758 results about "System recovery" patented technology

Embodiments relate to systems and methods for automatically generating a system restoration order for network recovery. A set of managed machines, such as personal computers or servers, can be managed by a network management platform communicating with the machines via a secure channel. The network management platform can access a dependency map indicating a required order for restoration of machines or nodes on a network. The network management platform likewise access a reverse kickstart file for each machine to be automatically restored in order to ensure proper functioning of the network, and extract a current configuration of that machine for purposes of restoring the overall network.

A technique for implementing policy-aware backup and restore capability in a tiered storage system. If a data set's contents are backed up from the tiered storage system to a backup storage system, metadata for the data set may also be backed up. Prior to the data set being restored from the backup storage system to the tiered storage system, the backed up metadata is restored and processed to determine a tier among the tiered storage pools to which the data set will be restored.

A failure recovery framework to be used in cooperative data stream processing is provided that can be used in a large-scale stream data analysis environment. Failure recovery supports a plurality of independent distributed sites, each having its own local administration and goals. The distributed sites cooperate in an inter-site back-up mechanism to provide for system recovery from a variety of failures within the system. Failure recovery is both automatic and timely through cooperation among sites. Back-up sites associated with a given primary site are identified. These sites are used to identify failures within the primary site including failures of applications running on the nodes of the primary site. The failed applications are reinstated on one or more nodes within the back-up sites using job management instances local to the back-up sites in combination with previously stored state information and data values for the failed applications. In additions to inter-site mechanisms, each one of the plurality of sites employs an intra-site back-up mechanism to handle failure recoveries within the site.

A computer system operation registers as an event when an operation potentially characteristic of malware occurs. Events are scored and when a threshold is reached indicative of a possible malware infection a restore point is created. Many restore points are created. When a user decides to restore the system because of the presence of malware a malware report is retrieved. The malware report describes characteristics of a particular piece of malware. The malware report is compared to the restore point logs that had been created earlier. Any number of malware reports are compared to the restore point logs. A restore point log that shares many of the same system changes or other effects also present in a malware report is likely to be an indication of the beginning of a malware infection. The matched restore point log is recommended to the user as the best restore point.

A computer entity, particularly but not exclusively a headless computer entity, has operating systems stored on a non-volatile data storage device e.g. a hard disk drive, and has a back-up data storage device. Operating system backup's are taken from an uncorrupted copy of an operating system stored in a separate partition on the data storage device to the primary operating system which is actually used to run the device, thereby ensuring that if the primary operating system of the computer entity becomes corrupted either gradually or catastrophically, the back-up copy which is stored on a back-up media is not effected. Under failure conditions of the computer entity, a pristine copy of the operating system can be reloaded from the back-up tape data storage media and the computer entity rebooted from the pristine operating system back-up copy.

The invention provides an automatic analysis method and system of malicious codes based on an API (application program interface) HOOK. An API HOOK technology and a remote thread implantation technology are utilized to monitor samples; influences of the malicious codes on the whole system in an operation process are recorded, and a dynamic analysis report is automatically generated; influences of malicious code samples on a file, a network, and a registry and a key process are recorded, and when the operation of the samples ends, the system recovers the state before the samples are executed; the whole monitoring, recording and reduction process ends automatically without manual intervention; monitoring software can only run a sample each time, the monitoring software is used for monitoring the host process of the samples and process threads created by the host process of the samples, and when the monitoring software finishes the monitoring, the system recovers the state before the samples are operated; behaviors such as creation, deletion, modification and the like of the malicious code samples on the file are detected, operation behaviors of the malicious code samples on the network are detected, behaviors such as addition, deletion, modification and the like of the malicious code samples on the registry are detected, and operation behaviors of the malicious code samples on the create process are detected; and finally the dynamic monitoring report on the malicious code samples is submitted, and when the monitoring is finished, the monitoring software carries out inversion operation to restore the system to the state before the samples are operated according to the operations and influences of the samples on an operating system. The intelligent analysis technology of the malicious codes is suitable for analyzing a great deal of samples without the manual intervention, and is quicker in analysis speed and less in garbage in the analysis report.

Methods and apparatuses for detecting and recovering from a buffer overflow attack are provided. A method of recovering an operation state of a processor from a buffer overflow attach includes: detecting whether a buffer overflow attack is made on any write operation while storing write operations that are potential targets of buffer overflow attacks in a predetermined location instead of an original destination to store write operations; storing the contents stored in the predetermined location at a predetermined interval in the original destination for storing write operations if no buffer overflow attack is detected and discarding unsafe write operations subsequent to a buffer overflow attack if a buffer overflow attack is detected; and ignoring the unsafe write operations subsequent to the buffer overflow attack if a buffer overflow attack is detected. Therefore, a buffer overflow attack occurring in a computer can be effectively detected, and damage of a system which is attacked can be minimized and the system can be recovered or return to the original state before the attack. A system can be effectively protected while minimizing reduction in performance of the computer system according to a method used to implement the present invention, thereby greatly improving the environments under which the computer and the Internet are used.

An apparatus, system, and method for creating a database backup schedule in a SAN environment based on a recovery plan. A user provides a desired recovery point objective (RPO) from a system recovery plan and an identifier of a database for back up. The present invention determines a priority (w) for a recent recovery point and determines a number (N) of volumes for storing backup images and a number (n) of database volumes used by the database. The present invention generates a scheduling formula where RPO is divided by the priority (w) of the most recent recovery point raised to the power of the truncated integer value of the ratio of volumes for storing backup images (N) and the number of volumes in use by the database (n) minus a scheduling interval determinant (i). The scheduling formula is used to determine a backup interval and backup assurance points.

