WO2013071087A1 - Single sign on for cloud - Google Patents

Single sign on for cloud Download PDF

Info

Publication number
WO2013071087A1
WO2013071087A1 PCT/US2012/064425 US2012064425W WO2013071087A1 WO 2013071087 A1 WO2013071087 A1 WO 2013071087A1 US 2012064425 W US2012064425 W US 2012064425W WO 2013071087 A1 WO2013071087 A1 WO 2013071087A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication system
user
protocol
consumer unit
request
Prior art date
Application number
PCT/US2012/064425
Other languages
French (fr)
Inventor
Milind Halageri
Original Assignee
Unisys Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/542,953 external-priority patent/US20140013409A1/en
Application filed by Unisys Corporation filed Critical Unisys Corporation
Publication of WO2013071087A1 publication Critical patent/WO2013071087A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers

Definitions

  • the present invention relates generally to a system for management of information technology systems.
  • Cloud computing enables convenient, on-demand network access to a shared pool of configurable computing resources, for example, networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction.
  • cloud computing provides computation, applications, data access, and storage services for the end-user.
  • the end-user does not require knowledge of the physical location and configuration of the system that delivers the services.
  • the end-user is able to pay for the computation, applications, data access, and storage services based on the amount of usage rather than having to purchase and manage dedicated computation, applications, data access, and storage resources.
  • Clouds are developed as stand-alone platforms and include hardware and applications necessary to perform required services for the end-users.
  • clouds are known as platforms.
  • the term “cloud” for the purpose of this application also encompasses the term “platform.”
  • the term “off-site cloud” is used to refer to a public cloud, which is a cloud that is accessible on the Internet.
  • the term “in-house cloud” is used to refer to a private cloud, which is not generally accessible on the Internet.
  • Examples of the services include software as a service (“SAAS”), platform as a service (“PAAS”), and infrastructure as a service (“IAAS”).
  • SAAS software as a service
  • PAAS platform as a service
  • IAAS infrastructure as a service
  • SAAS users pay a fee on a recurring basis to access and use specific applications.
  • PAAS the user leases access to an entire platform, for example, a customer resource management platform.
  • IAAS the user leases access to certain infrastructure, for example, a physical or virtual server with particular computational and/or storage capabilities.
  • Clouds employ virtualization to perform tasks.
  • the virtualization creates virtual machines running on the hardware, the virtual machines running applications.
  • Each virtual machine has security features of some kind to give some users access to portions of the virtual machine but deny access to other users.
  • each application running on a virtual machine has additional security to give some users access to portions of the application but deny access to other users.
  • Some systems may have thousands of virtual machines, applications, and users. Further, one user may require access to thousands of virtual machines. This can make standard authentication impractical because of the large number of devices that users have to authenticate with. Further, differing operating systems and domains used by the user, the cloud infrastructure, and the virtual machines in the cloud, complicate the authorization and authentication process.
  • tenants subscribe to services provided by a cloud provider.
  • the tenants can be other organizations with their own identity management system.
  • the tenants may want the cloud provider to use their own existing identity management system to authenticate their users instead of registering each of the tenant's users in the cloud provider's identity management system.
  • a system for single sign on to a cloud comprises a cloud service provider and a tenant.
  • the cloud service provider comprises a consumer unit and a portal.
  • the consumer unit provides an interface for a user to connect to the cloud service provider.
  • the portal provides a cloud service to the user, the portal comprising a first authentication system that issues a security token request and that is connected to the consumer unit.
  • the tenant comprises the user and a second authentication system.
  • the second authentication system signs the security token request.
  • the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
  • a system for single sign on to a cloud comprises a cloud service provider and a tenant.
  • the cloud service provider comprises a consumer unit, a portal, and a first authentication system.
  • the consumer unit provides an interface for a user to connect to the cloud service provider.
  • the portal provides a cloud service to the user, the portal comprising a second authentication system connected to the consumer unit.
  • the first authentication system connected to the consumer unit.
  • the tenant comprises the user and a third authentication.
  • the third authentication system connected to the user.
  • the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
  • the first authentication system is federated with the third authentication system.
  • a method for single sign on to a cloud system is disclosed.
  • a consumer unit of a cloud provider receiving a request from a user for a cloud service.
  • the consumer unit requesting a portal to provide access to the cloud service based on the request from the user.
  • a first authentication system of the portal requesting a security token from the consumer unit using a first protocol, the request by the first authentication system based on the request by the consumer unit.
  • the consumer unit translating the security token request from the first protocol to a second protocol.
  • the consumer unit requesting a second authentication system to sign the requested security token using the second protocol.
  • the consumer unit receiving the signed security token.
  • the consumer unit translating the signed security token from the second protocol to the first protocol.
  • the consumer unit sending the signed security token to the portal using the first protocol.
  • the portal providing the cloud service to the user based on the signed security token.
  • a machine -readable tangible and non-transitory medium with information recorded thereon wherein the information, when read by a machine, causes the machine to perform the following steps.
  • a consumer unit of a cloud provider receiving a request from a user for a cloud service.
  • the consumer unit requesting a portal to provide access to the cloud service based on the request from the user.
  • a first authentication system of the portal requesting a security token from the consumer unit using a first protocol.
  • the request by the authentication system based on the request from the consumer unit.
  • the consumer unit translating the security token request from the first protocol to a second protocol.
  • the consumer unit requesting a second authentication system to sign the requested security token using the second protocol.
  • the consumer unit translating the signed security token from the second protocol to the first protocol.
  • the consumer unit sending the signed security token to the portal using the first protocol.
  • the portal providing the cloud service to the user based on the signed security token.
  • FIG. 1 illustrates a cloud system according to an embodiment.
  • FIG. 2 illustrates another cloud system according to an embodiment.
  • FIG. 3 illustrates yet another cloud system according to an embodiment.
  • FIG. 4A-B illustrate how WS-Trust and WS-Policy are used along with different WS-* specifications implemented in the areas of Security, Reliability, and Transactions, according to an exemplary embodiment.
  • FIG. 5 illustrates the programming model with WSIT according to an exemplary embodiment.
  • FIG. 6 illustrates a method for the cloud portion of single sign on to a cloud provider according to an exemplary embodiment.
  • FIG. 7 illustrates a method for the tenant portion of single sign on to a cloud provider according to an exemplary embodiment..
  • FIG. 8 illustrates a general computer architecture according to an exemplary embodiment.
  • FIG. 1 illustrates a cloud system 100.
  • the cloud system 100 comprises a cloud service provider 102 and first and second tenants 120 that subscribe to the cloud service.
  • the cloud service provider 102 comprises a portal 105 that comprises one or more portlets 110, a cloud service engine 115 that provides cloud services, and an authentication system 135.
  • the tenants comprise users 125 that use the cloud and an authentication system 130.
  • the tenants 120 may be, for example, companies, or departments in a company, and the users may be the employees of the company.
  • the cloud service provider 102 and the tenants 120 may be on the same network or intranet. Alternatively, the tenants 120 may be connected to the cloud service provider 102 via the Internet.
  • the authentication mechanisms of the tenant include, for example, Lightweight Directory Access Protocol (LDAP) and Active Directory Federation Services (ADFS).
  • LDAP Lightweight Directory Access Protocol
  • ADFS Active Directory Federation Services
  • a user 125 authenticates with the authentication system 130 of the tenant.
  • a user 125 also authenticates with the authentication system 135 of the portal.
  • a separate authentication is further required for each portlet 110.
  • the user 125 may provide numerous user names and passwords before using the cloud service.
  • federated authentication system In a federated authentication system a common set of policies, practices, and protocols are put in place to manage the identity and trust among users and devices across organizations and domains.
  • Identity federation enables users of one domain to access securely data or systems of another domain seamlessly, and without the need for completely redundant user administration. This process is known as Single sign on. Federation is enabled using open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use cases. Typical use-cases involve things such as cross-domain; web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management, and cross-domain user attribute exchange.
  • ADFS provides such federated services using claims based authentication.
  • a trusted authority issues a signed security token containing a set of claims (credentials) which is given to an application, for example the cloud service provider 102 for validation.
  • the application will authenticate the user if the security token is valid and signed by a trusted issuer, for example, authentication system 130 of the tenant 120.
  • Claims-based identity simplifies application development because applications using this type of authentication do not have to verify all the credentials presented by the user. Instead letting the issuer to deal with all security issues involved eases the process of integration, migration, merger, federation, or building cloud applications.
  • Single sign on has many benefits.
  • Single sign on reduces the time taken by users in sign-on operations to individual domains and reduces the possibility of such sign on operations failing.
  • Single sign on improves security through the reduced need for a user to handle and remember multiple sets of authentication information.
  • Single sign on reduces the time taken, and improves the response, by system administrators to add and remove users to the system or modify the rights of the users.
  • Single sign on improves security through the enhanced ability of system administrators to maintain the integrity of the user account configuration including the ability to inhibit or remove an individual user from having access to all system resources in a coordinated and consistent manner.
  • authentication system 135 of the portal 105 and portlets 110 are a federated authentication system, for example, ADFS
  • the authentication system of the tenant 120 is a compatible federated authentication system, for example, ADFS
  • authentication at the portal can be performed by using tokens 150 provided by the authentication system 130.
  • the tokens 150 are gathered from the authentication system 130 by the authentication system 135 without the need for the user 125 to provide additional user names or passwords.
  • the authentication system 130 will only provide the tokens if the user 125 has previously authenticated with the authentication system 130.
  • a federated, claims based architecture based on an ADFS system with the authentication system 135 acting as a federate Security Token Service (STS) and authentication system 130 acting as a federated Identity Provider would enable single sign on.
  • STS federate Security Token Service
  • STS federate Security Token Service
  • the authentication systems 130 and 135 are not compatible, and, thus, it is difficult to implement a single sign on.
  • FIGS. 2 and 3 illustrate cloud systems 200 and 300 that overcome the compatibility issues of the authentication systems 130 and 135.
  • Both systems 200, 300 include a consumer unit 245, 345 that provides an interface between different authentication systems.
  • the consumer communicates directly with an authentication system of tenants 220.
  • the consumer communicates with a cloud authentication system 355 within the cloud that is compatible with and federated to an authentication system of the tenants 320.
  • Both the systems 200 and 300 provide single-sign-on for the users 225, 325 of the tenants 220, 320 using federated identity management.
  • the cloud system 200 comprises cloud service provider 202 and first and second tenants 220 that subscribe to the cloud service.
  • the cloud service provider 202 comprises a cloud portal 205 that further comprises many portlets 210, a cloud service engine 215 that provides cloud services, and an authentication system 235.
  • the tenants comprise users 225 that use the cloud, and an authentication system 230.
  • the cloud system 200 further comprises the consumer unit 245.
  • the consumer unit 245 forms a mediator between the authentication system 230 and the authentication system 235.
  • a user 225 needing to use the cloud service engine 215 contacts the consumer unit 245.
  • the consumer unit 245 in turn contacts the authentication system 235 of the portal 205.
  • a user 225 authenticates with the authentication system 230 of the tenant.
  • the user 225 may provide a user name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 230.
  • the user 225 contacts the consumer unit 245 with an access request 260 for a cloud service.
  • the consumer unit 245 contacts the authentication system 235 of the portal 205 and requests access to one of the portlets 210.
  • the authentication system 235 responds by requesting a specific form of token for the user 225.
  • the consumer unit 245 identifies the tenant to which the user 225 belongs, and contacts the authentication system 230 of that tenant.
  • the consumer unit 245 issues a token request 249 to request the specific form of token 250 from the authentication system 230.
  • the authentication system 230 checks that the user is authenticated for the services of the corresponding tenant. If the user 225 is authenticated, the authentication system 230 completes and signs the token 250 and sends the token back to the consumer unit 245.
  • the consumer unit 245 forwards the completed and signed token to the authentication system 235.
  • the authentication system 235 provides access to the portlets 210 for the user 225 to access the cloud service engine 215. Thus, by using the system of FIG. 2, the user 225 only needs to authenticate with the corresponding authentication system 230 before using the cloud service engine 215.
  • a trust structure has to be established between the authentication system 230, the authentication system 235, and the consumer unit 245.
  • the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN).
  • Trust can be established by using various cryptographic means to sign the tokens that are passed from the authentication system 230 to the authentication system 235. For example, a decryption key may be required by the authentication system 230 to validate signatures on the signed tokens.
  • the authentication system 230 may store the keys in a key store.
  • the authentication system 230 may also encrypt the token requests, and provide a public key so that only the authentication system 235 is capable of signing the requested token 250.
  • Trust can be established by the authentication system 235 by requesting specific information known to the authentication system 230, for example, a user name, a code issued to the user, a title for the user etc. Each specific piece of information is a claim in the claim based authentication system. The above claim information is provided to the authentication system 235 before the user 225 attempts to use the cloud service engine 215, so that the authentication system 235 can verify the claim.
  • the authentication system 230 acts as an identity provider.
  • Identity providers are adapted to validate various user credentials, such as user names and passwords, and certificates, and are adapted to issue tokens.
  • the authentication system 230 is, for example, an ADFS component provided by Microsoft Corporation, a Shibboleth® identity provider provided by the Internet2TM advanced networking consortium, or any other service adapted to act as an Identity provider.
  • the authentication system 235 has to request the tokens and verify the tokens when the tokens are received.
  • the authentication system 235 is, for example, an ADFS component, a Shibboleth® service provider, or any other service adapted to act as a requester and verifier of tokens.
  • the portal is a LiferayTM Portal.
  • LiferayTM is a free and open source enterprise portal written in Java and distributed under the GNU Lesser General Public License.
  • the LiferayTM Portal is adapted to provide the authentication system 235 and request and verify the tokens.
  • the consumer unit 245 is adapted to communicate with the authentication system 230 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
  • the consumer 245 is also adapted to communicate with the authentication system 235 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
  • the consumer unit 245 translates the token requests by the authentication system 235 from the protocol of the authentication system 235 to the protocol of the authentication system 230, and translates the tokens from the authentication system 230 from the protocol of the authentication system 230 to the protocol of the authentication system 235 if the protocols are different.
  • the consumer unit 245 automatically detects the types of the authentication systems 230, 235, and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens.
  • the authentication system 230 and the authentication system 235 can use different protocols.
  • the user 225 accesses the consumer 245 using a web browser and internet protocol. For example, the user 225 enters a web address corresponding to the internet address of the consumer 245 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 245 by using the web browser. In some embodiments, in response to the request by the user 225 the consumer 245 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 245 does not provide a response to the request by the user 225 until authentication is complete.
  • the cloud system 300 comprises cloud service provider 302 and first and second tenants 320 that subscribe to the cloud service.
  • the cloud service provider 302 comprises a cloud portal 305 that further comprises many portlets 310, a cloud service engine 315 that provides cloud services, and an authentication system 335.
  • the tenants comprise users 325 that use the cloud and an authentication system 330.
  • the cloud system 300 is similar to the cloud system 200 but further comprises a cloud authentication system 355.
  • the consumer unit 345 forms a mediator between the cloud authentication system 355 and the authentication system 335.
  • a user 325 needing to use the cloud service engine 315 contacts the consumer unit 345 with an access request 360.
  • the consumer unit 345 contacts the authentication system 330 for access to the cloud service requested by the user 325. If a security token is required for the user 325 to access the cloud service engine 315, the authentication system 330 sends a token request 349 to the consumer unit 345.
  • the consumer unit 345 contacts the authentication system 355 for access to the cloud services provided by cloud service engine 315.
  • the authentication system 355 in-turn contacts the appropriate authentication system 330 of the tenants.
  • the authentication system 355 is selected to use the same protocols as the authentication system 330. Therefore, there is no compatibility issue between the authentication system 330 and the authentication system 355
  • the user 325 authenticates with the authentication system 330 at the tenant.
  • the user 325 may provide a u ser name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 330.
  • the user 325 contacts the consumer unit 345.
  • the consumer unit 345 contacts the authentication system 335 of the portal 305 and requests access to the portlets 310.
  • the authentication system 335 responds by requesting a specific form of token for the user 325.
  • the consumer unit 345 contacts the authentication system 355 of the cloud provider.
  • the consumer unit 345 requests the specific form of token from the authentication system 355.
  • the authentication system 355 identifies the tenant 320 for the user 325 and contacts the respective authentication system 330 to request a token 350 for the user 325, based on the token 350 requested by the consumer unit 345.
  • the authentication system 330 checks to see that the user is authenticated for the services of the corresponding tenant 320. If the user 325 is authenticated, the authentication system 330 completes and signs the token and sends the token 350 back to the authentication system 355.
  • the authentication system 355 completes the token requested by the consumer unit 345 based on the token issued by the authentication system 330 and issues the token 350 to the consumer unit 345.
  • the consumer unit 345 forwards the completed and signed token 350 to the authentication system 335.
  • the authentication system 335 provides access to the portlets 310 for the user 325 to access the cloud service engine 315. Thus, by using the system of FIG. 3, the user 325 only needs to authenticate with the corresponding authentication system 330 before using the cloud service engine 315.
  • a trust structure has to be established between the authentication system 330, the authentication system 335, authentication system 355, and the consumer unit 345.
  • the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN).
  • TLS Transport Layer Security
  • SSL Secure Sockets Layer
  • VPN virtual private network
  • the trust can be established by using various cryptographic means to sign the tokens 350 that are passed from the authentication system 330 to the authentication system 335, and the tokens 350 passed from the authentication system 335 to the authentication system 335. For example, decryption keys may be required to validate signatures on the issued tokens.
  • the authentication system 330 may store the keys in a key store.
  • the authentication system 330 may also encrypt the token requests, and provide a public key so that only the authentication system 355 and/or the authentication system 335 is capable of signing the requested token.
  • the consumer unit 345 is adapted to communicate with the authentication system 330 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
  • the consumer 345 is also adapted to communicate with the authentication system 355 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure.
  • the consumer unit 345 translates the token requests by the authentication system 335 from the protocol of the authentication system 335 to the protocol of the authentication system 355 and translates the tokens from the authentication system 355 from the protocol of the authentication system 355 to the protocol of the authentication system 335 if the protocols are different.
  • the consumer unit 345 automatically detects the types of the authentication systems 335, 355 and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens. Thus, the authentication system 335 and the authentication system 355 can use different protocols.
  • the user 325 accesses the consumer 345 using a web browser and internet protocol. For example, the user 325 enters a web address corresponding to the internet address of the consumer 345 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 345 using the web browser. In some embodiments, in response to the request by the user 325 the consumer 345 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 345 does not provide a response to the request by the user 325 until authentication is complete.
  • the consumer units 245, 345 can be implemented, for example, using the Java based WS-trust protocol and the Web service Interoperability technologies (WSIT).
  • WSIT Web service Interoperability technologies
  • WSIT is an open-source project for the next-generation of Web service technologies.
  • WSIT provides interoperability between Java Web Services and Microsoft's Windows Communication Foundation.
  • WSIT consists of Java programming language APIs that enable advanced WS-* features to be used in a way that is compatible with, for example, Microsoft's Windows Communication Foundation (WCF) as used by Microsoft .NET ® .
  • WCF Windows Communication Foundation
  • the interoperability between different products is accomplished by implementing a number of Web Services specifications, like JAX-WS that provides interoperability between Java Web Services and Microsoft Windows Communication Foundation.
  • WSIT implements the following WS-* protocols
  • FIG. 4A illustrates WS-Trust, WS-Policy that are used.
  • the major components are the JAX-WS RI - the core Web services platform 405 and an implementation of Reliability 415, Security 410, and Transactions 420 for WS-* specifications and interoperability with .NET 3.0/3.5
  • the Java API for XML Web Services JAX-WS RI provides the Core Web services platform 405. This includes all the SOAP message functionality, including WS-Addressing and MTOM.
  • the JAX-WS RI is an implementation of the JAX-WS specification.
  • WSIT implements support for Security 410, Reliability 415, and Transactions 420, using the protocols and mechanisms defined by several WS-* specifications, on this Core layer 405. This allows a Java client to communicate with a Java endpoint using these protocols. In addition these protocols also enable interoperability with the Windows Communication Foundation component of .NET 3.0/3.5 frameworks, and therefore, provide access to the ADFS APIs.
  • FIG. 4B illustrates the different WS-* specifications implemented in the areas of Security 410, Reliability 415, and Transactions 420.
  • WS-Security 425 provides a basic framework for SOAP message level security in Web services.
  • WS-Trust 430 defines a framework for issuing, renewing, and validating security tokens, and brokering trust relationships within different trust domains.
  • WS- Secure Conversation 435 increases the overall performance and security by defining semantics for secure message exchange for multiple message exchanges.
  • WS-Security Policy 440 enables Web service endpoints to specify their security requirements to potential clients in an interoperable manner.
  • WS-Reliable Messaging 445 defines a messaging protocol to identify, track, and manage the reliable message delivery between two parties, a source and a destination.
  • WS-Reliable Messaging Policy 450 enables a Web service endpoint to indicate that a reliable message delivery is required.
  • WS-Coordination 455 provides an extensible framework for defining coordination context and types for protocols that coordinate distributed actions.
  • WS- Atomic Transactions 460 provides the definition of transaction context and atomic transaction coordination type that is to be used with the framework defined by WS-Coordination. This enables transactions flowing over Web services.
  • Metadata section 465 identifies the mechanisms that allow the Security, Reliability, and Transactional capabilities of an endpoint to be published and consumed by a client in an interoperable manner.
  • WSPolicy 470 defines a general-purpose framework to express the capabilities of an endpoint.
  • WS-Metadata Exchange and WS-Transfer are used by the client to retrieve the information about the endpoint.
  • FIG. 5 illustrates the programming model with WSIT.
  • the programming model leverages the existing JAX-WS and EJB programming models and allows us to define Security, Reliability, and Transactional capability on the endpoints by bundling an additional configuration file with the application.
  • the configuration file can be easily generated using the NetBeans integrated development environment 505 or can be written by hand 510, or using any other integrated development environment 510 that has inbuilt WSIT or with WSIT plug-in added.
  • an optional WSIT configuration file 520 may be used to specify certain client-side parameters such the locations of trust and keystores.
  • FIG. 6 illustrates a method 600 for single sign on to a cloud provider.
  • the method begins at step 605.
  • the consumer of the cloud provider receives a request for a cloud service from an user of a tenant.
  • the consumer may be, for example, consumer unit 245 or 345.
  • the consumer may be a web page portal, and the request may be in the form of a web page request.
  • the method proceeds to step 610.
  • step 610 the consumer requests the cloud service from a portal of the cloud provider, for example, portal 205, 305.
  • a portal of the cloud provider for example, portal 205, 305.
  • the authentication system of the portal determines if a security token is required. If a security token is required, the method proceeds to step 620. If a security token is not required, the method proceeds to step 650.
  • the authentication system of the portal generates a token request and sends the token request to consumer using a first protocol.
  • the first protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS.
  • the token request contains a list of the information that the authentication system of the portal expects to see in the returned signed token.
  • the token request may be generated from a policy file.
  • the consumer receives the token request using the first protocol and translates the token request to a second protocol.
  • the second protocol is the protocol expected by the authentication system of the tenant.
  • the second protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS.
  • the information contained in the token request in the second protocol is the same as the information contained in the request in the first protocol.
  • step 630 the consumer sends the token request using the second protocol to an authentication system of the tenant of the user.
  • the authentication system of the tenant of the user performs steps 715-725, as discussed below.
  • the method proceeds to step 635.
  • the cloud system 300 the consumer does not send the token request to an authentication system of the tenant of the user.
  • the consumer sends the token request to an authentication system of the cloud service provider, for example, authentication system 355 that is federated with the authentication system of the tenant of the user.
  • the authentication system of the cloud service provider signs the token based on communication with the authentication system of the tenant of the user.
  • the authentication system of the cloud service provider then returns the signed token to the consumer and the method proceeds to step 635.
  • step 635 the consumer receives the token signed by the authentication system of the tenant using the second protocol and translates the token request to the first protocol.
  • the method proceeds to step 640.
  • step 640 the consumer sends the signed token to the authentication system of the Portal using the first protocol.
  • the method proceeds to step 645.
  • step 645 the authentication system of the Portal determines if the signed token is valid. If the signed token is valid, the method proceeds to step 650. If the token is not valid, the method proceeds to step 655.
  • the portal provides the cloud service to the user and the method terminates.
  • the portal denies access of the cloud service to the user and the method terminates.
  • FIG. 7 illustrates a method 700 for single sign on to a cloud provider.
  • the method begins at step 705.
  • the user authenticates at the tenant authentication system.
  • the method proceeds to step 710.
  • step 710 the user sends request to the consumer of the cloud provider to request a cloud service.
  • the method proceeds to step 715.
  • the tenant authentication system receives a request for a security token from the cloud service provider.
  • the method proceeds to step 720.
  • step 720 the tenant authentication system checks that the user is authenticated, and signs the token request. When the request for the security token has been signed, the method proceeds to step 725.
  • the tenant authentication system sends the signed request to cloud service authentication system.
  • the method proceeds to step 730.
  • the user receives access to the cloud service from the cloud provider.
  • FIG. 8 depicts a general computer architecture on which the present embodiments can be implemented and has a functional block diagram illustration of a computer hardware platform that includes user interface elements.
  • the computer may be a general purpose computer or a special purpose computer.
  • the computer 800 can be used to implement any components of the systems 100, 200 and 300.
  • authentication systems 130, 135, 230, 235, 330, 335 the consumer units 245, 335 can all be implemented on a computer such as computer 800, by using the hardware, software program, firmware, or a combination of these components of the computer 800.
  • only one computer 800 is shown, for convenience, the computer functions relating to single sign on may be implemented in a distributed fashion on a number of similar platforms, to distribute the processing load.
  • the computer 800 includes COM ports 850 connected to and from a network to facilitate data communications.
  • the computer 800 also includes a central processing unit (CPU) 820, in the form of one or more processors, for executing program instructions.
  • the exemplary computer platform includes an internal communication bus 810, program storage and data storage of different forms, for example, disk 870, read only memory (ROM) 830, or random access memory (RAM) 840, for various data files to be processed and/or communicated by the computer, as well as possibly program instructions to be executed by the CPU.
  • the computer 800 also includes an I/O component 860, supporting input/output flows between the computer and other components such as user interface elements 880.
  • the computer 800 may also receive programming and data via network communications.
  • aspects of the methods and systems for single sign on according to an embodiment may be embodied in program elements.
  • Program aspects of the embodiments may be thought of as "products” or “articles of manufacture” typically in the form of executable code and/or associated data that is carried on or embodied in a type of machine-readable medium.
  • Tangible non-transitory “storage” type media include any or all of the memory or other storage for the computers, processors or the like, or associated modules thereof, such as various semiconductor memories, tape drives, disk drives and the like, which may provide storage at any time for the program elements.
  • All or portions of the program elements may at times be communicated through a network such as the Internet or various other telecommunication networks. Such communications, for example, may enable loading of the software from one computer or processor into another, for example, from a management server or host computer into the hardware platform(s) of a computing environment or other system.
  • Other types of media that may carry the program elements include optical, electrical and electromagnetic waves, such as used across physical interfaces between local devices, through wired, and optical networks and over various wireless links.
  • the physical elements that carry such waves, such as wired or wireless links, optical links, or the like, also may be considered as media carrying the software.
  • terms such as computer or machine "readable medium” refer to any medium that participates in providing instructions to a processor for execution.
  • a machine -readable medium may take many forms, including but not limited to, a tangible storage medium, a carrier wave medium, or physical transmission medium.
  • Nonvolatile storage media include, for example, optical or magnetic disks, such as any of the storage devices in any computer(s) or the like, which may be used to implement the single sign on system or any of the components of the single sign on systems as shown in the drawings.
  • Volatile storage media include dynamic memory, such as a main memory of such a computer platform.
  • Tangible transmission media include coaxial cables, copper wire and fiber optics, including the wires that form a bus within a computer system.
  • Carrier-wave transmission media can take the form of electric or electromagnetic signals, or acoustic or light waves such as those generated during radio frequency (RF) and infrared (IR) data communications.
  • RF radio frequency
  • IR infrared
  • Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, solid state disk magnetic tape, any other magnetic medium, a CD-ROM, DVD, Blue-RayTM or DVD-ROM, any other optical medium, punch cards paper tape, any other physical storage medium with patterns of holes, a RAM, a PROM and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave transporting data or instructions, cables or links transporting such a carrier wave, or any other medium from which a computer can read programming code and/or data.
  • Many of these forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to a processor for execution.

