Setting Up Object Storage Destinations
Just as with tape and storage disk, you can configure object storage destinations using the Storage Destinations > Object Storage option under the Configuration menu. See Configuring Object Storage.
Depending on the provider and media type you are configuring, follow the appropriate procedure below to configure your Object Storage Destination:
- Setting up Lattus Object Storage Destinations on a StorNext Configuration
- Setting up S3COMPAT Object Storage Destinations on a StorNext Configuration
- Setting up AWS Object Storage Destinations on a StorNext configuration
- Setting up Azure Object Storage Destinations on a StorNext Configuration
Setting up Lattus Object Storage Destinations on a StorNext Configuration
Follow this procedure to view a list of currently configured Lattus Object Storage destinations.
-
On the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab. Information for any previously configured Lattus Object Storage destination is shown as entries that have Quantum Lattus listed as the Provider. For each configured destination, the page displays the Name, Provider, Appliance State (online or offline), Controller State, I/O Path State, Manager host address, Containers count, Controllers count, I/O Paths count, and File Count.
-
Select the Lattus Object Storage destination whose information you want to view.
-
Click View....
-
When you are finished viewing destination information, click Done.
Follow this procedure to add a new Lattus Object Storage destination.
Note: If you plan to use HTTPS, you must create or import a security certificate prior to creating a Lattus Object Storage Destination. This applies to each Lattus controller configured for HTTPS. If you only intend to use HTTP, certificates are not needed. To create or import a Lattus Object Storage security certificate, see
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Click New.... The page is updated and displays various configuration prerequisites. If any of the configuration prerequisites are required, click Cancel and configure them before returning to this page. Otherwise, click Continue....
-
Enter the appropriate value into the following parameters:
Parameter | Description |
---|---|
Name |
Enter the name of the new Lattus Object Storage destination |
Provider |
Select Quantum Lattus from the Provider list. |
Manager Host |
Enter the host address for the Lattus Object Storage manager host. |
Manager Port |
Enter a decimal integer to specify the port number of the Lattus Object Storage manager GUI interface. The default port number is 80. |
Manager Protocol |
Select the http or https protocol. Note: If you plan to use HTTPS, you must create or import a security certificate prior to creating a Lattus Object Storage Destination. This applies to each Lattus controller configured for HTTPS. If you only intend to use HTTP, certificates are not needed. To create or import a Lattus Object Storage security certificate, see |
Authentication |
Select if authentication is required for this configuration. |
User Name |
Select a global user name to be used for namespace permission for this configuration. This parameter is mandatory if Authentication is set to “Enabled”. |
Password |
Select a global password to be used for namespace permissions for this configuration. This parameter is mandatory if Authentication is set to “Enabled”. |
-
In the Controllers section, click Add and then specify the following to add a controller:
Parameter | Description |
---|---|
Name |
Enter the name of the controller. |
Max Streams |
By default, the maximum number of concurrent I/O streams per controller is 48. This can be changed by selecting the desired value from the Max Streams drop-down list. |
-
In the I/O Paths section, click Add and then specify the following to add an I/O path:
Parameter | Description |
---|---|
Name |
Enter the unique name of the I/O path. If you do not have unique names, the "Already exists in the Tertiary Manager system. Duplicate component alias names are not allowed." error message appears. |
Controller Name |
Select the name of the controller associated with the new I/O path. |
Media Type (New in StorNext 5 release 5.4) |
This parameter specifies the object storage media type assigned to an I/O Path that is associated with a specific Object Storage API. The available values for provider Quantum Lattus are AXR and S3. |
URL Style |
There are two ways to format the URL:
This parameter defines which style of URL to use. |
Object Access Protocol |
Select the protocol to be used for Object Storage object access. By default, the protocol is set to http. Note: If you plan to use HTTPS, you must create or import a security certificate prior to creating a Lattus Object Storage Destination. This applies to each Lattus controller configured for HTTPS. If you only intend to use HTTP, certificates are not needed. To create or import a Lattus Object Storage security certificate, see |
Host[:Port] |
Enter the connection endpoint address that contains the host name or IP address, with the optional port number separated by a colon ":". If the port number is not specified, the default (80 for http, 443 for https) is assumed. Connection endpoints must be unique. |
-
In the Containers section, perform one of the following:
-
On the Container Selection list, click Scan or Manual. This parameter gives you the option to either scan the available container or enter the container name manually. If you select Scan and a user name and password are required, either use the credential specified for the manager host or check the Use different credentials box and enter the username and password. You are then presented with a pre-populated list of available containers. If you select Manual, you are presented with a text box to manually enter the name of the container. To view or add S3 buckets, on the Tools menu, click S3 Buckets.
-
Click Add and then specify the following to add a container:
-
Parameter | Description |
---|---|
Container |
Select (Scan mode) or enter (Manual mode) the appropriate container for this configuration. |
Media ID |
Enter the StorNext Media ID associated with the selected container. The Media ID must be unique. |
Media Type (New in StorNext 5 release 5.4) |
This parameter specifies the object storage media type assigned to a namespace that is associated with a specific Object Storage API. The available values for provider Quantum Lattus are AXR and S3. |
Storage Class | This parameter should be left at none as it is not applicable to Lattus media. |
Signing Type | For Lattus S3 media, use the default value of V2. This parameter is not applicable to AXR media. |
Authentication Type |
This parameter specifies the authentication type for the container being configured. An authentication type is required for Lattus S3 media but not for AXR. The available values for provider Quantum Lattus are NONE and STANDARD. The STANDARD type authenticates with a user name and password for Object Storage access. |
User Name |
Enter a user name to be used to access this container. This parameter is mandatory if Authentication is set to “Enabled”. This selection overrides the global permissions settings. |
Password |
Enter a password to be used to access the container. This parameter is mandatory if Authentication is set to “Enabled”. This selection overrides the global permissions settings. |
Copy Number |
Select the copy number (1-4) assigned to the container. The copy number can be changed if no data has been written to the media. |
Policy Class | This parameter specifies the policy class that has the exclusive use of the container being configured. If left at System Blank, no policy class association is set for the container and the container can be used by all policy classes. To configure this parameter, select one of the pre-defined policy classes from the drop-down list for the Policy Class option. See How to Route File Copies to a Specific Object Storage Namespace for additional details |
Note: If no data has been written to a controller, I/O path, or container, you can click Delete to remove the item, and then click Apply to save the changes
-
(Optional) Repeat Step 7 to add additional containers to the same Lattus Object Storage Destination.
