Cloud Credentials

Last modified
<< PrevNext >>

The Cloud Credentials page allows the user to define cloud service providers and associated credentials. This page located under Configure Cloud Cloud Credentials is as shown below:



The tabular list on this page shows all of the cloud credentials that have been configured, who the cloud storage service provider is, whether or not cloud configurations are associated with the cloud credential (as indicated by the ‘In Use’ column), and the regions selected for the specific cloud credential.

The button labeled ‘Restore Backup Registry’ is to restore the list of Cloud Clones from the configured cloud storage service providers.

This page discusses the following topics related to 'Cloud Credentials' -

Back to Top

Creating Cloud Credential

To create a cloud credential, click the ‘Create Cloud Credential’ text or the plus icon at the bottom of the cloud credentials list view. The 'Create Credentials' dialog will appear as shown below. In this dialog the user can specify:




  • Name - First, provide a name for your cloud credential in the text box next to ‘Name’. This name is used only for description purposes and should be unique.
  • Provider - Select the cloud storage service provider from the drop-down list next to ‘Provider’.




Note that the software allows you to define multiple credentials for the same cloud service provider. The list of the supported cloud service providers is shown below:




Amazon Simple Storage Service

Amazon Simple Storage Service with Reduced Redundancy Storage (RRS)

Microsoft Azure Storage Service

AT&T Synaptic Storage as a Service

EMC Atmos

Hewlett-Packard (Beta)
OpenStack (Beta)


Note.png Note: Amazon S3 Reduced Redundancy Storage is a storage option for S3 that enables the customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than the standard storage of Amazon S3. To learn more about Amazon S3 RRS, please go to the following link: .


  • Access Key and Secret Key – The fields presented are different depending upon the cloud provider selected. When configuring a private cloud storage service or a service where the provider gives you an access hostname to use (such as EMC Atmos) a ‘Host Name’ field will be presented. The fully-qualified domain name (FQDN), i.e. the hostname, or the private cloud storage service should be added into this field. Cloud providers like Azure require the user to specify an 'Account Name' and a 'Primary Access Key' instead of 'Access Key' and a 'Secret Key'. AT & T requires the user to specify a 'Subtenant ID' in addition to 'Primary Access Key' and a 'Shared Secret'.

With a name and a cloud provider selected, add your access material as supplied by your cloud storage service provider into those fields.




Note that when EMC Atmos is selected as a cloud provider, the user also has an option of enabling or disabling SSL. A 'Use SSL' checkbox is displayed that the user can check or uncheck to enable or disable SSL. Enabling SSL will create a secure channel for the network communication between your StorSimple appliance and the cloud.

Click the Verify button. Your appliance will attempt to communicate with your cloud storage service provider, and authenticate using the credentials and access material you have supplied. Notice the “Verified” next to the ‘Access Key’ and ‘Secret Key’ fields. This indicates that your appliance was able to communicate with your cloud storage service provider.

Once you have verified your cloud credentials, click the ‘Save’ button to save the cloud credential. You can only save a cloud credential once it has been verified.

 Should verification fail, an error message will appear in its place. Error messages include:

  • Access Forbidden– this error means that either your access key or secret key are incorrect, or your account with your cloud storage service is not active.
  • Invalid Hostname – this error message will only be displayed when your appliance is unable to resolve the hostname for a cloud storage provider.
  • Invalid Credentials – this error means that the access key or secret key material you supplied was invalid and should be checked using the tools supplied by your cloud storage service provider.

 Back to Top

Editing Cloud Credential

To edit a cloud credential, click the ‘Edit’ icon Edit_Pencil_20X19.png to the left of the name to open the cloud credential properties page.




Note that once a cloud credential is created, you cannot change the cloud provider. If you make any changes, be sure to click ‘Save’ to save those changes. The appliance will verify the cloud credential should any changes be made, and the cloud credential will not be saved until the verification succeeds.

Back to Top

Deleting Cloud Credential

To delete a cloud credential, first look in the tabular list to see if a cloud credential is in use by any cloud configurations. Notice the presence or lack of the check icon Healthy_Check_16X16.png in the following screenshot in the 'In Use' column.