Abstract

Systems and methods for single sign on to a cloud. The system includes a cloud service provider and a tenant. The cloud service provider has a consumer unit and a portal. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal providing a cloud service to the user, the portal has a first authentication system that issues a security token request and that is connected to the consumer unit. The tenant includes the user and a second authentication system. The second authentication system signs the security token request. The consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.

Description

SINGLE SIGN ON FOR CLOUD
TECHNICAL FIELD
[0001] The present invention relates generally to a system for management of information technology systems.
BACKGROUND
[0002] Cloud computing enables convenient, on-demand network access to a shared pool of configurable computing resources, for example, networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction. For one or more end-users that are attached to the shared pool of configurable computing resources that comprise a cloud, cloud computing provides computation, applications, data access, and storage services for the end-user. The end-user does not require knowledge of the physical location and configuration of the system that delivers the services. Further, the end-user is able to pay for the computation, applications, data access, and storage services based on the amount of usage rather than having to purchase and manage dedicated computation, applications, data access, and storage resources.
[0003] Clouds are developed as stand-alone platforms and include hardware and applications necessary to perform required services for the end-users. In some contexts, clouds are known as platforms. The term "cloud" for the purpose of this application also encompasses the term "platform." The term "off-site cloud" is used to refer to a public cloud, which is a cloud that is accessible on the Internet. The term "in-house cloud" is used to refer to a private cloud, which is not generally accessible on the Internet.
[0004] Examples of the services include software as a service ("SAAS"), platform as a service ("PAAS"), and infrastructure as a service ("IAAS"). In SAAS, users pay a fee on a recurring basis to access and use specific applications. In PAAS, the user leases access to an entire platform, for example, a customer resource management platform. In IAAS, the user leases access to certain infrastructure, for example, a physical or virtual server with particular computational and/or storage capabilities.
[0005] In recent times, as IT systems proliferate to support business processes, users and system administrators are faced with an increasingly complicated interface to accomplish their job functions. Users typically have to sign-on to multiple systems, necessitating an equivalent number of sign-on dialogues, each of which may involve different usernames and authentication information. System administrators are faced with managing user accounts within each of the multiple systems to be accessed in a coordinated manner in order to maintain the integrity of security policy enforcement.
[0006] Clouds employ virtualization to perform tasks. The virtualization creates virtual machines running on the hardware, the virtual machines running applications. Each virtual machine has security features of some kind to give some users access to portions of the virtual machine but deny access to other users. Further, each application running on a virtual machine has additional security to give some users access to portions of the application but deny access to other users. Some systems may have thousands of virtual machines, applications, and users. Further, one user may require access to thousands of virtual machines. This can make standard authentication impractical because of the large number of devices that users have to authenticate with. Further, differing operating systems and domains used by the user, the cloud infrastructure, and the virtual machines in the cloud, complicate the authorization and authentication process.
[0007] In one conventional configuration, tenants subscribe to services provided by a cloud provider. The tenants can be other organizations with their own identity management system. The tenants may want the cloud provider to use their own existing identity management system to authenticate their users instead of registering each of the tenant's users in the cloud provider's identity management system.
SUMMARY
[0008] The systems and methods described herein attempt to overcome the drawbacks discussed above.
[0009] In one embodiment, a system for single sign on to a cloud comprises a cloud service provider and a tenant. The cloud service provider comprises a consumer unit and a portal. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal provides a cloud service to the user, the portal comprising a first authentication system that issues a security token request and that is connected to the consumer unit. The tenant comprises the user and a second authentication system. The second authentication system signs the security token request. The consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
[0010] In another embodiment, a system for single sign on to a cloud comprises a cloud service provider and a tenant. The cloud service provider comprises a consumer unit, a portal, and a first authentication system. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal provides a cloud service to the user, the portal comprising a second authentication system connected to the consumer unit. The first authentication system connected to the consumer unit. The tenant comprises the user and a third authentication. The third authentication system connected to the user. The consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol. The first authentication system is federated with the third authentication system.
[0011] In yet another embodiment, a method for single sign on to a cloud system is disclosed. A consumer unit of a cloud provider receiving a request from a user for a cloud service. The consumer unit requesting a portal to provide access to the cloud service based on the request from the user. A first authentication system of the portal requesting a security token from the consumer unit using a first protocol, the request by the first authentication system based on the request by the consumer unit. The consumer unit translating the security token request from the first protocol to a second protocol. The consumer unit requesting a second authentication system to sign the requested security token using the second protocol. The consumer unit receiving the signed security token. The consumer unit translating the signed security token from the second protocol to the first protocol. The consumer unit sending the signed security token to the portal using the first protocol. The portal, providing the cloud service to the user based on the signed security token.
[0012] In still yet another embodiment, a machine -readable tangible and non-transitory medium with information recorded thereon, wherein the information, when read by a machine, causes the machine to perform the following steps. A consumer unit of a cloud provider receiving a request from a user for a cloud service. The consumer unit requesting a portal to provide access to the cloud service based on the request from the user. A first authentication system of the portal, requesting a security token from the consumer unit using a first protocol. The request by the authentication system based on the request from the consumer unit. The consumer unit, translating the security token request from the first protocol to a second protocol. The consumer unit requesting a second authentication system to sign the requested security token using the second protocol. The consumer unit translating the signed security token from the second protocol to the first protocol. The consumer unit sending the signed security token to the portal using the first protocol. The portal providing the cloud service to the user based on the signed security token.
[0013]
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] The accompanying drawings constitute a part of this specification and illustrate an embodiment of the invention, and together with the specification, explain the invention.
[0015] FIG. 1 illustrates a cloud system according to an embodiment.
[0016] FIG. 2 illustrates another cloud system according to an embodiment.
[0017] FIG. 3 illustrates yet another cloud system according to an embodiment.
[0018] FIG. 4A-B illustrate how WS-Trust and WS-Policy are used along with different WS-* specifications implemented in the areas of Security, Reliability, and Transactions, according to an exemplary embodiment.
[0019] FIG. 5 illustrates the programming model with WSIT according to an exemplary embodiment.
[0020] FIG. 6 illustrates a method for the cloud portion of single sign on to a cloud provider according to an exemplary embodiment.
[0021] FIG. 7 illustrates a method for the tenant portion of single sign on to a cloud provider according to an exemplary embodiment..
[0022] FIG. 8 illustrates a general computer architecture according to an exemplary embodiment.
DETAILED DESCRIPTION
[0023] FIG. 1 illustrates a cloud system 100. The cloud system 100 comprises a cloud service provider 102 and first and second tenants 120 that subscribe to the cloud service. The cloud service provider 102 comprises a portal 105 that comprises one or more portlets 110, a cloud service engine 115 that provides cloud services, and an authentication system 135. The tenants comprise users 125 that use the cloud and an authentication system 130. The tenants 120 may be, for example, companies, or departments in a company, and the users may be the employees of the company. There may be any number of tenants connected to the cloud service provider 102. The cloud service provider 102 and the tenants 120 may be on the same network or intranet. Alternatively, the tenants 120 may be connected to the cloud service provider 102 via the Internet.
[0024] The authentication mechanisms of the tenant include, for example, Lightweight Directory Access Protocol (LDAP) and Active Directory Federation Services (ADFS). The first and second tenants 120 and the portal 105 may be on different domains, therefore, the tenant authentication methods cannot be used to authenticate a user in another tenant or at the portal 105.
[0025] To use the services provided by the tenant 120, including the services provided by the cloud service provider 102, a user 125 authenticates with the authentication system 130 of the tenant. To use a cloud service, a user 125 also authenticates with the authentication system 135 of the portal. In some embodiments, a separate authentication is further required for each portlet 110. Thus, the user 125 may provide numerous user names and passwords before using the cloud service.
[0026] In a federated authentication system a common set of policies, practices, and protocols are put in place to manage the identity and trust among users and devices across organizations and domains. Identity federation enables users of one domain to access securely data or systems of another domain seamlessly, and without the need for completely redundant user administration. This process is known as Single sign on. Federation is enabled using open industry standards and/or openly published specifications, such that multiple parties can achieve interoperability for common use cases. Typical use-cases involve things such as cross-domain; web-based single sign-on, cross-domain user account provisioning, cross-domain entitlement management, and cross-domain user attribute exchange. ADFS provides such federated services using claims based authentication.
[0027] In claims based authentication, a trusted authority (Issuer) issues a signed security token containing a set of claims (credentials) which is given to an application, for example the cloud service provider 102 for validation. The application will authenticate the user if the security token is valid and signed by a trusted issuer, for example, authentication system 130 of the tenant 120. Claims-based identity simplifies application development because applications using this type of authentication do not have to verify all the credentials presented by the user. Instead letting the issuer to deal with all security issues involved eases the process of integration, migration, merger, federation, or building cloud applications. [0028] Single sign on has many benefits. Single sign on reduces the time taken by users in sign-on operations to individual domains and reduces the possibility of such sign on operations failing. Single sign on improves security through the reduced need for a user to handle and remember multiple sets of authentication information. Single sign on reduces the time taken, and improves the response, by system administrators to add and remove users to the system or modify the rights of the users. Single sign on improves security through the enhanced ability of system administrators to maintain the integrity of the user account configuration including the ability to inhibit or remove an individual user from having access to all system resources in a coordinated and consistent manner.
[0029] If the authentication system 135 of the portal 105 and portlets 110 are a federated authentication system, for example, ADFS, and the authentication system of the tenant 120 is a compatible federated authentication system, for example, ADFS, then authentication at the portal can be performed by using tokens 150 provided by the authentication system 130.
[0030] In, for example, ADFS, the tokens 150 are gathered from the authentication system 130 by the authentication system 135 without the need for the user 125 to provide additional user names or passwords. The authentication system 130 will only provide the tokens if the user 125 has previously authenticated with the authentication system 130. For example, a federated, claims based architecture based on an ADFS system with the authentication system 135 acting as a federate Security Token Service (STS) and authentication system 130 acting as a federated Identity Provider would enable single sign on. However, in general, the authentication systems 130 and 135 are not compatible, and, thus, it is difficult to implement a single sign on.
[0031] FIGS. 2 and 3 illustrate cloud systems 200 and 300 that overcome the compatibility issues of the authentication systems 130 and 135. Both systems 200, 300 include a consumer unit 245, 345 that provides an interface between different authentication systems. In the system 200, the consumer communicates directly with an authentication system of tenants 220. In the system 300, the consumer communicates with a cloud authentication system 355 within the cloud that is compatible with and federated to an authentication system of the tenants 320. Both the systems 200 and 300 provide single-sign-on for the users 225, 325 of the tenants 220, 320 using federated identity management.
[0032] The cloud system 200 comprises cloud service provider 202 and first and second tenants 220 that subscribe to the cloud service. The cloud service provider 202 comprises a cloud portal 205 that further comprises many portlets 210, a cloud service engine 215 that provides cloud services, and an authentication system 235. The tenants comprise users 225 that use the cloud, and an authentication system 230.
[0033] The cloud system 200 further comprises the consumer unit 245. The consumer unit 245 forms a mediator between the authentication system 230 and the authentication system 235. A user 225 needing to use the cloud service engine 215 contacts the consumer unit 245. The consumer unit 245 in turn contacts the authentication system 235 of the portal 205.
[0034] To use the tenant services, including gaining access to the cloud services, a user 225 authenticates with the authentication system 230 of the tenant. The user 225 may provide a user name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 230. When the user 225 is authenticated with the authentication system 230, the user 225 contacts the consumer unit 245 with an access request 260 for a cloud service. The consumer unit 245 contacts the authentication system 235 of the portal 205 and requests access to one of the portlets 210. The authentication system 235, responds by requesting a specific form of token for the user 225. The consumer unit 245 identifies the tenant to which the user 225 belongs, and contacts the authentication system 230 of that tenant. The consumer unit 245 issues a token request 249 to request the specific form of token 250 from the authentication system 230. The authentication system 230 checks that the user is authenticated for the services of the corresponding tenant. If the user 225 is authenticated, the authentication system 230 completes and signs the token 250 and sends the token back to the consumer unit 245. The consumer unit 245 forwards the completed and signed token to the authentication system 235. The authentication system 235 provides access to the portlets 210 for the user 225 to access the cloud service engine 215. Thus, by using the system of FIG. 2, the user 225 only needs to authenticate with the corresponding authentication system 230 before using the cloud service engine 215.
[0035] Before the system 200 can be accessed by the users 225, a trust structure has to be established between the authentication system 230, the authentication system 235, and the consumer unit 245. In some embodiments, the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN). Trust can be established by using various cryptographic means to sign the tokens that are passed from the authentication system 230 to the authentication system 235. For example, a decryption key may be required by the authentication system 230 to validate signatures on the signed tokens. The authentication system 230 may store the keys in a key store. The authentication system 230 may also encrypt the token requests, and provide a public key so that only the authentication system 235 is capable of signing the requested token 250.
[0036] Trust can be established by the authentication system 235 by requesting specific information known to the authentication system 230, for example, a user name, a code issued to the user, a title for the user etc. Each specific piece of information is a claim in the claim based authentication system. The above claim information is provided to the authentication system 235 before the user 225 attempts to use the cloud service engine 215, so that the authentication system 235 can verify the claim.
[0037] In the above embodiment, the authentication system 230 acts as an identity provider. Identity providers are adapted to validate various user credentials, such as user names and passwords, and certificates, and are adapted to issue tokens.
[0038] In some embodiments, the authentication system 230 is, for example, an ADFS component provided by Microsoft Corporation, a Shibboleth® identity provider provided by the Internet2™ advanced networking consortium, or any other service adapted to act as an Identity provider.
[0039] The authentication system 235 has to request the tokens and verify the tokens when the tokens are received. In some embodiments, the authentication system 235 is, for example, an ADFS component, a Shibboleth® service provider, or any other service adapted to act as a requester and verifier of tokens.
[0040] In some embodiments, the portal is a Liferay™ Portal. Liferay™ is a free and open source enterprise portal written in Java and distributed under the GNU Lesser General Public License. In some embodiments, the Liferay™ Portal is adapted to provide the authentication system 235 and request and verify the tokens.
[0041] The consumer unit 245 is adapted to communicate with the authentication system 230 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. The consumer 245 is also adapted to communicate with the authentication system 235 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. In some embodiments, the consumer unit 245 translates the token requests by the authentication system 235 from the protocol of the authentication system 235 to the protocol of the authentication system 230, and translates the tokens from the authentication system 230 from the protocol of the authentication system 230 to the protocol of the authentication system 235 if the protocols are different. In some embodiments, the consumer unit 245 automatically detects the types of the authentication systems 230, 235, and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens. Thus, the authentication system 230 and the authentication system 235 can use different protocols.
[0042] In some embodiments, the user 225 accesses the consumer 245 using a web browser and internet protocol. For example, the user 225 enters a web address corresponding to the internet address of the consumer 245 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 245 by using the web browser. In some embodiments, in response to the request by the user 225 the consumer 245 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 245 does not provide a response to the request by the user 225 until authentication is complete.
[0043] The cloud system 300 comprises cloud service provider 302 and first and second tenants 320 that subscribe to the cloud service. The cloud service provider 302 comprises a cloud portal 305 that further comprises many portlets 310, a cloud service engine 315 that provides cloud services, and an authentication system 335. The tenants comprise users 325 that use the cloud and an authentication system 330.
[0044] The cloud system 300 is similar to the cloud system 200 but further comprises a cloud authentication system 355. The consumer unit 345 forms a mediator between the cloud authentication system 355 and the authentication system 335. A user 325 needing to use the cloud service engine 315 contacts the consumer unit 345 with an access request 360. The consumer unit 345 contacts the authentication system 330 for access to the cloud service requested by the user 325. If a security token is required for the user 325 to access the cloud service engine 315, the authentication system 330 sends a token request 349 to the consumer unit 345. The consumer unit 345 contacts the authentication system 355 for access to the cloud services provided by cloud service engine 315. The authentication system 355 in-turn contacts the appropriate authentication system 330 of the tenants. The authentication system 355 is selected to use the same protocols as the authentication system 330. Therefore, there is no compatibility issue between the authentication system 330 and the authentication system 355
[0045] To use the tenant services, including gaining access to the cloud services, the user 325 authenticates with the authentication system 330 at the tenant. The user 325 may provide a u ser name and password, provide biometric data, or use any other means compatible with embodiments of the disclosure to authenticate with the authentication system 330. When the user 325 is authenticated with the authentication system 330, the user 325 contacts the consumer unit 345. The consumer unit 345 contacts the authentication system 335 of the portal 305 and requests access to the portlets 310. The authentication system 335, responds by requesting a specific form of token for the user 325. The consumer unit 345, contacts the authentication system 355 of the cloud provider. The consumer unit 345 requests the specific form of token from the authentication system 355. The authentication system 355 identifies the tenant 320 for the user 325 and contacts the respective authentication system 330 to request a token 350 for the user 325, based on the token 350 requested by the consumer unit 345. The authentication system 330 checks to see that the user is authenticated for the services of the corresponding tenant 320. If the user 325 is authenticated, the authentication system 330 completes and signs the token and sends the token 350 back to the authentication system 355. The authentication system 355 completes the token requested by the consumer unit 345 based on the token issued by the authentication system 330 and issues the token 350 to the consumer unit 345. The consumer unit 345 forwards the completed and signed token 350 to the authentication system 335. The authentication system 335 provides access to the portlets 310 for the user 325 to access the cloud service engine 315. Thus, by using the system of FIG. 3, the user 325 only needs to authenticate with the corresponding authentication system 330 before using the cloud service engine 315.
[0046] Before the system 300 can be accessed by the users 325, a trust structure has to be established between the authentication system 330, the authentication system 335, authentication system 355, and the consumer unit 345. In some embodiments, the trust can be established using predefined secure communications such as a Transport Layer Security (TLS), a Secure Sockets Layer (SSL), or a virtual private network (VPN). In some embodiments, the trust can be established by using various cryptographic means to sign the tokens 350 that are passed from the authentication system 330 to the authentication system 335, and the tokens 350 passed from the authentication system 335 to the authentication system 335. For example, decryption keys may be required to validate signatures on the issued tokens. The authentication system 330 may store the keys in a key store. The authentication system 330 may also encrypt the token requests, and provide a public key so that only the authentication system 355 and/or the authentication system 335 is capable of signing the requested token. [0047] The consumer unit 345 is adapted to communicate with the authentication system 330 using a first security protocol, for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. The consumer 345 is also adapted to communicate with the authentication system 355 using a second security protocol for example, the protocols for Shibboleth®, an ADFS component, or any other protocol compatible with embodiments of the disclosure. In some embodiments, the consumer unit 345 translates the token requests by the authentication system 335 from the protocol of the authentication system 335 to the protocol of the authentication system 355 and translates the tokens from the authentication system 355 from the protocol of the authentication system 355 to the protocol of the authentication system 335 if the protocols are different. In some embodiments, the consumer unit 345 automatically detects the types of the authentication systems 335, 355 and, therefore, the protocols used so that the protocol translation can be performed when forwarding token requests and tokens. Thus, the authentication system 335 and the authentication system 355 can use different protocols.
[0048] In some embodiments, the user 325 accesses the consumer 345 using a web browser and internet protocol. For example, the user 325 enters a web address corresponding to the internet address of the consumer 345 into the web browser. Alternatively, the user clicks on an internet link corresponding to the consumer 345 using the web browser. In some embodiments, in response to the request by the user 325 the consumer 345 provides a web page to the user indicating that authentication is in progress. In some embodiments, the consumer 345 does not provide a response to the request by the user 325 until authentication is complete.
[0049] In some embodiments, the consumer units 245, 345 can be implemented, for example, using the Java based WS-trust protocol and the Web service Interoperability technologies (WSIT). In one embodiment, a WSIT implementation of metro web services is used. WSIT is an open-source project for the next-generation of Web service technologies. WSIT provides interoperability between Java Web Services and Microsoft's Windows Communication Foundation. WSIT consists of Java programming language APIs that enable advanced WS-* features to be used in a way that is compatible with, for example, Microsoft's Windows Communication Foundation (WCF) as used by Microsoft .NET®. The interoperability between different products is accomplished by implementing a number of Web Services specifications, like JAX-WS that provides interoperability between Java Web Services and Microsoft Windows Communication Foundation. WSIT implements the following WS-* protocols
WS -MetadataExchange
WS -Transfer
WS-Policy
WS-Security
WS-SecureConversation
WS-Trust
WS-SecurityPolicy
WS-ReliableMessaging
WS-RMPolicy
WS-Coordination
WS-AtomicTransaction
[0050] FIG. 4A illustrates WS-Trust, WS-Policy that are used. The major components are the JAX-WS RI - the core Web services platform 405 and an implementation of Reliability 415, Security 410, and Transactions 420 for WS-* specifications and interoperability with .NET 3.0/3.5
[0051] The Java API for XML Web Services JAX-WS RI provides the Core Web services platform 405. This includes all the SOAP message functionality, including WS-Addressing and MTOM. The JAX-WS RI is an implementation of the JAX-WS specification.
[0052] WSIT implements support for Security 410, Reliability 415, and Transactions 420, using the protocols and mechanisms defined by several WS-* specifications, on this Core layer 405. This allows a Java client to communicate with a Java endpoint using these protocols. In addition these protocols also enable interoperability with the Windows Communication Foundation component of .NET 3.0/3.5 frameworks, and therefore, provide access to the ADFS APIs.
[0053] FIG. 4B illustrates the different WS-* specifications implemented in the areas of Security 410, Reliability 415, and Transactions 420.
[0054] In Security 410, WS-Security 425 provides a basic framework for SOAP message level security in Web services. WS-Trust 430 defines a framework for issuing, renewing, and validating security tokens, and brokering trust relationships within different trust domains. WS- Secure Conversation 435 increases the overall performance and security by defining semantics for secure message exchange for multiple message exchanges. WS-Security Policy 440 enables Web service endpoints to specify their security requirements to potential clients in an interoperable manner.
[0055] In Reliability, WS-Reliable Messaging 445 defines a messaging protocol to identify, track, and manage the reliable message delivery between two parties, a source and a destination. WS-Reliable Messaging Policy 450 enables a Web service endpoint to indicate that a reliable message delivery is required.
[0056] In Transactions, WS-Coordination 455 provides an extensible framework for defining coordination context and types for protocols that coordinate distributed actions. WS- Atomic Transactions 460 provides the definition of transaction context and atomic transaction coordination type that is to be used with the framework defined by WS-Coordination. This enables transactions flowing over Web services.
[0057] Metadata section 465 identifies the mechanisms that allow the Security, Reliability, and Transactional capabilities of an endpoint to be published and consumed by a client in an interoperable manner. WSPolicy 470 defines a general-purpose framework to express the capabilities of an endpoint.
[0058] The above extensible framework is then used to define the domain-specific policy assertions. WS-Metadata Exchange and WS-Transfer are used by the client to retrieve the information about the endpoint.
[0059] FIG. 5: illustrates the programming model with WSIT. The programming model leverages the existing JAX-WS and EJB programming models and allows us to define Security, Reliability, and Transactional capability on the endpoints by bundling an additional configuration file with the application.
[0060] The configuration file can be easily generated using the NetBeans integrated development environment 505 or can be written by hand 510, or using any other integrated development environment 510 that has inbuilt WSIT or with WSIT plug-in added. On the client side, an optional WSIT configuration file 520 may be used to specify certain client-side parameters such the locations of trust and keystores.
[0061] Most Servlet Containers that can be used with Liferay™ including Apache Tomcat™, Glassfish™ are supported by metro web services. Thus, if the portal 205, 305 is implemented using Liferay™, the portal can communicate with the consumer 245, 345 using metro web services and with ADFS authentication systems using WIST. [0062] FIG. 6 illustrates a method 600 for single sign on to a cloud provider. The method begins at step 605. At step 605, the consumer of the cloud provider receives a request for a cloud service from an user of a tenant. The consumer may be, for example, consumer unit 245 or 345. The consumer may be a web page portal, and the request may be in the form of a web page request. When the request has been received the method proceeds to step 610.
[0063] At step 610, the consumer requests the cloud service from a portal of the cloud provider, for example, portal 205, 305. When the request has been sent the method proceeds to step 615.
[0064] At step 615, the authentication system of the portal, for example, authentication system 235, 335 determines if a security token is required. If a security token is required, the method proceeds to step 620. If a security token is not required, the method proceeds to step 650.
[0065] At step 620, the authentication system of the portal generates a token request and sends the token request to consumer using a first protocol. The first protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS. The token request contains a list of the information that the authentication system of the portal expects to see in the returned signed token. The token request may be generated from a policy file. When the request has been sent, the method proceeds to step 625
[0066] At step 625, the consumer receives the token request using the first protocol and translates the token request to a second protocol. The second protocol is the protocol expected by the authentication system of the tenant. The second protocol may be, for example, the Java WSIT based protocol as discussed above or protocols for ADFS. The information contained in the token request in the second protocol is the same as the information contained in the request in the first protocol. When the translation is complete, the method proceeds to step 630.
[0067] At step 630, the consumer sends the token request using the second protocol to an authentication system of the tenant of the user. The authentication system of the tenant of the user performs steps 715-725, as discussed below. When the token request has been sent, the method proceeds to step 635.
[0068] In some embodiments, for example, the cloud system 300 the consumer does not send the token request to an authentication system of the tenant of the user. The consumer sends the token request to an authentication system of the cloud service provider, for example, authentication system 355 that is federated with the authentication system of the tenant of the user. The authentication system of the cloud service provider signs the token based on communication with the authentication system of the tenant of the user. The authentication system of the cloud service provider then returns the signed token to the consumer and the method proceeds to step 635.
[0069] At step 635, the consumer receives the token signed by the authentication system of the tenant using the second protocol and translates the token request to the first protocol. When the translation of the token is complete, the method proceeds to step 640. At step 640, the consumer sends the signed token to the authentication system of the Portal using the first protocol. When the signed token has been sent, the method proceeds to step 645. At step 645, the authentication system of the Portal determines if the signed token is valid. If the signed token is valid, the method proceeds to step 650. If the token is not valid, the method proceeds to step 655.
[0070] At step 650, the portal provides the cloud service to the user and the method terminates. At step 655, the portal denies access of the cloud service to the user and the method terminates.
[0071] FIG. 7 illustrates a method 700 for single sign on to a cloud provider. The method begins at step 705. At step 705, the user authenticates at the tenant authentication system. When the authentication is complete, the method proceeds to step 710.
[0072] At step 710, the user sends request to the consumer of the cloud provider to request a cloud service. When the request has been sent, the method proceeds to step 715.
[0073] At step 715, the tenant authentication system receives a request for a security token from the cloud service provider. When the request for the security token has been received, the method proceeds to step 720.
[0074] At step 720, the tenant authentication system checks that the user is authenticated, and signs the token request. When the request for the security token has been signed, the method proceeds to step 725.
[0075] At step 725, the tenant authentication system sends the signed request to cloud service authentication system. When the signed security token has been sent, the method proceeds to step 730. At step 730, the user receives access to the cloud service from the cloud provider.
[0076] FIG. 8 depicts a general computer architecture on which the present embodiments can be implemented and has a functional block diagram illustration of a computer hardware platform that includes user interface elements. The computer may be a general purpose computer or a special purpose computer. The computer 800 can be used to implement any components of the systems 100, 200 and 300. For example, authentication systems 130, 135, 230, 235, 330, 335 the consumer units 245, 335, can all be implemented on a computer such as computer 800, by using the hardware, software program, firmware, or a combination of these components of the computer 800. Although only one computer 800 is shown, for convenience, the computer functions relating to single sign on may be implemented in a distributed fashion on a number of similar platforms, to distribute the processing load.
[0077] The computer 800, for example, includes COM ports 850 connected to and from a network to facilitate data communications. The computer 800 also includes a central processing unit (CPU) 820, in the form of one or more processors, for executing program instructions. The exemplary computer platform includes an internal communication bus 810, program storage and data storage of different forms, for example, disk 870, read only memory (ROM) 830, or random access memory (RAM) 840, for various data files to be processed and/or communicated by the computer, as well as possibly program instructions to be executed by the CPU. The computer 800 also includes an I/O component 860, supporting input/output flows between the computer and other components such as user interface elements 880. The computer 800 may also receive programming and data via network communications.
[0078] Hence, aspects of the methods and systems for single sign on according to an embodiment, as discussed above, may be embodied in program elements. Program aspects of the embodiments may be thought of as "products" or "articles of manufacture" typically in the form of executable code and/or associated data that is carried on or embodied in a type of machine-readable medium. Tangible non-transitory "storage" type media include any or all of the memory or other storage for the computers, processors or the like, or associated modules thereof, such as various semiconductor memories, tape drives, disk drives and the like, which may provide storage at any time for the program elements.
[0079] All or portions of the program elements may at times be communicated through a network such as the Internet or various other telecommunication networks. Such communications, for example, may enable loading of the software from one computer or processor into another, for example, from a management server or host computer into the hardware platform(s) of a computing environment or other system. Other types of media that may carry the program elements include optical, electrical and electromagnetic waves, such as used across physical interfaces between local devices, through wired, and optical networks and over various wireless links. The physical elements that carry such waves, such as wired or wireless links, optical links, or the like, also may be considered as media carrying the software. As used herein, unless restricted to tangible "storage" media, terms such as computer or machine "readable medium" refer to any medium that participates in providing instructions to a processor for execution.
[0080] Hence, a machine -readable medium may take many forms, including but not limited to, a tangible storage medium, a carrier wave medium, or physical transmission medium. Nonvolatile storage media include, for example, optical or magnetic disks, such as any of the storage devices in any computer(s) or the like, which may be used to implement the single sign on system or any of the components of the single sign on systems as shown in the drawings. Volatile storage media include dynamic memory, such as a main memory of such a computer platform. Tangible transmission media include coaxial cables, copper wire and fiber optics, including the wires that form a bus within a computer system. Carrier-wave transmission media can take the form of electric or electromagnetic signals, or acoustic or light waves such as those generated during radio frequency (RF) and infrared (IR) data communications. Common forms of computer-readable media, therefore, include, for example, a floppy disk, a flexible disk, hard disk, solid state disk magnetic tape, any other magnetic medium, a CD-ROM, DVD, Blue-Ray™ or DVD-ROM, any other optical medium, punch cards paper tape, any other physical storage medium with patterns of holes, a RAM, a PROM and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave transporting data or instructions, cables or links transporting such a carrier wave, or any other medium from which a computer can read programming code and/or data. Many of these forms of computer readable media may be involved in carrying one or more sequences of one or more instructions to a processor for execution.
[0081] The embodiments described above are intended to be exemplary. One skilled in the art recognizes that numerous alternative components and embodiments that may be substituted for the particular examples described herein and still fall within the scope of the invention.

