising:
a consumer unit that provides an interface for a user to connect to the cloud service provider;
a portal that provides a cloud service to the user, the portal comprising a first authentication system connected to the consumer unit; and
a second authentication system connected to the consumer unit; and a tenant comprising:
the user; and a third authentication system connected to the user,
wherein the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol; and
wherein the second authentication system is federated with the third authentication system.
8. The system according to claim 7, wherein the consumer unit is adapted to request the cloud service from the portal based on a request for the cloud service from the user.
9. The system according to claim 7, wherein
the consumer unit is adapted to translate a security token request in the first protocol to a security token request in the second protocol; and
the consumer unit is adapted to translate a signed security token in the second protocol to a signed security token in the first protocol.
10. The system according to claim 9, wherein
the consumer unit is adapted to receive the security token request in the first protocol from the first authentication system based on a request for the cloud service from the user; and the consumer unit is adapted to send the security token request in the second protocol to the second authentication system.
11. The system according to claim 7, the portal comprising a plurality of portlets, and the portal adapted to assign the user to a one of the portlets to provide the cloud service.
12. The system according to claim 7, wherein the third authentication system is adapted to authenticate the user.
13. A method for single sign on to a cloud system, the method comprising:
receiving, by a consumer unit of a cloud provider, a request from a user for a cloud service;
requesting, by the consumer unit, a portal to provide access to the cloud service based on the request from the user;
requesting, by a first authentication system of the portal, a security token from the consumer unit using a first protocol, the request by the first authentication system based on the request by the consumer unit;
translating, by the consumer unit, the security token request from the first protocol to a second protocol;
requesting, by the consumer unit, a second authentication system to sign the requested security token using the second protocol;
receiving, by the consumer unit, the signed security token;
translating, by the consumer unit, the signed security token from the second protocol to the first protocol;
sending, by the consumer unit, the signed security token to the portal using the first protocol; and
providing, by the portal, the cloud service to the user based on the signed security token.
14. The method of claim 13, wherein the second authentication system is an authentication system of a tenant of the user that authenticated the user.
15. The method of claim 13, wherein the second authentication system is an
authentication system of the cloud provider and the second authentication system is federated with an authentication system of a tenant of the user that authenticated the user.
16. The method of claim 13, wherein if the signed security token is not valid then the user is denied access to the cloud service.
17. A machine-readable tangible and non-transitory medium with information recorded thereon, wherein the information, when read by a machine, causes the machine to perform the following steps:
receive, by a consumer unit of a cloud provider, a request from a user for a cloud service; request, by the consumer unit of the cloud provider, a portal to provide access to the cloud service based on the request by the user;
request, by a first authentication system of the portal, a security token from the consumer unit using a first protocol based on the request from the consumer unit;
translate, by the consumer unit, the security token request from the first protocol to a second protocol;
request, by the consumer unit, a second authentication system to sign the requested security token using the second protocol;
translate, by the consumer unit, the signed security token from the second protocol to the first protocol; send, by the consumer unit, the signed security token to the portal using the first protocol; and
provide, by the portal, the cloud service to the user based on the signed security token.
18. The machine -readable medium of claim 17, wherein the second authentication system is an authentication system of a tenant of the user that authenticated the user.
19. The machine -readable medium of claim 17, wherein the second authentication system is an authentication system of the cloud provider and the second authentication system is federated with an authentication system of a tenant of the user that authenticated the user.
20. The machine -readable medium of claim 17, wherein if the signed security token is not valid then the user is denied access to the cloud service.
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161557464P | 2011-11-09 | 2011-11-09 | |
US61/557,464 | 2011-11-09 | ||
US13/542,953 US20140013409A1 (en) | 2012-07-06 | 2012-07-06 | Single sign on for cloud |
US13/542,953 | 2012-07-06 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013071087A1 true WO2013071087A1 (en) | 2013-05-16 |
Family
ID=48290599
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2012/064425 WO2013071087A1 (en) | 2011-11-09 | 2012-11-09 | Single sign on for cloud |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2013071087A1 (en) |
Cited By (257)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015119658A1 (en) * | 2014-02-07 | 2015-08-13 | Oracle International Corporation | Mobile cloud service architecture |
WO2015195724A3 (en) * | 2014-06-19 | 2016-03-17 | Microsoft Technology Licensing, Llc | Integrated apis and uis for consuming services across different distributed networks |
US9444822B1 (en) | 2015-05-29 | 2016-09-13 | Pure Storage, Inc. | Storage array access control from cloud-based user authorization and authentication |
WO2016195759A1 (en) * | 2015-05-29 | 2016-12-08 | Pure Storage, Inc. | Providing authorization and authentication in a cloud for a user of a storage array |
US9529657B2 (en) | 2014-02-07 | 2016-12-27 | Oracle International Corporation | Techniques for generating diagnostic identifiers to trace events and identifying related diagnostic information |
US9529658B2 (en) | 2014-02-07 | 2016-12-27 | Oracle International Corporation | Techniques for generating diagnostic identifiers to trace request messages and identifying related diagnostic information |
US9594512B1 (en) | 2015-06-19 | 2017-03-14 | Pure Storage, Inc. | Attributing consumed storage capacity among entities storing data in a storage array |
US9594678B1 (en) | 2015-05-27 | 2017-03-14 | Pure Storage, Inc. | Preventing duplicate entries of identical data in a storage device |
WO2017083209A1 (en) * | 2015-11-12 | 2017-05-18 | Microsoft Technology Licensing, Llc | Single sign-on identity management between local and remote systems |
US9716755B2 (en) | 2015-05-26 | 2017-07-25 | Pure Storage, Inc. | Providing cloud storage array services by a local storage array in a data center |
US9740414B2 (en) | 2015-10-29 | 2017-08-22 | Pure Storage, Inc. | Optimizing copy operations |
US9760479B2 (en) | 2015-12-02 | 2017-09-12 | Pure Storage, Inc. | Writing data in a storage system that includes a first type of storage device and a second type of storage device |
US9760297B2 (en) | 2016-02-12 | 2017-09-12 | Pure Storage, Inc. | Managing input/output (‘I/O’) queues in a data storage system |
US9781122B1 (en) | 2016-05-11 | 2017-10-03 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US9811264B1 (en) | 2016-04-28 | 2017-11-07 | Pure Storage, Inc. | Deploying client-specific applications in a storage system utilizing redundant system resources |
US9817603B1 (en) | 2016-05-20 | 2017-11-14 | Pure Storage, Inc. | Data migration in a storage array that includes a plurality of storage devices |
WO2017196774A1 (en) * | 2016-05-11 | 2017-11-16 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US9838377B1 (en) | 2016-05-11 | 2017-12-05 | Oracle International Corporation | Task segregation in a multi-tenant identity and data security management cloud service |
US9838376B1 (en) | 2016-05-11 | 2017-12-05 | Oracle International Corporation | Microservices based multi-tenant identity and data security management cloud service |
US9841921B2 (en) | 2016-04-27 | 2017-12-12 | Pure Storage, Inc. | Migrating data in a storage array that includes a plurality of storage devices |
US9851762B1 (en) | 2015-08-06 | 2017-12-26 | Pure Storage, Inc. | Compliant printed circuit board (‘PCB’) within an enclosure |
US9886314B2 (en) | 2016-01-28 | 2018-02-06 | Pure Storage, Inc. | Placing workloads in a multi-array system |
US9892071B2 (en) | 2015-08-03 | 2018-02-13 | Pure Storage, Inc. | Emulating a remote direct memory access (‘RDMA’) link between controllers in a storage array |
US9910618B1 (en) | 2017-04-10 | 2018-03-06 | Pure Storage, Inc. | Migrating applications executing on a storage system |
US9935959B2 (en) | 2014-02-07 | 2018-04-03 | Oracle International Corporation | Cloud service custom execution environment |
US9959043B2 (en) | 2016-03-16 | 2018-05-01 | Pure Storage, Inc. | Performing a non-disruptive upgrade of data in a storage system |
US10007459B2 (en) | 2016-10-20 | 2018-06-26 | Pure Storage, Inc. | Performance tuning in a storage system that includes one or more storage devices |
US10021170B2 (en) | 2015-05-29 | 2018-07-10 | Pure Storage, Inc. | Managing a storage array using client-side services |
EP3361701A1 (en) * | 2016-05-11 | 2018-08-15 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US10055423B2 (en) | 2014-03-31 | 2018-08-21 | Oracle International Corporation | Infrastructure for synchronization of mobile device with mobile cloud service |
US10063661B2 (en) | 2015-01-14 | 2018-08-28 | Oracle International Corporation | Multi-tenant cloud-based queuing systems |
US10129344B2 (en) | 2014-06-19 | 2018-11-13 | Microsoft Technology Licensing, Llc | Integrated user interface for consuming services across different distributed networks |
US10146585B2 (en) | 2016-09-07 | 2018-12-04 | Pure Storage, Inc. | Ensuring the fair utilization of system resources using workload based, time-independent scheduling |
US10162566B2 (en) | 2016-11-22 | 2018-12-25 | Pure Storage, Inc. | Accumulating application-level statistics in a storage system |
US10162835B2 (en) | 2015-12-15 | 2018-12-25 | Pure Storage, Inc. | Proactive management of a plurality of storage arrays in a multi-array system |
US10176335B2 (en) | 2012-03-20 | 2019-01-08 | Microsoft Technology Licensing, Llc | Identity services for organizations transparently hosted in the cloud |
US10198194B2 (en) | 2015-08-24 | 2019-02-05 | Pure Storage, Inc. | Placing data within a storage device of a flash array |
US10198205B1 (en) | 2016-12-19 | 2019-02-05 | Pure Storage, Inc. | Dynamically adjusting a number of storage devices utilized to simultaneously service write operations |
US10209992B2 (en) | 2014-04-25 | 2019-02-19 | Avago Technologies International Sales Pte. Limited | System and method for branch prediction using two branch history tables and presetting a global branch history register |
US10235229B1 (en) | 2016-09-07 | 2019-03-19 | Pure Storage, Inc. | Rehabilitating storage devices in a storage array that includes a plurality of storage devices |
US10255061B2 (en) | 2016-08-05 | 2019-04-09 | Oracle International Corporation | Zero down time upgrade for a multi-tenant identity and data security management cloud service |
US10261836B2 (en) | 2017-03-21 | 2019-04-16 | Oracle International Corporation | Dynamic dispatching of workloads spanning heterogeneous services |
US10263947B2 (en) | 2016-08-05 | 2019-04-16 | Oracle International Corporation | LDAP to SCIM proxy service |
US10275285B1 (en) | 2017-10-19 | 2019-04-30 | Pure Storage, Inc. | Data transformation caching in an artificial intelligence infrastructure |
US10284232B2 (en) | 2015-10-28 | 2019-05-07 | Pure Storage, Inc. | Dynamic error processing in a storage device |
US10296258B1 (en) | 2018-03-09 | 2019-05-21 | Pure Storage, Inc. | Offloading data storage to a decentralized storage network |
US10296236B2 (en) | 2015-07-01 | 2019-05-21 | Pure Storage, Inc. | Offloading device management responsibilities from a storage device in an array of storage devices |
US10303390B1 (en) | 2016-05-02 | 2019-05-28 | Pure Storage, Inc. | Resolving fingerprint collisions in flash storage system |
US10306023B2 (en) | 2016-03-28 | 2019-05-28 | Oracle International Corporation | Pre-formed instructions for a mobile cloud service |
US10310740B2 (en) | 2015-06-23 | 2019-06-04 | Pure Storage, Inc. | Aligning memory access operations to a geometry of a storage device |
US10318196B1 (en) | 2015-06-10 | 2019-06-11 | Pure Storage, Inc. | Stateless storage system controller in a direct flash storage system |
US10326836B2 (en) | 2015-12-08 | 2019-06-18 | Pure Storage, Inc. | Partially replicating a snapshot between storage systems |