- Click Apply to save your changes, or Cancel to exit without saving.
-
(Optional) Repeat Step 3 through Step 9 to add additional Lattus Object Storage destinations.
Note: The containers on Lattus-M share the same I/O paths and storage capacity. There is no advantage to be gained by defining multiple containers for the same policy class and copy number. Storage Manager selects the first available container that meets the policy class criteria for the store operation.
Follow this procedure to edit an existing Lattus Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the Lattus Object Storage destination whose information you want to edit.
-
Click Edit....
-
To edit a field, type directly in the field (for example, type a new name and IP address for an I/O path), or select another option from the drop-down list.
Note: To return to the last saved configuration for a controller, I/O path, or namespace, click Reset.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
When a confirmation message appears, click Yes to proceed, or No to abort.
-
After a message informs you that the Lattus Object Storage destination was successfully modified, click OK.
Follow this procedure to delete an existing Lattus Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the Lattus Object Storage destination you want to delete.
-
Click Delete.
-
When a confirmation message appears, click Yes to proceed with the deletion or No to abort.
-
After a message informs you that the Object Storage destination was successfully deleted, click OK.
Follow this procedure to launch the Lattus Object Storage manager GUI application.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the Lattus Object Storage destination.
-
Click Launch Manager. A new browser window appears, and displays the Object Storage Manager GUI application login page. If you entered a User Name and Password when you created the selected Lattus Object Storage destination, then the credentials are used as your login.
Note: If you are using Safari as your browser, you may have to enable pop-ups. See Enable Pop-ups in Safari.
-
Open Safari if it is not already open.
-
On the Safari menu, click Preferences.
-
Click the Security heading.
-
Un-check (turn off) the box marked Block pop-up windows to allow pop-ups. Safari will then ask if you would really like to change the setting.
-
Click OK.
-
Close the Preferences window.
-
Shut down and restart Safari.
If you block pop-up windows, you might miss important information for a web page. For example, the Launch Manager might use a pop-up window to request your login credentials.
A Multi-Geo (multiple geographic) Lattus configuration consists of three sites configured under the same durability policy. It is likely that WAN (Wide Area Network) communication with remote sites will be slower due to higher latency in the WAN link. If you have significantly higher latency to the remote Lattus sites, it is recommended that only the I/O Paths to the local controller be “Online”.
Object Storage I/O Paths can be configured offline with the Tools > Storage Manager > Storage Components screen. Select the remote Object Storage I/O Paths and then click the Offline button (Change the Current State of Object Storage Destinations, Controllers, and I/O Paths). The fschstate(1) command may also be used for this.
If the local Lattus controller is down, but the remote sites are still up, then you may want to change the local I/O Paths to the “Offline” state and the remote I/O Paths to “Online” state in order to continue using Lattus.
With Lattus 3.5.1, it is possible to convert AXR namespaces to S3 buckets and make them accessible via the S3 interface. StorNext 5 provides the capability to convert the media type from AXR to S3.
- Using the StorNext MDC (CLI only).
Note: Ensure there is no store/retrieve operation occurring on the same AXR namespace which you plan to convert. If there is store/retrieve operation occurring on a particular namespace, wait for the operation to complete.
- Execute the command
fsobjcfg
and retrieve the media ID of the AXR namespace to be converted. - Stop TSM.
- Refer to the documentation in the section titled Converting an AXR Namespace to an S3 Bucket located within the Lattus Service Reference Guide (Part Number 6-67798-07). Log into the Lattus controller to perform the conversion.
-
After the Lattus conversion is complete from Step 2, execute the following commands using the StorNext MDC CLI:
- Add a S3 connection endpoint via the StorNext GUI or the
fsobjcfg
command line. At least one S3 iopath is needed to access these S3 buckets under the same appliance:
#/usr/adic/TSM/exec/fsobjcfg -a -o iopath_alias -i connection_endpoint -e http -t S3 -n controller_node_alias- Change the AXR namespace name and media type:
# fsobjcfg -m -b NameSpace -t S3 -U <S3_bucket_username> -P <S3_bucket_passwpord> -X -f <Media-ID> - Add a S3 connection endpoint via the StorNext GUI or the
using the NameSpace
value from Step 2 and the Media-ID
value from Step 1a.
- Modify the file
/usr/adic/TSM/config/filesize.config
and change LATTUS to S3 for the media ID corresponding to the converted namespace. Alternatively, you can achieve the same result using the StorNext GUI by changing the fspolicy’s steering information from Lattus to S3.
Note: To use the StorNext GUI, TSM should be available.
- Start TSM.
- Verify the store and retrieve are working as expected with converted media type.
- Use the command
fsfileinfo -u
to verify the object URL reflects (S3) for every file stored before or after the conversion.
