Creating vaults
To begin vault creation, follow these steps.
Procedure
- In the Configure tab, click Create Vault in the Summary section.
- If a storage pool was not created already, the Create New Storage Pool page appears.
- If this is the first vault in the system, the Select System Operational Mode page appears. Select Container Mode or Vault Mode and continue.
-
In the General section, complete these fields:
Field Label Acceptable Field Value Name Each vault must be uniquely named (maximum of 255 characters); this name is used by the Manager for all references to this vault. Vault names can include underscores and alphanumeric characters. The vault name can also contain periods (.), but the name cannot start or end with a period or contain more than one period in a row. The first character of the name must be a letter, underscore, or number.
Description An optional free-form description can also be entered. Information that you might include in the description field might be initiator host name and IP address, names and phone numbers of administrators, and key users of the vault.
Tags Tags can be created and or assigned to a vault before the vault is created. For more information, see the Tags Organization When you create a vault, you can assign it to an organization. The menu does not appear if you only have one organization. See and Editing an organization in the Security chapter of the Manager Administration Guide.Creating an organization and Editing an organization -
In the Configuration section, several options display.
- When the width of the pool for this vault is greater than 6, complete the following fields:
Field Label Acceptable Field Value Width This setting is referred to as the width of the vault and corresponds to the number of slices into which all data in the vault is split.
Vault width must be a factor of the storage pool width. The Manager Web Interface allows any vault width greater than or equal to 6 and less than or equal to 60.
Threshold The minimum number of slices that must be available to perform a read. Pre-defined, supported thresholds are presented when the drop-down list is clicked. The vault threshold, always less than the width, determines the reliability of the vault. If the set of available Slicestor® devices is such that the number of slices falls below this threshold, the vault content cannot be read, and the vault appears as red in the Monitor application.
The Manager Web Interface allows any value between 1 and Vault Width, inclusive.
If the vault is on a storage pool that spans multiple sites, the Manager Web Interface warns the user if the selected threshold is high enough such that a single site outage affects read and write availability.
Write Threshold The Manager Web Interface allows any value such that all the following are true:- Write Threshold > Threshold. CAUTION:Write Threshold = Threshold is allowed if Threshold = Vault Width or if Vault Width < 6.
- Write Threshold ≤ Vault Width.
- (Write Threshold + Threshold) > Vault Width.
Write Threshold defaults to Threshold + 2, if that is within the allowed range. Otherwise, the selected Write Threshold is the halfway point between the minimum allowed Write Threshold and Vault Width, rounded up. This value is selected by default in the Write Threshold drop-down when Threshold is selected. This value is also used as the Write Threshold when a vault is created through the Manager REST API and a Write Threshold is not specified.
If the vault is on a storage pool that spans multiple sites, the Manager Web Interface warns the user if the selected write threshold is high enough such that a single site outage affects write availability.
Alert Level Optional. If the set of available Slicestor devices is such that the number of slices is between the write threshold and the alert level exclusive, the vault icon is yellow in the Monitor application. In this case, the vault is still fully functional.
Attention: If the Threshold is set such that the loss of one site would make Vaults either unusable or read-only, the Manager Web Interface displays a confirmation dialog box that asks the operator if they accept the settings with the risks they present.If only the Threshold causes an issue:
Warning: This IDA configuration is susceptible to read availability issues during a single site outage. Do you still wish to continue?If the Threshold and Write Threshold cause issues:
Warning: This IDA configuration is susceptible to read and write availability issues during a single site outage. Do you still wish to continue?Click Cancel or OK to change or keep the settings.
- Write Threshold > Threshold.
- When the width of the pool for this vault is 3 - 9, select a vault optimization to create
a Concentrated Dispersal vault:
Table 1. Concentrated Dispersal vault optimization configuration Field Label Width Description Storage Efficiency 3 - 9 Note: Contact Customer Support to enable the creation of a 7-wide Concentrated Dispersal device set.More usable capacity with reasonable performance. Performance 3 - 6 Better performance with less usable capacity. Note: When you choose a vault optimization, it cannot be changed later.
- When the width of the pool for this vault is greater than 6, complete the following fields:
-
If you enabled vault
protection on the system, choose a Retention setting.
Note: This section is only displayed if Vault Protection Configuration is enabled in the Configure tab.
- Disabled. The vault does not support Retention.