US10331588B2 (en) | 2016-09-07 | 2019-06-25 | Pure Storage, Inc. | Ensuring the appropriate utilization of system resources using weighted workload based, time-independent scheduling |
US10341354B2 (en) | 2016-09-16 | 2019-07-02 | Oracle International Corporation | Distributed high availability agent architecture |
US10341410B2 (en) | 2016-05-11 | 2019-07-02 | Oracle International Corporation | Security tokens for a multi-tenant identity and data security management cloud service |
US10346043B2 (en) | 2015-12-28 | 2019-07-09 | Pure Storage, Inc. | Adaptive computing for data compression |
US10348858B2 (en) | 2017-09-15 | 2019-07-09 | Oracle International Corporation | Dynamic message queues for a microservice based cloud service |
US10353777B2 (en) | 2015-10-30 | 2019-07-16 | Pure Storage, Inc. | Ensuring crash-safe forward progress of a system configuration update |
US10360214B2 (en) | 2017-10-19 | 2019-07-23 | Pure Storage, Inc. | Ensuring reproducibility in an artificial intelligence infrastructure |
US10365982B1 (en) | 2017-03-10 | 2019-07-30 | Pure Storage, Inc. | Establishing a synchronous replication relationship between two or more storage systems |
US10374868B2 (en) | 2015-10-29 | 2019-08-06 | Pure Storage, Inc. | Distributed command processing in a flash storage system |
US10417092B2 (en) | 2017-09-07 | 2019-09-17 | Pure Storage, Inc. | Incremental RAID stripe update parity calculation |
US10425386B2 (en) | 2016-05-11 | 2019-09-24 | Oracle International Corporation | Policy enforcement point for a multi-tenant identity and data security management cloud service |
US10445395B2 (en) | 2016-09-16 | 2019-10-15 | Oracle International Corporation | Cookie based state propagation for a multi-tenant identity cloud service |
US10452444B1 (en) | 2017-10-19 | 2019-10-22 | Pure Storage, Inc. | Storage system with compute resources and shared storage resources |
US10454940B2 (en) | 2016-05-11 | 2019-10-22 | Oracle International Corporation | Identity cloud service authorization model |
US10452310B1 (en) | 2016-07-13 | 2019-10-22 | Pure Storage, Inc. | Validating cabling for storage component admission to a storage array |
US10454915B2 (en) | 2017-05-18 | 2019-10-22 | Oracle International Corporation | User authentication using kerberos with identity cloud service |
US10454810B1 (en) | 2017-03-10 | 2019-10-22 | Pure Storage, Inc. | Managing host definitions across a plurality of storage systems |
US10459652B2 (en) | 2016-07-27 | 2019-10-29 | Pure Storage, Inc. | Evacuating blades in a storage array that includes a plurality of blades |
US10459664B1 (en) | 2017-04-10 | 2019-10-29 | Pure Storage, Inc. | Virtualized copy-by-reference |
US10467107B1 (en) | 2017-11-01 | 2019-11-05 | Pure Storage, Inc. | Maintaining metadata resiliency among storage device failures |
US10474363B1 (en) | 2016-07-29 | 2019-11-12 | Pure Storage, Inc. | Space reporting in a storage system |
US10484174B1 (en) | 2017-11-01 | 2019-11-19 | Pure Storage, Inc. | Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices |
US10484382B2 (en) | 2016-08-31 | 2019-11-19 | Oracle International Corporation | Data management for a multi-tenant identity cloud service |
US10484243B2 (en) | 2016-09-16 | 2019-11-19 | Oracle International Corporation | Application management for a multi-tenant identity cloud service |
US10489307B2 (en) | 2017-01-05 | 2019-11-26 | Pure Storage, Inc. | Periodically re-encrypting user data stored on a storage device |
US10503700B1 (en) | 2017-01-19 | 2019-12-10 | Pure Storage, Inc. | On-demand content filtering of snapshots within a storage system |
US10505941B2 (en) | 2016-08-05 | 2019-12-10 | Oracle International Corporation | Virtual directory system for LDAP to SCIM proxy service |
US10503427B2 (en) | 2017-03-10 | 2019-12-10 | Pure Storage, Inc. | Synchronously replicating datasets and other managed objects to cloud-based storage systems |
US10509581B1 (en) | 2017-11-01 | 2019-12-17 | Pure Storage, Inc. | Maintaining write consistency in a multi-threaded storage system |
US10511589B2 (en) | 2016-09-14 | 2019-12-17 | Oracle International Corporation | Single logout functionality for a multi-tenant identity and data security management cloud service |
US10514978B1 (en) | 2015-10-23 | 2019-12-24 | Pure Storage, Inc. | Automatic deployment of corrective measures for storage arrays |
US10516672B2 (en) | 2016-08-05 | 2019-12-24 | Oracle International Corporation | Service discovery for a multi-tenant identity and data security management cloud service |
US10521151B1 (en) | 2018-03-05 | 2019-12-31 | Pure Storage, Inc. | Determining effective space utilization in a storage system |
US10530578B2 (en) | 2016-08-05 | 2020-01-07 | Oracle International Corporation | Key store service |
US10552090B2 (en) | 2017-09-07 | 2020-02-04 | Pure Storage, Inc. | Solid state drives with multiple types of addressable memory |
US10567364B2 (en) | 2016-09-16 | 2020-02-18 | Oracle International Corporation | Preserving LDAP hierarchy in a SCIM directory using special marker groups |
US10572460B2 (en) | 2016-02-11 | 2020-02-25 | Pure Storage, Inc. | Compressing data in dependence upon characteristics of a storage system |
US10581820B2 (en) | 2016-05-11 | 2020-03-03 | Oracle International Corporation | Key generation and rollover |
US10585682B2 (en) | 2016-08-05 | 2020-03-10 | Oracle International Corporation | Tenant self-service troubleshooting for a multi-tenant identity and data security management cloud service |
US10594684B2 (en) | 2016-09-14 | 2020-03-17 | Oracle International Corporation | Generating derived credentials for a multi-tenant identity cloud service |
US10599536B1 (en) | 2015-10-23 | 2020-03-24 | Pure Storage, Inc. | Preventing storage errors using problem signatures |
US10616224B2 (en) | 2016-09-16 | 2020-04-07 | Oracle International Corporation | Tenant and service management for a multi-tenant identity and data security management cloud service |
US10613791B2 (en) | 2017-06-12 | 2020-04-07 | Pure Storage, Inc. | Portable snapshot replication between storage systems |
US10671439B1 (en) | 2016-09-07 | 2020-06-02 | Pure Storage, Inc. | Workload planning with quality-of-service (‘QOS’) integration |
US10671302B1 (en) | 2018-10-26 | 2020-06-02 | Pure Storage, Inc. | Applying a rate limit across a plurality of storage systems |
US10671494B1 (en) | 2017-11-01 | 2020-06-02 | Pure Storage, Inc. | Consistent selection of replicated datasets during storage system recovery |
US10691567B2 (en) | 2016-06-03 | 2020-06-23 | Pure Storage, Inc. | Dynamically forming a failure domain in a storage system that includes a plurality of blades |
US10705823B2 (en) | 2017-09-29 | 2020-07-07 | Oracle International Corporation | Application templates and upgrade framework for a multi-tenant identity cloud service |
US10715564B2 (en) | 2018-01-29 | 2020-07-14 | Oracle International Corporation | Dynamic client registration for an identity cloud service |
US10735394B2 (en) | 2016-08-05 | 2020-08-04 | Oracle International Corporation | Caching framework for a multi-tenant identity and data security management cloud service |
US10764273B2 (en) | 2018-06-28 | 2020-09-01 | Oracle International Corporation | Session synchronization across multiple devices in an identity cloud service |
US10791087B2 (en) | 2016-09-16 | 2020-09-29 | Oracle International Corporation | SCIM to LDAP mapping using subtype attributes |
US10789020B2 (en) | 2017-06-12 | 2020-09-29 | Pure Storage, Inc. | Recovering data within a unified storage element |
US10795598B1 (en) | 2017-12-07 | 2020-10-06 | Pure Storage, Inc. | Volume migration for storage systems synchronously replicating a dataset |
US10798165B2 (en) | 2018-04-02 | 2020-10-06 | Oracle International Corporation | Tenant data comparison for a multi-tenant identity cloud service |
US10817392B1 (en) | 2017-11-01 | 2020-10-27 | Pure Storage, Inc. | Ensuring resiliency to storage device failures in a storage system that includes a plurality of storage devices |
US10831789B2 (en) | 2017-09-27 | 2020-11-10 | Oracle International Corporation | Reference attribute query processing for a multi-tenant cloud service |
US10834137B2 (en) | 2017-09-28 | 2020-11-10 | Oracle International Corporation | Rest-based declarative policy management |
US10838833B1 (en) | 2018-03-26 | 2020-11-17 | Pure Storage, Inc. | Providing for high availability in a data analytics pipeline without replicas |
US10846390B2 (en) | 2016-09-14 | 2020-11-24 | Oracle International Corporation | Single sign-on functionality for a multi-tenant identity and data security management cloud service |
US10853148B1 (en) | 2017-06-12 | 2020-12-01 | Pure Storage, Inc. | Migrating workloads between a plurality of execution environments |
US10871922B2 (en) | 2018-05-22 | 2020-12-22 | Pure Storage, Inc. | Integrated storage management between storage systems and container orchestrators |
US10878079B2 (en) | 2016-05-11 | 2020-12-29 | Oracle International Corporation | Identity cloud service authorization model with dynamic roles and scopes |
US10884636B1 (en) | 2017-06-12 | 2021-01-05 | Pure Storage, Inc. | Presenting workload performance in a storage system |
US10904074B2 (en) | 2016-09-17 | 2021-01-26 | Oracle International Corporation | Composite event handler for a multi-tenant identity cloud service |
US10908966B1 (en) | 2016-09-07 | 2021-02-02 | Pure Storage, Inc. | Adapting target service times in a storage system |
US10917471B1 (en) | 2018-03-15 | 2021-02-09 | Pure Storage, Inc. | Active membership in a cloud-based storage system |
US10917470B1 (en) | 2018-11-18 | 2021-02-09 | Pure Storage, Inc. | Cloning storage systems in a cloud computing environment |
US10924548B1 (en) | 2018-03-15 | 2021-02-16 | Pure Storage, Inc. | Symmetric storage using a cloud-based storage system |
US10931656B2 (en) | 2018-03-27 | 2021-02-23 | Oracle International Corporation | Cross-region trust for a multi-tenant identity cloud service |
US10929226B1 (en) | 2017-11-21 | 2021-02-23 | Pure Storage, Inc. | Providing for increased flexibility for large scale parity |
US10936238B2 (en) | 2017-11-28 | 2021-03-02 | Pure Storage, Inc. | Hybrid data tiering |
US10942650B1 (en) | 2018-03-05 | 2021-03-09 | Pure Storage, Inc. | Reporting capacity utilization in a storage system |
US10963189B1 (en) | 2018-11-18 | 2021-03-30 | Pure Storage, Inc. | Coalescing write operations in a cloud-based storage system |
US10976962B2 (en) | 2018-03-15 | 2021-04-13 | Pure Storage, Inc. | Servicing I/O operations in a cloud-based storage system |
US10992533B1 (en) | 2018-01-30 | 2021-04-27 | Pure Storage, Inc. | Policy based path management |
US10992598B2 (en) | 2018-05-21 | 2021-04-27 | Pure Storage, Inc. | Synchronously replicating when a mediation service becomes unavailable |
US10990282B1 (en) | 2017-11-28 | 2021-04-27 | Pure Storage, Inc. | Hybrid data tiering with cloud storage |
US11003369B1 (en) | 2019-01-14 | 2021-05-11 | Pure Storage, Inc. | Performing a tune-up procedure on a storage device during a boot process |
US11012444B2 (en) | 2018-06-25 | 2021-05-18 | Oracle International Corporation | Declarative third party identity provider integration for a multi-tenant identity cloud service |
US11016824B1 (en) | 2017-06-12 | 2021-05-25 | Pure Storage, Inc. | Event identification with out-of-order reporting in a cloud-based environment |
US11036677B1 (en) | 2017-12-14 | 2021-06-15 | Pure Storage, Inc. | Replicated data integrity |
US11042452B1 (en) | 2019-03-20 | 2021-06-22 | Pure Storage, Inc. | Storage system data recovery using data recovery as a service |
US11048590B1 (en) | 2018-03-15 | 2021-06-29 | Pure Storage, Inc. | Data consistency during recovery in a cloud-based storage system |
US11061929B2 (en) | 2019-02-08 | 2021-07-13 | Oracle International Corporation | Replication of resource type and schema metadata for a multi-tenant identity cloud service |
US11068162B1 (en) | 2019-04-09 | 2021-07-20 | Pure Storage, Inc. | Storage management in a cloud data store |
US11086553B1 (en) | 2019-08-28 | 2021-08-10 | Pure Storage, Inc. | Tiering duplicated objects in a cloud-based object store |
US11089105B1 (en) | 2017-12-14 | 2021-08-10 | Pure Storage, Inc. | Synchronously replicating datasets in cloud-based storage systems |
US11093139B1 (en) | 2019-07-18 | 2021-08-17 | Pure Storage, Inc. | Durably storing data within a virtual storage system |
US11095706B1 (en) | 2018-03-21 | 2021-08-17 | Pure Storage, Inc. | Secure cloud-based storage system management |
US11102298B1 (en) | 2015-05-26 | 2021-08-24 | Pure Storage, Inc. | Locally providing cloud storage services for fleet management |
US11112990B1 (en) | 2016-04-27 | 2021-09-07 | Pure Storage, Inc. | Managing storage device evacuation |
US11126364B2 (en) | 2019-07-18 | 2021-09-21 | Pure Storage, Inc. | Virtual storage system architecture |
US11146564B1 (en) | 2018-07-24 | 2021-10-12 | Pure Storage, Inc. | Login authentication in a cloud storage platform |
US11150834B1 (en) | 2018-03-05 | 2021-10-19 | Pure Storage, Inc. | Determining storage consumption in a storage system |
US11165634B2 (en) | 2018-04-02 | 2021-11-02 | Oracle International Corporation | Data replication conflict detection and resolution for a multi-tenant identity cloud service |