Setting up S3COMPAT Object Storage Destinations on a StorNext Configuration
Storage Manager supports a rich set of features for AWS S3 compatible cloud storage providers including:
- HTTP and HTTPS access to AWS S3 compatible buckets
- AWS Signature Version 2 (V2) and Version 4 (V4)
- AWS Standard authentication that makes use of either your AWS Identity and Access Management (IAM) Access Key Id and Secret Access Key or your user name and password
The following S3 compatible providers are supported by Storage Manager for the S3COMPAT media type:
- IBM Cleversafe
- StorageGRID Webscale
- Scality RING
When you configure the Object Storage Destination for one of these providers, select the provider that matches your actual Object Storage system.
Follow this procedure to view a list of currently configured S3COMPAT Object Storage destinations.
- On the Configuration menu, click Storage Destinations.
- Click the Object Storage tab. Providers using the S3COMPAT media type are listed along with other object storage providers in the Object Storage tab. For each configured destination, the screen displays the Name, Provider, Appliance State (Online or Offline), Controller State, I/O Path State, Manager host address, Containers count, Controllers count, I/O Paths count, and File Count.
- Select the S3COMPAT Object Storage destination whose information you want to view.
- Click View....
- When you are finished viewing the destination information, click Done.
Follow this procedure to add a new S3COMPAT Object Storage destination.
- Ensure that the S3 buckets that you are configuring with Storage Manager, have been created on your Object Storage system and that you know the names, connection endpoint, Access Key Id, and Secret Access Key to your buckets.
Note: Note: If you plan to use HTTPS, you may have to create or import a security certificate prior to creating a S3COMPAT Object Storage destination. Follow the documentation from your S3 Object Storage system's vendor to set this up on your Object Storage system. Also, see HTTPS Default CA ROOT Certificate File or Path for additional information on how to configure your customized CA PEM files on your StorNext system.
- If you have not already done so, on the Configuration menu, click Storage Destinations.
- Click the Object Storage tab.
- Click New.... The page is updated and displays various configuration prerequisites. If any of the configuration prerequisites are required, click Cancel and configure them before returning to this page. Otherwise, click Continue....
- Enter the appropriate value into the following parameters:
Parameter | Description |
---|---|
Name |
Enter the name of the new S3COMPAT Object Storage destination |
Provider |
Select one of the S3COMPAT providers from the drop-down list that matches your Object Storage system.
|
Manager Host |
Enter the host address for the S3COMPAT Object Storage manager host. |
Manager Port |
Enter a decimal integer to specify the port number of the S3COMPAT Object Storage Host's port. The default port number is 80. |
Manager Protocol |
Select the HTTP or HTTPS protocol. Note: Note: If you plan to use HTTPS, you may have to create or import a security certificate prior to creating a S3COMPAT Object Storage destination. Follow the documentation from your S3 Object Storage system's vendor to set this up on your Object Storage system. Also, see HTTPS Default CA ROOT Certificate File or Path for additional information on how to configure your customized CA PEM files on your StorNext system. |
Authentication |
This parameter does not apply to the S3COMPAT Object Storage Destination. Leave it at the default Disabled. |
User Name |
This parameter does not apply to the S3COMPAT Object Storage Destination. Leave it at the default blank. |
Password |
This parameter does not apply to the S3COMPAT Object Storage Destination. Leave it at the default blank. |
- In the Controllers section, click Add and then specify the following to add a controller:
Parameter | Description |
---|---|
Name |
Enter the name of the controller. |
Max Streams |
By default, the maximum number of concurrent I/O streams per controller is 48. This can be changed by selecting the desired value from the Max Streams drop-down list. |
- In the I/O Paths section, click Add and then specify the following to add an I/O path:
If you are not using an IP address as an endpoint to Scality, the default Host name endpoint for Scality is to emulate Amazon AWS S3 (for example, s3.amazonaws.com). This configuration is provided in the config.json
file on the Scality host. Using any other host name as an endpoint (for example, my-scality.host.com) does not work even if the name resolves to the correct IP adddress. Scality rejects the request with the error message HTTP/1.1 400 Bad Request
. If you want to use the hostname configured by default on Scality, you can configure your server to use s3.amazonaws.com as the endpoint. However, ensure that the name resolves to the IP address of your Scality host.
If your Scality host's IP address is 10.65.191.2
, you can resolve s3.amazonaws.com by having the following entry in your /etc/hosts
file:
If you want to use a DNS name that is not the default on Scality, modify the config.json
file on the scality host:
"localregion": ["my-scality.host.com"]
And have an entry in your /etc/hosts
file that resolves it correctly:
Quantum recommends you consult your Scality vendor for further guidance.
Parameter | Description |
---|---|
Name |
Enter the unique name of the I/O path. If you do not have unique names, the "Already exists in the Tertiary Manager system. Duplicate component alias names are not allowed." error message appears. |
Controller Name |
Select the name of the controller associated with the new I/O path. |
Media Type (New in StorNext 5 release 5.4) |
This parameter specifies the object storage media type assigned to a namespace that is associated with a specific Object Storage API. Select S3COMPAT from the drop-down list. |
URL Style |
There are two ways to format the URL:
This parameter defines which style of URL to use. |
Object Access Protocol |
Select the protocol to be used for S3COMPAT Object Storage object access. By default, the protocol is set to http. |
Host[:Port] |
Enter the connection endpoint address that contains the host name or IP address, with the optional port number separated by a colon ":". If the port number is not specified, the default (80 for http, 443 for https) is assumed. Connection endpoints must be unique (for additional information, see Using the Host name to configure the I/O Path for the provider Scality RING. |
- In the Containers section, perform one of the following:
- On the Container Selection list, click Scan or Manual. This parameter gives you the option to either scan the available container or enter the container name manually. If you select Scan, check the Use different credentials box and enter the username (the Access Key ID) and password (the Secret Access Key). You are then presented with a pre-populated list of available containers when you add a container. If you select Manual, you are presented with a text box to manually enter the name of the container. To view or add S3 buckets, on the Tools menu, click S3 Buckets.