Claims

CLAIMS What is claimed is:
1. A system for single sign on to a cloud, the system comprising:
a cloud service provider comprising:
a consumer unit that provides an interface for a user to connect to the cloud service provider; and
a portal that provides a cloud service to the user, the portal comprising a first authentication system that issues a security token request, and the first authentication system is connected to the consumer unit; and
a tenant comprising:
the user; and
a second authentication system that signs the security token request, wherein the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
2. The system according to claim 1, wherein the consumer unit is adapted to request the cloud service from the portal based on a request for the cloud service from the user.
3. The system according to claim 1, wherein
the consumer unit is adapted to translate a security token request in the first protocol to a security token request in the second protocol; and the consumer unit is adapted to translate a signed security token in the second protocol to a signed security token in the first protocol.
4. The system according to claim 3, wherein
the consumer unit is adapted to receive the security token request in the first protocol from the first authentication system based on a request for the cloud service from the user; and the consumer unit is adapted to send the security token request in the second protocol to the second authentication system.
5. The system according to claim 1, the portal comprising a plurality of portlets, and the portal adapted to assign the user to a one of the plurality of portlets to provide the cloud service.
6. The system according to claim 1, wherein the second authentication system is adapted to authenticate the user.
7. A system for single sign on to a cloud, the system comprising:
a cloud service provider comprising:
a consumer unit that provides an interface for a user to connect to the cloud service provider;
a portal that provides a cloud service to the user, the portal comprising a first authentication system connected to the consumer unit; and
a second authentication system connected to the consumer unit; and a tenant comprising:
the user; and a third authentication system connected to the user,
wherein the consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol; and
wherein the second authentication system is federated with the third authentication system.
8. The system according to claim 7, wherein the consumer unit is adapted to request the cloud service from the portal based on a request for the cloud service from the user.
9. The system according to claim 7, wherein
the consumer unit is adapted to translate a security token request in the first protocol to a security token request in the second protocol; and
the consumer unit is adapted to translate a signed security token in the second protocol to a signed security token in the first protocol.
10. The system according to claim 9, wherein
the consumer unit is adapted to receive the security token request in the first protocol from the first authentication system based on a request for the cloud service from the user; and the consumer unit is adapted to send the security token request in the second protocol to the second authentication system.
11. The system according to claim 7, the portal comprising a plurality of portlets, and the portal adapted to assign the user to a one of the portlets to provide the cloud service.
12. The system according to claim 7, wherein the third authentication system is adapted to authenticate the user.
13. A method for single sign on to a cloud system, the method comprising:
receiving, by a consumer unit of a cloud provider, a request from a user for a cloud service;
requesting, by the consumer unit, a portal to provide access to the cloud service based on the request from the user;
requesting, by a first authentication system of the portal, a security token from the consumer unit using a first protocol, the request by the first authentication system based on the request by the consumer unit;
translating, by the consumer unit, the security token request from the first protocol to a second protocol;
requesting, by the consumer unit, a second authentication system to sign the requested security token using the second protocol;
receiving, by the consumer unit, the signed security token;
translating, by the consumer unit, the signed security token from the second protocol to the first protocol;
sending, by the consumer unit, the signed security token to the portal using the first protocol; and
providing, by the portal, the cloud service to the user based on the signed security token.
14. The method of claim 13, wherein the second authentication system is an authentication system of a tenant of the user that authenticated the user.
15. The method of claim 13, wherein the second authentication system is an
authentication system of the cloud provider and the second authentication system is federated with an authentication system of a tenant of the user that authenticated the user.
16. The method of claim 13, wherein if the signed security token is not valid then the user is denied access to the cloud service.
17. A machine-readable tangible and non-transitory medium with information recorded thereon, wherein the information, when read by a machine, causes the machine to perform the following steps:
receive, by a consumer unit of a cloud provider, a request from a user for a cloud service; request, by the consumer unit of the cloud provider, a portal to provide access to the cloud service based on the request by the user;
request, by a first authentication system of the portal, a security token from the consumer unit using a first protocol based on the request from the consumer unit;
translate, by the consumer unit, the security token request from the first protocol to a second protocol;
request, by the consumer unit, a second authentication system to sign the requested security token using the second protocol;
translate, by the consumer unit, the signed security token from the second protocol to the first protocol; send, by the consumer unit, the signed security token to the portal using the first protocol; and
provide, by the portal, the cloud service to the user based on the signed security token.
18. The machine -readable medium of claim 17, wherein the second authentication system is an authentication system of a tenant of the user that authenticated the user.
19. The machine -readable medium of claim 17, wherein the second authentication system is an authentication system of the cloud provider and the second authentication system is federated with an authentication system of a tenant of the user that authenticated the user.
20. The machine -readable medium of claim 17, wherein if the signed security token is not valid then the user is denied access to the cloud service.
PCT/US2012/064425 2011-11-09 2012-11-09 Single sign on for cloud WO2013071087A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201161557464P 2011-11-09 2011-11-09
US61/557,464 2011-11-09
US13/542,953 US20140013409A1 (en) 2012-07-06 2012-07-06 Single sign on for cloud
US13/542,953 2012-07-06

Publications (1)

Publication Number Publication Date
WO2013071087A1 true WO2013071087A1 (en) 2013-05-16

Family

ID=48290599

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/064425 WO2013071087A1 (en) 2011-11-09 2012-11-09 Single sign on for cloud

Country Status (1)

Country Link
WO (1) WO2013071087A1 (en)