US11163624B2 (en) | 2017-01-27 | 2021-11-02 | Pure Storage, Inc. | Dynamically adjusting an amount of log data generated for a storage system |
US11171950B1 (en) | 2018-03-21 | 2021-11-09 | Pure Storage, Inc. | Secure cloud-based storage system management |
US11169727B1 (en) | 2017-03-10 | 2021-11-09 | Pure Storage, Inc. | Synchronous replication between storage systems with virtualized storage |
US11210133B1 (en) | 2017-06-12 | 2021-12-28 | Pure Storage, Inc. | Workload mobility between disparate execution environments |
US11210009B1 (en) | 2018-03-15 | 2021-12-28 | Pure Storage, Inc. | Staging data in a cloud-based storage system |
US11221778B1 (en) | 2019-04-02 | 2022-01-11 | Pure Storage, Inc. | Preparing data for deduplication |
US11231858B2 (en) | 2016-05-19 | 2022-01-25 | Pure Storage, Inc. | Dynamically configuring a storage system to facilitate independent scaling of resources |
US11258775B2 (en) | 2018-04-04 | 2022-02-22 | Oracle International Corporation | Local write for a multi-tenant identity cloud service |
US11271969B2 (en) | 2017-09-28 | 2022-03-08 | Oracle International Corporation | Rest-based declarative policy management |
US11288138B1 (en) | 2018-03-15 | 2022-03-29 | Pure Storage, Inc. | Recovery from a system fault in a cloud-based storage system |
US11294588B1 (en) | 2015-08-24 | 2022-04-05 | Pure Storage, Inc. | Placing data within a storage device |
US11301152B1 (en) | 2020-04-06 | 2022-04-12 | Pure Storage, Inc. | Intelligently moving data between storage systems |
US11321343B2 (en) | 2019-02-19 | 2022-05-03 | Oracle International Corporation | Tenant replication bootstrap for a multi-tenant identity cloud service |
US11321187B2 (en) | 2018-10-19 | 2022-05-03 | Oracle International Corporation | Assured lazy rollback for a multi-tenant identity cloud service |
US11321006B1 (en) | 2020-03-25 | 2022-05-03 | Pure Storage, Inc. | Data loss prevention during transitions from a replication source |
US11327676B1 (en) | 2019-07-18 | 2022-05-10 | Pure Storage, Inc. | Predictive data streaming in a virtual storage system |
US11340939B1 (en) | 2017-06-12 | 2022-05-24 | Pure Storage, Inc. | Application-aware analytics for storage systems |
US11340837B1 (en) | 2018-11-18 | 2022-05-24 | Pure Storage, Inc. | Storage system management via a remote console |
US11340800B1 (en) | 2017-01-19 | 2022-05-24 | Pure Storage, Inc. | Content masking in a storage system |
US11347697B1 (en) | 2015-12-15 | 2022-05-31 | Pure Storage, Inc. | Proactively optimizing a storage system |
US11349917B2 (en) | 2020-07-23 | 2022-05-31 | Pure Storage, Inc. | Replication handling among distinct networks |
US11360689B1 (en) | 2019-09-13 | 2022-06-14 | Pure Storage, Inc. | Cloning a tracking copy of replica data |
US11360844B1 (en) | 2015-10-23 | 2022-06-14 | Pure Storage, Inc. | Recovery of a container storage provider |
US11379132B1 (en) | 2016-10-20 | 2022-07-05 | Pure Storage, Inc. | Correlating medical sensor data |
US11392553B1 (en) | 2018-04-24 | 2022-07-19 | Pure Storage, Inc. | Remote data management |
US11392555B2 (en) | 2019-05-15 | 2022-07-19 | Pure Storage, Inc. | Cloud-based file services |
US11397545B1 (en) | 2021-01-20 | 2022-07-26 | Pure Storage, Inc. | Emulating persistent reservations in a cloud-based storage system |
US11403000B1 (en) | 2018-07-20 | 2022-08-02 | Pure Storage, Inc. | Resiliency in a cloud-based storage system |
US11416298B1 (en) | 2018-07-20 | 2022-08-16 | Pure Storage, Inc. | Providing application-specific storage by a storage system |
US11423111B2 (en) | 2019-02-25 | 2022-08-23 | Oracle International Corporation | Client API for rest based endpoints for a multi-tenant identify cloud service |
US11422731B1 (en) | 2017-06-12 | 2022-08-23 | Pure Storage, Inc. | Metadata-based replication of a dataset |
US11431488B1 (en) | 2020-06-08 | 2022-08-30 | Pure Storage, Inc. | Protecting local key generation using a remote key management service |
US11436344B1 (en) | 2018-04-24 | 2022-09-06 | Pure Storage, Inc. | Secure encryption in deduplication cluster |
US11442669B1 (en) | 2018-03-15 | 2022-09-13 | Pure Storage, Inc. | Orchestrating a virtual storage system |
US11442652B1 (en) | 2020-07-23 | 2022-09-13 | Pure Storage, Inc. | Replication handling during storage system transportation |
US11442825B2 (en) | 2017-03-10 | 2022-09-13 | Pure Storage, Inc. | Establishing a synchronous replication relationship between two or more storage systems |
US11455168B1 (en) | 2017-10-19 | 2022-09-27 | Pure Storage, Inc. | Batch building for deep learning training workloads |
US11455409B2 (en) | 2018-05-21 | 2022-09-27 | Pure Storage, Inc. | Storage layer data obfuscation |
US11461273B1 (en) | 2016-12-20 | 2022-10-04 | Pure Storage, Inc. | Modifying storage distribution in a storage system that includes one or more storage devices |
US11477280B1 (en) | 2017-07-26 | 2022-10-18 | Pure Storage, Inc. | Integrating cloud storage services |
US11481261B1 (en) | 2016-09-07 | 2022-10-25 | Pure Storage, Inc. | Preventing extended latency in a storage system |
US11487715B1 (en) | 2019-07-18 | 2022-11-01 | Pure Storage, Inc. | Resiliency in a cloud-based storage system |
US11494267B2 (en) | 2020-04-14 | 2022-11-08 | Pure Storage, Inc. | Continuous value data redundancy |
US11494692B1 (en) | 2018-03-26 | 2022-11-08 | Pure Storage, Inc. | Hyperscale artificial intelligence and machine learning infrastructure |
US11503031B1 (en) | 2015-05-29 | 2022-11-15 | Pure Storage, Inc. | Storage array access control from cloud-based user authorization and authentication |
US11526408B2 (en) | 2019-07-18 | 2022-12-13 | Pure Storage, Inc. | Data recovery in a virtual storage system |
US11526405B1 (en) | 2018-11-18 | 2022-12-13 | Pure Storage, Inc. | Cloud-based disaster recovery |
US11531487B1 (en) | 2019-12-06 | 2022-12-20 | Pure Storage, Inc. | Creating a replica of a storage system |
US11531577B1 (en) | 2016-09-07 | 2022-12-20 | Pure Storage, Inc. | Temporarily limiting access to a storage device |
US11550514B2 (en) | 2019-07-18 | 2023-01-10 | Pure Storage, Inc. | Efficient transfers between tiers of a virtual storage system |
US11561714B1 (en) | 2017-07-05 | 2023-01-24 | Pure Storage, Inc. | Storage efficiency driven migration |
US11573864B1 (en) | 2019-09-16 | 2023-02-07 | Pure Storage, Inc. | Automating database management in a storage system |
US11588716B2 (en) | 2021-05-12 | 2023-02-21 | Pure Storage, Inc. | Adaptive storage processing for storage-as-a-service |
US11592991B2 (en) | 2017-09-07 | 2023-02-28 | Pure Storage, Inc. | Converting raid data between persistent storage types |
US11611548B2 (en) | 2019-11-22 | 2023-03-21 | Oracle International Corporation | Bulk multifactor authentication enrollment |
US11609718B1 (en) | 2017-06-12 | 2023-03-21 | Pure Storage, Inc. | Identifying valid data after a storage system recovery |
US11616834B2 (en) | 2015-12-08 | 2023-03-28 | Pure Storage, Inc. | Efficient replication of a dataset to the cloud |
US11620075B2 (en) | 2016-11-22 | 2023-04-04 | Pure Storage, Inc. | Providing application aware storage |
US11625181B1 (en) | 2015-08-24 | 2023-04-11 | Pure Storage, Inc. | Data tiering using snapshots |
US11632360B1 (en) | 2018-07-24 | 2023-04-18 | Pure Storage, Inc. | Remote access to a storage device |
US11630598B1 (en) | 2020-04-06 | 2023-04-18 | Pure Storage, Inc. | Scheduling data replication operations |
US11630585B1 (en) | 2016-08-25 | 2023-04-18 | Pure Storage, Inc. | Processing evacuation events in a storage array that includes a plurality of storage devices |
US11637896B1 (en) | 2020-02-25 | 2023-04-25 | Pure Storage, Inc. | Migrating applications to a cloud-computing environment |
US11651357B2 (en) | 2019-02-01 | 2023-05-16 | Oracle International Corporation | Multifactor authentication without a user footprint |
US11650749B1 (en) | 2018-12-17 | 2023-05-16 | Pure Storage, Inc. | Controlling access to sensitive data in a shared dataset |
US11669321B2 (en) | 2019-02-20 | 2023-06-06 | Oracle International Corporation | Automated database upgrade for a multi-tenant identity cloud service |
US11669386B1 (en) | 2019-10-08 | 2023-06-06 | Pure Storage, Inc. | Managing an application's resource stack |
US11675520B2 (en) | 2017-03-10 | 2023-06-13 | Pure Storage, Inc. | Application replication among storage systems synchronously replicating a dataset |
US11675503B1 (en) | 2018-05-21 | 2023-06-13 | Pure Storage, Inc. | Role-based data access |
US11687378B2 (en) | 2019-09-13 | 2023-06-27 | Oracle International Corporation | Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability |
US11693713B1 (en) | 2019-09-04 | 2023-07-04 | Pure Storage, Inc. | Self-tuning clusters for resilient microservices |
US11693835B2 (en) | 2018-10-17 | 2023-07-04 | Oracle International Corporation | Dynamic database schema allocation on tenant onboarding for a multi-tenant identity cloud service |
US11706895B2 (en) | 2016-07-19 | 2023-07-18 | Pure Storage, Inc. | Independent scaling of compute resources and storage resources in a storage system |
US11709636B1 (en) | 2020-01-13 | 2023-07-25 | Pure Storage, Inc. | Non-sequential readahead for deep learning training |
US11714723B2 (en) | 2021-10-29 | 2023-08-01 | Pure Storage, Inc. | Coordinated snapshots for data stored across distinct storage environments |
US11720497B1 (en) | 2020-01-13 | 2023-08-08 | Pure Storage, Inc. | Inferred nonsequential prefetch based on data access patterns |
US11733901B1 (en) | 2020-01-13 | 2023-08-22 | Pure Storage, Inc. | Providing persistent storage to transient cloud computing services |
US11762764B1 (en) | 2015-12-02 | 2023-09-19 | Pure Storage, Inc. | Writing data in a storage system that includes a first type of storage device and a second type of storage device |
US11762781B2 (en) | 2017-01-09 | 2023-09-19 | Pure Storage, Inc. | Providing end-to-end encryption for data stored in a storage system |
US11782614B1 (en) | 2017-12-21 | 2023-10-10 | Pure Storage, Inc. | Encrypting data to optimize data reduction |
US11792226B2 (en) | 2019-02-25 | 2023-10-17 | Oracle International Corporation | Automatic api document generation from scim metadata |
US11797569B2 (en) | 2019-09-13 | 2023-10-24 | Pure Storage, Inc. | Configurable data replication |
US11803453B1 (en) | 2017-03-10 | 2023-10-31 | Pure Storage, Inc. | Using host connectivity states to avoid queuing I/O requests |
US11809727B1 (en) | 2016-04-27 | 2023-11-07 | Pure Storage, Inc. | Predicting failures in a storage system that includes a plurality of storage devices |
US11816129B2 (en) | 2021-06-22 | 2023-11-14 | Pure Storage, Inc. | Generating datasets using approximate baselines |
US11847071B2 (en) | 2021-12-30 | 2023-12-19 | Pure Storage, Inc. | Enabling communication between a single-port device and multiple storage system controllers |
US11853266B2 (en) | 2019-05-15 | 2023-12-26 | Pure Storage, Inc. | Providing a file system in a cloud environment |
US11853285B1 (en) | 2021-01-22 | 2023-12-26 | Pure Storage, Inc. | Blockchain logging of volume-level events in a storage system |
US11860780B2 (en) | 2022-01-28 | 2024-01-02 | Pure Storage, Inc. | Storage cache management |
US11861423B1 (en) | 2017-10-19 | 2024-01-02 | Pure Storage, Inc. | Accelerating artificial intelligence (‘AI’) workflows |
US11860820B1 (en) | 2018-09-11 | 2024-01-02 | Pure Storage, Inc. | Processing data through a storage system in a data pipeline |
US11861170B2 (en) | 2018-03-05 | 2024-01-02 | Pure Storage, Inc. | Sizing resources for a replication target |
US11861221B1 (en) | 2019-07-18 | 2024-01-02 | Pure Storage, Inc. | Providing scalable and reliable container-based storage services |
US11868629B1 (en) | 2017-05-05 | 2024-01-09 | Pure Storage, Inc. | Storage system sizing service |
US11870770B2 (en) | 2019-09-13 | 2024-01-09 | Oracle International Corporation | Multi-tenant identity cloud service with on-premise authentication integration |
US11868622B2 (en) | 2020-02-25 | 2024-01-09 | Pure Storage, Inc. | Application recovery across storage systems |
US11886295B2 (en) | 2022-01-31 | 2024-01-30 | Pure Storage, Inc. | Intra-block error correction |
US11886922B2 (en) | 2016-09-07 | 2024-01-30 | Pure Storage, Inc. | Scheduling input/output operations for a storage system |
US11893263B2 (en) | 2021-10-29 | 2024-02-06 | Pure Storage, Inc. | Coordinated checkpoints among storage systems implementing checkpoint-based replication |
US11914867B2 (en) | 2021-10-29 | 2024-02-27 | Pure Storage, Inc. | Coordinated snapshots among storage systems implementing a promotion/demotion model |
US11921908B2 (en) | 2017-08-31 | 2024-03-05 | Pure Storage, Inc. | Writing data to compressed and encrypted volumes |
US11921670B1 (en) | 2020-04-20 | 2024-03-05 | Pure Storage, Inc. | Multivariate data backup retention policies |
US11922052B2 (en) | 2021-12-15 | 2024-03-05 | Pure Storage, Inc. | Managing links between storage objects |
US11941279B2 (en) | 2017-03-10 | 2024-03-26 | Pure Storage, Inc. | Data path virtualization |
US11954238B1 (en) | 2018-07-24 | 2024-04-09 | Pure Storage, Inc. | Role-based access control for a storage system |
US11954220B2 (en) | 2018-05-21 | 2024-04-09 | Pure Storage, Inc. | Data protection for container storage |
US11960348B2 (en) | 2016-09-07 | 2024-04-16 | Pure Storage, Inc. | Cloud-based monitoring of hardware components in a fleet of storage systems |