A technique for using a remote array cache memory for data redundancy. A computer system includes a first storage system having cache memory and mass storage. Data to be written to the mass storage is written to the cache memory. Redundant data is stored elsewhere in case the cache experiences a fault before the data can be written to mass storage. Otherwise, data not yet written to the mass storage may be lost. The first storage system is in communication with a second storage system which is typically located remotely from the first storage system. When the first storage system receives a write request, the first storage system forwards the data to the second storage system for redundant storage. Where the data is forwarded to the second storage system, this is referred to herein as "remote mode."The first storage system may include redundant cache memories and enters remote mode only in the event a fault affects one of the cache memories. The data can then be recovered from the second storage system if needed.

A computer implemented method for automatic presentation of delayed video. During normal operation real-time video feed is sent to a digital screen for presentation and is also sent to memory for storage. When a delay trigger is issued, the system either freezes the frame presented in that instance or stores a time indicator. The system then monitors delay time and, when the delay time is reached, the system starts fetching frames from the memory, starting either from the frame immediately following the frozen frame or from the frame that was stored at the time indicator, and sends these frames to the digital screen for presentation. The system then monitors delay period and, when the delay period arrive, the system reverts to normal mode wherein real-time video feed is sent to a digital screen for presentation and is also sent to memory for storage.

The invention discloses a concurrent connections performance testing system and a concurrent connections performance testing method for a file system. A master control node and at least one testing node are arranged, wherein the testing node is arranged on an application server of a storage system, is mainly used for simulating an application load to test a tested system, is connected with the tested file system through a storage network, and is used for testing the tested system; and the master control node performs centralized management which comprises process scheduling and task management on the testing node through a local area network, and is used for performing centralized management on all testing nodes and counting a test result. The system comprises a parameter processing module, a tested system information collecting module, a system initialization module, a condition monitoring module, a distributed management module, a load testing module, a result counting and reporting module and a system recovery module, solves the problems that the concurrent connections of the file system are not definitely defined and a detailed and useable testing method is lacked in the prior art, and is particularly suitable for the concurrent connections performance test of a distributed file system.

The present invention provides a method, system and apparatus by which TCP connections may be failed-over from one system to another within a highly available network service, and appear transparent to the remote client. The connection state and ownership information of a system is broadcast within the network, so that if a first system crashes while running an application, a predetermined take-over policy causes a peer system to assume connection without loss of data such that a permanent connection has been established from the client's point of view. After the failed system has been restored to a normal state, new connections are established by the first system.

A system and method for fast system recovery that bypasses diagnostic routines by disconnecting failed hardware from the system before rebooting. Failed hardware and hardware that will be affected by removal of the failed hardware of the system are disconnected from the system. The system is restarted, and because the failed hardware is disconnected, diagnostic routines may safely be eliminated from the reboot process.

The invention discloses a method for closing processes, comprising the following steps of: presetting a process information bank for recording processes associated with one or more special application programs; and according to the process information bank, selecting the processes executed by an operating system, and closing all the selected processes after being trigged by a user. The method disclosed by the invention has the following advantages of: enabling the operating system to recover to the normal state, saving time cost and use cost for the user, and simultaneously ensuring that the user can open and use other application programs without being influenced after closing a multitude of processes.

The invention discloses a method and a device for automatically restoring an embedded system of a set top box. The method comprises the steps of: carrying out power-on detection through a bootstrap loader so as to detect whether a first start system which is stored in a first program storage subarea and a second start system which is stored in a second program storage subarea are wrong or not; generating a first start system error flag and starting the second start system when detecting that the first start system which is stored in the first program storage subarea is wrong and the second start system which is stored in the second program storage subarea is correct; and automatically and completely copying the second start system which is stored in the second program storage subarea to the first program storage subarea to serve as a new first start system. In the invention, rapid restoration of system start of the set top box can be realized by using double systems, and automatic andrapid restoration can be realized without influencing the normal running time of the system, so that convenience is provided for users and the maintenance cost is reduced.

A device, method, and program product detect and break an occurrence of gas lock in an electrical submersible pump assembly in a well bore based upon surface or downhole data without the need for operator intervention. The system provides the ability to flush the pump and return the system back to production without requiring system shutdown. In addition, the system provides an algorithm for controlling a pump operating speed of the electrical submersible pump assembly to maximize production from the well bore.

A method and system for multi-staged recovery of a distributed computer system. The method includes receiving a failure event notification from at least one node of the distributed computer system and executing a plurality of recovery stages upon receiving the failure event notification by using a recovery manager, wherein each of the plurality of recovery stages performs a defined recovery task. The progress of recovery is tracked by using at least one state machine executed by the recovery manager, wherein the state machine reflects progress of each of the recovery stages. The progress of recovery is monitored to a completion by using the state machine and the recovery manager.

The present invention provides a method, system and apparatus by which TCP connections may be failed-over from one system to another within a highly available network service, and appear transparent to the remote client. The connection state and ownership information of a system is broadcast within the network, so that if a first system crashes while running an application, a predetermined take-over policy causes a peer system to assume connection without loss of data such that a permanent connection has been established from the client's point of view. After the failed system has been restored to a normal state, new connections are established by the first system. A connection cache device stores connection information for use during the failover.