-
Enabled: When you enable retention in Vault Mode, data is retained for a default duration of time, unless you specify a custom duration during data ingestion. After you create the vault, you can modify the retention time settings, but you cannot disable retention. A vault with retention settings enabled cannot be deleted unless it is empty.
In Vault Mode, select Allow permanent retention of objects on this system if you want the ability to create permanently retained objects in this vault. Once permanent retention of objects is allowed on the vault, it cannot be disabled.
In Vault Mode, the Data Retention Durations section displays. Accept the system defaults or specify custom values.- Retention Duration: The default retention period (in days) for an object
in this vault. Protected objects that are created without a specified retention period are given
this value as their retention period. Choose one of the following default retention durations:
- A finite retention period. Accept the system default value or update it to a custom number of days between the Minimum Duration and Maximum Duration.
- Permanent retention, if it is enabled on this vault.
- Minimum Duration: The minimum retention period (in days) for an object in this vault. When a protected object is created, this is the minimum value that can be specified for its retention period. This value must be greater than or equal to the System Minimum Duration and less than or equal to the System Maximum Duration.
- Maximum Duration: The maximum retention period (in days) for an object in this vault. When a protected object is created, this is the maximum value that can be specified for its retention period. This value must be greater than or equal to the System Minimum Duration and less than or equal to the System Maximum Duration.
- Retention Duration: The default retention period (in days) for an object
in this vault. Protected objects that are created without a specified retention period are given
this value as their retention period. Choose one of the following default retention durations:
-
In the Options section, complete these fields:
Field Label Description Enable SecureSlice™ Algorithm Optional. SecureSlice™ provides extra encryption benefits that are combined with dispersal. This box is checked by default for newly created vaults. This feature can be cleared, although it is not recommended. If it is cleared, a warning message appears, and a confirmation is needed before proceeding.
Enable Versioning Check to enable versioning on this vault.Note: Versioning cannot be enabled if the Protection Level is set to Retention.Allow Versioning on Containers Check to allow versioning on containers in this vault. Note: This option only applies to container vaultsDelete Restricted This feature allows Security Officers to restrict vault access permissions such that users with write access to the vault are not able to delete objects from the vault. Additionally, object versioning is enabled by default so that existing content is preserved upon overwrite when using a write-by-name interface. Users that are granted owner permissions on a Delete Restricted vault are allowed to delete objects and versions.
Enable Server side encryption with Customer provided keys (SSE-C) This option is use to protect the data with encryption keys. Enable Object Lock Select the Enable Object Lock option to enable Object Lock for this container vault. Note:- You must be in container mode to configure object lock on a vault.
- Object lock must be enabled at the system level and storage pool level before object lock can be enabled on a container vault. See: Enabling Object Lock for a system and Enabling Object Lock on a storage pool.
- Versioning must be enabled if Object Lock is enabled.
- Once enabled, Object Lock cannot be disabled.
Restrictive Access Control (cannot be changed later) This option defines the type of Access Control and cannot be changed later. Note:Restrictive Access Control property is only applicable on protected vaults and protected mirrors.
To see it, enable protection on the system then Create protected mirror/protected vault. Hit create vault option and it will show in the Manager UI
Power Safe Write This option allows data to be persisted on a disk before status is returned to the client. This option appears only if the vault is associated with a zone storage pool, all device sets within the pool are using the zone slice storage engine, and the vault is not a management vault. Enable object expiration - Object expiration is enabled by default if object expiration is already enabled at storage pool; otherwise, it is disabled by default.
- To enable object expiration at vault level, you must enable it at storage pool level.
- To enable object expiration, versioning should not be enabled, name index must be enabled, and a vault should not be part of a mirror or not part of DMS.
Enable Static Website Hosting Enables Static Website Hosting on the vault. - Vault name must be DNS-compliant.
- Static Website Virtual Host Suffix must be configured on the access pool(s) to which this vault will be deployed.
Enable Replication Optional: Select the Enable Replication option to enable Replication for this container vault. The following may be optionally configured: - Replication Endpoint - Endpoint that is used when replicating objects
into this vault. A hostname or an IP address is allowed (port is not allowed -
replication requires HTTPS over port 443). A common use case is specifying the address of the load
balancer/proxy for the Access Pool in which this Vault is deployed. In order for objects to be
replicated into this Vault, this endpoint must be reachable from the Access Pool(s) in which the
Source Vault is deployed. Therefore, the operator must ensure there is network connectivity between
the source Accessers and the endpoint.