US11960777B2 (en) | 2017-06-12 | 2024-04-16 | Pure Storage, Inc. | Utilizing multiple redundancy schemes within a unified storage element |
US11972134B2 (en) | 2022-01-12 | 2024-04-30 | Pure Storage, Inc. | Resource utilization using normalized input/output (‘I/O’) operations |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070044143A1 (en) * | 2005-08-22 | 2007-02-22 | Microsoft Corporation | Distributed single sign-on service |
KR20100034321A (en) * | 2008-09-23 | 2010-04-01 | 한국전자통신연구원 | Network id based federation and single sign on authentication method |
US20110138453A1 (en) * | 2009-12-03 | 2011-06-09 | Samsung Electronics Co., Ltd. | Single sign-on in mixed http and sip environments |
US20110153727A1 (en) * | 2009-12-17 | 2011-06-23 | Hong Li | Cloud federation as a service |
-
2012
- 2012-11-09 WO PCT/US2012/064425 patent/WO2013071087A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070044143A1 (en) * | 2005-08-22 | 2007-02-22 | Microsoft Corporation | Distributed single sign-on service |
KR20100034321A (en) * | 2008-09-23 | 2010-04-01 | 한국전자통신연구원 | Network id based federation and single sign on authentication method |
US20110138453A1 (en) * | 2009-12-03 | 2011-06-09 | Samsung Electronics Co., Ltd. | Single sign-on in mixed http and sip environments |
US20110153727A1 (en) * | 2009-12-17 | 2011-06-23 | Hong Li | Cloud federation as a service |
Cited By (468)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10176335B2 (en) | 2012-03-20 | 2019-01-08 | Microsoft Technology Licensing, Llc | Identity services for organizations transparently hosted in the cloud |
US9529657B2 (en) | 2014-02-07 | 2016-12-27 | Oracle International Corporation | Techniques for generating diagnostic identifiers to trace events and identifying related diagnostic information |
CN105900396A (en) * | 2014-02-07 | 2016-08-24 | 甲骨文国际公司 | Mobile cloud service architecture |
US9529658B2 (en) | 2014-02-07 | 2016-12-27 | Oracle International Corporation | Techniques for generating diagnostic identifiers to trace request messages and identifying related diagnostic information |
US20150229638A1 (en) * | 2014-02-07 | 2015-08-13 | Oracle International Corporation | Mobile cloud service architecture |
US9712511B2 (en) | 2014-02-07 | 2017-07-18 | Oracel International Corporation | Mobile cloud service architecture |
WO2015119658A1 (en) * | 2014-02-07 | 2015-08-13 | Oracle International Corporation | Mobile cloud service architecture |
US9935959B2 (en) | 2014-02-07 | 2018-04-03 | Oracle International Corporation | Cloud service custom execution environment |
US9231946B2 (en) | 2014-02-07 | 2016-01-05 | Oracle International Corporation | Mobile cloud service architecture |
CN105900396B (en) * | 2014-02-07 | 2019-05-31 | 甲骨文国际公司 | Mobile cloud service architectural framework |
US10055423B2 (en) | 2014-03-31 | 2018-08-21 | Oracle International Corporation | Infrastructure for synchronization of mobile device with mobile cloud service |
US10209992B2 (en) | 2014-04-25 | 2019-02-19 | Avago Technologies International Sales Pte. Limited | System and method for branch prediction using two branch history tables and presetting a global branch history register |
WO2015195724A3 (en) * | 2014-06-19 | 2016-03-17 | Microsoft Technology Licensing, Llc | Integrated apis and uis for consuming services across different distributed networks |
KR20170022996A (en) * | 2014-06-19 | 2017-03-02 | 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 | Integrated apis and uis for consuming services across different distributed networks |
KR102391806B1 (en) | 2014-06-19 | 2022-04-27 | 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 | Integrated apis and uis for consuming services across different distributed networks |
US10129344B2 (en) | 2014-06-19 | 2018-11-13 | Microsoft Technology Licensing, Llc | Integrated user interface for consuming services across different distributed networks |
CN106462467B (en) * | 2014-06-19 | 2020-03-03 | 微软技术许可有限责任公司 | Integrated API and UI for consuming services over different distributed networks |
CN106462467A (en) * | 2014-06-19 | 2017-02-22 | 微软技术许可有限责任公司 | Integrated APIs and UIs for consuming services across different distributed networks |
US9560037B2 (en) | 2014-06-19 | 2017-01-31 | Microsoft Technology Licensing, Llc | Integrated APIs and UIs for consuming services across different distributed networks |
US10397375B2 (en) | 2015-01-14 | 2019-08-27 | Oracle International Corporation | Multi-tenant cloud-based queuing systems |
US10063661B2 (en) | 2015-01-14 | 2018-08-28 | Oracle International Corporation | Multi-tenant cloud-based queuing systems |
US11711426B2 (en) | 2015-05-26 | 2023-07-25 | Pure Storage, Inc. | Providing storage resources from a storage pool |
US9716755B2 (en) | 2015-05-26 | 2017-07-25 | Pure Storage, Inc. | Providing cloud storage array services by a local storage array in a data center |
US11102298B1 (en) | 2015-05-26 | 2021-08-24 | Pure Storage, Inc. | Locally providing cloud storage services for fleet management |
US10652331B1 (en) | 2015-05-26 | 2020-05-12 | Pure Storage, Inc. | Locally providing highly available cloud-based storage system services |
US10027757B1 (en) | 2015-05-26 | 2018-07-17 | Pure Storage, Inc. | Locally providing cloud storage array services |
US10761759B1 (en) | 2015-05-27 | 2020-09-01 | Pure Storage, Inc. | Deduplication of data in a storage device |
US11921633B2 (en) | 2015-05-27 | 2024-03-05 | Pure Storage, Inc. | Deduplicating data based on recently reading the data |
US9594678B1 (en) | 2015-05-27 | 2017-03-14 | Pure Storage, Inc. | Preventing duplicate entries of identical data in a storage device |
US11360682B1 (en) | 2015-05-27 | 2022-06-14 | Pure Storage, Inc. | Identifying duplicative write data in a storage system |
US10021170B2 (en) | 2015-05-29 | 2018-07-10 | Pure Storage, Inc. | Managing a storage array using client-side services |
US11503031B1 (en) | 2015-05-29 | 2022-11-15 | Pure Storage, Inc. | Storage array access control from cloud-based user authorization and authentication |
US11936654B2 (en) | 2015-05-29 | 2024-03-19 | Pure Storage, Inc. | Cloud-based user authorization control for storage system access |
US9444822B1 (en) | 2015-05-29 | 2016-09-13 | Pure Storage, Inc. | Storage array access control from cloud-based user authorization and authentication |
EP3745669A1 (en) * | 2015-05-29 | 2020-12-02 | Pure Storage, Inc. | Authorization-information in a token for cloud-based storage array |
US9882913B1 (en) | 2015-05-29 | 2018-01-30 | Pure Storage, Inc. | Delivering authorization and authentication for a user of a storage array from a cloud |
US11201913B1 (en) | 2015-05-29 | 2021-12-14 | Pure Storage, Inc. | Cloud-based authentication of a storage system user |
WO2016195760A1 (en) * | 2015-05-29 | 2016-12-08 | Pure Storage, Inc. | Storage array access control from cloud-based user authorization and authentication |
US10560517B1 (en) | 2015-05-29 | 2020-02-11 | Pure Storage, Inc. | Remote management of a storage array |
WO2016195759A1 (en) * | 2015-05-29 | 2016-12-08 | Pure Storage, Inc. | Providing authorization and authentication in a cloud for a user of a storage array |
US11936719B2 (en) | 2015-05-29 | 2024-03-19 | Pure Storage, Inc. | Using cloud services to provide secure access to a storage system |
US10834086B1 (en) | 2015-05-29 | 2020-11-10 | Pure Storage, Inc. | Hybrid cloud-based authentication for flash storage array access |
US11137918B1 (en) | 2015-06-10 | 2021-10-05 | Pure Storage, Inc. | Administration of control information in a storage system |
US10318196B1 (en) | 2015-06-10 | 2019-06-11 | Pure Storage, Inc. | Stateless storage system controller in a direct flash storage system |
US11868625B2 (en) | 2015-06-10 | 2024-01-09 | Pure Storage, Inc. | Alert tracking in storage |
US9804779B1 (en) | 2015-06-19 | 2017-10-31 | Pure Storage, Inc. | Determining storage capacity to be made available upon deletion of a shared data object |
US11586359B1 (en) | 2015-06-19 | 2023-02-21 | Pure Storage, Inc. | Tracking storage consumption in a storage array |
US10310753B1 (en) | 2015-06-19 | 2019-06-04 | Pure Storage, Inc. | Capacity attribution in a storage system |
US9594512B1 (en) | 2015-06-19 | 2017-03-14 | Pure Storage, Inc. | Attributing consumed storage capacity among entities storing data in a storage array |
US10082971B1 (en) | 2015-06-19 | 2018-09-25 | Pure Storage, Inc. | Calculating capacity utilization in a storage system |
US10866744B1 (en) | 2015-06-19 | 2020-12-15 | Pure Storage, Inc. | Determining capacity utilization in a deduplicating storage system |
US10310740B2 (en) | 2015-06-23 | 2019-06-04 | Pure Storage, Inc. | Aligning memory access operations to a geometry of a storage device |
US10296236B2 (en) | 2015-07-01 | 2019-05-21 | Pure Storage, Inc. | Offloading device management responsibilities from a storage device in an array of storage devices |
US11385801B1 (en) | 2015-07-01 | 2022-07-12 | Pure Storage, Inc. | Offloading device management responsibilities of a storage device to a storage controller |
US9910800B1 (en) | 2015-08-03 | 2018-03-06 | Pure Storage, Inc. | Utilizing remote direct memory access (‘RDMA’) for communication between controllers in a storage array |
US10540307B1 (en) | 2015-08-03 | 2020-01-21 | Pure Storage, Inc. | Providing an active/active front end by coupled controllers in a storage system |
US9892071B2 (en) | 2015-08-03 | 2018-02-13 | Pure Storage, Inc. | Emulating a remote direct memory access (‘RDMA’) link between controllers in a storage array |
US11681640B2 (en) | 2015-08-03 | 2023-06-20 | Pure Storage, Inc. | Multi-channel communications between controllers in a storage system |
US9851762B1 (en) | 2015-08-06 | 2017-12-26 | Pure Storage, Inc. | Compliant printed circuit board (‘PCB’) within an enclosure |
US11868636B2 (en) | 2015-08-24 | 2024-01-09 | Pure Storage, Inc. | Prioritizing garbage collection based on the extent to which data is deduplicated |
US11625181B1 (en) | 2015-08-24 | 2023-04-11 | Pure Storage, Inc. | Data tiering using snapshots |
US11294588B1 (en) | 2015-08-24 | 2022-04-05 | Pure Storage, Inc. | Placing data within a storage device |
US10198194B2 (en) | 2015-08-24 | 2019-02-05 | Pure Storage, Inc. | Placing data within a storage device of a flash array |
US11874733B2 (en) | 2015-10-23 | 2024-01-16 | Pure Storage, Inc. | Recovering a container storage system |
US11360844B1 (en) | 2015-10-23 | 2022-06-14 | Pure Storage, Inc. | Recovery of a container storage provider |
US11593194B2 (en) | 2015-10-23 | 2023-02-28 | Pure Storage, Inc. | Cloud-based providing of one or more corrective measures for a storage system |
US11934260B2 (en) | 2015-10-23 | 2024-03-19 | Pure Storage, Inc. | Problem signature-based corrective measure deployment |
US11061758B1 (en) | 2015-10-23 | 2021-07-13 | Pure Storage, Inc. | Proactively providing corrective measures for storage arrays |
US10599536B1 (en) | 2015-10-23 | 2020-03-24 | Pure Storage, Inc. | Preventing storage errors using problem signatures |
US10514978B1 (en) | 2015-10-23 | 2019-12-24 | Pure Storage, Inc. | Automatic deployment of corrective measures for storage arrays |
US10432233B1 (en) | 2015-10-28 | 2019-10-01 | Pure Storage Inc. | Error correction processing in a storage device |
US11784667B2 (en) | 2015-10-28 | 2023-10-10 | Pure Storage, Inc. | Selecting optimal responses to errors in a storage system |
US10284232B2 (en) | 2015-10-28 | 2019-05-07 | Pure Storage, Inc. | Dynamic error processing in a storage device |
US11095315B1 (en) | 2015-10-28 | 2021-08-17 | Pure Storage, Inc. | Intelligent error correction in a storage device |
US11422714B1 (en) | 2015-10-29 | 2022-08-23 | Pure Storage, Inc. | Efficient copying of data in a storage system |
US9740414B2 (en) | 2015-10-29 | 2017-08-22 | Pure Storage, Inc. | Optimizing copy operations |
US11836357B2 (en) | 2015-10-29 | 2023-12-05 | Pure Storage, Inc. | Memory aligned copy operation execution |
US11032123B1 (en) | 2015-10-29 | 2021-06-08 | Pure Storage, Inc. | Hierarchical storage system management |
US10956054B1 (en) | 2015-10-29 | 2021-03-23 | Pure Storage, Inc. | Efficient performance of copy operations in a storage system |
US10374868B2 (en) | 2015-10-29 | 2019-08-06 | Pure Storage, Inc. | Distributed command processing in a flash storage system |
US10268403B1 (en) | 2015-10-29 | 2019-04-23 | Pure Storage, Inc. | Combining multiple copy operations into a single copy operation |
US10929231B1 (en) | 2015-10-30 | 2021-02-23 | Pure Storage, Inc. | System configuration selection in a storage system |
US10353777B2 (en) | 2015-10-30 | 2019-07-16 | Pure Storage, Inc. | Ensuring crash-safe forward progress of a system configuration update |
CN108293045A (en) * | 2015-11-12 | 2018-07-17 | 微软技术许可有限责任公司 | Single-sign-on Identity Management between local and remote system |
CN108293045B (en) * | 2015-11-12 | 2021-01-26 | 微软技术许可有限责任公司 | Single sign-on identity management between local and remote systems |
US10749854B2 (en) | 2015-11-12 | 2020-08-18 | Microsoft Technology Licensing, Llc | Single sign-on identity management between local and remote systems |
