Cloud Credentials

Last modified
<< PrevNext >>

The Cloud Credentials page allows the user to define cloud service providers and associated credentials.

 

CloudCredentialsMenu.png

 

This page located under Configure Cloud Cloud Credentials is as shown below:

CloudCredentials1S.png

 

The tabular list on this page shows all of the cloud credentials that have been configured, who the cloud storage service provider is, whether or not cloud configurations are associated with the cloud credential (as indicated by the ‘In Use’ column), and the regions selected for the specific cloud credential.

The button labeled ‘Restore Backup Registry’ is to restore the list of Cloud Clones from the configured cloud storage service providers.

This page discusses the following topics related to 'Cloud Credentials' -

UpArrow.png

Creating Cloud Credential

To create a cloud credential, click the ‘Create Cloud Credential’ text or the plus icon at the bottom of the cloud credentials list view. The 'Create Credentials' dialog will appear as shown below. In this dialog the user can specify:

 

 

  • Name - First, provide a name for your cloud credential in the text box next to ‘Name’. This name is used only for description purposes and should be unique.
  • Provider - Select the cloud storage service provider from the drop-down list next to ‘Provider’.

 

CloudCredentials9S.png

 

Note that the software allows you to define multiple credentials for the same cloud service provider. The list of the supported cloud service providers is shown below:

 

Provider

URL

Amazon Simple Storage Service

http://aws.amazon.com/s3/

Amazon Simple Storage Service with Reduced Redundancy Storage (RRS)

http://aws.amazon.com/s3/

Microsoft Azure Storage Service

http://www.windowsazure.com/en-us/

Windows Azure (China) http://www.windowsazure.cn

AT&T Synaptic Storage as a Service

http://www.business.att.com/enterprise/Service/hosting-services/cloud/storage/

EMC Atmos OnPremise

http://www.emc.com/storage/atmos/atmos.htm

Rackspace http://www.rackspace.com
NIFTY http://www.nifty.co.jp
Hewlett-Packard http://www.hp.com/
OpenStack (Beta) http://openstack.org/
Google https://developers.google.com/storage/
Nirvanix http://www.nirvanix.com/

 

Note.png Note: Amazon S3 Reduced Redundancy Storage is a storage option for S3 that enables the customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than the standard storage of Amazon S3. To learn more about Amazon S3 RRS, please go to the following link: http://aws.amazon.com/s3/ .

 

  • Access Key and Secret Key – The fields presented are different depending upon the cloud provider selected. When configuring a private cloud storage service or a service where the provider gives you an access hostname to use (such as EMC Atmos) a ‘Host Name’ field will be presented. The fully-qualified domain name (FQDN), i.e. the hostname, or the private cloud storage service should be added into this field.

Cloud providers like Azure require the user to specify an 'Account Name' and a 'Primary Access Key' instead of 'Access Key' and a 'Secret Key'. AT & T requires the user to specify a 'Subtenant ID' in addition to 'Primary Access Key' and a 'Shared Secret'. Nirvanix requires the user to provide a 'Host Name', 'Username', 'Password' and additionally an 'App Key' and a 'Key Name' as shown below.

 

CloudCredentials7.png

 

With a name and a cloud provider selected, add your access material as supplied by your cloud storage service provider into those fields.

 

CloudCredential11S.png

 

Note that when EMC Atmos is selected as a cloud provider, the user also has an option of enabling or disabling SSL. A 'Use SSL' checkbox is displayed that the user can check or uncheck to enable or disable SSL. Enabling SSL will create a secure channel for the network communication between your appliance and the cloud.

Click the Verify button. Your appliance will attempt to communicate with your cloud storage service provider, and authenticate using the credentials and access material you have supplied. Notice the “Verified” next to the ‘Access Key’ and ‘Secret Key’ fields. This indicates that your appliance was able to communicate with your cloud storage service provider.

Once you have verified your cloud credentials, click the ‘Save’ button to save the cloud credential. You can only save a cloud credential once it has been verified.