Cited By (257)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015119658A1 (en) * 2014-02-07 2015-08-13 Oracle International Corporation Mobile cloud service architecture
WO2015195724A3 (en) * 2014-06-19 2016-03-17 Microsoft Technology Licensing, Llc Integrated apis and uis for consuming services across different distributed networks
US9444822B1 (en) 2015-05-29 2016-09-13 Pure Storage, Inc. Storage array access control from cloud-based user authorization and authentication
WO2016195759A1 (en) * 2015-05-29 2016-12-08 Pure Storage, Inc. Providing authorization and authentication in a cloud for a user of a storage array
US9529657B2 (en) 2014-02-07 2016-12-27 Oracle International Corporation Techniques for generating diagnostic identifiers to trace events and identifying related diagnostic information
US9529658B2 (en) 2014-02-07 2016-12-27 Oracle International Corporation Techniques for generating diagnostic identifiers to trace request messages and identifying related diagnostic information
US9594512B1 (en) 2015-06-19 2017-03-14 Pure Storage, Inc. Attributing consumed storage capacity among entities storing data in a storage array
US9594678B1 (en) 2015-05-27 2017-03-14 Pure Storage, Inc. Preventing duplicate entries of identical data in a storage device
WO2017083209A1 (en) * 2015-11-12 2017-05-18 Microsoft Technology Licensing, Llc Single sign-on identity management between local and remote systems
US9716755B2 (en) 2015-05-26 2017-07-25 Pure Storage, Inc. Providing cloud storage array services by a local storage array in a data center
US9740414B2 (en) 2015-10-29 2017-08-22 Pure Storage, Inc. Optimizing copy operations
US9760479B2 (en) 2015-12-02 2017-09-12 Pure Storage, Inc. Writing data in a storage system that includes a first type of storage device and a second type of storage device
US9760297B2 (en) 2016-02-12 2017-09-12 Pure Storage, Inc. Managing input/output (‘I/O’) queues in a data storage system
US9781122B1 (en) 2016-05-11 2017-10-03 Oracle International Corporation Multi-tenant identity and data security management cloud service
US9811264B1 (en) 2016-04-28 2017-11-07 Pure Storage, Inc. Deploying client-specific applications in a storage system utilizing redundant system resources
US9817603B1 (en) 2016-05-20 2017-11-14 Pure Storage, Inc. Data migration in a storage array that includes a plurality of storage devices
WO2017196774A1 (en) * 2016-05-11 2017-11-16 Oracle International Corporation Multi-tenant identity and data security management cloud service
US9838377B1 (en) 2016-05-11 2017-12-05 Oracle International Corporation Task segregation in a multi-tenant identity and data security management cloud service
US9838376B1 (en) 2016-05-11 2017-12-05 Oracle International Corporation Microservices based multi-tenant identity and data security management cloud service
US9841921B2 (en) 2016-04-27 2017-12-12 Pure Storage, Inc. Migrating data in a storage array that includes a plurality of storage devices
US9851762B1 (en) 2015-08-06 2017-12-26 Pure Storage, Inc. Compliant printed circuit board (‘PCB’) within an enclosure
US9886314B2 (en) 2016-01-28 2018-02-06 Pure Storage, Inc. Placing workloads in a multi-array system
US9892071B2 (en) 2015-08-03 2018-02-13 Pure Storage, Inc. Emulating a remote direct memory access (‘RDMA’) link between controllers in a storage array
US9910618B1 (en) 2017-04-10 2018-03-06 Pure Storage, Inc. Migrating applications executing on a storage system
US9935959B2 (en) 2014-02-07 2018-04-03 Oracle International Corporation Cloud service custom execution environment
US9959043B2 (en) 2016-03-16 2018-05-01 Pure Storage, Inc. Performing a non-disruptive upgrade of data in a storage system
US10007459B2 (en) 2016-10-20 2018-06-26 Pure Storage, Inc. Performance tuning in a storage system that includes one or more storage devices
US10021170B2 (en) 2015-05-29 2018-07-10 Pure Storage, Inc. Managing a storage array using client-side services
EP3361701A1 (en) * 2016-05-11 2018-08-15 Oracle International Corporation Multi-tenant identity and data security management cloud service
US10055423B2 (en) 2014-03-31 2018-08-21 Oracle International Corporation Infrastructure for synchronization of mobile device with mobile cloud service
US10063661B2 (en) 2015-01-14 2018-08-28 Oracle International Corporation Multi-tenant cloud-based queuing systems
US10129344B2 (en) 2014-06-19 2018-11-13 Microsoft Technology Licensing, Llc Integrated user interface for consuming services across different distributed networks
US10146585B2 (en) 2016-09-07 2018-12-04 Pure Storage, Inc. Ensuring the fair utilization of system resources using workload based, time-independent scheduling
US10162566B2 (en) 2016-11-22 2018-12-25 Pure Storage, Inc. Accumulating application-level statistics in a storage system
US10162835B2 (en) 2015-12-15 2018-12-25 Pure Storage, Inc. Proactive management of a plurality of storage arrays in a multi-array system
US10176335B2 (en) 2012-03-20 2019-01-08 Microsoft Technology Licensing, Llc Identity services for organizations transparently hosted in the cloud
US10198194B2 (en) 2015-08-24 2019-02-05 Pure Storage, Inc. Placing data within a storage device of a flash array
US10198205B1 (en) 2016-12-19 2019-02-05 Pure Storage, Inc. Dynamically adjusting a number of storage devices utilized to simultaneously service write operations
US10209992B2 (en) 2014-04-25 2019-02-19 Avago Technologies International Sales Pte. Limited System and method for branch prediction using two branch history tables and presetting a global branch history register
US10235229B1 (en) 2016-09-07 2019-03-19 Pure Storage, Inc. Rehabilitating storage devices in a storage array that includes a plurality of storage devices
US10255061B2 (en) 2016-08-05 2019-04-09 Oracle International Corporation Zero down time upgrade for a multi-tenant identity and data security management cloud service
US10261836B2 (en) 2017-03-21 2019-04-16 Oracle International Corporation Dynamic dispatching of workloads spanning heterogeneous services
US10263947B2 (en) 2016-08-05 2019-04-16 Oracle International Corporation LDAP to SCIM proxy service
US10275285B1 (en) 2017-10-19 2019-04-30 Pure Storage, Inc. Data transformation caching in an artificial intelligence infrastructure
US10284232B2 (en) 2015-10-28 2019-05-07 Pure Storage, Inc. Dynamic error processing in a storage device
US10296258B1 (en) 2018-03-09 2019-05-21 Pure Storage, Inc. Offloading data storage to a decentralized storage network
US10296236B2 (en) 2015-07-01 2019-05-21 Pure Storage, Inc. Offloading device management responsibilities from a storage device in an array of storage devices
US10303390B1 (en) 2016-05-02 2019-05-28 Pure Storage, Inc. Resolving fingerprint collisions in flash storage system
US10306023B2 (en) 2016-03-28 2019-05-28 Oracle International Corporation Pre-formed instructions for a mobile cloud service
US10310740B2 (en) 2015-06-23 2019-06-04 Pure Storage, Inc. Aligning memory access operations to a geometry of a storage device
US10318196B1 (en) 2015-06-10 2019-06-11 Pure Storage, Inc. Stateless storage system controller in a direct flash storage system
US10326836B2 (en) 2015-12-08 2019-06-18 Pure Storage, Inc. Partially replicating a snapshot between storage systems
US10331588B2 (en) 2016-09-07 2019-06-25 Pure Storage, Inc. Ensuring the appropriate utilization of system resources using weighted workload based, time-independent scheduling
US10341354B2 (en) 2016-09-16 2019-07-02 Oracle International Corporation Distributed high availability agent architecture
US10341410B2 (en) 2016-05-11 2019-07-02 Oracle International Corporation Security tokens for a multi-tenant identity and data security management cloud service
US10346043B2 (en) 2015-12-28 2019-07-09 Pure Storage, Inc. Adaptive computing for data compression
US10348858B2 (en) 2017-09-15 2019-07-09 Oracle International Corporation Dynamic message queues for a microservice based cloud service
US10353777B2 (en) 2015-10-30 2019-07-16 Pure Storage, Inc. Ensuring crash-safe forward progress of a system configuration update
US10360214B2 (en) 2017-10-19 2019-07-23 Pure Storage, Inc. Ensuring reproducibility in an artificial intelligence infrastructure
US10365982B1 (en) 2017-03-10 2019-07-30 Pure Storage, Inc. Establishing a synchronous replication relationship between two or more storage systems
US10374868B2 (en) 2015-10-29 2019-08-06 Pure Storage, Inc. Distributed command processing in a flash storage system
US10417092B2 (en) 2017-09-07 2019-09-17 Pure Storage, Inc. Incremental RAID stripe update parity calculation
US10425386B2 (en) 2016-05-11 2019-09-24 Oracle International Corporation Policy enforcement point for a multi-tenant identity and data security management cloud service
US10445395B2 (en) 2016-09-16 2019-10-15 Oracle International Corporation Cookie based state propagation for a multi-tenant identity cloud service
US10452444B1 (en) 2017-10-19 2019-10-22 Pure Storage, Inc. Storage system with compute resources and shared storage resources
US10454940B2 (en) 2016-05-11 2019-10-22 Oracle International Corporation Identity cloud service authorization model
US10452310B1 (en) 2016-07-13 2019-10-22 Pure Storage, Inc. Validating cabling for storage component admission to a storage array
US10454915B2 (en) 2017-05-18 2019-10-22 Oracle International Corporation User authentication using kerberos with identity cloud service
US10454810B1 (en) 2017-03-10 2019-10-22 Pure Storage, Inc. Managing host definitions across a plurality of storage systems
US10459652B2 (en) 2016-07-27 2019-10-29 Pure Storage, Inc. Evacuating blades in a storage array that includes a plurality of blades
US10459664B1 (en) 2017-04-10 2019-10-29 Pure Storage, Inc. Virtualized copy-by-reference
US10467107B1 (en) 2017-11-01 2019-11-05 Pure Storage, Inc. Maintaining metadata resiliency among storage device failures
US10474363B1 (en) 2016-07-29 2019-11-12 Pure Storage, Inc. Space reporting in a storage system
US10484174B1 (en) 2017-11-01 2019-11-19 Pure Storage, Inc. Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices
US10484382B2 (en) 2016-08-31 2019-11-19 Oracle International Corporation Data management for a multi-tenant identity cloud service
US10484243B2 (en) 2016-09-16 2019-11-19 Oracle International Corporation Application management for a multi-tenant identity cloud service
US10489307B2 (en) 2017-01-05 2019-11-26 Pure Storage, Inc. Periodically re-encrypting user data stored on a storage device
US10503700B1 (en) 2017-01-19 2019-12-10 Pure Storage, Inc. On-demand content filtering of snapshots within a storage system
US10505941B2 (en) 2016-08-05 2019-12-10 Oracle International Corporation Virtual directory system for LDAP to SCIM proxy service
US10503427B2 (en) 2017-03-10 2019-12-10 Pure Storage, Inc. Synchronously replicating datasets and other managed objects to cloud-based storage systems
US10509581B1 (en) 2017-11-01 2019-12-17 Pure Storage, Inc. Maintaining write consistency in a multi-threaded storage system
US10511589B2 (en) 2016-09-14 2019-12-17 Oracle International Corporation Single logout functionality for a multi-tenant identity and data security management cloud service
US10514978B1 (en) 2015-10-23 2019-12-24 Pure Storage, Inc. Automatic deployment of corrective measures for storage arrays
US10516672B2 (en) 2016-08-05 2019-12-24 Oracle International Corporation Service discovery for a multi-tenant identity and data security management cloud service
US10521151B1 (en) 2018-03-05 2019-12-31 Pure Storage, Inc. Determining effective space utilization in a storage system
US10530578B2 (en) 2016-08-05 2020-01-07 Oracle International Corporation Key store service
US10552090B2 (en) 2017-09-07 2020-02-04 Pure Storage, Inc. Solid state drives with multiple types of addressable memory
US10567364B2 (en) 2016-09-16 2020-02-18 Oracle International Corporation Preserving LDAP hierarchy in a SCIM directory using special marker groups
US10572460B2 (en) 2016-02-11 2020-02-25 Pure Storage, Inc. Compressing data in dependence upon characteristics of a storage system
US10581820B2 (en) 2016-05-11 2020-03-03 Oracle International Corporation Key generation and rollover
US10585682B2 (en) 2016-08-05 2020-03-10 Oracle International Corporation Tenant self-service troubleshooting for a multi-tenant identity and data security management cloud service
US10594684B2 (en) 2016-09-14 2020-03-17 Oracle International Corporation Generating derived credentials for a multi-tenant identity cloud service
US10599536B1 (en) 2015-10-23 2020-03-24 Pure Storage, Inc. Preventing storage errors using problem signatures
US10616224B2 (en) 2016-09-16 2020-04-07 Oracle International Corporation Tenant and service management for a multi-tenant identity and data security management cloud service
US10613791B2 (en) 2017-06-12 2020-04-07 Pure Storage, Inc. Portable snapshot replication between storage systems
US10671439B1 (en) 2016-09-07 2020-06-02 Pure Storage, Inc. Workload planning with quality-of-service (‘QOS’) integration
US10671302B1 (en) 2018-10-26 2020-06-02 Pure Storage, Inc. Applying a rate limit across a plurality of storage systems
US10671494B1 (en) 2017-11-01 2020-06-02 Pure Storage, Inc. Consistent selection of replicated datasets during storage system recovery
US10691567B2 (en) 2016-06-03 2020-06-23 Pure Storage, Inc. Dynamically forming a failure domain in a storage system that includes a plurality of blades
US10705823B2 (en) 2017-09-29 2020-07-07 Oracle International Corporation Application templates and upgrade framework for a multi-tenant identity cloud service
US10715564B2 (en) 2018-01-29 2020-07-14 Oracle International Corporation Dynamic client registration for an identity cloud service
US10735394B2 (en) 2016-08-05 2020-08-04 Oracle International Corporation Caching framework for a multi-tenant identity and data security management cloud service
US10764273B2 (en) 2018-06-28 2020-09-01 Oracle International Corporation Session synchronization across multiple devices in an identity cloud service
US10791087B2 (en) 2016-09-16 2020-09-29 Oracle International Corporation SCIM to LDAP mapping using subtype attributes
US10789020B2 (en) 2017-06-12 2020-09-29 Pure Storage, Inc. Recovering data within a unified storage element
US10795598B1 (en) 2017-12-07 2020-10-06 Pure Storage, Inc. Volume migration for storage systems synchronously replicating a dataset
US10798165B2 (en) 2018-04-02 2020-10-06 Oracle International Corporation Tenant data comparison for a multi-tenant identity cloud service
US10817392B1 (en) 2017-11-01 2020-10-27 Pure Storage, Inc. Ensuring resiliency to storage device failures in a storage system that includes a plurality of storage devices
US10831789B2 (en) 2017-09-27 2020-11-10 Oracle International Corporation Reference attribute query processing for a multi-tenant cloud service
US10834137B2 (en) 2017-09-28 2020-11-10 Oracle International Corporation Rest-based declarative policy management
US10838833B1 (en) 2018-03-26 2020-11-17 Pure Storage, Inc. Providing for high availability in a data analytics pipeline without replicas
US10846390B2 (en) 2016-09-14 2020-11-24 Oracle International Corporation Single sign-on functionality for a multi-tenant identity and data security management cloud service
US10853148B1 (en) 2017-06-12 2020-12-01 Pure Storage, Inc. Migrating workloads between a plurality of execution environments
US10871922B2 (en) 2018-05-22 2020-12-22 Pure Storage, Inc. Integrated storage management between storage systems and container orchestrators
US10878079B2 (en) 2016-05-11 2020-12-29 Oracle International Corporation Identity cloud service authorization model with dynamic roles and scopes
US10884636B1 (en) 2017-06-12 2021-01-05 Pure Storage, Inc. Presenting workload performance in a storage system
US10904074B2 (en) 2016-09-17 2021-01-26 Oracle International Corporation Composite event handler for a multi-tenant identity cloud service
US10908966B1 (en) 2016-09-07 2021-02-02 Pure Storage, Inc. Adapting target service times in a storage system
US10917471B1 (en) 2018-03-15 2021-02-09 Pure Storage, Inc. Active membership in a cloud-based storage system
US10917470B1 (en) 2018-11-18 2021-02-09 Pure Storage, Inc. Cloning storage systems in a cloud computing environment
US10924548B1 (en) 2018-03-15 2021-02-16 Pure Storage, Inc. Symmetric storage using a cloud-based storage system
US10931656B2 (en) 2018-03-27 2021-02-23 Oracle International Corporation Cross-region trust for a multi-tenant identity cloud service
US10929226B1 (en) 2017-11-21 2021-02-23 Pure Storage, Inc. Providing for increased flexibility for large scale parity
US10936238B2 (en) 2017-11-28 2021-03-02 Pure Storage, Inc. Hybrid data tiering
US10942650B1 (en) 2018-03-05 2021-03-09 Pure Storage, Inc. Reporting capacity utilization in a storage system
US10963189B1 (en) 2018-11-18 2021-03-30 Pure Storage, Inc. Coalescing write operations in a cloud-based storage system
US10976962B2 (en) 2018-03-15 2021-04-13 Pure Storage, Inc. Servicing I/O operations in a cloud-based storage system
US10992533B1 (en) 2018-01-30 2021-04-27 Pure Storage, Inc. Policy based path management
US10992598B2 (en) 2018-05-21 2021-04-27 Pure Storage, Inc. Synchronously replicating when a mediation service becomes unavailable
US10990282B1 (en) 2017-11-28 2021-04-27 Pure Storage, Inc. Hybrid data tiering with cloud storage
US11003369B1 (en) 2019-01-14 2021-05-11 Pure Storage, Inc. Performing a tune-up procedure on a storage device during a boot process
US11012444B2 (en) 2018-06-25 2021-05-18 Oracle International Corporation Declarative third party identity provider integration for a multi-tenant identity cloud service
US11016824B1 (en) 2017-06-12 2021-05-25 Pure Storage, Inc. Event identification with out-of-order reporting in a cloud-based environment
US11036677B1 (en) 2017-12-14 2021-06-15 Pure Storage, Inc. Replicated data integrity
US11042452B1 (en) 2019-03-20 2021-06-22 Pure Storage, Inc. Storage system data recovery using data recovery as a service
US11048590B1 (en) 2018-03-15 2021-06-29 Pure Storage, Inc. Data consistency during recovery in a cloud-based storage system
US11061929B2 (en) 2019-02-08 2021-07-13 Oracle International Corporation Replication of resource type and schema metadata for a multi-tenant identity cloud service
US11068162B1 (en) 2019-04-09 2021-07-20 Pure Storage, Inc. Storage management in a cloud data store
US11086553B1 (en) 2019-08-28 2021-08-10 Pure Storage, Inc. Tiering duplicated objects in a cloud-based object store
US11089105B1 (en) 2017-12-14 2021-08-10 Pure Storage, Inc. Synchronously replicating datasets in cloud-based storage systems
US11093139B1 (en) 2019-07-18 2021-08-17 Pure Storage, Inc. Durably storing data within a virtual storage system
US11095706B1 (en) 2018-03-21 2021-08-17 Pure Storage, Inc. Secure cloud-based storage system management
US11102298B1 (en) 2015-05-26 2021-08-24 Pure Storage, Inc. Locally providing cloud storage services for fleet management
US11112990B1 (en) 2016-04-27 2021-09-07 Pure Storage, Inc. Managing storage device evacuation
US11126364B2 (en) 2019-07-18 2021-09-21 Pure Storage, Inc. Virtual storage system architecture
US11146564B1 (en) 2018-07-24 2021-10-12 Pure Storage, Inc. Login authentication in a cloud storage platform
US11150834B1 (en) 2018-03-05 2021-10-19 Pure Storage, Inc. Determining storage consumption in a storage system
US11165634B2 (en) 2018-04-02 2021-11-02 Oracle International Corporation Data replication conflict detection and resolution for a multi-tenant identity cloud service
US11163624B2 (en) 2017-01-27 2021-11-02 Pure Storage, Inc. Dynamically adjusting an amount of log data generated for a storage system
US11171950B1 (en) 2018-03-21 2021-11-09 Pure Storage, Inc. Secure cloud-based storage system management
US11169727B1 (en) 2017-03-10 2021-11-09 Pure Storage, Inc. Synchronous replication between storage systems with virtualized storage
US11210133B1 (en) 2017-06-12 2021-12-28 Pure Storage, Inc. Workload mobility between disparate execution environments
US11210009B1 (en) 2018-03-15 2021-12-28 Pure Storage, Inc. Staging data in a cloud-based storage system
US11221778B1 (en) 2019-04-02 2022-01-11 Pure Storage, Inc. Preparing data for deduplication
US11231858B2 (en) 2016-05-19 2022-01-25 Pure Storage, Inc. Dynamically configuring a storage system to facilitate independent scaling of resources
US11258775B2 (en) 2018-04-04 2022-02-22 Oracle International Corporation Local write for a multi-tenant identity cloud service
US11271969B2 (en) 2017-09-28 2022-03-08 Oracle International Corporation Rest-based declarative policy management
US11288138B1 (en) 2018-03-15 2022-03-29 Pure Storage, Inc. Recovery from a system fault in a cloud-based storage system
US11294588B1 (en) 2015-08-24 2022-04-05 Pure Storage, Inc. Placing data within a storage device
US11301152B1 (en) 2020-04-06 2022-04-12 Pure Storage, Inc. Intelligently moving data between storage systems
US11321343B2 (en) 2019-02-19 2022-05-03 Oracle International Corporation Tenant replication bootstrap for a multi-tenant identity cloud service
US11321187B2 (en) 2018-10-19 2022-05-03 Oracle International Corporation Assured lazy rollback for a multi-tenant identity cloud service
US11321006B1 (en) 2020-03-25 2022-05-03 Pure Storage, Inc. Data loss prevention during transitions from a replication source
US11327676B1 (en) 2019-07-18 2022-05-10 Pure Storage, Inc. Predictive data streaming in a virtual storage system
US11340939B1 (en) 2017-06-12 2022-05-24 Pure Storage, Inc. Application-aware analytics for storage systems
US11340837B1 (en) 2018-11-18 2022-05-24 Pure Storage, Inc. Storage system management via a remote console
US11340800B1 (en) 2017-01-19 2022-05-24 Pure Storage, Inc. Content masking in a storage system
US11347697B1 (en) 2015-12-15 2022-05-31 Pure Storage, Inc. Proactively optimizing a storage system
US11349917B2 (en) 2020-07-23 2022-05-31 Pure Storage, Inc. Replication handling among distinct networks
US11360689B1 (en) 2019-09-13 2022-06-14 Pure Storage, Inc. Cloning a tracking copy of replica data
US11360844B1 (en) 2015-10-23 2022-06-14 Pure Storage, Inc. Recovery of a container storage provider
US11379132B1 (en) 2016-10-20 2022-07-05 Pure Storage, Inc. Correlating medical sensor data
US11392553B1 (en) 2018-04-24 2022-07-19 Pure Storage, Inc. Remote data management
US11392555B2 (en) 2019-05-15 2022-07-19 Pure Storage, Inc. Cloud-based file services
US11397545B1 (en) 2021-01-20 2022-07-26 Pure Storage, Inc. Emulating persistent reservations in a cloud-based storage system
US11403000B1 (en) 2018-07-20 2022-08-02 Pure Storage, Inc. Resiliency in a cloud-based storage system
US11416298B1 (en) 2018-07-20 2022-08-16 Pure Storage, Inc. Providing application-specific storage by a storage system
US11423111B2 (en) 2019-02-25 2022-08-23 Oracle International Corporation Client API for rest based endpoints for a multi-tenant identify cloud service
US11422731B1 (en) 2017-06-12 2022-08-23 Pure Storage, Inc. Metadata-based replication of a dataset
US11431488B1 (en) 2020-06-08 2022-08-30 Pure Storage, Inc. Protecting local key generation using a remote key management service
US11436344B1 (en) 2018-04-24 2022-09-06 Pure Storage, Inc. Secure encryption in deduplication cluster
US11442669B1 (en) 2018-03-15 2022-09-13 Pure Storage, Inc. Orchestrating a virtual storage system
US11442652B1 (en) 2020-07-23 2022-09-13 Pure Storage, Inc. Replication handling during storage system transportation
US11442825B2 (en) 2017-03-10 2022-09-13 Pure Storage, Inc. Establishing a synchronous replication relationship between two or more storage systems
US11455168B1 (en) 2017-10-19 2022-09-27 Pure Storage, Inc. Batch building for deep learning training workloads
US11455409B2 (en) 2018-05-21 2022-09-27 Pure Storage, Inc. Storage layer data obfuscation
US11461273B1 (en) 2016-12-20 2022-10-04 Pure Storage, Inc. Modifying storage distribution in a storage system that includes one or more storage devices
US11477280B1 (en) 2017-07-26 2022-10-18 Pure Storage, Inc. Integrating cloud storage services
US11481261B1 (en) 2016-09-07 2022-10-25 Pure Storage, Inc. Preventing extended latency in a storage system
US11487715B1 (en) 2019-07-18 2022-11-01 Pure Storage, Inc. Resiliency in a cloud-based storage system
US11494267B2 (en) 2020-04-14 2022-11-08 Pure Storage, Inc. Continuous value data redundancy
US11494692B1 (en) 2018-03-26 2022-11-08 Pure Storage, Inc. Hyperscale artificial intelligence and machine learning infrastructure
US11503031B1 (en) 2015-05-29 2022-11-15 Pure Storage, Inc. Storage array access control from cloud-based user authorization and authentication
US11526408B2 (en) 2019-07-18 2022-12-13 Pure Storage, Inc. Data recovery in a virtual storage system
US11526405B1 (en) 2018-11-18 2022-12-13 Pure Storage, Inc. Cloud-based disaster recovery
US11531487B1 (en) 2019-12-06 2022-12-20 Pure Storage, Inc. Creating a replica of a storage system
US11531577B1 (en) 2016-09-07 2022-12-20 Pure Storage, Inc. Temporarily limiting access to a storage device
US11550514B2 (en) 2019-07-18 2023-01-10 Pure Storage, Inc. Efficient transfers between tiers of a virtual storage system
US11561714B1 (en) 2017-07-05 2023-01-24 Pure Storage, Inc. Storage efficiency driven migration
US11573864B1 (en) 2019-09-16 2023-02-07 Pure Storage, Inc. Automating database management in a storage system
US11588716B2 (en) 2021-05-12 2023-02-21 Pure Storage, Inc. Adaptive storage processing for storage-as-a-service
US11592991B2 (en) 2017-09-07 2023-02-28 Pure Storage, Inc. Converting raid data between persistent storage types
US11611548B2 (en) 2019-11-22 2023-03-21 Oracle International Corporation Bulk multifactor authentication enrollment
US11609718B1 (en) 2017-06-12 2023-03-21 Pure Storage, Inc. Identifying valid data after a storage system recovery
US11616834B2 (en) 2015-12-08 2023-03-28 Pure Storage, Inc. Efficient replication of a dataset to the cloud
US11620075B2 (en) 2016-11-22 2023-04-04 Pure Storage, Inc. Providing application aware storage
US11625181B1 (en) 2015-08-24 2023-04-11 Pure Storage, Inc. Data tiering using snapshots
US11632360B1 (en) 2018-07-24 2023-04-18 Pure Storage, Inc. Remote access to a storage device
US11630598B1 (en) 2020-04-06 2023-04-18 Pure Storage, Inc. Scheduling data replication operations
US11630585B1 (en) 2016-08-25 2023-04-18 Pure Storage, Inc. Processing evacuation events in a storage array that includes a plurality of storage devices
US11637896B1 (en) 2020-02-25 2023-04-25 Pure Storage, Inc. Migrating applications to a cloud-computing environment
US11651357B2 (en) 2019-02-01 2023-05-16 Oracle International Corporation Multifactor authentication without a user footprint
US11650749B1 (en) 2018-12-17 2023-05-16 Pure Storage, Inc. Controlling access to sensitive data in a shared dataset
US11669321B2 (en) 2019-02-20 2023-06-06 Oracle International Corporation Automated database upgrade for a multi-tenant identity cloud service
US11669386B1 (en) 2019-10-08 2023-06-06 Pure Storage, Inc. Managing an application's resource stack
US11675520B2 (en) 2017-03-10 2023-06-13 Pure Storage, Inc. Application replication among storage systems synchronously replicating a dataset
US11675503B1 (en) 2018-05-21 2023-06-13 Pure Storage, Inc. Role-based data access
US11687378B2 (en) 2019-09-13 2023-06-27 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability
US11693713B1 (en) 2019-09-04 2023-07-04 Pure Storage, Inc. Self-tuning clusters for resilient microservices
US11693835B2 (en) 2018-10-17 2023-07-04 Oracle International Corporation Dynamic database schema allocation on tenant onboarding for a multi-tenant identity cloud service
US11706895B2 (en) 2016-07-19 2023-07-18 Pure Storage, Inc. Independent scaling of compute resources and storage resources in a storage system
US11709636B1 (en) 2020-01-13 2023-07-25 Pure Storage, Inc. Non-sequential readahead for deep learning training
US11714723B2 (en) 2021-10-29 2023-08-01 Pure Storage, Inc. Coordinated snapshots for data stored across distinct storage environments
US11720497B1 (en) 2020-01-13 2023-08-08 Pure Storage, Inc. Inferred nonsequential prefetch based on data access patterns
US11733901B1 (en) 2020-01-13 2023-08-22 Pure Storage, Inc. Providing persistent storage to transient cloud computing services
US11762764B1 (en) 2015-12-02 2023-09-19 Pure Storage, Inc. Writing data in a storage system that includes a first type of storage device and a second type of storage device
US11762781B2 (en) 2017-01-09 2023-09-19 Pure Storage, Inc. Providing end-to-end encryption for data stored in a storage system
US11782614B1 (en) 2017-12-21 2023-10-10 Pure Storage, Inc. Encrypting data to optimize data reduction
US11792226B2 (en) 2019-02-25 2023-10-17 Oracle International Corporation Automatic api document generation from scim metadata
US11797569B2 (en) 2019-09-13 2023-10-24 Pure Storage, Inc. Configurable data replication
US11803453B1 (en) 2017-03-10 2023-10-31 Pure Storage, Inc. Using host connectivity states to avoid queuing I/O requests
US11809727B1 (en) 2016-04-27 2023-11-07 Pure Storage, Inc. Predicting failures in a storage system that includes a plurality of storage devices
US11816129B2 (en) 2021-06-22 2023-11-14 Pure Storage, Inc. Generating datasets using approximate baselines
US11847071B2 (en) 2021-12-30 2023-12-19 Pure Storage, Inc. Enabling communication between a single-port device and multiple storage system controllers
US11853266B2 (en) 2019-05-15 2023-12-26 Pure Storage, Inc. Providing a file system in a cloud environment
US11853285B1 (en) 2021-01-22 2023-12-26 Pure Storage, Inc. Blockchain logging of volume-level events in a storage system
US11860780B2 (en) 2022-01-28 2024-01-02 Pure Storage, Inc. Storage cache management
US11861423B1 (en) 2017-10-19 2024-01-02 Pure Storage, Inc. Accelerating artificial intelligence (‘AI’) workflows
US11860820B1 (en) 2018-09-11 2024-01-02 Pure Storage, Inc. Processing data through a storage system in a data pipeline
US11861170B2 (en) 2018-03-05 2024-01-02 Pure Storage, Inc. Sizing resources for a replication target
US11861221B1 (en) 2019-07-18 2024-01-02 Pure Storage, Inc. Providing scalable and reliable container-based storage services
US11868629B1 (en) 2017-05-05 2024-01-09 Pure Storage, Inc. Storage system sizing service
US11870770B2 (en) 2019-09-13 2024-01-09 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration
US11868622B2 (en) 2020-02-25 2024-01-09 Pure Storage, Inc. Application recovery across storage systems
US11886295B2 (en) 2022-01-31 2024-01-30 Pure Storage, Inc. Intra-block error correction
US11886922B2 (en) 2016-09-07 2024-01-30 Pure Storage, Inc. Scheduling input/output operations for a storage system
US11893263B2 (en) 2021-10-29 2024-02-06 Pure Storage, Inc. Coordinated checkpoints among storage systems implementing checkpoint-based replication
US11914867B2 (en) 2021-10-29 2024-02-27 Pure Storage, Inc. Coordinated snapshots among storage systems implementing a promotion/demotion model
US11921908B2 (en) 2017-08-31 2024-03-05 Pure Storage, Inc. Writing data to compressed and encrypted volumes
US11921670B1 (en) 2020-04-20 2024-03-05 Pure Storage, Inc. Multivariate data backup retention policies
US11922052B2 (en) 2021-12-15 2024-03-05 Pure Storage, Inc. Managing links between storage objects
US11941279B2 (en) 2017-03-10 2024-03-26 Pure Storage, Inc. Data path virtualization
US11954238B1 (en) 2018-07-24 2024-04-09 Pure Storage, Inc. Role-based access control for a storage system
US11954220B2 (en) 2018-05-21 2024-04-09 Pure Storage, Inc. Data protection for container storage
US11960348B2 (en) 2016-09-07 2024-04-16 Pure Storage, Inc. Cloud-based monitoring of hardware components in a fleet of storage systems
US11960777B2 (en) 2017-06-12 2024-04-16 Pure Storage, Inc. Utilizing multiple redundancy schemes within a unified storage element
US11972134B2 (en) 2022-01-12 2024-04-30 Pure Storage, Inc. Resource utilization using normalized input/output (‘I/O’) operations

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070044143A1 (en) * 2005-08-22 2007-02-22 Microsoft Corporation Distributed single sign-on service
KR20100034321A (en) * 2008-09-23 2010-04-01 한국전자통신연구원 Network id based federation and single sign on authentication method
US20110138453A1 (en) * 2009-12-03 2011-06-09 Samsung Electronics Co., Ltd. Single sign-on in mixed http and sip environments
US20110153727A1 (en) * 2009-12-17 2011-06-23 Hong Li Cloud federation as a service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070044143A1 (en) * 2005-08-22 2007-02-22 Microsoft Corporation Distributed single sign-on service
KR20100034321A (en) * 2008-09-23 2010-04-01 한국전자통신연구원 Network id based federation and single sign on authentication method
US20110138453A1 (en) * 2009-12-03 2011-06-09 Samsung Electronics Co., Ltd. Single sign-on in mixed http and sip environments
US20110153727A1 (en) * 2009-12-17 2011-06-23 Hong Li Cloud federation as a service