WO2017083209A1 (en) * | 2015-11-12 | 2017-05-18 | Microsoft Technology Licensing, Llc | Single sign-on identity management between local and remote systems |
US10970202B1 (en) | 2015-12-02 | 2021-04-06 | Pure Storage, Inc. | Managing input/output (‘I/O’) requests in a storage system that includes multiple types of storage devices |
US11762764B1 (en) | 2015-12-02 | 2023-09-19 | Pure Storage, Inc. | Writing data in a storage system that includes a first type of storage device and a second type of storage device |
US9760479B2 (en) | 2015-12-02 | 2017-09-12 | Pure Storage, Inc. | Writing data in a storage system that includes a first type of storage device and a second type of storage device |
US10255176B1 (en) | 2015-12-02 | 2019-04-09 | Pure Storage, Inc. | Input/output (‘I/O’) in a storage system that includes multiple types of storage devices |
US10986179B1 (en) | 2015-12-08 | 2021-04-20 | Pure Storage, Inc. | Cloud-based snapshot replication |
US10326836B2 (en) | 2015-12-08 | 2019-06-18 | Pure Storage, Inc. | Partially replicating a snapshot between storage systems |
US11616834B2 (en) | 2015-12-08 | 2023-03-28 | Pure Storage, Inc. | Efficient replication of a dataset to the cloud |
US11836118B2 (en) | 2015-12-15 | 2023-12-05 | Pure Storage, Inc. | Performance metric-based improvement of one or more conditions of a storage array |
US10162835B2 (en) | 2015-12-15 | 2018-12-25 | Pure Storage, Inc. | Proactive management of a plurality of storage arrays in a multi-array system |
US11030160B1 (en) | 2015-12-15 | 2021-06-08 | Pure Storage, Inc. | Projecting the effects of implementing various actions on a storage system |
US11347697B1 (en) | 2015-12-15 | 2022-05-31 | Pure Storage, Inc. | Proactively optimizing a storage system |
US11281375B1 (en) | 2015-12-28 | 2022-03-22 | Pure Storage, Inc. | Optimizing for data reduction in a storage system |
US10346043B2 (en) | 2015-12-28 | 2019-07-09 | Pure Storage, Inc. | Adaptive computing for data compression |
US10929185B1 (en) | 2016-01-28 | 2021-02-23 | Pure Storage, Inc. | Predictive workload placement |
US9886314B2 (en) | 2016-01-28 | 2018-02-06 | Pure Storage, Inc. | Placing workloads in a multi-array system |
US11392565B1 (en) | 2016-02-11 | 2022-07-19 | Pure Storage, Inc. | Optimizing data compression in a storage system |
US10572460B2 (en) | 2016-02-11 | 2020-02-25 | Pure Storage, Inc. | Compressing data in dependence upon characteristics of a storage system |
US11748322B2 (en) | 2016-02-11 | 2023-09-05 | Pure Storage, Inc. | Utilizing different data compression algorithms based on characteristics of a storage system |
US10884666B1 (en) | 2016-02-12 | 2021-01-05 | Pure Storage, Inc. | Dynamic path selection in a storage network |
US11561730B1 (en) | 2016-02-12 | 2023-01-24 | Pure Storage, Inc. | Selecting paths between a host and a storage system |
US9760297B2 (en) | 2016-02-12 | 2017-09-12 | Pure Storage, Inc. | Managing input/output (‘I/O’) queues in a data storage system |
US10289344B1 (en) | 2016-02-12 | 2019-05-14 | Pure Storage, Inc. | Bandwidth-based path selection in a storage network |
US10001951B1 (en) | 2016-02-12 | 2018-06-19 | Pure Storage, Inc. | Path selection in a data storage system |
US10768815B1 (en) | 2016-03-16 | 2020-09-08 | Pure Storage, Inc. | Upgrading a storage system |
US11340785B1 (en) | 2016-03-16 | 2022-05-24 | Pure Storage, Inc. | Upgrading data in a storage system using background processes |
US9959043B2 (en) | 2016-03-16 | 2018-05-01 | Pure Storage, Inc. | Performing a non-disruptive upgrade of data in a storage system |
US10306023B2 (en) | 2016-03-28 | 2019-05-28 | Oracle International Corporation | Pre-formed instructions for a mobile cloud service |
US11112990B1 (en) | 2016-04-27 | 2021-09-07 | Pure Storage, Inc. | Managing storage device evacuation |
US9841921B2 (en) | 2016-04-27 | 2017-12-12 | Pure Storage, Inc. | Migrating data in a storage array that includes a plurality of storage devices |
US11809727B1 (en) | 2016-04-27 | 2023-11-07 | Pure Storage, Inc. | Predicting failures in a storage system that includes a plurality of storage devices |
US10564884B1 (en) | 2016-04-27 | 2020-02-18 | Pure Storage, Inc. | Intelligent data migration within a flash storage array |
US11934681B2 (en) | 2016-04-27 | 2024-03-19 | Pure Storage, Inc. | Data migration for write groups |
US11461009B2 (en) | 2016-04-28 | 2022-10-04 | Pure Storage, Inc. | Supporting applications across a fleet of storage systems |
US10996859B1 (en) | 2016-04-28 | 2021-05-04 | Pure Storage, Inc. | Utilizing redundant resources in a storage system |
US9811264B1 (en) | 2016-04-28 | 2017-11-07 | Pure Storage, Inc. | Deploying client-specific applications in a storage system utilizing redundant system resources |
US10545676B1 (en) | 2016-04-28 | 2020-01-28 | Pure Storage, Inc. | Providing high availability to client-specific applications executing in a storage system |
US10620864B1 (en) | 2016-05-02 | 2020-04-14 | Pure Storage, Inc. | Improving the accuracy of in-line data deduplication |
US10303390B1 (en) | 2016-05-02 | 2019-05-28 | Pure Storage, Inc. | Resolving fingerprint collisions in flash storage system |
US9838377B1 (en) | 2016-05-11 | 2017-12-05 | Oracle International Corporation | Task segregation in a multi-tenant identity and data security management cloud service |
US10848543B2 (en) | 2016-05-11 | 2020-11-24 | Oracle International Corporation | Security tokens for a multi-tenant identity and data security management cloud service |
EP3361700A1 (en) * | 2016-05-11 | 2018-08-15 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US10341410B2 (en) | 2016-05-11 | 2019-07-02 | Oracle International Corporation | Security tokens for a multi-tenant identity and data security management cloud service |
EP3361702A1 (en) * | 2016-05-11 | 2018-08-15 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US10581820B2 (en) | 2016-05-11 | 2020-03-03 | Oracle International Corporation | Key generation and rollover |
EP3361701B1 (en) | 2016-05-11 | 2021-09-01 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US10425386B2 (en) | 2016-05-11 | 2019-09-24 | Oracle International Corporation | Policy enforcement point for a multi-tenant identity and data security management cloud service |
US9781122B1 (en) | 2016-05-11 | 2017-10-03 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US10454940B2 (en) | 2016-05-11 | 2019-10-22 | Oracle International Corporation | Identity cloud service authorization model |
EP3361701A1 (en) * | 2016-05-11 | 2018-08-15 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US10693861B2 (en) | 2016-05-11 | 2020-06-23 | Oracle International Corporation | Task segregation in a multi-tenant identity and data security management cloud service |
US10200358B2 (en) | 2016-05-11 | 2019-02-05 | Oracle International Corporation | Microservices based multi-tenant identity and data security management cloud service |
US10218705B2 (en) | 2016-05-11 | 2019-02-26 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US10878079B2 (en) | 2016-05-11 | 2020-12-29 | Oracle International Corporation | Identity cloud service authorization model with dynamic roles and scopes |
US11088993B2 (en) | 2016-05-11 | 2021-08-10 | Oracle International Corporation | Policy enforcement point for a multi-tenant identity and data security management cloud service |
EP3361700B1 (en) | 2016-05-11 | 2021-08-04 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US9838376B1 (en) | 2016-05-11 | 2017-12-05 | Oracle International Corporation | Microservices based multi-tenant identity and data security management cloud service |
WO2017196774A1 (en) * | 2016-05-11 | 2017-11-16 | Oracle International Corporation | Multi-tenant identity and data security management cloud service |
US11231858B2 (en) | 2016-05-19 | 2022-01-25 | Pure Storage, Inc. | Dynamically configuring a storage system to facilitate independent scaling of resources |
US10642524B1 (en) | 2016-05-20 | 2020-05-05 | Pure Storage, Inc. | Upgrading a write buffer in a storage system that includes a plurality of storage devices and a plurality of write buffer devices |
US10078469B1 (en) | 2016-05-20 | 2018-09-18 | Pure Storage, Inc. | Preparing for cache upgrade in a storage array that includes a plurality of storage devices and a plurality of write buffer devices |
US9817603B1 (en) | 2016-05-20 | 2017-11-14 | Pure Storage, Inc. | Data migration in a storage array that includes a plurality of storage devices |
US10691567B2 (en) | 2016-06-03 | 2020-06-23 | Pure Storage, Inc. | Dynamically forming a failure domain in a storage system that includes a plurality of blades |
US10452310B1 (en) | 2016-07-13 | 2019-10-22 | Pure Storage, Inc. | Validating cabling for storage component admission to a storage array |
US11706895B2 (en) | 2016-07-19 | 2023-07-18 | Pure Storage, Inc. | Independent scaling of compute resources and storage resources in a storage system |
US10459652B2 (en) | 2016-07-27 | 2019-10-29 | Pure Storage, Inc. | Evacuating blades in a storage array that includes a plurality of blades |
US10474363B1 (en) | 2016-07-29 | 2019-11-12 | Pure Storage, Inc. | Space reporting in a storage system |
US10516672B2 (en) | 2016-08-05 | 2019-12-24 | Oracle International Corporation | Service discovery for a multi-tenant identity and data security management cloud service |
US10505941B2 (en) | 2016-08-05 | 2019-12-10 | Oracle International Corporation | Virtual directory system for LDAP to SCIM proxy service |
US10721237B2 (en) | 2016-08-05 | 2020-07-21 | Oracle International Corporation | Hierarchical processing for a virtual directory system for LDAP to SCIM proxy service |
US10735394B2 (en) | 2016-08-05 | 2020-08-04 | Oracle International Corporation | Caching framework for a multi-tenant identity and data security management cloud service |
US10255061B2 (en) | 2016-08-05 | 2019-04-09 | Oracle International Corporation | Zero down time upgrade for a multi-tenant identity and data security management cloud service |
US10585682B2 (en) | 2016-08-05 | 2020-03-10 | Oracle International Corporation | Tenant self-service troubleshooting for a multi-tenant identity and data security management cloud service |
US10263947B2 (en) | 2016-08-05 | 2019-04-16 | Oracle International Corporation | LDAP to SCIM proxy service |
US11356454B2 (en) | 2016-08-05 | 2022-06-07 | Oracle International Corporation | Service discovery for a multi-tenant identity and data security management cloud service |
US11601411B2 (en) | 2016-08-05 | 2023-03-07 | Oracle International Corporation | Caching framework for a multi-tenant identity and data security management cloud service |
US10579367B2 (en) | 2016-08-05 | 2020-03-03 | Oracle International Corporation | Zero down time upgrade for a multi-tenant identity and data security management cloud service |
US10530578B2 (en) | 2016-08-05 | 2020-01-07 | Oracle International Corporation | Key store service |
US11630585B1 (en) | 2016-08-25 | 2023-04-18 | Pure Storage, Inc. | Processing evacuation events in a storage array that includes a plurality of storage devices |
US11258797B2 (en) | 2016-08-31 | 2022-02-22 | Oracle International Corporation | Data management for a multi-tenant identity cloud service |
US10484382B2 (en) | 2016-08-31 | 2019-11-19 | Oracle International Corporation | Data management for a multi-tenant identity cloud service |
US10585711B2 (en) | 2016-09-07 | 2020-03-10 | Pure Storage, Inc. | Crediting entity utilization of system resources |
US10331588B2 (en) | 2016-09-07 | 2019-06-25 | Pure Storage, Inc. | Ensuring the appropriate utilization of system resources using weighted workload based, time-independent scheduling |
US11481261B1 (en) | 2016-09-07 | 2022-10-25 | Pure Storage, Inc. | Preventing extended latency in a storage system |
US11789780B1 (en) | 2016-09-07 | 2023-10-17 | Pure Storage, Inc. | Preserving quality-of-service (‘QOS’) to storage system workloads |
US10353743B1 (en) | 2016-09-07 | 2019-07-16 | Pure Storage, Inc. | System resource utilization balancing in a storage system |
US11520720B1 (en) | 2016-09-07 | 2022-12-06 | Pure Storage, Inc. | Weighted resource allocation for workload scheduling |
US10853281B1 (en) | 2016-09-07 | 2020-12-01 | Pure Storage, Inc. | Administration of storage system resource utilization |
US10963326B1 (en) | 2016-09-07 | 2021-03-30 | Pure Storage, Inc. | Self-healing storage devices |
US10235229B1 (en) | 2016-09-07 | 2019-03-19 | Pure Storage, Inc. | Rehabilitating storage devices in a storage array that includes a plurality of storage devices |
US11449375B1 (en) | 2016-09-07 | 2022-09-20 | Pure Storage, Inc. | Performing rehabilitative actions on storage devices |
US11803492B2 (en) | 2016-09-07 | 2023-10-31 | Pure Storage, Inc. | System resource management using time-independent scheduling |
US11914455B2 (en) | 2016-09-07 | 2024-02-27 | Pure Storage, Inc. | Addressing storage device performance |
US11960348B2 (en) | 2016-09-07 | 2024-04-16 | Pure Storage, Inc. | Cloud-based monitoring of hardware components in a fleet of storage systems |
US11531577B1 (en) | 2016-09-07 | 2022-12-20 | Pure Storage, Inc. | Temporarily limiting access to a storage device |
US10146585B2 (en) | 2016-09-07 | 2018-12-04 | Pure Storage, Inc. | Ensuring the fair utilization of system resources using workload based, time-independent scheduling |
