VPSA Object Storage Settings

General settings

VPSA Object Storage settings is a list of configuration settings. Some are displayed for information purposes only, other can be modified. To change a setting parameter click the edit link next to it.

image74

Public IP: (read only)

An IP address that allows access to the VPSA Object Storage system from the Internet. Assigning Public IP is done via the Zadara Provisioning Portal, as described here Assigning Public IPs (VPSA Object Storage Admin). In order to access the Object Storage over the Public IP, make sure to set the VPSA Object Storage API IP to the assigned Public IP or to set the VPSA Object Storage API Hostname to its registered domain.

API Endpoint: (read only)

The effective address for VPSA Object Storage REST API for all IO requests. It depends on the setting of the VPSA Object Storage API IP and VPSA Object Storage API Hostname, below.

Auth Endpoint: (read only)

The effective address for VPSA Object Storage REST API for all authentication requests. This field depends on the setting of the VPSA Object Storage API IP and VPSA Object Storage API Hostname, below. Starting from version 19.08 the deafult suppoted authenction for Openstack Swift client is Keystone v3 authenction. The support for Keystone v2 was deprecated.

API Hostname:

VPSA Object Storage FQDN.

Note

For the VPSA Object Storage API Hostname either static IP, or FQDN must be given.

Floating FE IP: (read only)

The floating frontend IP address used by the Object Storage.

Proxy VC IP: (read only)

The Object Storage VC’s IP frontend addresses.

Load Balancer Group IP: (read only) List the LBG IP addresses (in case the Elastic Load Balancer is enabled)

Allow Tenant Name In URL: Allow specifying the tenant name in the URL passed in the API instead of its ID. (Default: No)

Gradual Policy Expansion: The “Drive Addition Step” will enforce gradual disk addition to a given policy, expanding a data policy gradually will reduce the impact of the Data Policy performance throughout the expansion process. The Object Storage administrator may adjust the drive additon step to expedite the expansion process. (Default: 10%)

Region:

For AWS v4 signature, “region” (also called bucket_location) must be specified for the signature to work. Default is US. Some S3 compatiable object storage clients expect to have us-east-1 as the default region, in such case the Object Storage administrator is required to adjust the Object Storage region accordingly.

Security settings

image76

Password Policy:

VPSA Admin can control the VPSA Password expiration policy and password history policy.

Dual Factor Authentication: Enforce Dual Factor Authentication for all users.

Cloud Admin Access:

This sets the cloud admin’s VPSA GUI access (via the Command Center), to Enabled/Disabled status.

Upload SSL Certificate: (Optional)

VPSA Object Storage REST API works over HTTPS with SSL certificate. VPSA Object Storage defaults to its built in SSL certificate (issued for zadarazios.com domain). In case the Object Storage administrator may want to use its own certificate, upload it in this section. The supported certificate format is “PEM”. SSL “PEM” certificate format, as defined in RFCs 1421 through 1424, is a concatenated certificate container files. It is expected that the Object Storage administrator will append the private-key to the certificate prior uploading it.

The resulting PEM should like like this:

-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: Intermediate.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: RootCertificate.crt)
-----END CERTIFICATE-----

Note

Make sure the certificate used is issued for the Hostname or IP specified in VPSA Object Storage endpoints listed above

Encryption:

This sets the encryption password for the Object Storage data-at-rest encryption.

For more information on encrypted containers see Encrypted Containers .

Swift Token Expiration

Swift token expiration can be set manually, default is one day (14,440 minutes).

SSL Termination:

Internal (default)/external. By default the HTTPS traffic enters the Object Storage proxy server and encryption/decryption is done internally. Users In case of an external load balancer, it is recommended to offload the SSL termination to the external load balancer, should select “external”. In this case the VPSA Object Storage expects HTTP traffic (not encrypted).

Pricing settings

image75

Currency:

Select the currency used for billing purposes. Supported currencies are:

  1. USD - USA Dollar

  2. GBP - Great Britain Pound

  3. EUR - Euro

  4. AUD - Australia Dollar

  5. KRW - South Korea Won

  6. JPY - Japan Yen

  7. CNY - China Yuan

Data Transfer Pricing:

If you want to charge your internal/external customers for the traffic going into and from VPSA Object Storage, you can specify your currency and pricing in the Setting>Pricing tab.

Storage Capacity Pricing:

Pricing for stored capacity depends on the storage Policy used. Therefore the capacity price is set per Policy as the price per GB per month. In case multiple Data Policies exist, a different pricing can be configured for each Data Policy.

Network settings

zios-settings-network

FE MTU Size: Modify the MTU size for the Frontend interface (1500 - Default, 2048, 4096, 9000)

Public MTU Size: Modify the MTU size for the Public interface (1500 - Default, 2048, 4096, 9000)

Load Balancer Mode: Toggle the internal load balancer & Zadara Elastic Load Balancer mode of operation:

  • Direct Server Return (default) - Recommended for scale. Packets from the Object Storage Virtual Controller bypass the load balancer, maximizing the egress throuphput.

  • NAT - The load balancer will be used as a gateway for all traffic from /to the object storage virtual controller.

Warning

Changing the Load Balancer mode of operation can be distruptive for existing clients workload.