Click Add and then specify the following to add a container:
Parameter | Description |
---|---|
Container | Select (Scan mode), or enter (Manual mode) the name of your S3 bucket. |
Media ID | Enter the StorNext Media ID associated with the selected container. The Media ID must be unique. |
Media Type | Select S3COMPAT from the drop-down list. |
Storage Class | This parameter should be left at none as it is not applicable to S3COMPAT media |
Signing Type |
This parameter specifies the signing type for the requests sent to the S3COMPAT Object Storage server. Available values include V2 and V4. In order to use V4, the server must support V4 signing for both AWS full payload and chunked uploading. Note: When configuring the signing type for containers from the provider Scality RING, set this parameter at V2, until Scality supports V4 chunked uploading. |
Authentication Type | This parameter specifies the authentication type for the container being configured. An authentication type is required for all S3COMPAT media. Use the default value of STANDARD, which authenticates with an Access Key ID and Secret Access Key. |
User Name | Enter the Access Key Id for this container. |
Password | Enter the Secret Access Key for this container. |
Copy Number | Select the copy number (1-4) assigned to the container. The copy number can be changed if no data has been written to the media. |
Policy Class | This parameter specifies the policy class that has the exclusive use of the container being configured. If left at System Blank, no policy class association is set for the container and the container can be used by all policy classes. To configure this parameter, select one of the pre-defined policy classes from the drop-down list for the Policy Class option. See How to Route File Copies to a Specific Object Storage Namespace for additional details. |
Note: If no data has been written to a controller, I/O path, or container, click Delete to remove the item, and then click Apply to save the changes.
-
(Optional) Repeat Step 8 to add more containers to the same S3COMPAT Object Storage Destination.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
(Optional) Repeat Step 4 through Step 10 to add additional S3COMPAT Object Storage Destinations.
Follow this procedure to edit an existing S3COMPAT Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the S3COMPAT Object Storage destination whose information you want to edit.
-
Click Edit....
-
To edit a field, type directly in the field (for example, type a new name and IP address for an I/O path), or select another option from the drop-down list.
Note: To return to the last saved configuration for a controller, I/O path, or namespace, click Reset.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
When a confirmation message appears, click Yes to proceed, or No to abort.
-
After a message informs you that the S3COMPAT Object Storage destination was successfully modified, click OK.
Follow this procedure to delete an existing S3COMPAT Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the S3COMPAT Object Storage destination you want to delete.
-
Click Delete.
-
When a confirmation message appears, click Yes to proceed with the deletion or No to abort.
-
After a message informs you that the Object Storage destination was successfully deleted, click OK.
Setting up AWS Object Storage Destinations on a StorNext configuration
Storage Manager supports a rich set of features for Amazon Web Service (AWS) Simple Storage Service (S3) Cloud Storage including:
- HTTP and HTTPS access to AWS S3 buckets, though HTTPS is the recommended protocol for access AWS S3 buckets
- AWS Signature Version 2 (V2) and Version 4 (V4)
- Multiple AWS authentication types including:
- AWS Standard authentication that makes use of your AWS Identity and Access Management (IAM) Access Key Id and Secret Access Key, for AWS public cloud and GovCloud
- AWS Security Token Service (STS) authentication for AWS public cloud and GovCloud
- AWS Commercial Cloud Service (C2S) Access Portal (CAP) authentication for AWS FedCloud
- Multiple AWS storage classes including standard, standard_ia, and glacier
Follow this procedure to view a list of currently configured AWS Object Storage destinations.
- On the Configuration menu, click Storage Destinations.
- Click the Object Storage tab. Information for any previously configured AWS Object Storage destinations is shown as entries that have AWS listed as the Provider. For each configured destination, the screen displays the Name, Provider, Appliance State (Online or Offline), Controller State, I/O Path State, Manager host address, Containers count, Controllers count, I/O Paths count, and File Count.
- Select the AWS Object Storage destination whose information you want to view.
- Click View....
- When you are finished viewing the destination information, click Done.
Prior to configuring the AWS Object Storage Destinations with Storage Manager for AWS STANDARD authentication, complete the following two steps, which apply to both AWS public cloud and GovCloud:
- Have your AWS IAM Access Key Id and Secret Access Key ready.
- Ensure that the S3 buckets that you are configuring with Storage Manager have been created with AWS and that you know the names and the AWS region endpoint of your buckets.
See http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html for details on AWS GovCloud (US) Endpoints.
Follow this procedure to add a new AWS Object Storage destination that uses STANDARD authentication.
- If you have not already done so, on the Configuration menu, click Storage Destinations.
- Click the Object Storage tab.
- Click New.... The page is updated and displays various configuration prerequisites. If any of the configuration prerequisites are required, click Cancel and configure them before returning to this page. Otherwise, click Continue....