US10896068B1 (en) | 2016-09-07 | 2021-01-19 | Pure Storage, Inc. | Ensuring the fair utilization of system resources using workload based, time-independent scheduling |
US10534648B2 (en) | 2016-09-07 | 2020-01-14 | Pure Storage, Inc. | System resource utilization balancing |
US10671439B1 (en) | 2016-09-07 | 2020-06-02 | Pure Storage, Inc. | Workload planning with quality-of-service (‘QOS’) integration |
US10908966B1 (en) | 2016-09-07 | 2021-02-02 | Pure Storage, Inc. | Adapting target service times in a storage system |
US11886922B2 (en) | 2016-09-07 | 2024-01-30 | Pure Storage, Inc. | Scheduling input/output operations for a storage system |
US11921567B2 (en) | 2016-09-07 | 2024-03-05 | Pure Storage, Inc. | Temporarily preventing access to a storage device |
US10846390B2 (en) | 2016-09-14 | 2020-11-24 | Oracle International Corporation | Single sign-on functionality for a multi-tenant identity and data security management cloud service |
US10594684B2 (en) | 2016-09-14 | 2020-03-17 | Oracle International Corporation | Generating derived credentials for a multi-tenant identity cloud service |
US11258786B2 (en) | 2016-09-14 | 2022-02-22 | Oracle International Corporation | Generating derived credentials for a multi-tenant identity cloud service |
US10511589B2 (en) | 2016-09-14 | 2019-12-17 | Oracle International Corporation | Single logout functionality for a multi-tenant identity and data security management cloud service |
US10616224B2 (en) | 2016-09-16 | 2020-04-07 | Oracle International Corporation | Tenant and service management for a multi-tenant identity and data security management cloud service |
US10484243B2 (en) | 2016-09-16 | 2019-11-19 | Oracle International Corporation | Application management for a multi-tenant identity cloud service |
US10445395B2 (en) | 2016-09-16 | 2019-10-15 | Oracle International Corporation | Cookie based state propagation for a multi-tenant identity cloud service |
US11023555B2 (en) | 2016-09-16 | 2021-06-01 | Oracle International Corporation | Cookie based state propagation for a multi-tenant identity cloud service |
US10341354B2 (en) | 2016-09-16 | 2019-07-02 | Oracle International Corporation | Distributed high availability agent architecture |
US10567364B2 (en) | 2016-09-16 | 2020-02-18 | Oracle International Corporation | Preserving LDAP hierarchy in a SCIM directory using special marker groups |
US10791087B2 (en) | 2016-09-16 | 2020-09-29 | Oracle International Corporation | SCIM to LDAP mapping using subtype attributes |
US10904074B2 (en) | 2016-09-17 | 2021-01-26 | Oracle International Corporation | Composite event handler for a multi-tenant identity cloud service |
US11379132B1 (en) | 2016-10-20 | 2022-07-05 | Pure Storage, Inc. | Correlating medical sensor data |
US10331370B2 (en) | 2016-10-20 | 2019-06-25 | Pure Storage, Inc. | Tuning a storage system in dependence upon workload access patterns |
US10007459B2 (en) | 2016-10-20 | 2018-06-26 | Pure Storage, Inc. | Performance tuning in a storage system that includes one or more storage devices |
US10416924B1 (en) | 2016-11-22 | 2019-09-17 | Pure Storage, Inc. | Identifying workload characteristics in dependence upon storage utilization |
US11016700B1 (en) | 2016-11-22 | 2021-05-25 | Pure Storage, Inc. | Analyzing application-specific consumption of storage system resources |
US10162566B2 (en) | 2016-11-22 | 2018-12-25 | Pure Storage, Inc. | Accumulating application-level statistics in a storage system |
US11620075B2 (en) | 2016-11-22 | 2023-04-04 | Pure Storage, Inc. | Providing application aware storage |
US11061573B1 (en) | 2016-12-19 | 2021-07-13 | Pure Storage, Inc. | Accelerating write operations in a storage system |
US10198205B1 (en) | 2016-12-19 | 2019-02-05 | Pure Storage, Inc. | Dynamically adjusting a number of storage devices utilized to simultaneously service write operations |
US11687259B2 (en) | 2016-12-19 | 2023-06-27 | Pure Storage, Inc. | Reconfiguring a storage system based on resource availability |
US11461273B1 (en) | 2016-12-20 | 2022-10-04 | Pure Storage, Inc. | Modifying storage distribution in a storage system that includes one or more storage devices |
US11146396B1 (en) | 2017-01-05 | 2021-10-12 | Pure Storage, Inc. | Data re-encryption in a storage system |
US10489307B2 (en) | 2017-01-05 | 2019-11-26 | Pure Storage, Inc. | Periodically re-encrypting user data stored on a storage device |
US10574454B1 (en) | 2017-01-05 | 2020-02-25 | Pure Storage, Inc. | Current key data encryption |
US11762781B2 (en) | 2017-01-09 | 2023-09-19 | Pure Storage, Inc. | Providing end-to-end encryption for data stored in a storage system |
US11340800B1 (en) | 2017-01-19 | 2022-05-24 | Pure Storage, Inc. | Content masking in a storage system |
US11861185B2 (en) | 2017-01-19 | 2024-01-02 | Pure Storage, Inc. | Protecting sensitive data in snapshots |
US10503700B1 (en) | 2017-01-19 | 2019-12-10 | Pure Storage, Inc. | On-demand content filtering of snapshots within a storage system |
US11163624B2 (en) | 2017-01-27 | 2021-11-02 | Pure Storage, Inc. | Dynamically adjusting an amount of log data generated for a storage system |
US11726850B2 (en) | 2017-01-27 | 2023-08-15 | Pure Storage, Inc. | Increasing or decreasing the amount of log data generated based on performance characteristics of a device |
US11379285B1 (en) | 2017-03-10 | 2022-07-05 | Pure Storage, Inc. | Mediation for synchronous replication |
US11954002B1 (en) | 2017-03-10 | 2024-04-09 | Pure Storage, Inc. | Automatically provisioning mediation services for a storage system |
US11829629B2 (en) | 2017-03-10 | 2023-11-28 | Pure Storage, Inc. | Synchronously replicating data using virtual volumes |
US11645173B2 (en) | 2017-03-10 | 2023-05-09 | Pure Storage, Inc. | Resilient mediation between storage systems replicating a dataset |
US10454810B1 (en) | 2017-03-10 | 2019-10-22 | Pure Storage, Inc. | Managing host definitions across a plurality of storage systems |
US11675520B2 (en) | 2017-03-10 | 2023-06-13 | Pure Storage, Inc. | Application replication among storage systems synchronously replicating a dataset |
US11086555B1 (en) | 2017-03-10 | 2021-08-10 | Pure Storage, Inc. | Synchronously replicating datasets |
US10671408B1 (en) | 2017-03-10 | 2020-06-02 | Pure Storage, Inc. | Automatic storage system configuration for mediation services |
US11237927B1 (en) | 2017-03-10 | 2022-02-01 | Pure Storage, Inc. | Resolving disruptions between storage systems replicating a dataset |
US11687423B2 (en) | 2017-03-10 | 2023-06-27 | Pure Storage, Inc. | Prioritizing highly performant storage systems for servicing a synchronously replicated dataset |
US10613779B1 (en) | 2017-03-10 | 2020-04-07 | Pure Storage, Inc. | Determining membership among storage systems synchronously replicating a dataset |
US10365982B1 (en) | 2017-03-10 | 2019-07-30 | Pure Storage, Inc. | Establishing a synchronous replication relationship between two or more storage systems |
US11803453B1 (en) | 2017-03-10 | 2023-10-31 | Pure Storage, Inc. | Using host connectivity states to avoid queuing I/O requests |
US11442825B2 (en) | 2017-03-10 | 2022-09-13 | Pure Storage, Inc. | Establishing a synchronous replication relationship between two or more storage systems |
US10884993B1 (en) | 2017-03-10 | 2021-01-05 | Pure Storage, Inc. | Synchronizing metadata among storage systems synchronously replicating a dataset |
US11687500B1 (en) | 2017-03-10 | 2023-06-27 | Pure Storage, Inc. | Updating metadata for a synchronously replicated dataset |
US11941279B2 (en) | 2017-03-10 | 2024-03-26 | Pure Storage, Inc. | Data path virtualization |
US11422730B1 (en) | 2017-03-10 | 2022-08-23 | Pure Storage, Inc. | Recovery for storage systems synchronously replicating a dataset |
US10503427B2 (en) | 2017-03-10 | 2019-12-10 | Pure Storage, Inc. | Synchronously replicating datasets and other managed objects to cloud-based storage systems |
US11347606B2 (en) | 2017-03-10 | 2022-05-31 | Pure Storage, Inc. | Responding to a change in membership among storage systems synchronously replicating a dataset |
US11716385B2 (en) | 2017-03-10 | 2023-08-01 | Pure Storage, Inc. | Utilizing cloud-based storage systems to support synchronous replication of a dataset |
US10585733B1 (en) | 2017-03-10 | 2020-03-10 | Pure Storage, Inc. | Determining active membership among storage systems synchronously replicating a dataset |
US11500745B1 (en) | 2017-03-10 | 2022-11-15 | Pure Storage, Inc. | Issuing operations directed to synchronously replicated data |
US11797403B2 (en) | 2017-03-10 | 2023-10-24 | Pure Storage, Inc. | Maintaining a synchronous replication relationship between two or more storage systems |
US11169727B1 (en) | 2017-03-10 | 2021-11-09 | Pure Storage, Inc. | Synchronous replication between storage systems with virtualized storage |
US10558537B1 (en) | 2017-03-10 | 2020-02-11 | Pure Storage, Inc. | Mediating between storage systems synchronously replicating a dataset |
US10521344B1 (en) | 2017-03-10 | 2019-12-31 | Pure Storage, Inc. | Servicing input/output (‘I/O’) operations directed to a dataset that is synchronized across a plurality of storage systems |
US10680932B1 (en) | 2017-03-10 | 2020-06-09 | Pure Storage, Inc. | Managing connectivity to synchronously replicated storage systems |
US11698844B2 (en) | 2017-03-10 | 2023-07-11 | Pure Storage, Inc. | Managing storage systems that are synchronously replicating a dataset |
US11789831B2 (en) | 2017-03-10 | 2023-10-17 | Pure Storage, Inc. | Directing operations to synchronously replicated storage systems |
US11210219B1 (en) | 2017-03-10 | 2021-12-28 | Pure Storage, Inc. | Synchronously replicating a dataset across a plurality of storage systems |
US10990490B1 (en) | 2017-03-10 | 2021-04-27 | Pure Storage, Inc. | Creating a synchronous replication lease between two or more storage systems |
US10261836B2 (en) | 2017-03-21 | 2019-04-16 | Oracle International Corporation | Dynamic dispatching of workloads spanning heterogeneous services |
US11126381B1 (en) | 2017-04-10 | 2021-09-21 | Pure Storage, Inc. | Lightweight copy |
US11656804B2 (en) | 2017-04-10 | 2023-05-23 | Pure Storage, Inc. | Copy using metadata representation |
US10459664B1 (en) | 2017-04-10 | 2019-10-29 | Pure Storage, Inc. | Virtualized copy-by-reference |
US10534677B2 (en) | 2017-04-10 | 2020-01-14 | Pure Storage, Inc. | Providing high availability for applications executing on a storage system |
US9910618B1 (en) | 2017-04-10 | 2018-03-06 | Pure Storage, Inc. | Migrating applications executing on a storage system |
US11868629B1 (en) | 2017-05-05 | 2024-01-09 | Pure Storage, Inc. | Storage system sizing service |
US10454915B2 (en) | 2017-05-18 | 2019-10-22 | Oracle International Corporation | User authentication using kerberos with identity cloud service |
US11210133B1 (en) | 2017-06-12 | 2021-12-28 | Pure Storage, Inc. | Workload mobility between disparate execution environments |
US11422731B1 (en) | 2017-06-12 | 2022-08-23 | Pure Storage, Inc. | Metadata-based replication of a dataset |
US11593036B2 (en) | 2017-06-12 | 2023-02-28 | Pure Storage, Inc. | Staging data within a unified storage element |
US10884636B1 (en) | 2017-06-12 | 2021-01-05 | Pure Storage, Inc. | Presenting workload performance in a storage system |
US11960777B2 (en) | 2017-06-12 | 2024-04-16 | Pure Storage, Inc. | Utilizing multiple redundancy schemes within a unified storage element |
US11567810B1 (en) | 2017-06-12 | 2023-01-31 | Pure Storage, Inc. | Cost optimized workload placement |
US10613791B2 (en) | 2017-06-12 | 2020-04-07 | Pure Storage, Inc. | Portable snapshot replication between storage systems |
US10853148B1 (en) | 2017-06-12 | 2020-12-01 | Pure Storage, Inc. | Migrating workloads between a plurality of execution environments |
US11340939B1 (en) | 2017-06-12 | 2022-05-24 | Pure Storage, Inc. | Application-aware analytics for storage systems |
US11016824B1 (en) | 2017-06-12 | 2021-05-25 | Pure Storage, Inc. | Event identification with out-of-order reporting in a cloud-based environment |
US11609718B1 (en) | 2017-06-12 | 2023-03-21 | Pure Storage, Inc. | Identifying valid data after a storage system recovery |
US10789020B2 (en) | 2017-06-12 | 2020-09-29 | Pure Storage, Inc. | Recovering data within a unified storage element |
US11561714B1 (en) | 2017-07-05 | 2023-01-24 | Pure Storage, Inc. | Storage efficiency driven migration |
US11477280B1 (en) | 2017-07-26 | 2022-10-18 | Pure Storage, Inc. | Integrating cloud storage services |
US11921908B2 (en) | 2017-08-31 | 2024-03-05 | Pure Storage, Inc. | Writing data to compressed and encrypted volumes |
US10552090B2 (en) | 2017-09-07 | 2020-02-04 | Pure Storage, Inc. | Solid state drives with multiple types of addressable memory |
US10891192B1 (en) | 2017-09-07 | 2021-01-12 | Pure Storage, Inc. | Updating raid stripe parity calculations |
US11592991B2 (en) | 2017-09-07 | 2023-02-28 | Pure Storage, Inc. | Converting raid data between persistent storage types |
US11714718B2 (en) | 2017-09-07 | 2023-08-01 | Pure Storage, Inc. | Performing partial redundant array of independent disks (RAID) stripe parity calculations |
US11392456B1 (en) | 2017-09-07 | 2022-07-19 | Pure Storage, Inc. | Calculating parity as a data stripe is modified |
