Settings

Scope: Object Storage Administrator

The settings view is visible to administrators of the zios_admin account. These collections of settings are system-wide settings:

  1. General & Connectivity

  2. Security

  3. Pricing

  4. Network

General & Connectivity settings

Allow Tenant Name In URL

Allow specifying the tenant name (account name) in the URL passed in the API instead of its ID. (Default: No)

Example (account ID):

$ wget https://vsa-00000001-mycloud-01.zadara.com/v1/AUTH_8f9388c6dfdb4352ae411e3b4e655850/my-website/cat.png

Example (account name):

$ wget https://vsa-00000001-mycloud-01.zadara.com/v1/AUTH_webhosting/my-website/cat.png

Region

For AWS v4 signature, “region” (also called bucket_location) must be specified for the signature mechanism to work. (Default: us-east-1).

Note

The default value of the region setting was changed in Object Storage version 20.12 from US to us-east-1. Object Storages that were created prior to that version will not inherit the new region setting automatically.

The region settings in the S3 compatible object storage clients and the Object Storage should be identical.

API Error Alerts

The API Error Alert provides the ability to enable alerts for failed API requests (HTTP Codes 400, 403, 408, 500, 502, 503, 504) and the threshold for such alerts.

Default Status: Enabled Default Threshold: 1

Containers Virtual-Hosted Style Supported

While virtual-hosted style access is disabled by default, the Object Storage supports both path-style and virtual-hosted style.

In a virtual-hosted-style request, the container name is part of the domain name in the URL. Zadara’s Object Storage uses the following format:

https://<container-name>.<object storage id>-<cloud-id>.zadara.com/<key>

Example of virtual-hosted style URL:

https://office-images.vsa-00000001-mycloud-01.zadara.com/building.png

In a path-style URL, the container name will be used as part of the logical path of the URL, as in the following format:

https://<object storage id>-<cloud-id>.zadara.com/<container-name>/<key>

Example of path style URL:

https://vsa-00000001-mycloud-01.zadara.com/office-images/building.png

Important

Using Virtual-Hosted style access requires a proper DNS registration and matching SSL certificates, which are handled automatically by the Object Storage engine. However, if the Object Storage uses a custom SSL certificate and API hostname, the Object Storage administrator is required to ensure the compatibility of their certificates and DNS registration.

(Default: disabled)

Welcome message user information

New members and account administrators are provided with connectivity details post registration to the system. The connectivity details are send via email to the email address attached to their account.

As the object storage supports multiple network interfaces the object storage administrator can decide which network(s) information would be shared with their new users.

(Default: Front-End network)

Quota Alerts

Capacity usage limits can be configured as quotas per account. See Account Quota Management.

The Object Storage Administrator can receive alert notifications when reaching an account quota’s warning, emergency and 100% utilization thresholds.

  • Notify zios_admin with quota alerts:

    Enable or disable the quota alert notification service for the Object Storage Administrator.

    Default: Yes (enabled)

    Note

    The System > Account Management > Users > Object Storage Administrator > Notify On Events property must also be enabled for the Object Storage Administrator to receive quota notification alerts. See Notify On Events in Viewing Users Properties.

  • Quota Warning Alert Threshold:

    The percentage of quota utilization that triggers a warning notification.

    Default: 75%

  • Quota Emergency Alert Threshold:

    The percentage of quota utilization that triggers an emergency notification.

    Default: 90%

  • Alert frequency:

    The options for repeated notifications on reaching a threshold:

    • Single alert (default)

    • Once a day

See Account Admininstrator Quota Alerts to configure the system to issue alert notifications to the Account Administrator when the quota’s warning, emergency and 100% utilization thresholds are reached.

Connectivity Settings

Each consumer facing network interface is presented in this section (grouped by the network type). This section allows the admin to adjust the API hostname if a custom domain name is needed.

The Object Storage is provisioned with the Front End network interface and Public IP. Additional network interfaces can be assigned to the Object Storage.

Once additional network interfaces are assigned, their connectivity information is listed.

Front End network

  • Public IP: (read only)

    An IP address that allows access to the Object Storage system from the public internet. Assigning a Public IP is done via the Zadara Provisioning Portal, as described in Assigning Public IPs.

  • API Endpoint: (read only)

    The effective API endpoint address for Object Storage REST API for all IO requests.

  • Auth (authentication) Endpoint: (read only)

    The effective address for Object Storage API for authentication requests. The authentication endpoint value is derived from the API hostname.

    Starting from version 19.08 the default supported authentication for Openstack Swift client is Keystone v3 authentication.

    Important

    The support Keystone v2 authentication was deprecated.