- Enter the appropriate value into the following parameters:
Parameter | Description |
---|---|
Name |
Enter the name of the new AWS Object Storage destination |
Provider |
Select AWS from the Provider list. |
Manager Host |
Enter s3.amazonaws.com for the AWS Object Storage Manager Host's address. |
Manager Port |
Enter 443 for the AWS Object Storage Manager Host's port. |
Manager Protocol |
Select HTTPS. |
Authentication Type |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default Disabled. |
User Name |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default blank. |
Password |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default blank. |
- In the Controllers section, click Add and then specify the following to add a controller:
Parameter | Description |
---|---|
Name |
Enter the name of the controller. |
Max Streams |
By default, the maximum number of concurrent I/O streams per controller is 48. This can be changed by selecting the desired value from the Max Streams drop-down list. |
- In the I/O Paths section, click Add and then specify the following to add an I/O path:
Parameter | Description |
---|---|
Name |
Enter the unique name of the I/O path. If you do not have unique names, the "Already exists in the Tertiary Manager system. Duplicate component alias names are not allowed." error message appears. |
Controller Name |
Select the name of the controller associated with the new I/O path. |
Media Type (New in StorNext 5 release 5.4) |
This parameter specifies the object storage media type assigned to a namespace that is associated with a specific Object Storage API. Select AWS from the drop-down list. |
URL Style |
Select VHOST from the drop-down list. |
Object Access Protocol |
This specifies the network protocol to be used for the host. Select HTTPS from the drop-down list. |
Host[:Port] |
Enter the AWS region endpoint for your S3 bucket. For example:
|
- In the Containers section, perform the following:
- Leave the Container Selection at the default Manual.
- Click Add and then specify the following to add a container:
Parameter | Description |
---|---|
Container | Enter the name of your S3 bucket. |
Media ID | Enter the StorNext Media ID associated with the selected container. The Media ID must be unique. |
Media Type | Select AWS from the drop-down list. |
Storage Class | This parameter specifies the storage class of your S3 bucket's lifecycle property. Make sure that this value always matches that configured for the S3 bucket itself. Available values include standard, standard_ia, and glacier. Most configurations use the default standard storage class. |
Signing Type | This parameter specifies the signing type for the requests sent to the AWS Object Storage server. Available values include V2 and V4 (default). |
Authentication Type |
This parameter specifies the authentication type for the container being configured. Available values include:
Select the default STANDARD since you are configuring the container to use STANDARD authentication. |
User Name | Enter the Access Key Id for this container. |
Password | Enter the Secret Access Key for this container. |
Copy Number | Select the copy number (1-4) assigned to the container. The copy number can be changed if no data has been written to the media. |
Policy Class | This parameter specifies the policy class that has the exclusive use of the container being configured. If left at System Blank, no policy class association is set for the container and the container can be used by all policy classes. To configure this parameter, select one of the pre-defined policy classes from the drop-down list for the Policy Class option. See How to Route File Copies to a Specific Object Storage Namespace for additional details. |
Note: If no data has been written to a controller, I/O path, or container, click Delete to remove the item, and then click Apply to save the changes.
-
(Optional) Repeat Step 7 to add more containers to the same AWS Object Storage Destination.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
(Optional) Repeat Step 3 through Step 9 to add additional AWS Object Storage Destinations.
Prior to configuring the AWS Object Storage Destinations with Storage Manager for AWS STS authentication, complete the following three steps, which apply to both AWS public cloud and GovCloud:
- Have your AWS IAM Access Key Id and Secret Access Key ready.
- Ensure that the S3 buckets, to be configured in Storage Manager, exist and you know both the name and the AWS region for each.
See http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html for details on AWS GovCloud (US) Endpoints.
- Ensure that the IAM roles and their managed policies have been defined for your S3 buckets with AWS and that you know the roles' Amazon Resource Name (ARN). Table 1 provides an example of a role's managed policy that Storage Manager recommends.
Note: The Action "s3:RestoreObject
" is only required if you are using Glacier Storage Class for your S3 bucket's life-cycle property.
Follow this procedure to add a new AWS Object Storage destination that uses STS authentication.
- If you have not already done so, on the Configuration menu, click Storage Destinations.
- Click the Object Storage tab.
- Click New.... The page is updated and displays various configuration prerequisites. If any of the configuration prerequisites are required, click Cancel and configure them before returning to this page. Otherwise, click Continue....
- Enter the appropriate value into the following parameters:
Parameter | Description |
---|---|
Name |
Enter the name of the new AWS Object Storage destination |
Provider |
Select AWS from the Provider list. |
Manager Host |
Enter s3.amazonaws.com for the AWS Object Storage Manager Host's address. |
Manager Port |
Enter 443 for the AWS Object Storage Manager Host's port. |
Manager Protocol |
Select HTTPS. |
Authentication Type |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default Disabled. |
User Name |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default blank. |
Password |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default blank. |
- In the Controllers section, click Add and then specify the following to add a controller:
Parameter | Description |
---|---|
Name |
Enter the name of the controller. |
Max Streams |
By default, the maximum number of concurrent I/O streams per controller is 48. This can be changed by selecting the desired value from the Max Streams drop-down list. |
- In the I/O Paths section, click Add and then specify the following to add an I/O path:
Parameter | Description |
---|---|
Name |
Enter the unique name of the I/O path. If you do not have unique names, the "Already exists in the Tertiary Manager system. Duplicate component alias names are not allowed." error message appears. |
Controller Name |
Select the name of the controller associated with the new I/O path. |
Media Type (New in StorNext 5 release 5.4) |
This parameter specifies the object storage media type assigned to a namespace that is associated with a specific Object Storage API. Select AWS from the drop-down list. |
URL Style |
Select VHOST from the drop-down list. |
Object Access Protocol |
This specifies the network protocol to be used for the host. Select HTTPS from the drop-down list. |
Host[:Port] |
Enter the AWS region endpoint for your S3 bucket. For example:
|
- In the Containers section, perform the following:
- Leave the Container Selection at the default Manual.