US10417092B2 (en) | 2017-09-07 | 2019-09-17 | Pure Storage, Inc. | Incremental RAID stripe update parity calculation |
US10348858B2 (en) | 2017-09-15 | 2019-07-09 | Oracle International Corporation | Dynamic message queues for a microservice based cloud service |
US11308132B2 (en) | 2017-09-27 | 2022-04-19 | Oracle International Corporation | Reference attributes for related stored objects in a multi-tenant cloud service |
US10831789B2 (en) | 2017-09-27 | 2020-11-10 | Oracle International Corporation | Reference attribute query processing for a multi-tenant cloud service |
US11271969B2 (en) | 2017-09-28 | 2022-03-08 | Oracle International Corporation | Rest-based declarative policy management |
US10834137B2 (en) | 2017-09-28 | 2020-11-10 | Oracle International Corporation | Rest-based declarative policy management |
US10705823B2 (en) | 2017-09-29 | 2020-07-07 | Oracle International Corporation | Application templates and upgrade framework for a multi-tenant identity cloud service |
US10275285B1 (en) | 2017-10-19 | 2019-04-30 | Pure Storage, Inc. | Data transformation caching in an artificial intelligence infrastructure |
US10649988B1 (en) | 2017-10-19 | 2020-05-12 | Pure Storage, Inc. | Artificial intelligence and machine learning infrastructure |
US11861423B1 (en) | 2017-10-19 | 2024-01-02 | Pure Storage, Inc. | Accelerating artificial intelligence (‘AI’) workflows |
US10671434B1 (en) | 2017-10-19 | 2020-06-02 | Pure Storage, Inc. | Storage based artificial intelligence infrastructure |
US10360214B2 (en) | 2017-10-19 | 2019-07-23 | Pure Storage, Inc. | Ensuring reproducibility in an artificial intelligence infrastructure |
US11556280B2 (en) | 2017-10-19 | 2023-01-17 | Pure Storage, Inc. | Data transformation for a machine learning model |
US11403290B1 (en) | 2017-10-19 | 2022-08-02 | Pure Storage, Inc. | Managing an artificial intelligence infrastructure |
US11803338B2 (en) | 2017-10-19 | 2023-10-31 | Pure Storage, Inc. | Executing a machine learning model in an artificial intelligence infrastructure |
US10452444B1 (en) | 2017-10-19 | 2019-10-22 | Pure Storage, Inc. | Storage system with compute resources and shared storage resources |
US11455168B1 (en) | 2017-10-19 | 2022-09-27 | Pure Storage, Inc. | Batch building for deep learning training workloads |
US10275176B1 (en) | 2017-10-19 | 2019-04-30 | Pure Storage, Inc. | Data transformation offloading in an artificial intelligence infrastructure |
US11307894B1 (en) | 2017-10-19 | 2022-04-19 | Pure Storage, Inc. | Executing a big data analytics pipeline using shared storage resources |
US11768636B2 (en) | 2017-10-19 | 2023-09-26 | Pure Storage, Inc. | Generating a transformed dataset for use by a machine learning model in an artificial intelligence infrastructure |
US11210140B1 (en) | 2017-10-19 | 2021-12-28 | Pure Storage, Inc. | Data transformation delegation for a graphical processing unit (‘GPU’) server |
US10671435B1 (en) | 2017-10-19 | 2020-06-02 | Pure Storage, Inc. | Data transformation caching in an artificial intelligence infrastructure |
US10509581B1 (en) | 2017-11-01 | 2019-12-17 | Pure Storage, Inc. | Maintaining write consistency in a multi-threaded storage system |
US10484174B1 (en) | 2017-11-01 | 2019-11-19 | Pure Storage, Inc. | Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices |
US10671494B1 (en) | 2017-11-01 | 2020-06-02 | Pure Storage, Inc. | Consistent selection of replicated datasets during storage system recovery |
US11663097B2 (en) | 2017-11-01 | 2023-05-30 | Pure Storage, Inc. | Mirroring data to survive storage device failures |
US11451391B1 (en) | 2017-11-01 | 2022-09-20 | Pure Storage, Inc. | Encryption key management in a storage system |
US10467107B1 (en) | 2017-11-01 | 2019-11-05 | Pure Storage, Inc. | Maintaining metadata resiliency among storage device failures |
US10817392B1 (en) | 2017-11-01 | 2020-10-27 | Pure Storage, Inc. | Ensuring resiliency to storage device failures in a storage system that includes a plurality of storage devices |
US11263096B1 (en) | 2017-11-01 | 2022-03-01 | Pure Storage, Inc. | Preserving tolerance to storage device failures in a storage system |
US10929226B1 (en) | 2017-11-21 | 2021-02-23 | Pure Storage, Inc. | Providing for increased flexibility for large scale parity |
US11847025B2 (en) | 2017-11-21 | 2023-12-19 | Pure Storage, Inc. | Storage system parity based on system characteristics |
US11500724B1 (en) | 2017-11-21 | 2022-11-15 | Pure Storage, Inc. | Flexible parity information for storage systems |
US10990282B1 (en) | 2017-11-28 | 2021-04-27 | Pure Storage, Inc. | Hybrid data tiering with cloud storage |
US11604583B2 (en) | 2017-11-28 | 2023-03-14 | Pure Storage, Inc. | Policy based data tiering |
US10936238B2 (en) | 2017-11-28 | 2021-03-02 | Pure Storage, Inc. | Hybrid data tiering |
US10795598B1 (en) | 2017-12-07 | 2020-10-06 | Pure Storage, Inc. | Volume migration for storage systems synchronously replicating a dataset |
US11579790B1 (en) | 2017-12-07 | 2023-02-14 | Pure Storage, Inc. | Servicing input/output (‘I/O’) operations during data migration |
US11089105B1 (en) | 2017-12-14 | 2021-08-10 | Pure Storage, Inc. | Synchronously replicating datasets in cloud-based storage systems |
US11036677B1 (en) | 2017-12-14 | 2021-06-15 | Pure Storage, Inc. | Replicated data integrity |
US11782614B1 (en) | 2017-12-21 | 2023-10-10 | Pure Storage, Inc. | Encrypting data to optimize data reduction |
US11463488B2 (en) | 2018-01-29 | 2022-10-04 | Oracle International Corporation | Dynamic client registration for an identity cloud service |
US10715564B2 (en) | 2018-01-29 | 2020-07-14 | Oracle International Corporation | Dynamic client registration for an identity cloud service |
US11296944B2 (en) | 2018-01-30 | 2022-04-05 | Pure Storage, Inc. | Updating path selection as paths between a computing device and a storage system change |
US10992533B1 (en) | 2018-01-30 | 2021-04-27 | Pure Storage, Inc. | Policy based path management |
US10521151B1 (en) | 2018-03-05 | 2019-12-31 | Pure Storage, Inc. | Determining effective space utilization in a storage system |
US11474701B1 (en) | 2018-03-05 | 2022-10-18 | Pure Storage, Inc. | Determining capacity consumption in a deduplicating storage system |
US11836349B2 (en) | 2018-03-05 | 2023-12-05 | Pure Storage, Inc. | Determining storage capacity utilization based on deduplicated data |
US11150834B1 (en) | 2018-03-05 | 2021-10-19 | Pure Storage, Inc. | Determining storage consumption in a storage system |
US11614881B2 (en) | 2018-03-05 | 2023-03-28 | Pure Storage, Inc. | Calculating storage consumption for distinct client entities |
US11861170B2 (en) | 2018-03-05 | 2024-01-02 | Pure Storage, Inc. | Sizing resources for a replication target |
US10942650B1 (en) | 2018-03-05 | 2021-03-09 | Pure Storage, Inc. | Reporting capacity utilization in a storage system |
US10296258B1 (en) | 2018-03-09 | 2019-05-21 | Pure Storage, Inc. | Offloading data storage to a decentralized storage network |
US11112989B2 (en) | 2018-03-09 | 2021-09-07 | Pure Storage, Inc. | Utilizing a decentralized storage network for data storage |
US11048590B1 (en) | 2018-03-15 | 2021-06-29 | Pure Storage, Inc. | Data consistency during recovery in a cloud-based storage system |
US11698837B2 (en) | 2018-03-15 | 2023-07-11 | Pure Storage, Inc. | Consistent recovery of a dataset |
US11442669B1 (en) | 2018-03-15 | 2022-09-13 | Pure Storage, Inc. | Orchestrating a virtual storage system |
US11210009B1 (en) | 2018-03-15 | 2021-12-28 | Pure Storage, Inc. | Staging data in a cloud-based storage system |
US10917471B1 (en) | 2018-03-15 | 2021-02-09 | Pure Storage, Inc. | Active membership in a cloud-based storage system |
US10924548B1 (en) | 2018-03-15 | 2021-02-16 | Pure Storage, Inc. | Symmetric storage using a cloud-based storage system |
US11533364B1 (en) | 2018-03-15 | 2022-12-20 | Pure Storage, Inc. | Maintaining metadata associated with a replicated dataset |
US11704202B2 (en) | 2018-03-15 | 2023-07-18 | Pure Storage, Inc. | Recovering from system faults for replicated datasets |
US10976962B2 (en) | 2018-03-15 | 2021-04-13 | Pure Storage, Inc. | Servicing I/O operations in a cloud-based storage system |
US11288138B1 (en) | 2018-03-15 | 2022-03-29 | Pure Storage, Inc. | Recovery from a system fault in a cloud-based storage system |
US11539793B1 (en) | 2018-03-15 | 2022-12-27 | Pure Storage, Inc. | Responding to membership changes to a set of storage systems that are synchronously replicating a dataset |
US11838359B2 (en) | 2018-03-15 | 2023-12-05 | Pure Storage, Inc. | Synchronizing metadata in a cloud-based storage system |
US11171950B1 (en) | 2018-03-21 | 2021-11-09 | Pure Storage, Inc. | Secure cloud-based storage system management |
US11095706B1 (en) | 2018-03-21 | 2021-08-17 | Pure Storage, Inc. | Secure cloud-based storage system management |
US11888846B2 (en) | 2018-03-21 | 2024-01-30 | Pure Storage, Inc. | Configuring storage systems in a fleet of storage systems |
US11729251B2 (en) | 2018-03-21 | 2023-08-15 | Pure Storage, Inc. | Remote and secure management of a storage system |
US11263095B1 (en) | 2018-03-26 | 2022-03-01 | Pure Storage, Inc. | Managing a data analytics pipeline |
US11714728B2 (en) | 2018-03-26 | 2023-08-01 | Pure Storage, Inc. | Creating a highly available data analytics pipeline without replicas |
US10838833B1 (en) | 2018-03-26 | 2020-11-17 | Pure Storage, Inc. | Providing for high availability in a data analytics pipeline without replicas |
US11494692B1 (en) | 2018-03-26 | 2022-11-08 | Pure Storage, Inc. | Hyperscale artificial intelligence and machine learning infrastructure |
US11528262B2 (en) | 2018-03-27 | 2022-12-13 | Oracle International Corporation | Cross-region trust for a multi-tenant identity cloud service |
US10931656B2 (en) | 2018-03-27 | 2021-02-23 | Oracle International Corporation | Cross-region trust for a multi-tenant identity cloud service |
US10798165B2 (en) | 2018-04-02 | 2020-10-06 | Oracle International Corporation | Tenant data comparison for a multi-tenant identity cloud service |
US11652685B2 (en) | 2018-04-02 | 2023-05-16 | Oracle International Corporation | Data replication conflict detection and resolution for a multi-tenant identity cloud service |
US11165634B2 (en) | 2018-04-02 | 2021-11-02 | Oracle International Corporation | Data replication conflict detection and resolution for a multi-tenant identity cloud service |
US11258775B2 (en) | 2018-04-04 | 2022-02-22 | Oracle International Corporation | Local write for a multi-tenant identity cloud service |
US11392553B1 (en) | 2018-04-24 | 2022-07-19 | Pure Storage, Inc. | Remote data management |
US11436344B1 (en) | 2018-04-24 | 2022-09-06 | Pure Storage, Inc. | Secure encryption in deduplication cluster |
US11455409B2 (en) | 2018-05-21 | 2022-09-27 | Pure Storage, Inc. | Storage layer data obfuscation |
US11954220B2 (en) | 2018-05-21 | 2024-04-09 | Pure Storage, Inc. | Data protection for container storage |
US10992598B2 (en) | 2018-05-21 | 2021-04-27 | Pure Storage, Inc. | Synchronously replicating when a mediation service becomes unavailable |
US11128578B2 (en) | 2018-05-21 | 2021-09-21 | Pure Storage, Inc. | Switching between mediator services for a storage system |
US11757795B2 (en) | 2018-05-21 | 2023-09-12 | Pure Storage, Inc. | Resolving mediator unavailability |
US11675503B1 (en) | 2018-05-21 | 2023-06-13 | Pure Storage, Inc. | Role-based data access |
US11677687B2 (en) | 2018-05-21 | 2023-06-13 | Pure Storage, Inc. | Switching between fault response models in a storage system |
US10871922B2 (en) | 2018-05-22 | 2020-12-22 | Pure Storage, Inc. | Integrated storage management between storage systems and container orchestrators |
US11012444B2 (en) | 2018-06-25 | 2021-05-18 | Oracle International Corporation | Declarative third party identity provider integration for a multi-tenant identity cloud service |
US10764273B2 (en) | 2018-06-28 | 2020-09-01 | Oracle International Corporation | Session synchronization across multiple devices in an identity cloud service |
US11411944B2 (en) | 2018-06-28 | 2022-08-09 | Oracle International Corporation | Session synchronization across multiple devices in an identity cloud service |
US11403000B1 (en) | 2018-07-20 | 2022-08-02 | Pure Storage, Inc. | Resiliency in a cloud-based storage system |
US11416298B1 (en) | 2018-07-20 | 2022-08-16 | Pure Storage, Inc. | Providing application-specific storage by a storage system |
US11954238B1 (en) | 2018-07-24 | 2024-04-09 | Pure Storage, Inc. | Role-based access control for a storage system |
US11146564B1 (en) | 2018-07-24 | 2021-10-12 | Pure Storage, Inc. | Login authentication in a cloud storage platform |
US11632360B1 (en) | 2018-07-24 | 2023-04-18 | Pure Storage, Inc. | Remote access to a storage device |
US11860820B1 (en) | 2018-09-11 | 2024-01-02 | Pure Storage, Inc. | Processing data through a storage system in a data pipeline |
US11693835B2 (en) | 2018-10-17 | 2023-07-04 | Oracle International Corporation | Dynamic database schema allocation on tenant onboarding for a multi-tenant identity cloud service |
US11321187B2 (en) | 2018-10-19 | 2022-05-03 | Oracle International Corporation | Assured lazy rollback for a multi-tenant identity cloud service |
