Defining cloud storage access points (CSAP)

The Cloud Storage Access Point (CSAP) provides access between the cloud account on your object storage and IBM Storage Scale. You must create at least one CSAP per cloud account so your Cloud services have a path to the object storage. Extra CSAPs can also be created. CSAPs that all have about the same lowest latency (which is tested every 30 minutes) to a node are used evenly. CSAPs with higher latency are put in standby and are used only in error scenarios. This provides greater throughput and higher availability in various error scenarios.

You can send data to the cloud object storage through Cloud Storage Access Points (CSAPs). Each cloud account needs at least one CSAP defined to have a path to the cloud. For some cases (IBM® SoftLayer®, Amazon S3, or cloud storage with a load balancer with built-in redundancy) one accessor suffices. However, for cases where traffic is going directly to the object storage, it is usually beneficial to have more than one CSAP to provide needed availability and bandwidth for performance. For example, if you are designing an on-premises solution with IBM Cloud® Object Storage, you would need to create one access point for each accessor node you want to send data to. The Cloud services would randomly assign work to the available accessors as long as they perform properly (broken or slow access points are avoided).

Note: If multiple intermediate certificates are issued by an internal certifying authority (CA), ensure to provide only a self-signed internal CA rather than providing a file that contains all the intermediate certificates. For example, if the CA issued a certificate chain such as Internal CA->cert1->cert2, then the input pem file must contain only the Internal CA certificate.

To create, update, or delete a CSAP:

To create a CSAP according to the cloud account that is created, issue a command similar to this:

mmcloudgateway cloudStorageAccessPoint create --cloud-nodeclass TCTNodeClass1
                                               --cloud-storage-access-point-name AccessPoint1
                                               --account-name mycloud --url http://192.0.2.0

The system displays output similar to this:


mmcloudgateway: Sending the command to the first successful node starting with vmip51.gpfs.net
mmcloudgateway: This may take a while...
mmcloudgateway: Command completed successfully on vmi.gpfs.net.
mmcloudgateway: Command completed.

To create a CSAP with an https endpoint, issue a command similar to this:


mmcloudgateway cloudStorageAccessPoint create --cloud-nodeclass TCTNodeClass1
--cloud-storage-access-point-name AccessPoint1
--account-name mycloud --url https://192.0.2.0 --server-cert-path /root/ca.pem

To delete a CSAP, issue a command similar to this:


mmcloudgateway cloudStorageAccessPoint delete --cloud-nodeclass cloud 
--cloud-storage-access-point-name csap1

The system displays output similar to this:


mmcloudgateway: Sending the command to the first successful node starting with vmip51.gpfs.net
mmcloudgateway: This may take a while...
mmcloudgateway: Command completed successfully on vmip51.gpfs.net.
mmcloudgateway: Command completed.

Note:

In proxy-based environments, set your proxy settings as part of the node class configuration before you run any migrations. If tiering commands (migrate or recall) are run before you set the proxy details, they might fail for not being able to reach out to the public cloud storage providers such as Amazon S3.
To work with a specific region, specify the --region parameter while the new CSAP is created. Provide the same value with --data-location and --meta-location parameters, when you create container pair set later.
For example, if the administrator specifically wants to use ap-south-1 AWS S3 region, use ap-south-1 value for --region parameter while you create the CSAP. Also, specify --data-location ap-south-1 and --meta-location ap-south-1 parameters, when you create container pair set later. If you fail to specify the parameters during container pair set creation, you might end up creating the container pair set in the default region (us-east-1). If the default region is not available, the container pair set creation would fail with the No online CSAP found error.

For more information, see the mmcloudgateway command.

Next step: See Creating Cloud services.