- Click Add and then specify the following to add a container:
Parameter | Description |
---|---|
Container | Enter the name of your S3 bucket. |
Media ID | Enter the StorNext Media ID associated with the selected container. The Media ID must be unique. |
Media Type | Select AWS from the drop-down list. |
Storage Class | This parameter specifies the storage class of your S3 bucket's life-cycle property.Make sure that this value always matches that configured for the S3 bucket itself. Available values include standard, standard_ia, and glacier. Most configurations use the default standard storage class. |
Signing Type | This parameter specifies the signing type for the requests sent to the AWS Object Storage server. Available values include V2 and V4 (default). |
Authentication Type |
This parameter specifies the authentication type for the container being configured. Available values include:
Since you are configuring your bucket to use STS authentication, select STS_PUBLIC if your bucket is in AWS public clould. Select STS_GOVCLOUD if your bucket is in AWS GovCloud. |
Role | This parameter specifies the Amazon Resource Name (ARN) of the IAM role to assume for obtaining temporary credentials. Enter the IAM role's ARN defined to access this container. |
Role Duration | This parameter specifies the duration, in seconds, of the role session or temporary credentials. The value must be in the range 900 to 3600. A default value of 3600 seconds is used if a role duration is not specified. |
Authentication Endpoint | This parameter specifies an alternate authentication endpoint , which is used to override the default STS server for the AWS public or GovCloud region. Otherwise, leave it at the default blank. |
User Name | Enter the Access Key Id for this container. |
Password | Enter the Secret Access Key for this container. |
Copy Number | Select the copy number (1-4) assigned to the container. The copy number can be changed if no data has been written to the media. |
Policy Class | This parameter specifies the policy class that has the exclusive use of the container being configured. If left at System Blank, no policy class association is set for the container and the container can be used by all policy classes. To configure this parameter, select one of the pre-defined policy classes from the drop-down list for the Policy Class option. See How to Route File Copies to a Specific Object Storage Namespace for additional details. |
Note: If no data has been written to a controller, I/O path, or container, click Delete to remove the item, and then click Apply to save the changes.
-
(Optional) Repeat Step 7 to add more containers to the same AWS Object Storage Destination.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
(Optional) Repeat Step 3 through Step 9 to add additional AWS Object Storage Destinations.
If you use CAP authentication, complete the following six steps prior to configuring an object storage destination:
- Ensure that the S3 buckets, to be used byStorage Manager, have been created with AWS FedCloud (C2S account) and that you know the name and the AWS region endpoint of each bucket.
- Ensure that the IAM roles and their managed policies have been defined for your S3 buckets with AWS FedCloud (C2S account). See Table 1 for an example of a managed policy which includes the required capabilities of the role.
- Ensure that you have the following information:
- The IAM role associated with your C2S account.
- The agency associated with your C2S account.
- The mission associated with your C2S account.
- Your CAP server connection endpoint.
- Your customized certificate authority (CA) file in PEM format.
- Your X.509 client certificate in PEM format, and any applicable private key file or passphrase.
- Add the following Storage Manager sysparms to the file
/usr/adic/TSM/config/fs_sysparm_override
on the StorNext system to enable Storage Manager to communicate with the CAP server:FS_OBJSTORAGE_C2S_CAP_HOSTPORT
identifies the connection endpoint for the CAP server and can be configured as follows:
- FS_OBJSTORAGE_CAPATH identifies the directory in which the issuer's certificate authority (CA) can be found if it is not already included in the operating system's default trusted root certificate file.
Note: The certificate should be in PEM format.
For example, the certificate can be copied to /usr/cvfs/config/ssl
and configured as follows:
Note: If your customized CA PEM file contains more than one certificate, we recommend that you append the content of your customized CA PEM file to your operating system's default CA bundle and to NOT use sysparm FS_OBJSTORAGE_CAPATH
to set the location of your customized CA PEM file. Otherwise, you could split your CA PEM file into multiple CA PEM files, each of which contains a single CA certificate, and use sysparm FS_OBJSTORAGE_CAPATH
to set the location of your newly split single certificate CA PEM files. See HTTPS Default CA ROOT Certificate File or Path for additional information on how to configure your customized CA PEM files.
FS_OBJSTORAGE_CLIENTCERT
identifies the location of the X.509 client certificate installed on the system for the CAP server to authenticate.
Note: The certificate should be in PEM format.
For example, the client certificate can be copied to /usr/cvfs/config/ssl/client-cert-filepath
, and configured as follows:
FS_OBJSTORAGE_CLIENTKEY
which sets the location of the client private key if the client private key is kept separately from (for example, not included in) the client certificate file. This parameter can be configured as follows:
FS_OBJSTORAGE_CLIENTKEY_PASS
which specifies the passphrase used to protect the client private key and can be configured as follows:
- Execute the following command to generate the hash for your certificates:
- Restart TSM to allow the system parameter changes to take effect.
Note: You can also use the GUI's
Follow this procedure to add a new AWS Object Storage destination that uses CAP authentication.
- If you have not already done so, on the Configuration menu, click Storage Destinations.
- Click the Object Storage tab.
- Click New.... The page is updated and displays various configuration prerequisites. If any of the configuration prerequisites are required, click Cancel and configure them before returning to this page. Otherwise, click Continue....