If the checkmark is present, it means that a cloud credential is used by the cloud configuration on the system, and thus cannot be deleted. The absence of a checkmark indicates that a cloud credential is not being used by any cloud configuration and can be deleted. When attempting to delete a cloud credential in use, your appliance will notify you in a pop-up that the cloud credential cannot be deleted. If you still wish to delete the cloud credential, first delete any associated cloud configuration.

If the cloud credential is not in use, your appliance will prompt you for confirmation that you wish to delete the cloud credential. At that point, you can proceed with the deletion or cancel the operation.

Back to Top

Creating Cloud Credentials for your Google storage account

If you are using Google as your cloud storage service provider and wish to create cloud credentials, a different set of steps need to be performed. This is because Google uses OAuth 2.0 protocol for authentication and authorization. This sequence begins by redirecting a browser (popup, or full-page if needed) to a Google URL with a set of query parameters that indicate the type of Google API access the application requires.  Google then handles user authentication, session selection and consent, but the result of the sequence is an authorization code. The Web UI then exchanges the authorization code for an access token and a refresh token. At this point, the Web UI can access Google API.

For more detailed content, see the link :

To create a cloud credential for your Google storage account, perform the following steps.

  • Click the ‘Create Cloud Credential’ text or the plus icon at the bottom of the cloud credentials list view. The 'Create Credentials' dialog will appear as shown below. In this dialog specify:
    • Name - Provide a name for your cloud credential.
    • Provider - From the dropdown list of cloud providers, choose 'Google'.
    • Project ID - Supply the Project ID associated with your Google Cloud Storage Project. If you are an existing Google Cloud Storage customer, you were automatically given a default project called Google Cloud Storage Project.




  • Click on 'Authorize'. The following dialog will be presented to the user. Copy the 'User Code' displayed by your device and click on 'Open Authorization Pop-up'.




  • This will open up a new browser window. Supply your email and password to log into your Google storage account.




  • Next, you will be prompted to enter the code displayed by your device. Paste the 'User Code' that you had earlier copied here.




  • Click on 'Continue'.




  • To continue, click on 'Allow Access'. Clicking on 'No Thanks' will not authorize the device.




  • Once the device is authorized, you can now return to the 'Cloud Credentials' dialog. Note, that the dialog now indicates that the device has been authorized (shown in green).




  • Click on 'Verify' and once verified, 'Save' the credentials.

Back to Top

Region-based support for Cloud Credential

The Web UI also has region-based support for a cloud account. Currently, Amazon is the only Cloud Service Provider that allows the user to select a region explicitly at the configuration time. The user can choose a 'Region' to optimize for latency, minimize costs, or address regulatory requirements. Amazon S3 is currently available in the US Standard, EU (Ireland), US West (Northern California), Asia-Pacific (Singapore), and Asia-Pacific (Tokyo) Regions. Objects stored in a 'Region' never leave it unless the user transfers those out. For example, objects stored in the EU (Ireland) Region never leave the EU.

On the Cloud Accounts page, click on plus icon Add_Plus.png or the associated text to create a cloud credential. The 'Create Cloud Credential' dialog is presented to the user. Under provider, select 'Amazon S3' or 'Amazon S3 with RRS'. This results in the display of an additional 'Region' field in the UI as shown below. The region field can be populated by choosing from a drop-down list for different regions available for Amazon S3 and S3 RRS cloud service options.




Back to Top

Restoring Backup Registry





This process should be performed only when supervised by StorSimple Technical Support.


The Backup Registry refers to the list of all the backups for all the cloud storage service providers. This feature is useful in a Disaster Recovery scenario but should be used only under the guidance of StorSimple support. To start the process of rebuilding the registry of all the backups for all the data in the cloud, click the 'Restore Backup Registry' button.




A pop-up will be displayed informing the user that this is a destructive operation and cannot be undone.




This process may take anywhere from a few minute to a couple of hours depending upon the amount of data stored in the cloud. Upon completion, a banner message is displayed to the user indicating that the operation was successful.


Back to Top

<< PrevNext >>



Page statistics
1467 view(s) and 67 edit(s)
Social share
Share this page?


This page has no custom tags.
This page has no classifications.