 Should verification fail, an error message will appear in its place. Error messages include:

  • Access Forbidden– this error means that either your access key or secret key are incorrect, or your account with your cloud storage service is not active.
  • Invalid Hostname – this error message will only be displayed when your appliance is unable to resolve the hostname for a cloud storage provider.
  • Invalid Credentials – this error means that the access key or secret key material you supplied was invalid and should be checked using the tools supplied by your cloud storage service provider.

 UpArrow.png

Editing Cloud Credential

To edit a cloud credential, click the ‘Edit’ icon Edit_Pencil_20X19.png to the left of the name to open the cloud credential properties page.

 

CloudCredential16S.png

 

Note that once a cloud credential is created, you cannot change the cloud provider. If you make any changes, be sure to click ‘Save’ to save those changes. The appliance will verify the cloud credential should any changes be made, and the cloud credential will not be saved until the verification succeeds.

UpArrow.png

Change Cloud Credential Password

To change the cloud credential password associated with your Microsoft Azure storage account, you will need to perform steps in Microsoft Azure Management Portal and also in the Web UI of your StorSimple appliance.

Steps in Azure Management Portal

The following steps need to be performed in the Management Portal of your storage account. More information on how to manage your Azure storage account can be found at: http://azure.microsoft.com/en-us/documentation/articles/storage-manage-storage-account/.

  1. Access the following URL: http://azure.microsoft.com/. In the top right corner, click 'Portal'. Log into the Management Portal with your Microsoft account credentials.

Note.png Note: In Management Portal, you will see the option for StorSimple Manager service. This option is available only for the StorSimple 8000 Series Storage arrays and StorSimple Virtual appliances.

  1. In the left navigation pane in the Management Portal, click 'Storage'.
  2. In the Storage page, select the storage account associated with your StorSimple system. From the bottom of page, click 'Manage Access Key'.
  3. In the Manage Access Key dialog, locate the 'Primary Access Key' field and click 'Regenerate'. Keep in mind that it is possible to experience some issues when we will regenerate this key. For more information, see possible issues seen.
  4. Copy and save the new Primary Access Key for use in the next steps.

 

Steps in Web UI for StorSimple Appliance

  1. Log into the Web UI of your StorSimple appliance.
  2. Navigate to Home > Configure > Cloud > Cloud Credentials.
  3. Edit the cloud credential name for which the password needs to be changed. Click the ‘Edit’ icon Edit_Pencil_20X19.png to the left of the name to open the Edit Cloud Credential dialog.
  4. Paste the saved Primary Access Key in the Access Key field.
  5. Click 'Verify'.
  6. After the cloud credential has been verified with the new password, click 'Save'. This will close the Edit Cloud Credential dialog.

Possible Issues seen

Here is a list of the possible issues when changing the primary access:

  1. Any ongoing cloud backup jobs will fail when the primary access key is changed. You will need to restart the backup job after the key has been changed.
  2. Any Cloud IO’s in progress while the Access key is being changed will fail. These will be retried when the storage account can be accessed again. This could throttle host IO’s.
  3. If the key change takes longer than 5 minutes, "Cloud not reachable" - alert messages and email alerts will be sent.

Deleting Cloud Credential

To delete a cloud credential, first look in the tabular list to see if a cloud credential is in use by any cloud configurations. Notice the presence or lack of the check icon Healthy_Check_16X16.png in the following screenshot in the 'In Use' column.

CloudCredentials1S.png

 

If the checkmark is present, it means that a cloud credential is used by the cloud configuration on the system, and thus cannot be deleted. The absence of a checkmark indicates that a cloud credential is not being used by any cloud configuration and can be deleted. When attempting to delete a cloud credential in use, your appliance will notify you in a pop-up that the cloud credential cannot be deleted. If you still wish to delete the cloud credential, first delete any associated cloud configuration.

If the cloud credential is not in use, your appliance will prompt you for confirmation that you wish to delete the cloud credential. At that point, you can proceed with the deletion or cancel the operation.

UpArrow.png

Creating Cloud Credentials for your Google storage account

If you are using Google as your cloud storage service provider and wish to create cloud credentials, a different set of steps need to be performed. This is because Google uses OAuth 2.0 protocol for authentication and authorization. This sequence begins by redirecting a browser (popup, or full-page if needed) to a Google URL with a set of query parameters that indicate the type of Google API access the application requires.  Google then handles user authentication, session selection and consent, but the result of the sequence is an authorization code. The Web UI then exchanges the authorization code for an access token and a refresh token. At this point, the Web UI can access Google API.