- Enter the appropriate value into the following parameters:
Parameter | Description |
---|---|
Name |
Enter the name of the new AWS Object Storage destination |
Provider |
Select AWS from the Provider list. |
Manager Host |
Enter s3.amazonaws.com for the AWS Object Storage Manager Host's address. |
Manager Port |
Enter 443 for the AWS Object Storage Manager Host's port. |
Manager Protocol |
Select HTTPS. |
Authentication Type |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default Disabled. |
User Name |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default blank. |
Password |
This parameter does not apply to AWS Object Storage Destination. Leave it at the default blank. |
- In the Controllers section, click Add and then specify the following to add a controller:
Parameter | Description |
---|---|
Name |
Enter the name of the controller. |
Max Streams |
By default, the maximum number of concurrent I/O streams per controller is 48. This can be changed by selecting the desired value from the Max Streams drop-down list. |
- In the I/O Paths section, click Add and then specify the following to add an I/O path:
Parameter | Description |
---|---|
Name |
Enter the unique name of the I/O path. If you do not have unique names, the "Already exists in the Tertiary Manager system. Duplicate component alias names are not allowed." error message appears. |
Controller Name |
Select the name of the controller associated with the new I/O path. |
Media Type (New in StorNext 5 release 5.4) |
This parameter specifies the object storage media type assigned to a namespace that is associated with a specific Object Storage API. Select AWS from the drop-down list. |
URL Style |
Select VHOST from the drop-down list. |
Object Access Protocol |
This specifies the network protocol to be used for the host. Select HTTPS from the drop-down list. |
Host[:Port] |
Enter the AWS region endpoint for your S3 bucket. |
- In the Containers section, perform the following:
- Leave the Container Selection at the default Manual.
- Click Add and then specify the following to add a container:
Parameter | Description |
---|---|
Container | Enter the name of your S3 bucket. |
Media ID | Enter the StorNext Media ID associated with the selected container. The Media ID must be unique. |
Media Type | Select AWS from the drop-down list. |
Storage Class | This parameter specifies the storage class of your S3 bucket's lifecycle property. Make sure that this value always matches that configured for the S3 bucket itself. Available values include standard, standard_ia, and glacier. Most configurations use the default standard storage class. |
Signing Type | This parameter specifies the signing type for the requests sent to the AWS Object Storage server. Available values include V2 and V4 (default). |
Authentication Type |
This parameter specifies the authentication type for the container being configured. Available values include:
Select CAP since you are configuring the container to use CAP authentication. |
Role | This parameter specifies the IAM role associated with the target C2S account for obtaining temporary credentials. Enter the IAM role associated with your C2S account to access this container. |
Role Duration | This parameter specifies the duration, in seconds, of the role session or temporary credentials. The value must be in the range 900 to 3600. A default value of 3600 seconds is used if a role duration is not specified. |
CAP Agency | This parameter specifies the CAP agency associated with the target C2S account for obtaining temporary credentials. Enter the agency associated with your C2S account for this container. |
CAP Mission | This parameter specifies the CAP mission associated with the target C2S account for obtaining temporary credentials. Enter the mission associated with your C2S account for this container. |
Copy Number | Select the copy number (1-4) assigned to the container. The copy number can be changed if no data has been written to the media. |
Policy Class | This parameter specifies the policy class that has the exclusive use of the container being configured. If left at System Blank, no policy class association is set for the container and the container can be used by all policy classes. To configure this parameter, select one of the pre-defined policy classes from the drop-down list for the Policy Class option. See How to Route File Copies to a Specific Object Storage Namespace for additional details. |
Note: If no data has been written to a controller, I/O path, or container, click Delete to remove the item, and then click Apply to save the changes.
-
(Optional) Repeat Step 7 to add more containers to the same AWS Object Storage Destination.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
(Optional) Repeat Step 3 through Step 9 to add additional AWS Object Storage Destinations.
Follow this procedure to edit an existing AWS Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the AWS Object Storage destination whose information you want to edit.
-
Click Edit....
-
To edit a field, type directly in the field (for example, type a new name and IP address for an I/O path), or select another option from the drop-down list.
Note: To return to the last saved configuration for a controller, I/O path, or namespace, click Reset.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
When a confirmation message appears, click Yes to proceed, or No to abort.
-
After a message informs you that the AWS Object Storage destination was successfully modified, click OK.
Follow this procedure to delete an existing AWS Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the AWS Object Storage destination you want to delete.
-
Click Delete.
-
When a confirmation message appears, click Yes to proceed with the deletion or No to abort.
-
After a message informs you that the Object Storage destination was successfully deleted, click OK.
Setting up Azure Object Storage Destinations on a StorNext Configuration
Storage Manager has Object Storage support for Microsoft Azure Cloud Services that includes:
- HTTP and HTTPS access to Microsoft Azure containers, though HTTPS is the recommended protocol for access Azure containers
- Append blob storage service
Follow this procedure to view a list of currently configured Azure Object Storage destinations.
- On the Configuration menu, click Storage Destinations.
- Click the Object Storage tab. Information for any previously configured Azure Object Storage destinations is shown as entries that have Microsoft Azure listed as the Provider. For each configured destination, the screen displays the Name, Provider, Appliance State (Online or Offline), Controller State, I/O Path State, Manager host address, Containers count, Controllers count, I/O Paths count, and File Count.
- Select the Azure Object Storage destination whose information you want to view.
- Click View....
- When you are finished viewing the destination information, click Done.
Follow this procedure to add a new Azure Object Storage destination.
- Ensure that the Azure containers that you are configuring with Storage Manager, have been created with Microsoft Azure Cloud Services; and that you know the Storage Account Name, Storage Access Key, and names of your Azure containers.
- If you have not already done so, on the Configuration menu, click Storage Destinations.
- Click the Object Storage tab.
