Creating an S3 storage device
S3 storage devices can be configured with an Advanced Storage Area.
Before you begin
Before you create an S3 device, you must do the following tasks:
- Obtain credentials for connecting to the S3 object storage provider.
To create an S3 storage device for IBM Cloud Object Store, you need to first create the HMAC credentials in IBM Cloud console. HMAC credentials consist of an Access Key and Secret Key paired for use with S3-compatible tools and libraries that require authentication. See the following IBM Cloud topic for more details: Using HMAC credentials
When you view the user credentials, the following section represents the HMAC credential and includes the S3 access key ID and S3 secret access key you need to create the S3 advanced storage device:cos_hmac_keys:{ access_key_id: 7exampledonotusea6440da12685eee02 secret_access_key: 8not8ed850cddbece407exampledonotuse43r2d2586 }
- Determine the device connection URL to the S3 storage.
- Create an S3 bucket where the FileNet®
P8
content will be
stored. Note: You are responsible for configuring the S3 bucket and its related attributes outside of Content Platform Engine. You must pursue any issues that are related to configuration and set-up with the storage vendor.
- Determine whether an SSL connection will be used between the Content Platform Engine and the S3 storage.
Tip: The Content Platform Engine S3 Advanced Storage connector
does not use the S3 versioning feature. It is recommended that versioning not be configured on the
S3 bucket used by the Content Platform Engine. However, the Content Platform Engine can tolerate any S3 bucket version setting, but be aware that
using version enabled or version suspended settings on your S3 bucket can complicate content
deletion. In these cases, to make sure content is really deleted from your S3 bucket, set the
Advanced.S3.DeleteSpecificVersion property to True,
either in the FileNet.properties file or as a JVM argument. To delete a
specific version of a document you need the additional S3 permissions:
s3:DeleteObjectVersion DELETE Object
For IBM Cloud Object Storage, only TLS v1.2 HTTPS protocols are supported. To ensure that the
correct HTTPS protocols are used, add the following JVM
argument:
-Dhttps.protocols=TLSv1.2
How you configure authentication might be different depending on the application server that
you're using:
- If your Content Platform Engine is running on WebSphere® Application Server, you must deploy the S3 client certificate directly in the WebSphere Application Server Administrative Console. For details, see Deploying a client certificate on WebSphere.
- If your Content Platform Engine is running on Oracle WebLogic Server, you can export the certificate from the region's host, for
example,
https://s3-us-west-1.amazonaws.com/
, and then import the WebLogic JRE as a signer certificate.
Procedure
To create an S3 storage device: