Cloud Accounts

Last modified

The ‘Cloud Accounts’ page allows you to configure how your appliance interacts with the cloud storage service providers that you wish to use.  A cloud account associates a set of security material (including access key, secret key, encryption key, and in certain cases, a certificate) with a cloud storage service provider.  When a cloud account has been configured, volumes can be created that are associated with that cloud account and then assigned to initiators.  The cloud accounts page is shown below.

 

Management_GUI_17.png

 

The tabular list shows all of the cloud accounts that have been configured, who the cloud storage service provider is, whether or not volumes are associated with the cloud account (as indicated by the ‘In Use’ column), and whether or not AES data-at-rest encryption has been enabled for the cloud account.  The button labeled ‘Restore Backup Registry’ is to restore the list of Cloud Clones from the configured cloud storage service providers and should only be used in device recovery cases and under the guidance of StorSimple support.

 

This page discusses the following tasks associated with the Cloud Accounts:

Back to Top

Creating a Cloud Account

To create a cloud account, click the ‘Create Cloud Account’ icon at the bottom of the cloud accounts list view.  The cloud account properties page will appear as shown below.

 

Management_GUI_18.png

 

First, provide a name for your cloud account in the text box next to ‘Name’.  This name is used only for description purposes and should be unique.  Select the cloud storage service provider from the drop-down list next to ‘Provider’.  The appliance currently supports configuration of up to 16 cloud accounts, which can be from the following providers:

 

Provider

URL

Amazon Simple Storage Service

http://aws.amazon.com/s3/

Microsoft Azure Storage Service

http://www.microsoft.com/windowsazure/

AT&T Synaptic Storage as a Service

http://www.business.att.com/enterprise/Family/application-hosting-enterprise/storage-as-a-service-enterprise/

EMC Atmos

http://www.emc.com/products/detail/software/atmos.htm

Iron Mountain Digital

http://www.ironmountain.com/digital/

Zetta Storage Service

http://www.zetta.net

 

If you select a certificate-based cloud storage provider (for instance, Iron Mountain) from the list, the ‘General’ tab screen will change as shown below, to allow you to select and upload the necessary certificate for accessing their storage service.  When using a certificate-based cloud storage provider, the certificate is uploaded only when you click ‘Verify’ or ‘Save’ (use of ‘Save’ will attempt to verify if you do not manually perform this step).  The currently-used certificate for such cloud accounts, once one has been uploaded, can be downloaded using the ‘Download’ link found on the ‘Advanced’ tab.

 

Management_GUI_19.png

 

When configuring a private cloud storage service or a service where the provider gives you an access hostname to use (such as EMC Atmos or Zetta) a ‘Host Name’ field will be presented.  The fully-qualified domain name (FQDN), i.e. the hostname, or the private cloud storage service should be added into this field.

 

With a name and a cloud provider selected, add your access material as supplied by your cloud storage service provider into those fields.  If you have selected a certificate-based cloud storage provider, click the ‘Browse’ button to locate the certificate file on your computer. 

 

The checkbox next to ‘Enable Monitoring’ configures the appliance to record detailed statistics for this cloud account, allowing you to filter reporting charts to this specific cloud account.  If you do not check this box, statistics from this cloud account will be summarized in the global statistics, but you will not be able to filter reporting charts down to this specific cloud account. 

 

Note

You can enable monitoring on up to a maximum of 32 objects, where an object is either a cloud account or a volume.

 

 

If you wish to limit the amount of WAN bandwidth consumed by the appliance for operations involving the cloud, check the box next to ‘Enable Rate Limiting’, and supply a numerical integer value ranging from 1 to 1000 in the box labeled ‘Max Throughput’.  This will cause the appliance to ensure that the amount of bandwidth it consumes does not exceed the configured value.

 

Click the ‘Security’ tab to continue.

 

Management_GUI_20.png

 

If you wish to have the appliance encrypt data prior to storage on the cloud storage service, click the checkbox next to ‘Data-at-Rest Encryption (AES)’.  Supply an encryption key in hexadecimal format, or alternatively supply a passphrase.  If you supply a passphrase, your appliance will generate an encryption key based on this passphrase for you.  Encryption keys cannot be changed once applied.  If you do not wish to use encryption, uncheck the checkbox next to “Data-at-Rest Encryption (AES)”.

 

Click the ‘General’ tab, and then click the ‘Verify’ button.  Your appliance will attempt to communicate with your cloud storage service provider, and authenticate using the credentials and access material you have supplied.  An example of successful verification is shown below.

 

Management_GUI_21.png

 

Notice the “Verified” next to the ‘Access Key’ and ‘Secret Key’ fields.  This indicates that your appliance was able to communicate with your cloud storage service provider.  Should verification fail, an error message will appear in its place.  Error messages include:

 

  • Access Forbidden – this error means that either your access key or secret key are incorrect, or your account with your cloud storage service is not active
     
  • Invalid Security Certificate – this error message will only be displayed when configuring certificate-based cloud storage service accounts when the certificate uploaded was not accepted by the cloud storage service provider
     
  • Invalid Hostname – this error message will only be displayed when your appliance is unable to resolve the hostname for a cloud storage provider
     
  • Invalid Credentials – this error means that the access key or secret key material you supplied was invalid and should be checked using the tools supplied by your cloud storage service provider

 

Once you have verified your cloud storage service account, click the ‘Save’ button to save the cloud account.  You can only save a cloud account once it has been verified.

Back to Top

Verifying a Cloud Account

To verify a cloud account, click the ‘Edit’ icon (it appears as a pencil ) to the left of the cloud account name to open the cloud account properties page. Click the ‘General’ tab, and then click the ‘Verify’ button.  Your appliance will attempt to communicate with your cloud storage service provider, and authenticate using the credentials and access material you have supplied.  An example of successful verification is shown above.  The previous section documents the list of responses that may be encountered when attempting to verify a cloud account.

Back to Top

Editing a Cloud Account

To edit a cloud account, click the ‘Edit’ icon (it appears as a pencil ) to the left of the cloud account name to open the cloud account properties page.  If you make any changes, be sure to click ‘Save’ to save those changes.  The appliance will verify the cloud account should any changes be made, and the cloud account will not be able to be saved until it can be verified.

 

The following items cannot be changed once a cloud account is created:

 

  • Provider
  • Data-at-Rest (AES) Encryption Key

Back to Top

Deleting a Cloud Account

To delete a cloud account, first look in the tabular list of cloud accounts to see if a cloud account is in use by any volumes.  Notice the presence or lack of the green checkmark  in the following diagram.

 

Management_GUI_22.png

 

If the checkmark is present, it means that a cloud account is used by volumes on the system, and thus cannot be deleted.  If the checkmark is not present, it means that a cloud account is not being used by any system volumes and can be deleted. 

 

Before attempting to delete a cloud account that is in use, first delete any volumes associated with that cloud account, as in use cloud accounts cannot be deleted.  Only cloud accounts that are not in use can be deleted.  When attempting to delete a cloud account, if the cloud account is in use, your appliance will notify you in a pop-up that the cloud account cannot be deleted.  If the cloud account is not in use, your appliance will prompt you for confirmation that you wish to delete the cloud account.

Back to Top

Related

Page statistics
654 view(s) and 5 edit(s)
Social share
Share this page?

Tags

This page has no custom tags.
This page has no classifications.

Comments

You must to post a comment.

Attachments