Cited By (468)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10176335B2 (en) 2012-03-20 2019-01-08 Microsoft Technology Licensing, Llc Identity services for organizations transparently hosted in the cloud
US9529657B2 (en) 2014-02-07 2016-12-27 Oracle International Corporation Techniques for generating diagnostic identifiers to trace events and identifying related diagnostic information
CN105900396A (en) * 2014-02-07 2016-08-24 甲骨文国际公司 Mobile cloud service architecture
US9529658B2 (en) 2014-02-07 2016-12-27 Oracle International Corporation Techniques for generating diagnostic identifiers to trace request messages and identifying related diagnostic information
US20150229638A1 (en) * 2014-02-07 2015-08-13 Oracle International Corporation Mobile cloud service architecture
US9712511B2 (en) 2014-02-07 2017-07-18 Oracel International Corporation Mobile cloud service architecture
WO2015119658A1 (en) * 2014-02-07 2015-08-13 Oracle International Corporation Mobile cloud service architecture
US9935959B2 (en) 2014-02-07 2018-04-03 Oracle International Corporation Cloud service custom execution environment
US9231946B2 (en) 2014-02-07 2016-01-05 Oracle International Corporation Mobile cloud service architecture
CN105900396B (en) * 2014-02-07 2019-05-31 甲骨文国际公司 Mobile cloud service architectural framework
US10055423B2 (en) 2014-03-31 2018-08-21 Oracle International Corporation Infrastructure for synchronization of mobile device with mobile cloud service
US10209992B2 (en) 2014-04-25 2019-02-19 Avago Technologies International Sales Pte. Limited System and method for branch prediction using two branch history tables and presetting a global branch history register
WO2015195724A3 (en) * 2014-06-19 2016-03-17 Microsoft Technology Licensing, Llc Integrated apis and uis for consuming services across different distributed networks
KR20170022996A (en) * 2014-06-19 2017-03-02 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 Integrated apis and uis for consuming services across different distributed networks
KR102391806B1 (en) 2014-06-19 2022-04-27 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 Integrated apis and uis for consuming services across different distributed networks
US10129344B2 (en) 2014-06-19 2018-11-13 Microsoft Technology Licensing, Llc Integrated user interface for consuming services across different distributed networks
CN106462467B (en) * 2014-06-19 2020-03-03 微软技术许可有限责任公司 Integrated API and UI for consuming services over different distributed networks
CN106462467A (en) * 2014-06-19 2017-02-22 微软技术许可有限责任公司 Integrated APIs and UIs for consuming services across different distributed networks
US9560037B2 (en) 2014-06-19 2017-01-31 Microsoft Technology Licensing, Llc Integrated APIs and UIs for consuming services across different distributed networks
US10397375B2 (en) 2015-01-14 2019-08-27 Oracle International Corporation Multi-tenant cloud-based queuing systems
US10063661B2 (en) 2015-01-14 2018-08-28 Oracle International Corporation Multi-tenant cloud-based queuing systems
US11711426B2 (en) 2015-05-26 2023-07-25 Pure Storage, Inc. Providing storage resources from a storage pool
US9716755B2 (en) 2015-05-26 2017-07-25 Pure Storage, Inc. Providing cloud storage array services by a local storage array in a data center
US11102298B1 (en) 2015-05-26 2021-08-24 Pure Storage, Inc. Locally providing cloud storage services for fleet management
US10652331B1 (en) 2015-05-26 2020-05-12 Pure Storage, Inc. Locally providing highly available cloud-based storage system services
US10027757B1 (en) 2015-05-26 2018-07-17 Pure Storage, Inc. Locally providing cloud storage array services
US10761759B1 (en) 2015-05-27 2020-09-01 Pure Storage, Inc. Deduplication of data in a storage device
US11921633B2 (en) 2015-05-27 2024-03-05 Pure Storage, Inc. Deduplicating data based on recently reading the data
US9594678B1 (en) 2015-05-27 2017-03-14 Pure Storage, Inc. Preventing duplicate entries of identical data in a storage device
US11360682B1 (en) 2015-05-27 2022-06-14 Pure Storage, Inc. Identifying duplicative write data in a storage system
US10021170B2 (en) 2015-05-29 2018-07-10 Pure Storage, Inc. Managing a storage array using client-side services
US11503031B1 (en) 2015-05-29 2022-11-15 Pure Storage, Inc. Storage array access control from cloud-based user authorization and authentication
US11936654B2 (en) 2015-05-29 2024-03-19 Pure Storage, Inc. Cloud-based user authorization control for storage system access
US9444822B1 (en) 2015-05-29 2016-09-13 Pure Storage, Inc. Storage array access control from cloud-based user authorization and authentication
EP3745669A1 (en) * 2015-05-29 2020-12-02 Pure Storage, Inc. Authorization-information in a token for cloud-based storage array
US9882913B1 (en) 2015-05-29 2018-01-30 Pure Storage, Inc. Delivering authorization and authentication for a user of a storage array from a cloud
US11201913B1 (en) 2015-05-29 2021-12-14 Pure Storage, Inc. Cloud-based authentication of a storage system user
WO2016195760A1 (en) * 2015-05-29 2016-12-08 Pure Storage, Inc. Storage array access control from cloud-based user authorization and authentication
US10560517B1 (en) 2015-05-29 2020-02-11 Pure Storage, Inc. Remote management of a storage array
WO2016195759A1 (en) * 2015-05-29 2016-12-08 Pure Storage, Inc. Providing authorization and authentication in a cloud for a user of a storage array
US11936719B2 (en) 2015-05-29 2024-03-19 Pure Storage, Inc. Using cloud services to provide secure access to a storage system
US10834086B1 (en) 2015-05-29 2020-11-10 Pure Storage, Inc. Hybrid cloud-based authentication for flash storage array access
US11137918B1 (en) 2015-06-10 2021-10-05 Pure Storage, Inc. Administration of control information in a storage system
US10318196B1 (en) 2015-06-10 2019-06-11 Pure Storage, Inc. Stateless storage system controller in a direct flash storage system
US11868625B2 (en) 2015-06-10 2024-01-09 Pure Storage, Inc. Alert tracking in storage
US9804779B1 (en) 2015-06-19 2017-10-31 Pure Storage, Inc. Determining storage capacity to be made available upon deletion of a shared data object
US11586359B1 (en) 2015-06-19 2023-02-21 Pure Storage, Inc. Tracking storage consumption in a storage array
US10310753B1 (en) 2015-06-19 2019-06-04 Pure Storage, Inc. Capacity attribution in a storage system
US9594512B1 (en) 2015-06-19 2017-03-14 Pure Storage, Inc. Attributing consumed storage capacity among entities storing data in a storage array
US10082971B1 (en) 2015-06-19 2018-09-25 Pure Storage, Inc. Calculating capacity utilization in a storage system
US10866744B1 (en) 2015-06-19 2020-12-15 Pure Storage, Inc. Determining capacity utilization in a deduplicating storage system
US10310740B2 (en) 2015-06-23 2019-06-04 Pure Storage, Inc. Aligning memory access operations to a geometry of a storage device
US10296236B2 (en) 2015-07-01 2019-05-21 Pure Storage, Inc. Offloading device management responsibilities from a storage device in an array of storage devices
US11385801B1 (en) 2015-07-01 2022-07-12 Pure Storage, Inc. Offloading device management responsibilities of a storage device to a storage controller
US9910800B1 (en) 2015-08-03 2018-03-06 Pure Storage, Inc. Utilizing remote direct memory access (‘RDMA’) for communication between controllers in a storage array
US10540307B1 (en) 2015-08-03 2020-01-21 Pure Storage, Inc. Providing an active/active front end by coupled controllers in a storage system
US9892071B2 (en) 2015-08-03 2018-02-13 Pure Storage, Inc. Emulating a remote direct memory access (‘RDMA’) link between controllers in a storage array
US11681640B2 (en) 2015-08-03 2023-06-20 Pure Storage, Inc. Multi-channel communications between controllers in a storage system
US9851762B1 (en) 2015-08-06 2017-12-26 Pure Storage, Inc. Compliant printed circuit board (‘PCB’) within an enclosure
US11868636B2 (en) 2015-08-24 2024-01-09 Pure Storage, Inc. Prioritizing garbage collection based on the extent to which data is deduplicated
US11625181B1 (en) 2015-08-24 2023-04-11 Pure Storage, Inc. Data tiering using snapshots
US11294588B1 (en) 2015-08-24 2022-04-05 Pure Storage, Inc. Placing data within a storage device
US10198194B2 (en) 2015-08-24 2019-02-05 Pure Storage, Inc. Placing data within a storage device of a flash array
US11874733B2 (en) 2015-10-23 2024-01-16 Pure Storage, Inc. Recovering a container storage system
US11360844B1 (en) 2015-10-23 2022-06-14 Pure Storage, Inc. Recovery of a container storage provider
US11593194B2 (en) 2015-10-23 2023-02-28 Pure Storage, Inc. Cloud-based providing of one or more corrective measures for a storage system
US11934260B2 (en) 2015-10-23 2024-03-19 Pure Storage, Inc. Problem signature-based corrective measure deployment
US11061758B1 (en) 2015-10-23 2021-07-13 Pure Storage, Inc. Proactively providing corrective measures for storage arrays
US10599536B1 (en) 2015-10-23 2020-03-24 Pure Storage, Inc. Preventing storage errors using problem signatures
US10514978B1 (en) 2015-10-23 2019-12-24 Pure Storage, Inc. Automatic deployment of corrective measures for storage arrays
US10432233B1 (en) 2015-10-28 2019-10-01 Pure Storage Inc. Error correction processing in a storage device
US11784667B2 (en) 2015-10-28 2023-10-10 Pure Storage, Inc. Selecting optimal responses to errors in a storage system
US10284232B2 (en) 2015-10-28 2019-05-07 Pure Storage, Inc. Dynamic error processing in a storage device
US11095315B1 (en) 2015-10-28 2021-08-17 Pure Storage, Inc. Intelligent error correction in a storage device
US11422714B1 (en) 2015-10-29 2022-08-23 Pure Storage, Inc. Efficient copying of data in a storage system
US9740414B2 (en) 2015-10-29 2017-08-22 Pure Storage, Inc. Optimizing copy operations
US11836357B2 (en) 2015-10-29 2023-12-05 Pure Storage, Inc. Memory aligned copy operation execution
US11032123B1 (en) 2015-10-29 2021-06-08 Pure Storage, Inc. Hierarchical storage system management
US10956054B1 (en) 2015-10-29 2021-03-23 Pure Storage, Inc. Efficient performance of copy operations in a storage system
US10374868B2 (en) 2015-10-29 2019-08-06 Pure Storage, Inc. Distributed command processing in a flash storage system
US10268403B1 (en) 2015-10-29 2019-04-23 Pure Storage, Inc. Combining multiple copy operations into a single copy operation
US10929231B1 (en) 2015-10-30 2021-02-23 Pure Storage, Inc. System configuration selection in a storage system
US10353777B2 (en) 2015-10-30 2019-07-16 Pure Storage, Inc. Ensuring crash-safe forward progress of a system configuration update
CN108293045A (en) * 2015-11-12 2018-07-17 微软技术许可有限责任公司 Single-sign-on Identity Management between local and remote system
CN108293045B (en) * 2015-11-12 2021-01-26 微软技术许可有限责任公司 Single sign-on identity management between local and remote systems
US10749854B2 (en) 2015-11-12 2020-08-18 Microsoft Technology Licensing, Llc Single sign-on identity management between local and remote systems
WO2017083209A1 (en) * 2015-11-12 2017-05-18 Microsoft Technology Licensing, Llc Single sign-on identity management between local and remote systems
US10970202B1 (en) 2015-12-02 2021-04-06 Pure Storage, Inc. Managing input/output (‘I/O’) requests in a storage system that includes multiple types of storage devices
US11762764B1 (en) 2015-12-02 2023-09-19 Pure Storage, Inc. Writing data in a storage system that includes a first type of storage device and a second type of storage device
US9760479B2 (en) 2015-12-02 2017-09-12 Pure Storage, Inc. Writing data in a storage system that includes a first type of storage device and a second type of storage device
US10255176B1 (en) 2015-12-02 2019-04-09 Pure Storage, Inc. Input/output (‘I/O’) in a storage system that includes multiple types of storage devices
US10986179B1 (en) 2015-12-08 2021-04-20 Pure Storage, Inc. Cloud-based snapshot replication
US10326836B2 (en) 2015-12-08 2019-06-18 Pure Storage, Inc. Partially replicating a snapshot between storage systems
US11616834B2 (en) 2015-12-08 2023-03-28 Pure Storage, Inc. Efficient replication of a dataset to the cloud
US11836118B2 (en) 2015-12-15 2023-12-05 Pure Storage, Inc. Performance metric-based improvement of one or more conditions of a storage array
US10162835B2 (en) 2015-12-15 2018-12-25 Pure Storage, Inc. Proactive management of a plurality of storage arrays in a multi-array system
US11030160B1 (en) 2015-12-15 2021-06-08 Pure Storage, Inc. Projecting the effects of implementing various actions on a storage system
US11347697B1 (en) 2015-12-15 2022-05-31 Pure Storage, Inc. Proactively optimizing a storage system
US11281375B1 (en) 2015-12-28 2022-03-22 Pure Storage, Inc. Optimizing for data reduction in a storage system
US10346043B2 (en) 2015-12-28 2019-07-09 Pure Storage, Inc. Adaptive computing for data compression
US10929185B1 (en) 2016-01-28 2021-02-23 Pure Storage, Inc. Predictive workload placement
US9886314B2 (en) 2016-01-28 2018-02-06 Pure Storage, Inc. Placing workloads in a multi-array system
US11392565B1 (en) 2016-02-11 2022-07-19 Pure Storage, Inc. Optimizing data compression in a storage system
US10572460B2 (en) 2016-02-11 2020-02-25 Pure Storage, Inc. Compressing data in dependence upon characteristics of a storage system
US11748322B2 (en) 2016-02-11 2023-09-05 Pure Storage, Inc. Utilizing different data compression algorithms based on characteristics of a storage system
US10884666B1 (en) 2016-02-12 2021-01-05 Pure Storage, Inc. Dynamic path selection in a storage network
US11561730B1 (en) 2016-02-12 2023-01-24 Pure Storage, Inc. Selecting paths between a host and a storage system
US9760297B2 (en) 2016-02-12 2017-09-12 Pure Storage, Inc. Managing input/output (‘I/O’) queues in a data storage system
US10289344B1 (en) 2016-02-12 2019-05-14 Pure Storage, Inc. Bandwidth-based path selection in a storage network
US10001951B1 (en) 2016-02-12 2018-06-19 Pure Storage, Inc. Path selection in a data storage system
US10768815B1 (en) 2016-03-16 2020-09-08 Pure Storage, Inc. Upgrading a storage system
US11340785B1 (en) 2016-03-16 2022-05-24 Pure Storage, Inc. Upgrading data in a storage system using background processes
US9959043B2 (en) 2016-03-16 2018-05-01 Pure Storage, Inc. Performing a non-disruptive upgrade of data in a storage system
US10306023B2 (en) 2016-03-28 2019-05-28 Oracle International Corporation Pre-formed instructions for a mobile cloud service
US11112990B1 (en) 2016-04-27 2021-09-07 Pure Storage, Inc. Managing storage device evacuation
US9841921B2 (en) 2016-04-27 2017-12-12 Pure Storage, Inc. Migrating data in a storage array that includes a plurality of storage devices
US11809727B1 (en) 2016-04-27 2023-11-07 Pure Storage, Inc. Predicting failures in a storage system that includes a plurality of storage devices
US10564884B1 (en) 2016-04-27 2020-02-18 Pure Storage, Inc. Intelligent data migration within a flash storage array
US11934681B2 (en) 2016-04-27 2024-03-19 Pure Storage, Inc. Data migration for write groups
US11461009B2 (en) 2016-04-28 2022-10-04 Pure Storage, Inc. Supporting applications across a fleet of storage systems
US10996859B1 (en) 2016-04-28 2021-05-04 Pure Storage, Inc. Utilizing redundant resources in a storage system
US9811264B1 (en) 2016-04-28 2017-11-07 Pure Storage, Inc. Deploying client-specific applications in a storage system utilizing redundant system resources
US10545676B1 (en) 2016-04-28 2020-01-28 Pure Storage, Inc. Providing high availability to client-specific applications executing in a storage system
US10620864B1 (en) 2016-05-02 2020-04-14 Pure Storage, Inc. Improving the accuracy of in-line data deduplication
US10303390B1 (en) 2016-05-02 2019-05-28 Pure Storage, Inc. Resolving fingerprint collisions in flash storage system
US9838377B1 (en) 2016-05-11 2017-12-05 Oracle International Corporation Task segregation in a multi-tenant identity and data security management cloud service
US10848543B2 (en) 2016-05-11 2020-11-24 Oracle International Corporation Security tokens for a multi-tenant identity and data security management cloud service
EP3361700A1 (en) * 2016-05-11 2018-08-15 Oracle International Corporation Multi-tenant identity and data security management cloud service
US10341410B2 (en) 2016-05-11 2019-07-02 Oracle International Corporation Security tokens for a multi-tenant identity and data security management cloud service
EP3361702A1 (en) * 2016-05-11 2018-08-15 Oracle International Corporation Multi-tenant identity and data security management cloud service
US10581820B2 (en) 2016-05-11 2020-03-03 Oracle International Corporation Key generation and rollover
EP3361701B1 (en) 2016-05-11 2021-09-01 Oracle International Corporation Multi-tenant identity and data security management cloud service
US10425386B2 (en) 2016-05-11 2019-09-24 Oracle International Corporation Policy enforcement point for a multi-tenant identity and data security management cloud service
US9781122B1 (en) 2016-05-11 2017-10-03 Oracle International Corporation Multi-tenant identity and data security management cloud service
US10454940B2 (en) 2016-05-11 2019-10-22 Oracle International Corporation Identity cloud service authorization model
EP3361701A1 (en) * 2016-05-11 2018-08-15 Oracle International Corporation Multi-tenant identity and data security management cloud service
US10693861B2 (en) 2016-05-11 2020-06-23 Oracle International Corporation Task segregation in a multi-tenant identity and data security management cloud service
US10200358B2 (en) 2016-05-11 2019-02-05 Oracle International Corporation Microservices based multi-tenant identity and data security management cloud service
US10218705B2 (en) 2016-05-11 2019-02-26 Oracle International Corporation Multi-tenant identity and data security management cloud service
US10878079B2 (en) 2016-05-11 2020-12-29 Oracle International Corporation Identity cloud service authorization model with dynamic roles and scopes
US11088993B2 (en) 2016-05-11 2021-08-10 Oracle International Corporation Policy enforcement point for a multi-tenant identity and data security management cloud service
EP3361700B1 (en) 2016-05-11 2021-08-04 Oracle International Corporation Multi-tenant identity and data security management cloud service
US9838376B1 (en) 2016-05-11 2017-12-05 Oracle International Corporation Microservices based multi-tenant identity and data security management cloud service
WO2017196774A1 (en) * 2016-05-11 2017-11-16 Oracle International Corporation Multi-tenant identity and data security management cloud service
US11231858B2 (en) 2016-05-19 2022-01-25 Pure Storage, Inc. Dynamically configuring a storage system to facilitate independent scaling of resources
US10642524B1 (en) 2016-05-20 2020-05-05 Pure Storage, Inc. Upgrading a write buffer in a storage system that includes a plurality of storage devices and a plurality of write buffer devices
US10078469B1 (en) 2016-05-20 2018-09-18 Pure Storage, Inc. Preparing for cache upgrade in a storage array that includes a plurality of storage devices and a plurality of write buffer devices
US9817603B1 (en) 2016-05-20 2017-11-14 Pure Storage, Inc. Data migration in a storage array that includes a plurality of storage devices
US10691567B2 (en) 2016-06-03 2020-06-23 Pure Storage, Inc. Dynamically forming a failure domain in a storage system that includes a plurality of blades
US10452310B1 (en) 2016-07-13 2019-10-22 Pure Storage, Inc. Validating cabling for storage component admission to a storage array