- Click New.... The page is updated and displays various configuration prerequisites. If any of the configuration prerequisites are required, click Cancel and configure them before returning to this page. Otherwise, click Continue....
- Enter the appropriate value into the following parameters:
Parameter | Description |
---|---|
Name |
Enter the name of the new Azure Object Storage destination |
Provider |
Select Microsoft Azure from the Provider list. |
Manager Host |
Enter portal.azure.com for the Azure Object Storage Manager Host's address. |
Manager Port |
Enter 443 for the Azure Object Storage Manager Host's port. |
Manager Protocol |
Select HTTPS. |
Authentication Type |
This parameter does not apply to Azure Object Storage Destination. Leave it at the default Disabled. |
User Name |
This parameter does not apply to Azure Object Storage Destination. Leave it at the default blank. |
Password |
This parameter does not apply to Azure Object Storage Destination. Leave it at the default blank. |
- In the Controllers section, click Add and then specify the following to add a controller:
Parameter | Description |
---|---|
Name |
Enter the name of the controller. |
Max Streams |
By default, the maximum number of concurrent I/O streams per controller is 48. This can be changed by selecting the desired value from the Max Streams drop-down list. |
- In the I/O Paths section, click Add and then specify the following to add an I/O path:
Parameter | Description |
---|---|
Name |
Enter the unique name of the I/O path. If you do not have unique names, the "Already exists in the Tertiary Manager system. Duplicate component alias names are not allowed." error message appears. |
Controller Name |
Select the name of the controller associated with the new I/O path. |
Media Type (New in StorNext 5 release 5.4) |
This parameter specifies the object storage media type assigned to a namespace that is associated with a specific Object Storage API. Select Azure from the drop-down list. |
URL Style |
Leave the URL style at the default PATH. |
Object Access Protocol |
This specifies the network protocol to be used for the host. Select HTTPS from the drop-down list. |
Host[:Port] |
Enter blob.core.windows.net for the I/O path’s connection endpoint to your Azure containers. |
- In the Containers section, perform one of the following:
- On the Container Selection list, click Scan or Manual. This parameter gives you the option to either scan the available container or enter the container name manually.
- If you select Scan, check the Use different credentials box and enter the username (the Azure Storage Account Name) and a password (the Azure Storage Access Key). The page displays a pre- populated list of available containers when you add container.
- If you select Manual, the page displays a text box to manually enter the name of the container.
- Click Add and then specify the following to add a container:
Parameter Description Container Select (Scan mode) or enter (Manual mode) the name of your Azure container. Media ID Enter the StorNext Media ID associated with the selected container. The Media ID must be unique. Media Type Select Azure from the drop-down list. Storage Class This parameter specifies the storage class for the Azure Object Storage media. Leave it at the default azure_append_blob. Signing Type This parameter specifies the signing type for the requests sent to the Azure Object Storage server. Leave it at the default azure. Authentication Type This parameter specifies the authentication type for the container being configured. Use the default value of STANDARD, which authenticates with the Storage Account Name and Storage Access Key.
Account Name Enter the Azure Storage Account Name for this container. Key Enter the Azure Storage Access Key for this container. Copy Number Select the copy number (1-4) assigned to the container. The copy number can be changed if no data has been written to the media. Policy Class This parameter specifies the policy class that has the exclusive use of the container being configured. If left at System Blank, no policy class association is set for the container and the container can be used by all policy classes. To configure this parameter, select one of the pre-defined policy classes from the drop-down list for the Policy Class option. See How to Route File Copies to a Specific Object Storage Namespace for additional details. - On the Container Selection list, click Scan or Manual. This parameter gives you the option to either scan the available container or enter the container name manually.
-
Note: If no data has been written to a controller, I/O path, or container, click Delete to remove the item, and then click Apply to save the changes.
- (Optional) Repeat Step 8 to add more containers to the same Azure Object Storage Destinations.
- Click Apply to save your changes, or Cancel to exit without saving.
- (Optional) Repeat Step 4 through Step 10 to add additional Azure Object Storage Destinations.
Follow this procedure to edit an existing Azure Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the Azure Object Storage destination whose information you want to edit.
-
Click Edit....
-
To edit a field, type directly in the field (for example, type a new name and IP address for an I/O path), or select another option from the drop-down list.
Note: To return to the last saved configuration for a controller, I/O path, or namespace, click Reset.
-
Click Apply to save your changes, or Cancel to exit without saving.
-
When a confirmation message appears, click Yes to proceed, or No to abort.
-
After a message informs you that the Azure Object Storage destination was successfully modified, click OK.
Follow this procedure to delete an existing Azure Object Storage destination.
-
If you have not already done so, on the Configuration menu, click Storage Destinations.
-
Click the Object Storage tab.
-
Select the Azure Object Storage destination you want to delete.
-
Click Delete.
-
When a confirmation message appears, click Yes to proceed with the deletion or No to abort.
-
After a message informs you that the Object Storage destination was successfully deleted, click OK.
Change the Current State of Object Storage Destinations, Controllers, and I/O Paths
You can also change the current state of existing Object Storage destinations, controllers, and I/O paths. To change the state, select the Object Storage destination, and then choose one of these options from the Select Action drop-down list:
Parameter | Description |
---|---|
Online |
Select this option to set the Object Storage destination online. |
Offline |
Select this option to take the Object Storage destination offline. |
Controllers Online |
Select this option to set the controllers online. |
Controllers Offline |
Select this option to take the controllers offline. |
I/O Paths Online |
Select this option to set the I/O Paths online. |
I/O Paths Offline |
Select this option to take the I/O Paths offline. |