US 12,292,799 B2
Shared workload anomaly detection across multiple hosts based on bare-metal recovery and system-state recovery data and metadata
Sunil Yadav, Bangalore (IN); and Shelesh Chopra, Bangalore (IN)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Apr. 22, 2022, as Appl. No. 17/726,982.
Prior Publication US 2023/0342255 A1, Oct. 26, 2023
Int. Cl. G06F 11/00 (2006.01); G06F 11/14 (2006.01)
CPC G06F 11/1435 (2013.01) [G06F 2201/84 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for shared workload anomaly detection across multiple volume hosts, the method comprising:
identifying a shared workload operating across a set of volume hosts;
generating a workload-anomaly table entry for the shared workload,
wherein the workload-anomaly table entry comprises a first identifier of the shared workload and an empty host-snapshot table that is used to track a behavior of an instance of the shared workload across the set of volume hosts;
selecting, from the set of volume hosts, a volume host to serve as a baseline volume host;
identifying a golden workload instance of the shared workload on the baseline volume host;
performing a lookup on a writer-key table using a second identifier of the golden workload instance of the shared workload, wherein, in response to the lookup, a writer-key table entry that specifies the second identifier is identified in the writer-key table;
in response to identifying the second identifier, obtaining a file-system object key from the writer-key table entry, wherein the file-system object key references a file-system object of a collection of file-system objects, wherein the file-system object is associated with the golden workload instance of the shared workload;
identifying an object metadata schema from a most recent backup operation entry, wherein, using the file-system object key, a second lookup is performed on the schema;
obtaining, in response to the second lookup and for the baseline volume host, baseline file-system object metadata descriptive of the collection of file-system objects;
selecting, from the set of volume hosts, a second volume host to serve as a non-baseline volume host;
obtaining, for the non-baseline volume host, non-baseline file-system object metadata descriptive of a second collection of file-system objects;
performing an assessment of the non-baseline file-system object metadata against the baseline file-system object metadata to produce a metadata anomaly result;
performing, based on the metadata anomaly result, an anomaly-driven action concerning the non-baseline volume host, wherein the action comprises upgrading the instance of the shared workload operating on the non-baseline volume host;
creating, based on the metadata anomaly result, a host-snapshot table entry in the host-snapshot table for the non-baseline volume host; and
updating, after the creating, the workload-anomaly table entry using the host-snapshot table entry.