US11706895B2 (en) 2016-07-19 2023-07-18 Pure Storage, Inc. Independent scaling of compute resources and storage resources in a storage system
US10459652B2 (en) 2016-07-27 2019-10-29 Pure Storage, Inc. Evacuating blades in a storage array that includes a plurality of blades
US10474363B1 (en) 2016-07-29 2019-11-12 Pure Storage, Inc. Space reporting in a storage system
US10516672B2 (en) 2016-08-05 2019-12-24 Oracle International Corporation Service discovery for a multi-tenant identity and data security management cloud service
US10505941B2 (en) 2016-08-05 2019-12-10 Oracle International Corporation Virtual directory system for LDAP to SCIM proxy service
US10721237B2 (en) 2016-08-05 2020-07-21 Oracle International Corporation Hierarchical processing for a virtual directory system for LDAP to SCIM proxy service
US10735394B2 (en) 2016-08-05 2020-08-04 Oracle International Corporation Caching framework for a multi-tenant identity and data security management cloud service
US10255061B2 (en) 2016-08-05 2019-04-09 Oracle International Corporation Zero down time upgrade for a multi-tenant identity and data security management cloud service
US10585682B2 (en) 2016-08-05 2020-03-10 Oracle International Corporation Tenant self-service troubleshooting for a multi-tenant identity and data security management cloud service
US10263947B2 (en) 2016-08-05 2019-04-16 Oracle International Corporation LDAP to SCIM proxy service
US11356454B2 (en) 2016-08-05 2022-06-07 Oracle International Corporation Service discovery for a multi-tenant identity and data security management cloud service
US11601411B2 (en) 2016-08-05 2023-03-07 Oracle International Corporation Caching framework for a multi-tenant identity and data security management cloud service
US10579367B2 (en) 2016-08-05 2020-03-03 Oracle International Corporation Zero down time upgrade for a multi-tenant identity and data security management cloud service
US10530578B2 (en) 2016-08-05 2020-01-07 Oracle International Corporation Key store service
US11630585B1 (en) 2016-08-25 2023-04-18 Pure Storage, Inc. Processing evacuation events in a storage array that includes a plurality of storage devices
US11258797B2 (en) 2016-08-31 2022-02-22 Oracle International Corporation Data management for a multi-tenant identity cloud service
US10484382B2 (en) 2016-08-31 2019-11-19 Oracle International Corporation Data management for a multi-tenant identity cloud service
US10585711B2 (en) 2016-09-07 2020-03-10 Pure Storage, Inc. Crediting entity utilization of system resources
US10331588B2 (en) 2016-09-07 2019-06-25 Pure Storage, Inc. Ensuring the appropriate utilization of system resources using weighted workload based, time-independent scheduling
US11481261B1 (en) 2016-09-07 2022-10-25 Pure Storage, Inc. Preventing extended latency in a storage system
US11789780B1 (en) 2016-09-07 2023-10-17 Pure Storage, Inc. Preserving quality-of-service (‘QOS’) to storage system workloads
US10353743B1 (en) 2016-09-07 2019-07-16 Pure Storage, Inc. System resource utilization balancing in a storage system
US11520720B1 (en) 2016-09-07 2022-12-06 Pure Storage, Inc. Weighted resource allocation for workload scheduling
US10853281B1 (en) 2016-09-07 2020-12-01 Pure Storage, Inc. Administration of storage system resource utilization
US10963326B1 (en) 2016-09-07 2021-03-30 Pure Storage, Inc. Self-healing storage devices
US10235229B1 (en) 2016-09-07 2019-03-19 Pure Storage, Inc. Rehabilitating storage devices in a storage array that includes a plurality of storage devices
US11449375B1 (en) 2016-09-07 2022-09-20 Pure Storage, Inc. Performing rehabilitative actions on storage devices
US11803492B2 (en) 2016-09-07 2023-10-31 Pure Storage, Inc. System resource management using time-independent scheduling
US11914455B2 (en) 2016-09-07 2024-02-27 Pure Storage, Inc. Addressing storage device performance
US11960348B2 (en) 2016-09-07 2024-04-16 Pure Storage, Inc. Cloud-based monitoring of hardware components in a fleet of storage systems
US11531577B1 (en) 2016-09-07 2022-12-20 Pure Storage, Inc. Temporarily limiting access to a storage device
US10146585B2 (en) 2016-09-07 2018-12-04 Pure Storage, Inc. Ensuring the fair utilization of system resources using workload based, time-independent scheduling
US10896068B1 (en) 2016-09-07 2021-01-19 Pure Storage, Inc. Ensuring the fair utilization of system resources using workload based, time-independent scheduling
US10534648B2 (en) 2016-09-07 2020-01-14 Pure Storage, Inc. System resource utilization balancing
US10671439B1 (en) 2016-09-07 2020-06-02 Pure Storage, Inc. Workload planning with quality-of-service (‘QOS’) integration
US10908966B1 (en) 2016-09-07 2021-02-02 Pure Storage, Inc. Adapting target service times in a storage system
US11886922B2 (en) 2016-09-07 2024-01-30 Pure Storage, Inc. Scheduling input/output operations for a storage system
US11921567B2 (en) 2016-09-07 2024-03-05 Pure Storage, Inc. Temporarily preventing access to a storage device
US10846390B2 (en) 2016-09-14 2020-11-24 Oracle International Corporation Single sign-on functionality for a multi-tenant identity and data security management cloud service
US10594684B2 (en) 2016-09-14 2020-03-17 Oracle International Corporation Generating derived credentials for a multi-tenant identity cloud service
US11258786B2 (en) 2016-09-14 2022-02-22 Oracle International Corporation Generating derived credentials for a multi-tenant identity cloud service
US10511589B2 (en) 2016-09-14 2019-12-17 Oracle International Corporation Single logout functionality for a multi-tenant identity and data security management cloud service
US10616224B2 (en) 2016-09-16 2020-04-07 Oracle International Corporation Tenant and service management for a multi-tenant identity and data security management cloud service
US10484243B2 (en) 2016-09-16 2019-11-19 Oracle International Corporation Application management for a multi-tenant identity cloud service
US10445395B2 (en) 2016-09-16 2019-10-15 Oracle International Corporation Cookie based state propagation for a multi-tenant identity cloud service
US11023555B2 (en) 2016-09-16 2021-06-01 Oracle International Corporation Cookie based state propagation for a multi-tenant identity cloud service
US10341354B2 (en) 2016-09-16 2019-07-02 Oracle International Corporation Distributed high availability agent architecture
US10567364B2 (en) 2016-09-16 2020-02-18 Oracle International Corporation Preserving LDAP hierarchy in a SCIM directory using special marker groups
US10791087B2 (en) 2016-09-16 2020-09-29 Oracle International Corporation SCIM to LDAP mapping using subtype attributes
US10904074B2 (en) 2016-09-17 2021-01-26 Oracle International Corporation Composite event handler for a multi-tenant identity cloud service
US11379132B1 (en) 2016-10-20 2022-07-05 Pure Storage, Inc. Correlating medical sensor data
US10331370B2 (en) 2016-10-20 2019-06-25 Pure Storage, Inc. Tuning a storage system in dependence upon workload access patterns
US10007459B2 (en) 2016-10-20 2018-06-26 Pure Storage, Inc. Performance tuning in a storage system that includes one or more storage devices
US10416924B1 (en) 2016-11-22 2019-09-17 Pure Storage, Inc. Identifying workload characteristics in dependence upon storage utilization
US11016700B1 (en) 2016-11-22 2021-05-25 Pure Storage, Inc. Analyzing application-specific consumption of storage system resources
US10162566B2 (en) 2016-11-22 2018-12-25 Pure Storage, Inc. Accumulating application-level statistics in a storage system
US11620075B2 (en) 2016-11-22 2023-04-04 Pure Storage, Inc. Providing application aware storage
US11061573B1 (en) 2016-12-19 2021-07-13 Pure Storage, Inc. Accelerating write operations in a storage system
US10198205B1 (en) 2016-12-19 2019-02-05 Pure Storage, Inc. Dynamically adjusting a number of storage devices utilized to simultaneously service write operations
US11687259B2 (en) 2016-12-19 2023-06-27 Pure Storage, Inc. Reconfiguring a storage system based on resource availability
US11461273B1 (en) 2016-12-20 2022-10-04 Pure Storage, Inc. Modifying storage distribution in a storage system that includes one or more storage devices
US11146396B1 (en) 2017-01-05 2021-10-12 Pure Storage, Inc. Data re-encryption in a storage system
US10489307B2 (en) 2017-01-05 2019-11-26 Pure Storage, Inc. Periodically re-encrypting user data stored on a storage device
US10574454B1 (en) 2017-01-05 2020-02-25 Pure Storage, Inc. Current key data encryption
US11762781B2 (en) 2017-01-09 2023-09-19 Pure Storage, Inc. Providing end-to-end encryption for data stored in a storage system
US11340800B1 (en) 2017-01-19 2022-05-24 Pure Storage, Inc. Content masking in a storage system
US11861185B2 (en) 2017-01-19 2024-01-02 Pure Storage, Inc. Protecting sensitive data in snapshots
US10503700B1 (en) 2017-01-19 2019-12-10 Pure Storage, Inc. On-demand content filtering of snapshots within a storage system
US11163624B2 (en) 2017-01-27 2021-11-02 Pure Storage, Inc. Dynamically adjusting an amount of log data generated for a storage system
US11726850B2 (en) 2017-01-27 2023-08-15 Pure Storage, Inc. Increasing or decreasing the amount of log data generated based on performance characteristics of a device
US11379285B1 (en) 2017-03-10 2022-07-05 Pure Storage, Inc. Mediation for synchronous replication
US11954002B1 (en) 2017-03-10 2024-04-09 Pure Storage, Inc. Automatically provisioning mediation services for a storage system
US11829629B2 (en) 2017-03-10 2023-11-28 Pure Storage, Inc. Synchronously replicating data using virtual volumes
US11645173B2 (en) 2017-03-10 2023-05-09 Pure Storage, Inc. Resilient mediation between storage systems replicating a dataset
US10454810B1 (en) 2017-03-10 2019-10-22 Pure Storage, Inc. Managing host definitions across a plurality of storage systems
US11675520B2 (en) 2017-03-10 2023-06-13 Pure Storage, Inc. Application replication among storage systems synchronously replicating a dataset
US11086555B1 (en) 2017-03-10 2021-08-10 Pure Storage, Inc. Synchronously replicating datasets
US10671408B1 (en) 2017-03-10 2020-06-02 Pure Storage, Inc. Automatic storage system configuration for mediation services
US11237927B1 (en) 2017-03-10 2022-02-01 Pure Storage, Inc. Resolving disruptions between storage systems replicating a dataset
US11687423B2 (en) 2017-03-10 2023-06-27 Pure Storage, Inc. Prioritizing highly performant storage systems for servicing a synchronously replicated dataset
US10613779B1 (en) 2017-03-10 2020-04-07 Pure Storage, Inc. Determining membership among storage systems synchronously replicating a dataset
US10365982B1 (en) 2017-03-10 2019-07-30 Pure Storage, Inc. Establishing a synchronous replication relationship between two or more storage systems
US11803453B1 (en) 2017-03-10 2023-10-31 Pure Storage, Inc. Using host connectivity states to avoid queuing I/O requests
US11442825B2 (en) 2017-03-10 2022-09-13 Pure Storage, Inc. Establishing a synchronous replication relationship between two or more storage systems
US10884993B1 (en) 2017-03-10 2021-01-05 Pure Storage, Inc. Synchronizing metadata among storage systems synchronously replicating a dataset
US11687500B1 (en) 2017-03-10 2023-06-27 Pure Storage, Inc. Updating metadata for a synchronously replicated dataset
US11941279B2 (en) 2017-03-10 2024-03-26 Pure Storage, Inc. Data path virtualization
US11422730B1 (en) 2017-03-10 2022-08-23 Pure Storage, Inc. Recovery for storage systems synchronously replicating a dataset
US10503427B2 (en) 2017-03-10 2019-12-10 Pure Storage, Inc. Synchronously replicating datasets and other managed objects to cloud-based storage systems
US11347606B2 (en) 2017-03-10 2022-05-31 Pure Storage, Inc. Responding to a change in membership among storage systems synchronously replicating a dataset
US11716385B2 (en) 2017-03-10 2023-08-01 Pure Storage, Inc. Utilizing cloud-based storage systems to support synchronous replication of a dataset
US10585733B1 (en) 2017-03-10 2020-03-10 Pure Storage, Inc. Determining active membership among storage systems synchronously replicating a dataset
US11500745B1 (en) 2017-03-10 2022-11-15 Pure Storage, Inc. Issuing operations directed to synchronously replicated data
US11797403B2 (en) 2017-03-10 2023-10-24 Pure Storage, Inc. Maintaining a synchronous replication relationship between two or more storage systems
US11169727B1 (en) 2017-03-10 2021-11-09 Pure Storage, Inc. Synchronous replication between storage systems with virtualized storage
US10558537B1 (en) 2017-03-10 2020-02-11 Pure Storage, Inc. Mediating between storage systems synchronously replicating a dataset
US10521344B1 (en) 2017-03-10 2019-12-31 Pure Storage, Inc. Servicing input/output (‘I/O’) operations directed to a dataset that is synchronized across a plurality of storage systems
US10680932B1 (en) 2017-03-10 2020-06-09 Pure Storage, Inc. Managing connectivity to synchronously replicated storage systems
US11698844B2 (en) 2017-03-10 2023-07-11 Pure Storage, Inc. Managing storage systems that are synchronously replicating a dataset
US11789831B2 (en) 2017-03-10 2023-10-17 Pure Storage, Inc. Directing operations to synchronously replicated storage systems
US11210219B1 (en) 2017-03-10 2021-12-28 Pure Storage, Inc. Synchronously replicating a dataset across a plurality of storage systems
US10990490B1 (en) 2017-03-10 2021-04-27 Pure Storage, Inc. Creating a synchronous replication lease between two or more storage systems
US10261836B2 (en) 2017-03-21 2019-04-16 Oracle International Corporation Dynamic dispatching of workloads spanning heterogeneous services
US11126381B1 (en) 2017-04-10 2021-09-21 Pure Storage, Inc. Lightweight copy
US11656804B2 (en) 2017-04-10 2023-05-23 Pure Storage, Inc. Copy using metadata representation
US10459664B1 (en) 2017-04-10 2019-10-29 Pure Storage, Inc. Virtualized copy-by-reference
US10534677B2 (en) 2017-04-10 2020-01-14 Pure Storage, Inc. Providing high availability for applications executing on a storage system
US9910618B1 (en) 2017-04-10 2018-03-06 Pure Storage, Inc. Migrating applications executing on a storage system
US11868629B1 (en) 2017-05-05 2024-01-09 Pure Storage, Inc. Storage system sizing service
US10454915B2 (en) 2017-05-18 2019-10-22 Oracle International Corporation User authentication using kerberos with identity cloud service
US11210133B1 (en) 2017-06-12 2021-12-28 Pure Storage, Inc. Workload mobility between disparate execution environments
US11422731B1 (en) 2017-06-12 2022-08-23 Pure Storage, Inc. Metadata-based replication of a dataset
US11593036B2 (en) 2017-06-12 2023-02-28 Pure Storage, Inc. Staging data within a unified storage element
US10884636B1 (en) 2017-06-12 2021-01-05 Pure Storage, Inc. Presenting workload performance in a storage system
US11960777B2 (en) 2017-06-12 2024-04-16 Pure Storage, Inc. Utilizing multiple redundancy schemes within a unified storage element
US11567810B1 (en) 2017-06-12 2023-01-31 Pure Storage, Inc. Cost optimized workload placement
US10613791B2 (en) 2017-06-12 2020-04-07 Pure Storage, Inc. Portable snapshot replication between storage systems
US10853148B1 (en) 2017-06-12 2020-12-01 Pure Storage, Inc. Migrating workloads between a plurality of execution environments
US11340939B1 (en) 2017-06-12 2022-05-24 Pure Storage, Inc. Application-aware analytics for storage systems
US11016824B1 (en) 2017-06-12 2021-05-25 Pure Storage, Inc. Event identification with out-of-order reporting in a cloud-based environment
US11609718B1 (en) 2017-06-12 2023-03-21 Pure Storage, Inc. Identifying valid data after a storage system recovery
US10789020B2 (en) 2017-06-12 2020-09-29 Pure Storage, Inc. Recovering data within a unified storage element
US11561714B1 (en) 2017-07-05 2023-01-24 Pure Storage, Inc. Storage efficiency driven migration
US11477280B1 (en) 2017-07-26 2022-10-18 Pure Storage, Inc. Integrating cloud storage services
US11921908B2 (en) 2017-08-31 2024-03-05 Pure Storage, Inc. Writing data to compressed and encrypted volumes
US10552090B2 (en) 2017-09-07 2020-02-04 Pure Storage, Inc. Solid state drives with multiple types of addressable memory
US10891192B1 (en) 2017-09-07 2021-01-12 Pure Storage, Inc. Updating raid stripe parity calculations
US11592991B2 (en) 2017-09-07 2023-02-28 Pure Storage, Inc. Converting raid data between persistent storage types
US11714718B2 (en) 2017-09-07 2023-08-01 Pure Storage, Inc. Performing partial redundant array of independent disks (RAID) stripe parity calculations
US11392456B1 (en) 2017-09-07 2022-07-19 Pure Storage, Inc. Calculating parity as a data stripe is modified
US10417092B2 (en) 2017-09-07 2019-09-17 Pure Storage, Inc. Incremental RAID stripe update parity calculation
US10348858B2 (en) 2017-09-15 2019-07-09 Oracle International Corporation Dynamic message queues for a microservice based cloud service
US11308132B2 (en) 2017-09-27 2022-04-19 Oracle International Corporation Reference attributes for related stored objects in a multi-tenant cloud service
US10831789B2 (en) 2017-09-27 2020-11-10 Oracle International Corporation Reference attribute query processing for a multi-tenant cloud service
US11271969B2 (en) 2017-09-28 2022-03-08 Oracle International Corporation Rest-based declarative policy management
US10834137B2 (en) 2017-09-28 2020-11-10 Oracle International Corporation Rest-based declarative policy management
US10705823B2 (en) 2017-09-29 2020-07-07 Oracle International Corporation Application templates and upgrade framework for a multi-tenant identity cloud service
US10275285B1 (en) 2017-10-19 2019-04-30 Pure Storage, Inc. Data transformation caching in an artificial intelligence infrastructure
US10649988B1 (en) 2017-10-19 2020-05-12 Pure Storage, Inc. Artificial intelligence and machine learning infrastructure
US11861423B1 (en) 2017-10-19 2024-01-02 Pure Storage, Inc. Accelerating artificial intelligence (‘AI’) workflows
US10671434B1 (en) 2017-10-19 2020-06-02 Pure Storage, Inc. Storage based artificial intelligence infrastructure
US10360214B2 (en) 2017-10-19 2019-07-23 Pure Storage, Inc. Ensuring reproducibility in an artificial intelligence infrastructure
US11556280B2 (en) 2017-10-19 2023-01-17 Pure Storage, Inc. Data transformation for a machine learning model
US11403290B1 (en) 2017-10-19 2022-08-02 Pure Storage, Inc. Managing an artificial intelligence infrastructure
US11803338B2 (en) 2017-10-19 2023-10-31 Pure Storage, Inc. Executing a machine learning model in an artificial intelligence infrastructure
US10452444B1 (en) 2017-10-19 2019-10-22 Pure Storage, Inc. Storage system with compute resources and shared storage resources
US11455168B1 (en) 2017-10-19 2022-09-27 Pure Storage, Inc. Batch building for deep learning training workloads
US10275176B1 (en) 2017-10-19 2019-04-30 Pure Storage, Inc. Data transformation offloading in an artificial intelligence infrastructure
US11307894B1 (en) 2017-10-19 2022-04-19 Pure Storage, Inc. Executing a big data analytics pipeline using shared storage resources
US11768636B2 (en) 2017-10-19 2023-09-26 Pure Storage, Inc. Generating a transformed dataset for use by a machine learning model in an artificial intelligence infrastructure
US11210140B1 (en) 2017-10-19 2021-12-28 Pure Storage, Inc. Data transformation delegation for a graphical processing unit (‘GPU’) server
US10671435B1 (en) 2017-10-19 2020-06-02 Pure Storage, Inc. Data transformation caching in an artificial intelligence infrastructure