US10671302B1 (en) | 2018-10-26 | 2020-06-02 | Pure Storage, Inc. | Applying a rate limit across a plurality of storage systems |
US11586365B2 (en) | 2018-10-26 | 2023-02-21 | Pure Storage, Inc. | Applying a rate limit across a plurality of storage systems |
US10990306B1 (en) | 2018-10-26 | 2021-04-27 | Pure Storage, Inc. | Bandwidth sharing for paired storage systems |
US11822825B2 (en) | 2018-11-18 | 2023-11-21 | Pure Storage, Inc. | Distributed cloud-based storage system |
US11768635B2 (en) | 2018-11-18 | 2023-09-26 | Pure Storage, Inc. | Scaling storage resources in a storage volume |
US11379254B1 (en) | 2018-11-18 | 2022-07-05 | Pure Storage, Inc. | Dynamic configuration of a cloud-based storage system |
US11907590B2 (en) | 2018-11-18 | 2024-02-20 | Pure Storage, Inc. | Using infrastructure-as-code (‘IaC’) to update a cloud-based storage system |
US11928366B2 (en) | 2018-11-18 | 2024-03-12 | Pure Storage, Inc. | Scaling a cloud-based storage system in response to a change in workload |
US11340837B1 (en) | 2018-11-18 | 2022-05-24 | Pure Storage, Inc. | Storage system management via a remote console |
US11184233B1 (en) | 2018-11-18 | 2021-11-23 | Pure Storage, Inc. | Non-disruptive upgrades to a cloud-based storage system |
US11526405B1 (en) | 2018-11-18 | 2022-12-13 | Pure Storage, Inc. | Cloud-based disaster recovery |
US11861235B2 (en) | 2018-11-18 | 2024-01-02 | Pure Storage, Inc. | Maximizing data throughput in a cloud-based storage system |
US10917470B1 (en) | 2018-11-18 | 2021-02-09 | Pure Storage, Inc. | Cloning storage systems in a cloud computing environment |
US11455126B1 (en) | 2018-11-18 | 2022-09-27 | Pure Storage, Inc. | Copying a cloud-based storage system |
US11941288B1 (en) | 2018-11-18 | 2024-03-26 | Pure Storage, Inc. | Servicing write operations in a cloud-based storage system |
US11023179B2 (en) | 2018-11-18 | 2021-06-01 | Pure Storage, Inc. | Cloud-based storage system storage management |
US10963189B1 (en) | 2018-11-18 | 2021-03-30 | Pure Storage, Inc. | Coalescing write operations in a cloud-based storage system |
US11650749B1 (en) | 2018-12-17 | 2023-05-16 | Pure Storage, Inc. | Controlling access to sensitive data in a shared dataset |
US11003369B1 (en) | 2019-01-14 | 2021-05-11 | Pure Storage, Inc. | Performing a tune-up procedure on a storage device during a boot process |
US11947815B2 (en) | 2019-01-14 | 2024-04-02 | Pure Storage, Inc. | Configuring a flash-based storage device |
US11651357B2 (en) | 2019-02-01 | 2023-05-16 | Oracle International Corporation | Multifactor authentication without a user footprint |
US11061929B2 (en) | 2019-02-08 | 2021-07-13 | Oracle International Corporation | Replication of resource type and schema metadata for a multi-tenant identity cloud service |
US11321343B2 (en) | 2019-02-19 | 2022-05-03 | Oracle International Corporation | Tenant replication bootstrap for a multi-tenant identity cloud service |
US11669321B2 (en) | 2019-02-20 | 2023-06-06 | Oracle International Corporation | Automated database upgrade for a multi-tenant identity cloud service |
US11792226B2 (en) | 2019-02-25 | 2023-10-17 | Oracle International Corporation | Automatic api document generation from scim metadata |
US11423111B2 (en) | 2019-02-25 | 2022-08-23 | Oracle International Corporation | Client API for rest based endpoints for a multi-tenant identify cloud service |
US11042452B1 (en) | 2019-03-20 | 2021-06-22 | Pure Storage, Inc. | Storage system data recovery using data recovery as a service |
US11221778B1 (en) | 2019-04-02 | 2022-01-11 | Pure Storage, Inc. | Preparing data for deduplication |
US11640239B2 (en) | 2019-04-09 | 2023-05-02 | Pure Storage, Inc. | Cost conscious garbage collection |
US11068162B1 (en) | 2019-04-09 | 2021-07-20 | Pure Storage, Inc. | Storage management in a cloud data store |
US11392555B2 (en) | 2019-05-15 | 2022-07-19 | Pure Storage, Inc. | Cloud-based file services |
US11853266B2 (en) | 2019-05-15 | 2023-12-26 | Pure Storage, Inc. | Providing a file system in a cloud environment |
US11487715B1 (en) | 2019-07-18 | 2022-11-01 | Pure Storage, Inc. | Resiliency in a cloud-based storage system |
US11327676B1 (en) | 2019-07-18 | 2022-05-10 | Pure Storage, Inc. | Predictive data streaming in a virtual storage system |
US11093139B1 (en) | 2019-07-18 | 2021-08-17 | Pure Storage, Inc. | Durably storing data within a virtual storage system |
US11550514B2 (en) | 2019-07-18 | 2023-01-10 | Pure Storage, Inc. | Efficient transfers between tiers of a virtual storage system |
US11126364B2 (en) | 2019-07-18 | 2021-09-21 | Pure Storage, Inc. | Virtual storage system architecture |
US11861221B1 (en) | 2019-07-18 | 2024-01-02 | Pure Storage, Inc. | Providing scalable and reliable container-based storage services |
US11526408B2 (en) | 2019-07-18 | 2022-12-13 | Pure Storage, Inc. | Data recovery in a virtual storage system |
US11797197B1 (en) | 2019-07-18 | 2023-10-24 | Pure Storage, Inc. | Dynamic scaling of a virtual storage system |
US11086553B1 (en) | 2019-08-28 | 2021-08-10 | Pure Storage, Inc. | Tiering duplicated objects in a cloud-based object store |
US11693713B1 (en) | 2019-09-04 | 2023-07-04 | Pure Storage, Inc. | Self-tuning clusters for resilient microservices |
US11797569B2 (en) | 2019-09-13 | 2023-10-24 | Pure Storage, Inc. | Configurable data replication |
US11704044B2 (en) | 2019-09-13 | 2023-07-18 | Pure Storage, Inc. | Modifying a cloned image of replica data |
US11625416B1 (en) | 2019-09-13 | 2023-04-11 | Pure Storage, Inc. | Uniform model for distinct types of data replication |
US11870770B2 (en) | 2019-09-13 | 2024-01-09 | Oracle International Corporation | Multi-tenant identity cloud service with on-premise authentication integration |
US11360689B1 (en) | 2019-09-13 | 2022-06-14 | Pure Storage, Inc. | Cloning a tracking copy of replica data |
US11687378B2 (en) | 2019-09-13 | 2023-06-27 | Oracle International Corporation | Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability |
US11573864B1 (en) | 2019-09-16 | 2023-02-07 | Pure Storage, Inc. | Automating database management in a storage system |
US11669386B1 (en) | 2019-10-08 | 2023-06-06 | Pure Storage, Inc. | Managing an application's resource stack |
US11611548B2 (en) | 2019-11-22 | 2023-03-21 | Oracle International Corporation | Bulk multifactor authentication enrollment |
US11943293B1 (en) | 2019-12-06 | 2024-03-26 | Pure Storage, Inc. | Restoring a storage system from a replication target |
US11531487B1 (en) | 2019-12-06 | 2022-12-20 | Pure Storage, Inc. | Creating a replica of a storage system |
US11947683B2 (en) | 2019-12-06 | 2024-04-02 | Pure Storage, Inc. | Replicating a storage system |
US11930112B1 (en) | 2019-12-06 | 2024-03-12 | Pure Storage, Inc. | Multi-path end-to-end encryption in a storage system |
US11868318B1 (en) | 2019-12-06 | 2024-01-09 | Pure Storage, Inc. | End-to-end encryption in a storage system with multi-tenancy |
US11720497B1 (en) | 2020-01-13 | 2023-08-08 | Pure Storage, Inc. | Inferred nonsequential prefetch based on data access patterns |
US11733901B1 (en) | 2020-01-13 | 2023-08-22 | Pure Storage, Inc. | Providing persistent storage to transient cloud computing services |
US11709636B1 (en) | 2020-01-13 | 2023-07-25 | Pure Storage, Inc. | Non-sequential readahead for deep learning training |
US11868622B2 (en) | 2020-02-25 | 2024-01-09 | Pure Storage, Inc. | Application recovery across storage systems |
US11637896B1 (en) | 2020-02-25 | 2023-04-25 | Pure Storage, Inc. | Migrating applications to a cloud-computing environment |
US11625185B2 (en) | 2020-03-25 | 2023-04-11 | Pure Storage, Inc. | Transitioning between replication sources for data replication operations |
US11321006B1 (en) | 2020-03-25 | 2022-05-03 | Pure Storage, Inc. | Data loss prevention during transitions from a replication source |
US11630598B1 (en) | 2020-04-06 | 2023-04-18 | Pure Storage, Inc. | Scheduling data replication operations |
US11301152B1 (en) | 2020-04-06 | 2022-04-12 | Pure Storage, Inc. | Intelligently moving data between storage systems |
US11494267B2 (en) | 2020-04-14 | 2022-11-08 | Pure Storage, Inc. | Continuous value data redundancy |
US11853164B2 (en) | 2020-04-14 | 2023-12-26 | Pure Storage, Inc. | Generating recovery information using data redundancy |
US11921670B1 (en) | 2020-04-20 | 2024-03-05 | Pure Storage, Inc. | Multivariate data backup retention policies |
US11431488B1 (en) | 2020-06-08 | 2022-08-30 | Pure Storage, Inc. | Protecting local key generation using a remote key management service |
US11349917B2 (en) | 2020-07-23 | 2022-05-31 | Pure Storage, Inc. | Replication handling among distinct networks |
US11882179B2 (en) | 2020-07-23 | 2024-01-23 | Pure Storage, Inc. | Supporting multiple replication schemes across distinct network layers |
US11442652B1 (en) | 2020-07-23 | 2022-09-13 | Pure Storage, Inc. | Replication handling during storage system transportation |
US11789638B2 (en) | 2020-07-23 | 2023-10-17 | Pure Storage, Inc. | Continuing replication during storage system transportation |
US11397545B1 (en) | 2021-01-20 | 2022-07-26 | Pure Storage, Inc. | Emulating persistent reservations in a cloud-based storage system |
US11693604B2 (en) | 2021-01-20 | 2023-07-04 | Pure Storage, Inc. | Administering storage access in a cloud-based storage system |
US11853285B1 (en) | 2021-01-22 | 2023-12-26 | Pure Storage, Inc. | Blockchain logging of volume-level events in a storage system |
US11588716B2 (en) | 2021-05-12 | 2023-02-21 | Pure Storage, Inc. | Adaptive storage processing for storage-as-a-service |
US11822809B2 (en) | 2021-05-12 | 2023-11-21 | Pure Storage, Inc. | Role enforcement for storage-as-a-service |
US11816129B2 (en) | 2021-06-22 | 2023-11-14 | Pure Storage, Inc. | Generating datasets using approximate baselines |
US11714723B2 (en) | 2021-10-29 | 2023-08-01 | Pure Storage, Inc. | Coordinated snapshots for data stored across distinct storage environments |
US11893263B2 (en) | 2021-10-29 | 2024-02-06 | Pure Storage, Inc. | Coordinated checkpoints among storage systems implementing checkpoint-based replication |
US11914867B2 (en) | 2021-10-29 | 2024-02-27 | Pure Storage, Inc. | Coordinated snapshots among storage systems implementing a promotion/demotion model |
US11922052B2 (en) | 2021-12-15 | 2024-03-05 | Pure Storage, Inc. | Managing links between storage objects |
US11847071B2 (en) | 2021-12-30 | 2023-12-19 | Pure Storage, Inc. | Enabling communication between a single-port device and multiple storage system controllers |
US11972134B2 (en) | 2022-01-12 | 2024-04-30 | Pure Storage, Inc. | Resource utilization using normalized input/output (‘I/O’) operations |
US11860780B2 (en) | 2022-01-28 | 2024-01-02 | Pure Storage, Inc. | Storage cache management |
US11886295B2 (en) | 2022-01-31 | 2024-01-30 | Pure Storage, Inc. | Intra-block error correction |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20140013409A1 (en) | Single sign on for cloud | |
WO2013071087A1 (en) | Single sign on for cloud | |
US10142326B2 (en) | Attribute-based access control | |
US10810515B2 (en) | Digital rights management (DRM)-enabled policy management for an identity provider in a federated environment | |
CN107852417B (en) | Multi-tenant identity and data security management cloud service | |
CN109565511B (en) | Tenant and service management for multi-tenant identity and data security management cloud services | |
US10122707B2 (en) | User impersonation/delegation in a token-based authentication system | |
CN112913208B (en) | Multi-tenant identity cloud service with in-house deployed authentication integration and bridge high availability | |
US8196177B2 (en) | Digital rights management (DRM)-enabled policy management for a service provider in a federated environment | |
US9876799B2 (en) | Secure mobile client with assertions for access to service provider applications | |
US7860883B2 (en) | Method and system for distributed retrieval of data objects within multi-protocol profiles in federated environments | |
US9699168B2 (en) | Method and system for authenticating a rich client to a web or cloud application | |
US9288214B2 (en) | Authentication and authorization methods for cloud computing platform security | |
US9560080B2 (en) | Extending organizational boundaries throughout a cloud architecture | |
US8850546B1 (en) | Privacy-preserving user attribute release and session management | |
US9690920B2 (en) | Secure configuration catalog of trusted identity providers | |
CN112088373A (en) | Declarative third party identity provider integration for multi-tenant identity cloud services | |
US9148414B1 (en) | Credential management in a multi-tenant environment | |
JP2019526868A (en) | Single sign-on and single logout capabilities for multi-tenant identity and data security management cloud services | |
US9485234B1 (en) | Virtualized endpoints in a multi-tenant environment | |
Malisetti | Securing RESTful services with token-based authentication | |
Edge et al. | Identity and Device Trust | |
Thakore et al. | Scalable and Privacy-preserving Access Mechanism for Dynamic Clouds |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12848189 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12848189 Country of ref document: EP Kind code of ref document: A1 |