  • API IP:

    The IP address of the Objects Storage host’s internal API Hostname, allowing access to the Object Storage system from within the local internal network only.

  • API Hostname:

    Object Storage FQDN (fully qualified domain name), accessible within the local internal network only.

    Note

    For the Object Storage API Hostname either static IP, or FQDN must be given.

  • Floating FE IP: (read only)

    The floating frontend IP address used by the Object Storage.

  • Proxy VC IP: (read only)

    The Object Storage Virtual Controllers IP frontend addresses.

Public network

Front End Network settings limit access to the Object Storage within the local internal network only.

Public Network settings enable access to the the Object Storage from anywhere on the public internet.

  • Public IP: (read only)

    The IP address that allows access to the Object Storage system from the public internet. Assigning a Public IP is done via the Zadara Provisioning Portal, as described in Assigning Public IPs.

  • Public API Hostname:

    The public Object Storage FQDN (fully qualified domain name), accessible from anywhere.

  • Public API Endpoint:

    The public API endpoint address for Object Storage REST API for all IO requests.

  • Public Auth Endpoint:

    The IP address for Object Storage API authentication requests from the public internet. The authentication endpoint’s value is derived from the Public API Hostname.

Security settings

Passwords Policy

The Object Storage Administrator can control the VPSA Password expiration policy and password history policy.

(Default: disabled)

Dual Factor Authentication

Enforce Dual Factor Authentication for all users. Once enabled, the Object Storage users will be required to set MFA.

(Default: disabled)

Cloud Admin Access

This sets the ability to access the cloud administrator Object Storage management interface (via Command Center).

(Default: enabled)

Upload SSL Certificate (Optional)

The Object Storage REST API works over HTTPS with an SSL certificate. Object Storage defaults to its built-in SSL certificate (issued for zadara.com domain). If the Object Storage administrator wants to use their own certificate, upload it in this section. The supported certificate format is “PEM”. SSL “PEM” certificate format, as defined in RFCs 1421 through 1424, is a concatenated certificate container file. It is expected that the Object Storage administrator will append the private-key to the certificate prior to uploading it.

The resulting PEM should look like this:

-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: Intermediate.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: RootCertificate.crt)
-----END CERTIFICATE-----

Important

When uploading a new SSL certificate, the Object Storage endpoints, API Hostname and API IP specified in both the Front End network and Public network sections in the General & Connectivity settings tab (System > Settings > General & Connectivity) must be updated, so that they comply with the new certificate.

Encryption

This sets the encryption password for the Object Storage data-at-rest encryption.

For more information on encrypted containers see Encrypted Containers .

Swift Token Expiration

Swift token expiration can be set manually, default is one day (1440 minutes).

SSL Termination

The Object Storage defaults to HTTPS clients connectivity. The SSL termination is conducted by the internal load balancer. However, if an external load balancer is used in-front of the Object Storage, SSL termination can be set to external which will assume HTTP traffic between the external load balancer and the Object Storage.

(Default: internal)

Pricing settings

Currency:

Select the currency used for billing purposes. Supported currencies are:

  1. USD - USA Dollar

  2. GBP - Great Britain Pound

  3. EUR - Euro

  4. AUD - Australia Dollar

  5. KRW - South Korea Won

  6. JPY - Japan Yen

  7. CNY - China Yuan

Data Transfer Pricing:

If you want to charge your internal/external customers for the traffic going into and from Object Storage, you can specify your currency and pricing in the Setting>Pricing tab.

<policy name> policy price:

Pricing for stored capacity depends on the storage policy used. Therefore the capacity price is set per policy as the price per GB per month. If multiple data policies exist, a different pricing can be configured for each data policy.

Network settings

FE MTU Size

Modify the MTU size for the Frontend interface (1500 - Default, 2048, 4096, 9000)

Public MTU Size

Modify the MTU size for the Public interface (1500 - Default, 2048, 4096, 9000)

Load Balancer Mode

Toggle the internal load balancer & Zadara Elastic Load Balancer mode of operation:

  • Direct Server Return (default) - Recommended for scale. Packets from the Object Storage virtual controller bypass the load balancer, maximizing the egress throughput.

  • NAT - The load balancer will be used as a gateway for all traffic from /to the Object Storage virtual controller.

Warning

Changing the Load Balancer mode of operation can be disruptive for existing clients workload.

Custom DNS Servers

A custom (private) DNS server can be set to allow proper name resolution of private domain names, this setting is useful while working with a Remote Authentication Provider.

  • Custom name servers name server IP, comma separated

  • DNS lookup domain (optional) - set the explicit domain name that will be searched using the custom name server