US10509581B1 (en) 2017-11-01 2019-12-17 Pure Storage, Inc. Maintaining write consistency in a multi-threaded storage system
US10484174B1 (en) 2017-11-01 2019-11-19 Pure Storage, Inc. Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices
US10671494B1 (en) 2017-11-01 2020-06-02 Pure Storage, Inc. Consistent selection of replicated datasets during storage system recovery
US11663097B2 (en) 2017-11-01 2023-05-30 Pure Storage, Inc. Mirroring data to survive storage device failures
US11451391B1 (en) 2017-11-01 2022-09-20 Pure Storage, Inc. Encryption key management in a storage system
US10467107B1 (en) 2017-11-01 2019-11-05 Pure Storage, Inc. Maintaining metadata resiliency among storage device failures
US10817392B1 (en) 2017-11-01 2020-10-27 Pure Storage, Inc. Ensuring resiliency to storage device failures in a storage system that includes a plurality of storage devices
US11263096B1 (en) 2017-11-01 2022-03-01 Pure Storage, Inc. Preserving tolerance to storage device failures in a storage system
US10929226B1 (en) 2017-11-21 2021-02-23 Pure Storage, Inc. Providing for increased flexibility for large scale parity
US11847025B2 (en) 2017-11-21 2023-12-19 Pure Storage, Inc. Storage system parity based on system characteristics
US11500724B1 (en) 2017-11-21 2022-11-15 Pure Storage, Inc. Flexible parity information for storage systems
US10990282B1 (en) 2017-11-28 2021-04-27 Pure Storage, Inc. Hybrid data tiering with cloud storage
US11604583B2 (en) 2017-11-28 2023-03-14 Pure Storage, Inc. Policy based data tiering
US10936238B2 (en) 2017-11-28 2021-03-02 Pure Storage, Inc. Hybrid data tiering
US10795598B1 (en) 2017-12-07 2020-10-06 Pure Storage, Inc. Volume migration for storage systems synchronously replicating a dataset
US11579790B1 (en) 2017-12-07 2023-02-14 Pure Storage, Inc. Servicing input/output (‘I/O’) operations during data migration
US11089105B1 (en) 2017-12-14 2021-08-10 Pure Storage, Inc. Synchronously replicating datasets in cloud-based storage systems
US11036677B1 (en) 2017-12-14 2021-06-15 Pure Storage, Inc. Replicated data integrity
US11782614B1 (en) 2017-12-21 2023-10-10 Pure Storage, Inc. Encrypting data to optimize data reduction
US11463488B2 (en) 2018-01-29 2022-10-04 Oracle International Corporation Dynamic client registration for an identity cloud service
US10715564B2 (en) 2018-01-29 2020-07-14 Oracle International Corporation Dynamic client registration for an identity cloud service
US11296944B2 (en) 2018-01-30 2022-04-05 Pure Storage, Inc. Updating path selection as paths between a computing device and a storage system change
US10992533B1 (en) 2018-01-30 2021-04-27 Pure Storage, Inc. Policy based path management
US10521151B1 (en) 2018-03-05 2019-12-31 Pure Storage, Inc. Determining effective space utilization in a storage system
US11474701B1 (en) 2018-03-05 2022-10-18 Pure Storage, Inc. Determining capacity consumption in a deduplicating storage system
US11836349B2 (en) 2018-03-05 2023-12-05 Pure Storage, Inc. Determining storage capacity utilization based on deduplicated data
US11150834B1 (en) 2018-03-05 2021-10-19 Pure Storage, Inc. Determining storage consumption in a storage system
US11614881B2 (en) 2018-03-05 2023-03-28 Pure Storage, Inc. Calculating storage consumption for distinct client entities
US11861170B2 (en) 2018-03-05 2024-01-02 Pure Storage, Inc. Sizing resources for a replication target
US10942650B1 (en) 2018-03-05 2021-03-09 Pure Storage, Inc. Reporting capacity utilization in a storage system
US10296258B1 (en) 2018-03-09 2019-05-21 Pure Storage, Inc. Offloading data storage to a decentralized storage network
US11112989B2 (en) 2018-03-09 2021-09-07 Pure Storage, Inc. Utilizing a decentralized storage network for data storage
US11048590B1 (en) 2018-03-15 2021-06-29 Pure Storage, Inc. Data consistency during recovery in a cloud-based storage system
US11698837B2 (en) 2018-03-15 2023-07-11 Pure Storage, Inc. Consistent recovery of a dataset
US11442669B1 (en) 2018-03-15 2022-09-13 Pure Storage, Inc. Orchestrating a virtual storage system
US11210009B1 (en) 2018-03-15 2021-12-28 Pure Storage, Inc. Staging data in a cloud-based storage system
US10917471B1 (en) 2018-03-15 2021-02-09 Pure Storage, Inc. Active membership in a cloud-based storage system
US10924548B1 (en) 2018-03-15 2021-02-16 Pure Storage, Inc. Symmetric storage using a cloud-based storage system
US11533364B1 (en) 2018-03-15 2022-12-20 Pure Storage, Inc. Maintaining metadata associated with a replicated dataset
US11704202B2 (en) 2018-03-15 2023-07-18 Pure Storage, Inc. Recovering from system faults for replicated datasets
US10976962B2 (en) 2018-03-15 2021-04-13 Pure Storage, Inc. Servicing I/O operations in a cloud-based storage system
US11288138B1 (en) 2018-03-15 2022-03-29 Pure Storage, Inc. Recovery from a system fault in a cloud-based storage system
US11539793B1 (en) 2018-03-15 2022-12-27 Pure Storage, Inc. Responding to membership changes to a set of storage systems that are synchronously replicating a dataset
US11838359B2 (en) 2018-03-15 2023-12-05 Pure Storage, Inc. Synchronizing metadata in a cloud-based storage system
US11171950B1 (en) 2018-03-21 2021-11-09 Pure Storage, Inc. Secure cloud-based storage system management
US11095706B1 (en) 2018-03-21 2021-08-17 Pure Storage, Inc. Secure cloud-based storage system management
US11888846B2 (en) 2018-03-21 2024-01-30 Pure Storage, Inc. Configuring storage systems in a fleet of storage systems
US11729251B2 (en) 2018-03-21 2023-08-15 Pure Storage, Inc. Remote and secure management of a storage system
US11263095B1 (en) 2018-03-26 2022-03-01 Pure Storage, Inc. Managing a data analytics pipeline
US11714728B2 (en) 2018-03-26 2023-08-01 Pure Storage, Inc. Creating a highly available data analytics pipeline without replicas
US10838833B1 (en) 2018-03-26 2020-11-17 Pure Storage, Inc. Providing for high availability in a data analytics pipeline without replicas
US11494692B1 (en) 2018-03-26 2022-11-08 Pure Storage, Inc. Hyperscale artificial intelligence and machine learning infrastructure
US11528262B2 (en) 2018-03-27 2022-12-13 Oracle International Corporation Cross-region trust for a multi-tenant identity cloud service
US10931656B2 (en) 2018-03-27 2021-02-23 Oracle International Corporation Cross-region trust for a multi-tenant identity cloud service
US10798165B2 (en) 2018-04-02 2020-10-06 Oracle International Corporation Tenant data comparison for a multi-tenant identity cloud service
US11652685B2 (en) 2018-04-02 2023-05-16 Oracle International Corporation Data replication conflict detection and resolution for a multi-tenant identity cloud service
US11165634B2 (en) 2018-04-02 2021-11-02 Oracle International Corporation Data replication conflict detection and resolution for a multi-tenant identity cloud service
US11258775B2 (en) 2018-04-04 2022-02-22 Oracle International Corporation Local write for a multi-tenant identity cloud service
US11392553B1 (en) 2018-04-24 2022-07-19 Pure Storage, Inc. Remote data management
US11436344B1 (en) 2018-04-24 2022-09-06 Pure Storage, Inc. Secure encryption in deduplication cluster
US11455409B2 (en) 2018-05-21 2022-09-27 Pure Storage, Inc. Storage layer data obfuscation
US11954220B2 (en) 2018-05-21 2024-04-09 Pure Storage, Inc. Data protection for container storage
US10992598B2 (en) 2018-05-21 2021-04-27 Pure Storage, Inc. Synchronously replicating when a mediation service becomes unavailable
US11128578B2 (en) 2018-05-21 2021-09-21 Pure Storage, Inc. Switching between mediator services for a storage system
US11757795B2 (en) 2018-05-21 2023-09-12 Pure Storage, Inc. Resolving mediator unavailability
US11675503B1 (en) 2018-05-21 2023-06-13 Pure Storage, Inc. Role-based data access
US11677687B2 (en) 2018-05-21 2023-06-13 Pure Storage, Inc. Switching between fault response models in a storage system
US10871922B2 (en) 2018-05-22 2020-12-22 Pure Storage, Inc. Integrated storage management between storage systems and container orchestrators
US11012444B2 (en) 2018-06-25 2021-05-18 Oracle International Corporation Declarative third party identity provider integration for a multi-tenant identity cloud service
US10764273B2 (en) 2018-06-28 2020-09-01 Oracle International Corporation Session synchronization across multiple devices in an identity cloud service
US11411944B2 (en) 2018-06-28 2022-08-09 Oracle International Corporation Session synchronization across multiple devices in an identity cloud service
US11403000B1 (en) 2018-07-20 2022-08-02 Pure Storage, Inc. Resiliency in a cloud-based storage system
US11416298B1 (en) 2018-07-20 2022-08-16 Pure Storage, Inc. Providing application-specific storage by a storage system
US11954238B1 (en) 2018-07-24 2024-04-09 Pure Storage, Inc. Role-based access control for a storage system
US11146564B1 (en) 2018-07-24 2021-10-12 Pure Storage, Inc. Login authentication in a cloud storage platform
US11632360B1 (en) 2018-07-24 2023-04-18 Pure Storage, Inc. Remote access to a storage device
US11860820B1 (en) 2018-09-11 2024-01-02 Pure Storage, Inc. Processing data through a storage system in a data pipeline
US11693835B2 (en) 2018-10-17 2023-07-04 Oracle International Corporation Dynamic database schema allocation on tenant onboarding for a multi-tenant identity cloud service
US11321187B2 (en) 2018-10-19 2022-05-03 Oracle International Corporation Assured lazy rollback for a multi-tenant identity cloud service
US10671302B1 (en) 2018-10-26 2020-06-02 Pure Storage, Inc. Applying a rate limit across a plurality of storage systems
US11586365B2 (en) 2018-10-26 2023-02-21 Pure Storage, Inc. Applying a rate limit across a plurality of storage systems
US10990306B1 (en) 2018-10-26 2021-04-27 Pure Storage, Inc. Bandwidth sharing for paired storage systems
US11822825B2 (en) 2018-11-18 2023-11-21 Pure Storage, Inc. Distributed cloud-based storage system
US11768635B2 (en) 2018-11-18 2023-09-26 Pure Storage, Inc. Scaling storage resources in a storage volume
US11379254B1 (en) 2018-11-18 2022-07-05 Pure Storage, Inc. Dynamic configuration of a cloud-based storage system
US11907590B2 (en) 2018-11-18 2024-02-20 Pure Storage, Inc. Using infrastructure-as-code (‘IaC’) to update a cloud-based storage system
US11928366B2 (en) 2018-11-18 2024-03-12 Pure Storage, Inc. Scaling a cloud-based storage system in response to a change in workload
US11340837B1 (en) 2018-11-18 2022-05-24 Pure Storage, Inc. Storage system management via a remote console
US11184233B1 (en) 2018-11-18 2021-11-23 Pure Storage, Inc. Non-disruptive upgrades to a cloud-based storage system
US11526405B1 (en) 2018-11-18 2022-12-13 Pure Storage, Inc. Cloud-based disaster recovery
US11861235B2 (en) 2018-11-18 2024-01-02 Pure Storage, Inc. Maximizing data throughput in a cloud-based storage system
US10917470B1 (en) 2018-11-18 2021-02-09 Pure Storage, Inc. Cloning storage systems in a cloud computing environment
US11455126B1 (en) 2018-11-18 2022-09-27 Pure Storage, Inc. Copying a cloud-based storage system
US11941288B1 (en) 2018-11-18 2024-03-26 Pure Storage, Inc. Servicing write operations in a cloud-based storage system
US11023179B2 (en) 2018-11-18 2021-06-01 Pure Storage, Inc. Cloud-based storage system storage management
US10963189B1 (en) 2018-11-18 2021-03-30 Pure Storage, Inc. Coalescing write operations in a cloud-based storage system
US11650749B1 (en) 2018-12-17 2023-05-16 Pure Storage, Inc. Controlling access to sensitive data in a shared dataset
US11003369B1 (en) 2019-01-14 2021-05-11 Pure Storage, Inc. Performing a tune-up procedure on a storage device during a boot process
US11947815B2 (en) 2019-01-14 2024-04-02 Pure Storage, Inc. Configuring a flash-based storage device
US11651357B2 (en) 2019-02-01 2023-05-16 Oracle International Corporation Multifactor authentication without a user footprint
US11061929B2 (en) 2019-02-08 2021-07-13 Oracle International Corporation Replication of resource type and schema metadata for a multi-tenant identity cloud service
US11321343B2 (en) 2019-02-19 2022-05-03 Oracle International Corporation Tenant replication bootstrap for a multi-tenant identity cloud service
US11669321B2 (en) 2019-02-20 2023-06-06 Oracle International Corporation Automated database upgrade for a multi-tenant identity cloud service
US11792226B2 (en) 2019-02-25 2023-10-17 Oracle International Corporation Automatic api document generation from scim metadata
US11423111B2 (en) 2019-02-25 2022-08-23 Oracle International Corporation Client API for rest based endpoints for a multi-tenant identify cloud service
US11042452B1 (en) 2019-03-20 2021-06-22 Pure Storage, Inc. Storage system data recovery using data recovery as a service
US11221778B1 (en) 2019-04-02 2022-01-11 Pure Storage, Inc. Preparing data for deduplication
US11640239B2 (en) 2019-04-09 2023-05-02 Pure Storage, Inc. Cost conscious garbage collection
US11068162B1 (en) 2019-04-09 2021-07-20 Pure Storage, Inc. Storage management in a cloud data store
US11392555B2 (en) 2019-05-15 2022-07-19 Pure Storage, Inc. Cloud-based file services
US11853266B2 (en) 2019-05-15 2023-12-26 Pure Storage, Inc. Providing a file system in a cloud environment
US11487715B1 (en) 2019-07-18 2022-11-01 Pure Storage, Inc. Resiliency in a cloud-based storage system
US11327676B1 (en) 2019-07-18 2022-05-10 Pure Storage, Inc. Predictive data streaming in a virtual storage system
US11093139B1 (en) 2019-07-18 2021-08-17 Pure Storage, Inc. Durably storing data within a virtual storage system
US11550514B2 (en) 2019-07-18 2023-01-10 Pure Storage, Inc. Efficient transfers between tiers of a virtual storage system
US11126364B2 (en) 2019-07-18 2021-09-21 Pure Storage, Inc. Virtual storage system architecture
US11861221B1 (en) 2019-07-18 2024-01-02 Pure Storage, Inc. Providing scalable and reliable container-based storage services
US11526408B2 (en) 2019-07-18 2022-12-13 Pure Storage, Inc. Data recovery in a virtual storage system
US11797197B1 (en) 2019-07-18 2023-10-24 Pure Storage, Inc. Dynamic scaling of a virtual storage system
US11086553B1 (en) 2019-08-28 2021-08-10 Pure Storage, Inc. Tiering duplicated objects in a cloud-based object store
US11693713B1 (en) 2019-09-04 2023-07-04 Pure Storage, Inc. Self-tuning clusters for resilient microservices
US11797569B2 (en) 2019-09-13 2023-10-24 Pure Storage, Inc. Configurable data replication
US11704044B2 (en) 2019-09-13 2023-07-18 Pure Storage, Inc. Modifying a cloned image of replica data
US11625416B1 (en) 2019-09-13 2023-04-11 Pure Storage, Inc. Uniform model for distinct types of data replication
US11870770B2 (en) 2019-09-13 2024-01-09 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration
US11360689B1 (en) 2019-09-13 2022-06-14 Pure Storage, Inc. Cloning a tracking copy of replica data
US11687378B2 (en) 2019-09-13 2023-06-27 Oracle International Corporation Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability
US11573864B1 (en) 2019-09-16 2023-02-07 Pure Storage, Inc. Automating database management in a storage system
US11669386B1 (en) 2019-10-08 2023-06-06 Pure Storage, Inc. Managing an application's resource stack
US11611548B2 (en) 2019-11-22 2023-03-21 Oracle International Corporation Bulk multifactor authentication enrollment
US11943293B1 (en) 2019-12-06 2024-03-26 Pure Storage, Inc. Restoring a storage system from a replication target
US11531487B1 (en) 2019-12-06 2022-12-20 Pure Storage, Inc. Creating a replica of a storage system
US11947683B2 (en) 2019-12-06 2024-04-02 Pure Storage, Inc. Replicating a storage system
US11930112B1 (en) 2019-12-06 2024-03-12 Pure Storage, Inc. Multi-path end-to-end encryption in a storage system
US11868318B1 (en) 2019-12-06 2024-01-09 Pure Storage, Inc. End-to-end encryption in a storage system with multi-tenancy
US11720497B1 (en) 2020-01-13 2023-08-08 Pure Storage, Inc. Inferred nonsequential prefetch based on data access patterns
US11733901B1 (en) 2020-01-13 2023-08-22 Pure Storage, Inc. Providing persistent storage to transient cloud computing services
US11709636B1 (en) 2020-01-13 2023-07-25 Pure Storage, Inc. Non-sequential readahead for deep learning training
US11868622B2 (en) 2020-02-25 2024-01-09 Pure Storage, Inc. Application recovery across storage systems
US11637896B1 (en) 2020-02-25 2023-04-25 Pure Storage, Inc. Migrating applications to a cloud-computing environment
US11625185B2 (en) 2020-03-25 2023-04-11 Pure Storage, Inc. Transitioning between replication sources for data replication operations
US11321006B1 (en) 2020-03-25 2022-05-03 Pure Storage, Inc. Data loss prevention during transitions from a replication source
US11630598B1 (en) 2020-04-06 2023-04-18 Pure Storage, Inc. Scheduling data replication operations
US11301152B1 (en) 2020-04-06 2022-04-12 Pure Storage, Inc. Intelligently moving data between storage systems
US11494267B2 (en) 2020-04-14 2022-11-08 Pure Storage, Inc. Continuous value data redundancy
US11853164B2 (en) 2020-04-14 2023-12-26 Pure Storage, Inc. Generating recovery information using data redundancy
US11921670B1 (en) 2020-04-20 2024-03-05 Pure Storage, Inc. Multivariate data backup retention policies
US11431488B1 (en) 2020-06-08 2022-08-30 Pure Storage, Inc. Protecting local key generation using a remote key management service
US11349917B2 (en) 2020-07-23 2022-05-31 Pure Storage, Inc. Replication handling among distinct networks
US11882179B2 (en) 2020-07-23 2024-01-23 Pure Storage, Inc. Supporting multiple replication schemes across distinct network layers
US11442652B1 (en) 2020-07-23 2022-09-13 Pure Storage, Inc. Replication handling during storage system transportation
US11789638B2 (en) 2020-07-23 2023-10-17 Pure Storage, Inc. Continuing replication during storage system transportation
US11397545B1 (en) 2021-01-20 2022-07-26 Pure Storage, Inc. Emulating persistent reservations in a cloud-based storage system
US11693604B2 (en) 2021-01-20 2023-07-04 Pure Storage, Inc. Administering storage access in a cloud-based storage system
US11853285B1 (en) 2021-01-22 2023-12-26 Pure Storage, Inc. Blockchain logging of volume-level events in a storage system
US11588716B2 (en) 2021-05-12 2023-02-21 Pure Storage, Inc. Adaptive storage processing for storage-as-a-service
US11822809B2 (en) 2021-05-12 2023-11-21 Pure Storage, Inc. Role enforcement for storage-as-a-service
US11816129B2 (en) 2021-06-22 2023-11-14 Pure Storage, Inc. Generating datasets using approximate baselines
US11714723B2 (en) 2021-10-29 2023-08-01 Pure Storage, Inc. Coordinated snapshots for data stored across distinct storage environments
US11893263B2 (en) 2021-10-29 2024-02-06 Pure Storage, Inc. Coordinated checkpoints among storage systems implementing checkpoint-based replication
US11914867B2 (en) 2021-10-29 2024-02-27 Pure Storage, Inc. Coordinated snapshots among storage systems implementing a promotion/demotion model
US11922052B2 (en) 2021-12-15 2024-03-05 Pure Storage, Inc. Managing links between storage objects
US11847071B2 (en) 2021-12-30 2023-12-19 Pure Storage, Inc. Enabling communication between a single-port device and multiple storage system controllers
US11972134B2 (en) 2022-01-12 2024-04-30 Pure Storage, Inc. Resource utilization using normalized input/output (‘I/O’) operations
US11860780B2 (en) 2022-01-28 2024-01-02 Pure Storage, Inc. Storage cache management
US11886295B2 (en) 2022-01-31 2024-01-30 Pure Storage, Inc. Intra-block error correction