- If the endpoint is not specified (default), COS will attempt to replicate directly to the Accesser device IPs. Similarly, this option requires network connectivity from the source Access Pool to the destination Access Pool.
- Sync Latency Alerting Threshold - if replications take longer than this
duration, events will be logged in the Event Console. In other words, this specifies the duration in
which replications are expected to occur. If not specified, the default is 1 hour. If
workflows in this vault includes large object writes (and/or sync rates are not high enough to
ensure fast syncs), consider increasing this threshold to minimize frequent alerts.Note: You must be in container mode to configure Replication on a vault.
Replication must be enabled at the Storage Pool level before replication can be enabled on a Container Vault. See: Configuring Replication.
-
Versioning must be enabled in order to enable Replication.
Note: Replication may be disabled after being enabled. This has the following effects:- disallows users from further enabling replication on their buckets
- disables the background replications for buckets within this vault (any previously queued replications are preserved and will be processed if replication is enabled again)
-
In the Quotas section, complete these optional fields if wanted:
Field Value Soft Quota Optional. If wanted, select a value for a soft quota. A notification is sent to the Event Console, if the soft quota setting is exceeded. It does not cause restrictions to usage. Setting the quota higher than the total space available in one or more storage pools that are associated with this vault has no effect.
Hard Quota Optional. If wanted, enter a hard quota value. The Accesser® device (or application) does not permit the user to exceed the hard quota value for this vault. A notification is also sent to the Event Console if the hard quota setting is exceeded. Setting the quota higher than the total space available in one or more storage pools that are associated with this vault has no effect.
-
In the Advanced Index Settings section, Name Index
Enabled is checked by default for Standard vaults and you can enable Recovery
Listing.
Field Value Name Index Enabled Enabled by default. When enabled, Name Index allows a user to list contents of a vault in lexicographical order based on the object’s name, or key. The Name Index is updated whenever objects are added or removed from a vault.
The Name Index must be enabled to provide prefix-based listing and sorted listing results for named object vaults. Changing this option requires service to restart Accesser devices before release 3.4 to take effect.
If you disable Name Index, you can re-enable it only by contacting Customer Support.Note: Name Index cannot be disabled for Protected Vaults.Name Index Format Optionally, set the Name Index Format at the time of standard vault creation. The specified Name Index Format for the standard vault will override the global default and storage pool settings for Name Index Format. Specify the Vault Index Version using the Advanced Index Settings using the Create New Standard Vault page: - Go to Create New Standard Vault>Advanced Index Settings and select Name Index Enabled,
- Set Name Index Format to either Version 2 or
Version 4
- Version 4: Required for all data management features. This provides significantly improved listing performance with a reduce small object write performance.
- Version 2: Must not be used for data management features. This provides a better small object write performance over version 4, but significantly lowers S3 listing performance.
Note: It can only be selected when Name Index is enabled.For more information on Use Cases and Workflow see Selecting Vault Name Index Format
Recovery Listing Enabled Recovery Listing allows for limited listing capability even when the contents of a vault are not indexed. When enabled, Recovery Listing lists the SourceNames of the metadata headers. Recovery Listing is slower than the Name Index listing and the results are not sorted. Recovery Listing can be used to list contents of a vault for which Name Index is corrupted or not enabled.
CAUTION:If both Name Index and Recovery Listing are enabled, the Recovery Listing settings take precedence over Name Index settings. It means that a user receives a Recovery Listing response for a listing request. Applications that expect a Name Index listing might produce errors. - Optional:
In the Notification Service section, choose a Notification Service and
the topic to which you want to send notifications.
Note: You cannot enable notifications on container vaults, mirrored vaults, vault proxies, or vaults that are migrating data. Once notifications are enabled, this vault cannot be used in a mirror, for data migration, or with a vault proxy.
-
Select a Configuration.
For more information, see Configuring notifications.Note: Notifications are sent only for new operations that occur after the vault is assigned to the configuration.
-
Select the topic to which you want to send notifications.
- Default: The default topic specified in the configuration.
- Custom: Enter a topic name to override the default topic specified in the configuration.
Note: When in container mode, topic can be set at the container level using the Service API.
-
Select a Configuration.
- Click Save.
-
The Access Pools available for deployment are displayed on the Vault Summary
section. This step is not necessary for Simple Object vaults that are accessed through the Accesser application.