For more detailed content, see the link :

To create a cloud credential for your Google storage account, perform the following steps.

  • Click the ‘Create Cloud Credential’ text or the plus icon at the bottom of the cloud credentials list view. The 'Create Credentials' dialog will appear as shown below. In this dialog specify:
    • Name - Provide a name for your cloud credential.
    • Provider - From the dropdown list of cloud providers, choose 'Google'.
    • Project ID - Supply the Project ID associated with your Google Cloud Storage Project. If you are an existing Google Cloud Storage customer, you were automatically given a default project called Google Cloud Storage Project.

 

CloudCredential17.png

 

  • Click on 'Authorize'. The following dialog will be presented to the user. Copy the 'User Code' displayed by your device and click on 'Open Authorization Pop-up'.

 

CloudCredential18.png

 

  • This will open up a new browser window. Supply your email and password to log into your Google storage account.

 

CloudCredential19.png

 

  • Next, you will be prompted to enter the code displayed by your device. Paste the 'User Code' that you had earlier copied here.

 

CloudCredential20.png

 

  • Click on 'Continue'.

 

CloudCredential21.png

 

  • To continue, click on 'Allow Access'. Clicking on 'No Thanks' will not authorize the device.

 

CloudCredential22.png

 

  • Once the device is authorized, you can now return to the 'Cloud Credentials' dialog. Note, that the dialog now indicates that the device has been authorized (shown in green).

 

CloudCredential23.png

 

  • Click on 'Verify' and once verified, 'Save' the credentials.

UpArrow.png

Region-based support for Cloud Credential

The Web UI also has region-based support for a cloud account. Currently, Amazon, Google and Hewlett-Packard are the only Cloud Service Providers that allow the user to select a region explicitly at the configuration time. The user can choose a 'Region' to optimize for latency, minimize costs, or address regulatory requirements.

Amazon S3 is currently available in the US Standard, EU (Ireland), US West (Northern California), Asia-Pacific (Singapore), Asia-Pacific (Tokyo) Regions and for the GovCloud. GovCloud is an AWS Region designed to allow US government agencies and contractors to move more sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. 

With Google storage, the user has an option of specifying the US or EU regions. The Web UI defaults to the US region.

Hewlett-Packard allows the user to pick between US-West or US-East regions. The Web UI defaults to the US-West region.

Objects stored in a 'Region' never leave it unless the user transfers those out. For example, objects stored in the EU (Ireland) Region never leave the EU.

On the Cloud Accounts page, click on plus icon Add_Plus.png or the associated text to create a cloud credential. The 'Create Cloud Credential' dialog is presented to the user. Under provider, select 'Amazon S3' or 'Amazon S3 with RRS'. This results in the display of an additional 'Region' field in the UI as shown below. The region field can be populated by choosing from a drop-down list for different regions available for Amazon S3 and S3 RRS cloud service options.

 

 

UpArrow.png

Restoring Backup Registry

 

Stop.png

 

WARNING

This process should be performed only when supervised by StorSimple Technical Support.

 

The Backup Registry refers to the list of all the backups for all the cloud storage service providers. This feature is useful in a Disaster Recovery scenario but should be used only under the guidance of StorSimple support. To start the process of rebuilding the registry of all the backups for all the data in the cloud, click the 'Restore Backup Registry' button.

 

RestoreBackupRegistryFromCloud.png

 

A pop-up will be displayed informing the user that this is a destructive operation and cannot be undone.

 

RestoreBackupRegistryFromCloud1.png

 

This process may take anywhere from a few minute to a couple of hours depending upon the amount of data stored in the cloud. Upon completion, a banner message is displayed to the user indicating that the operation was successful.

 

UpArrow.png

<< PrevNext >>

Related


 

Page statistics
4475 view(s) and 15 edit(s)
Social share
Share this page?

Tags

This page has no classifications.

Comments

You must to post a comment.

Attachments