Similar Documents

Publication Publication Date Title
US20140013409A1 (en) Single sign on for cloud
WO2013071087A1 (en) Single sign on for cloud
US10142326B2 (en) Attribute-based access control
US10810515B2 (en) Digital rights management (DRM)-enabled policy management for an identity provider in a federated environment
CN107852417B (en) Multi-tenant identity and data security management cloud service
CN109565511B (en) Tenant and service management for multi-tenant identity and data security management cloud services
US10122707B2 (en) User impersonation/delegation in a token-based authentication system
CN112913208B (en) Multi-tenant identity cloud service with in-house deployed authentication integration and bridge high availability
US8196177B2 (en) Digital rights management (DRM)-enabled policy management for a service provider in a federated environment
US9876799B2 (en) Secure mobile client with assertions for access to service provider applications
US7860883B2 (en) Method and system for distributed retrieval of data objects within multi-protocol profiles in federated environments
US9699168B2 (en) Method and system for authenticating a rich client to a web or cloud application
US9288214B2 (en) Authentication and authorization methods for cloud computing platform security
US9560080B2 (en) Extending organizational boundaries throughout a cloud architecture
US8850546B1 (en) Privacy-preserving user attribute release and session management
US9690920B2 (en) Secure configuration catalog of trusted identity providers
CN112088373A (en) Declarative third party identity provider integration for multi-tenant identity cloud services
US9148414B1 (en) Credential management in a multi-tenant environment
JP2019526868A (en) Single sign-on and single logout capabilities for multi-tenant identity and data security management cloud services
US9485234B1 (en) Virtualized endpoints in a multi-tenant environment
Malisetti Securing RESTful services with token-based authentication
Edge et al. Identity and Device Trust
Thakore et al. Scalable and Privacy-preserving Access Mechanism for Dynamic Clouds

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12848189

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12848189

Country of ref document: EP

Kind code of ref document: A1