Scope: Object Storage Administrator
The settings view is visible to administrators of the
These collections of settings are system-wide settings:
General & Connectivity
General & Connectivity settings¶
Allow Tenant Name In URL¶
Allow specifying the tenant name (account name) in the URL passed in the API instead of its ID. (Default: No)
Example (account ID):
$ wget https://vsa-00000001-mycloud-01.zadara.com/v1/AUTH_8f9388c6dfdb4352ae411e3b4e655850/my-website/cat.png
Example (account name):
$ wget https://vsa-00000001-mycloud-01.zadara.com/v1/AUTH_webhosting/my-website/cat.png
For AWS v4 signature, “region” (also called bucket_location) must be
specified for the signature mechanism to work. (Default:
The default value of the region setting was changed in Object Storage
version 20.12 from
us-east-1. Object Storages that were
created prior to that version will not inherit the new region setting
The region settings in the S3 compatible object storage clients and the Object Storage should be identical.
API Error Alerts¶
The API Error Alert provides the ability to enable alerts for failed API requests (HTTP Codes 400, 403, 408, 500, 502, 503, 504) and the threshold for such alerts.
Default Status: Enabled Default Threshold: 1
Containers Virtual-Hosted Style Supported¶
While virtual-hosted style access is disabled by default, the Object Storage supports both path-style and virtual-hosted style.
In a virtual-hosted-style request, the container name is part of the domain name in the URL. Zadara’s Object Storage uses the following format:
https://<container-name>.<object storage id>-<cloud-id>.zadara.com/<key>
Example of virtual-hosted style URL:
In a path-style URL, the container name will be used as part of the logical path of the URL, as in the following format:
https://<object storage id>-<cloud-id>.zadara.com/<container-name>/<key>
Example of path style URL:
Using Virtual-Hosted style access requires a proper DNS registration and matching SSL certificates, which are handled automatically by the Object Storage engine. However, if the Object Storage uses a custom SSL certificate and API hostname, the Object Storage administrator is required to ensure the compatibility of their certificates and DNS registration.
Welcome message user information¶
New members and account administrators are provided with connectivity details post registration to the system. The connectivity details are send via email to the email address attached to their account.
As the object storage supports multiple network interfaces the object storage administrator can decide which network(s) information would be shared with their new users.
(Default: Front-End network)
Each consumer facing network interface is presented in this section (grouped by the network type). This section allows the admin to adjust the API hostname if a custom domain name is needed.
The Object Storage is provisioned with the Front End network interface and Public IP. Additional network interfaces can be assigned to the Object Storage.
Once additional network interfaces are assigned, their connectivity information is listed.
Front End network¶
Public IP: (read only)
An IP address that allows access to the Object Storage system from the public internet. Assigning a Public IP is done via the Zadara Provisioning Portal, as described in Assigning Public IPs.
API Endpoint: (read only)
The effective API endpoint address for Object Storage REST API for all IO requests.
Auth (authentication) Endpoint: (read only)
The effective address for Object Storage API for authentication requests. The authentication endpoint value is derived from the API hostname.
Starting from version 19.08 the default supported authentication for Openstack Swift client is Keystone v3 authentication.
The support Keystone v2 authentication was deprecated.
Placeholder - frontend IP address for Object Storage ……..
Object Storage FQDN (fully qualified domain name).
For the Object Storage API Hostname either static IP, or FQDN must be given.
Floating FE IP: (read only)
The floating frontend IP address used by the Object Storage.
Proxy VC IP: (read only)
The Object Storage Virtual Controllers IP frontend addresses.
Public IP: (read only)
Placeholder - An IP address that …………
Public API Hostname:
Public API Endpoint:
Public Auth Endpoint:
The Object Storage Administrator can control the VPSA Password expiration policy and password history policy.
Dual Factor Authentication¶
Enforce Dual Factor Authentication for all users. Once enabled, the Object Storage users will be required to set MFA.
Cloud Admin Access¶
This sets the ability to access the cloud administrator Object Storage management interface (via Command Center).
Upload SSL Certificate (Optional)¶
Object Storage REST API works over HTTPS with SSL certificate. Object Storage defaults to its built-in SSL certificate (issued for zadara.com domain). If the Object Storage administrator may want to use its own certificate, upload it in this section. The supported certificate format is “PEM”. SSL “PEM” certificate format, as defined in RFCs 1421 through 1424, is a concatenated certificate container files. It is expected that the Object Storage administrator will append the private-key to the certificate prior uploading it.
The resulting PEM should like like this:
-----BEGIN RSA PRIVATE KEY----- (Your Private Key: your_domain_name.key) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (Your Primary SSL certificate: your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: Intermediate.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: RootCertificate.crt) -----END CERTIFICATE-----
Make sure the certificate used is issued for the Hostname or IP specified in Object Storage endpoints listed above
This sets the encryption password for the Object Storage data-at-rest encryption.
For more information on encrypted containers see Encrypted Containers .
Swift Token Expiration¶
Swift token expiration can be set manually, default is one day (1440 minutes).
The Object Storage defaults to HTTPS clients connectivity. The SSL termination
is conducted by the internal load balancer. However, if an external load
balancer is used in-front of the Object Storage, SSL termination can be
external which will assume HTTP traffic between the external load
balancer and the Object Storage.
Select the currency used for billing purposes. Supported currencies are:
USD - USA Dollar
GBP - Great Britain Pound
EUR - Euro
AUD - Australia Dollar
KRW - South Korea Won
JPY - Japan Yen
CNY - China Yuan
Data Transfer Pricing:
If you want to charge your internal/external customers for the traffic going into and from Object Storage, you can specify your currency and pricing in the Setting>Pricing tab.
<policy name> policy price:
Pricing for stored capacity depends on the storage policy used. Therefore the capacity price is set per policy as the price per GB per month. If multiple data policies exist, a different pricing can be configured for each data policy.
FE MTU Size¶
Modify the MTU size for the Frontend interface (1500 - Default, 2048, 4096, 9000)
Public MTU Size¶
Modify the MTU size for the Public interface (1500 - Default, 2048, 4096, 9000)
Load Balancer Mode¶
Toggle the internal load balancer & Zadara Elastic Load Balancer mode of operation:
Direct Server Return (default) - Recommended for scale. Packets from the Object Storage virtual controller bypass the load balancer, maximizing the egress throughput.
NAT - The load balancer will be used as a gateway for all traffic from /to the Object Storage virtual controller.
Changing the Load Balancer mode of operation can be disruptive for existing clients workload.
Custom DNS Servers¶
A custom (private) DNS server can be set to allow proper name resolution of private domain names, this setting is useful while working with a Remote Authentication Provider.
Custom name servers name server IP, comma separated
DNS lookup domain (optional) - set the explicit domain name that will be searched using the custom name server