VPSA Object Storage Settings

The settings view is visible to administrators of the zios_admin account. These collections of settings are system-wide settings:

  1. General settings

  2. Security

  3. Pricing

  4. Network


General settings

Gradual Policy Expansion

The “Drive Addition Step” will enforce gradual disk addition to a given policy, expanding a data policy gradually will reduce the impact of the Data Policy performance throughout the expansion process. The Object Storage administrator may adjust the drive addition step to expedite the expansion process. (Default: 25%)

Allow Tenant Name In URL

Allow specifying the tenant name (account name) in the URL passed in the API instead of its ID. (Default: No)

Example (account ID):

$ wget https://vsa-00000001-mycloud-01.zadara.com/v1/AUTH_8f9388c6dfdb4352ae411e3b4e655850/my-website/cat.png

Example (account name):

$ wget https://vsa-00000001-mycloud-01.zadara.com/v1/AUTH_webhosting/my-website/cat.png


For AWS v4 signature, “region” (also called bucket_location) must be specified for the signature mechanism to work. (Default: us-east-1).


In default value of the region setting was changed in VPSA Object Storage version 20.12 from US to us-east-1. VPSA Object Storage that were created prior to that version will not inherit the new region setting automatically.

The region setting should be identical between the the S3 compatible object storage clients and the Object Storage itself.

API Error Alerts

The API Error Alert provides the ability to enable alerts for failed API requests (HTTP Codes 400, 403, 408, 500, 502, 503, 504) and the threshold for such alert.

Containers Virtual-Hosted Style Supported

While virtual-hosted style access is disabled by default, The VPSA Object Storage support both path-style and virtual-hosted style.

In a virtual-hosted-style request, the container name is part of the domain name in the URL. Zadara’s VPSA Object Storage use the following format:

https://<container-name>.<object storage id>-<cloud-id>.zadara.com/<key>

Example of virtual-hosted style URL:


In a path-style URL, the container name will be used as part of the logical path of the URL, as in the following format:

https://<object storage id>-<cloud-id>.zadara.com/<container-name>/<key>

Example of path style URL:



Using Virtual-Hosted style access requires a proper DNS registration and matching SSL certificates, which are handled automatically by the VPSA Object Storage engine. However, if the VPSA Object Storage uses a custom ssl certificate and API hostname, the VPSA Object Storage administrator is required to ensure the compatibility of their certificates and DNS registration.

(Default: disabled)

Detailed Performance Metering

The VPSA Object Storage performance dashboard can display a detailed performance metering information which is useful for troubleshooting performance related issues. The performance dashboard default granularity will be sufficient in most cases, the detailed performance metering is an advanced option.

(Default: disabled)

Connectivity Settings

Each consumer facing network interface is presented in this section (grouped by the network type). This section allows the admin to adjust the API hostname if a custom domain name is needed.

The VPSA Object Storage is provisioned with the Front End network interface, Public IP and additional network interfaces can be assigned to the Object Storage.

Once additional network interfaces were assigned, their connectivity information will be listed.

Public IP: (read only)

An IP address that allows access to the VPSA Object Storage system from the public Internet. Assigning Public IP is done via the Zadara Provisioning Portal, as described in Assigning Public IPs (VPSA Object Storage Admin).

API Endpoint: (read only)

The effective API endpoint address for VPSA Object Storage REST API for all IO requests.

Auth (authentication) Endpoint: (read only)

The effective address for VPSA Object Storage API for authentication requests. The authentication endpoint value is derived from the API hostname.

Starting from version 19.08 the default supported authentication for Openstack Swift client is Keystone v3 authentication.


The support Keystone v2 authentication was deprecated.

API Hostname:

VPSA Object Storage FQDN (fully qualified domain name).


For the VPSA Object Storage API Hostname either static IP, or FQDN must be given.

Floating FE IP: (read only)

The floating frontend IP address used by the Object Storage.

Proxy VC IP: (read only)

The Object Storage Virtual Controllers IP frontend addresses.

Load Balancer Group IP: (read only) List the LBG IP addresses (in case the Elastic Load Balancer is enabled)

Security settings

Password Policy

The VPSA Object Storage Administrator can control the VPSA Password expiration policy and password history policy.

(Default: disabled)

Dual Factor Authentication

Enforce Dual Factor Authentication for all users. Once enabled, the VPSA Object Storage users will be required to set MFA.

(Default: disabled)

Cloud Admin Access

This sets the cloud administrator VPSA Object Storage management interface ability to access (via Command Center).

(Default: enabled)

Upload SSL Certificate (Optional)

VPSA Object Storage REST API works over HTTPS with SSL certificate. VPSA Object Storage defaults to its built in SSL certificate (issued for zadara.com domain). In case the Object Storage administrator may want to use its own certificate, upload it in this section. The supported certificate format is “PEM”. SSL “PEM” certificate format, as defined in RFCs 1421 through 1424, is a concatenated certificate container files. It is expected that the Object Storage administrator will append the private-key to the certificate prior uploading it.

The resulting PEM should like like this:

(Your Private Key: your_domain_name.key)
(Your Primary SSL certificate: your_domain_name.crt)
(Your Intermediate certificate: Intermediate.crt)
(Your Root certificate: RootCertificate.crt)


Make sure the certificate used is issued for the Hostname or IP specified in VPSA Object Storage endpoints listed above


This sets the encryption password for the Object Storage data-at-rest encryption.

For more information on encrypted containers see Encrypted Containers .

Swift Token Expiration

Swift token expiration can be set manually, default is one day (1440 minutes).

SSL Termination

The VPSA Object Storage defaults to HTTPS clients connectivity. The SSL termination is conducted by the internal load balancer. However, in case an external load balancer is used in-front of the VPSA Object Storage, SSL termination can be set to external which will assume HTTP traffic between the external load balancer and the VPSA Object Storage.

(Default: internal)

Pricing settings



Select the currency used for billing purposes. Supported currencies are:

  1. USD - USA Dollar

  2. GBP - Great Britain Pound

  3. EUR - Euro

  4. AUD - Australia Dollar

  5. KRW - South Korea Won

  6. JPY - Japan Yen

  7. CNY - China Yuan

Data Transfer Pricing:

If you want to charge your internal/external customers for the traffic going into and from VPSA Object Storage, you can specify your currency and pricing in the Setting>Pricing tab.

Storage Capacity Pricing:

Pricing for stored capacity depends on the storage Policy used. Therefore the capacity price is set per Policy as the price per GB per month. In case multiple Data Policies exist, a different pricing can be configured for each Data Policy.

Network settings



Modify the MTU size for the Frontend interface (1500 - Default, 2048, 4096, 9000)

Public MTU Size

Modify the MTU size for the Public interface (1500 - Default, 2048, 4096, 9000)

Load Balancer Mode

Toggle the internal load balancer & Zadara Elastic Load Balancer mode of operation:

  • Direct Server Return (default) - Recommended for scale. Packets from the Object Storage Virtual Controller bypass the load balancer, maximizing the egress throughput.

  • NAT - The load balancer will be used as a gateway for all traffic from /to the object storage virtual controller.


Changing the Load Balancer mode of operation can be disruptive for existing clients workload.

Custom DNS Servers

A custom (private) DNS server can be set to allow proper name resolution of private domain names, this setting is useful while working with a Remote Authentication Provider.

  • Custom name servers name server IP, comma separated

  • DNS lookup domain (optional) - set the explicit domain name that will be searched using the custom name server