Differences between S3 and CSO APIs

The following information highlights some functional differences between S3 API and CSO API.

Table 1. Differences between S3 and CSO APIs
Feature S3 CSO
Object Size Limitations 5 TB Supports single objects as large as 10 TB when using either streaming upload support or S3 Multipart Upload. For objects that are uploaded via multipart upload, part size and part count limits are enforced.
Retained Version Count Limitations No explicit limit. A maximum of 1000 retained versions are allowed per object in vault mode. Container mode does not have a limit on how many versions you can have per object.
Vault (Bucket) Granular ACL   Users who are configured in the Manager Web Interface can be granted read/write, read-only, or no-access permissions to any vault. These settings apply to the entire vault.
Vault (Bucket) Granular Data Reliability Allows a storage class to be configured for each object. All objects that are stored in any vault share reliability characteristics. Vault reliability characteristics are determined at vault creation time.
Traditional Authentication Mechanisms Uses a custom HTTP scheme based on a keyed-HMAC. In addition to Access Key authentication, these authentication methods are also supported:
  • HTTP Basic over HTTP and HTTPS
  • PKI over HTTPS
  • Anonymous
Note: For more information on configuring and authentication on a system, see the Manager Administration Guide.
Separated Audit and Logging Functions   Accesser node collects both access logs and audit trail information but does not expose it through the API.
Encryption and Cryptographic Integrity  
  • An Object Vault can be configured to store information in an encrypted form.
  • It must be configured at the vault/bucket level through the System Manager.
  • These settings cannot be viewed or edited through the API.
  • Request signing is also supported. Non-cryptographic
  • MD5 checksums are calculated and stored with objects.
Lifecycle Configuration   Does not support policy-based migration of data to alternative storage classes, or archiving of data.

On Standard Vaults, Expiration-related lifecycles are not supported while Object Versioning is enabled (and vice versa).

Vault (Bucket) Location Constraints Allows buckets to be created with specific location constraints.
  • Can configure a system to allow data in one vault to be in a separate geographical location from data on another vault.
  • It is configured when vaults are created in the Manager Web Interface.
Hard Quota Function Does not support quotas for buckets. A hard quota can be configured for an object vault. HTTP status code 507 (Insufficient Storage) is returned for a write request that would cause a hard quota to be exceeded.