Chatee ahora con Soporte
Chat con el soporte

QoreStor 7.1.2 - User Guide

Introducing QoreStor Accessing QoreStor Configuring QoreStor settings
Licensing QoreStor Configuring SAML Configuring an SSL Certificate for your QoreStor System Configuring Active Directory settings Understanding system operation scheduling Configuring share-level security for CIFS shares Configuring Secure Connect Enabling MultiConnect Configuring and using Rapid NFS and Rapid CIFS Configuring and using VTL Configuring and Using Encryption at Rest Configuring and using the Recycle Bin Configuring Cloud Reader Configuring RDA immutability
Managing containers Managing local storage Managing cloud storage Managing replications Managing users Monitoring the QoreStor system Managing QoreStor remotely Support, maintenance, and troubleshooting Security recommendations guide About us

Adding a performance tier

Adding a performance tier can be accomplished through the QoreStor UI or via the performance_tier command in the QoreStor CLI. Refer to the QoreStor Command Line Reference Guide for more information on the performance_tier command.

To add a performance tier

Before adding a performance tier, ensure that the storage is mounted to the QoreStor server as an XFS filesystem. Refer to Guidelines for configuring additional storage for additional guidelines and requirements.

  1. In the navigation menu, click Local Storage to expand the menu, then click Performance Tier.
  2. Click Add Performance Tier.
  3. Enter the mount path for the performance tier volume.
  4. Optionally, click Test to ensure this storage meets the performance requirements. You will be prompted that the test can take several minutes, click Confirm to continue.
  5. Click Add.

    When a performance tier is added, QoreStor will also create the corresponding storage group "PerformanceTier" mapped to the performance tier storage.

  6. A warning will be displayed notifying you that a service restart may be required. Click Confirm to continue.

    NOTE: QoreStor services will be restarted. You will need to log into the UI once the restart is complete.

  7. Once the performance tier is created, you can enable encryption. Refer to Editing a performance tier.

 

Adding a performance tier through the command line

To add a performance tier, complete the following steps.

  1. Access the QoreStor CLI. Refer to Accessing the CLI commands for more information.
  2. Add a performance tier using the command
    performance_tier --add --path <enclosure filesystem dir> [--compression_mode <fast|best>] [--quota <Quota value in GiB or TiB>}

    Refer to the QoreStor Command LIne Reference Guide for more information

  3. To apply encryption to the data in this performance tier, use the command:
    performance_tier --encryption [--set <ON | OFF>] [--mode <static|internal> <--interval <7 days to 70 years>]

    For more information, refer to the QoreStor Command Line Reference Guide.

    NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale. For more information about recommended guidelines for encryption, see Understanding Encryption at Rest

    NOTE: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable.

    NOTE: After encryption is enabled, all of the data that is backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Note that encryption is an irreversible process.

 

Editing a performance tier

To modify a performance tier via the user interface, complete the following steps

  1. In the navigation menu, click Local Storage to expand the menu, then click Performance Tier
  2. Click Edit Performance Tier.
  3. On the Edit Performance Tier page, select or modify the options below, as appropriate:
    • Unlimited Quota— This option is selected by default. To set a quota, de-select this option and enter a numeric value (greater than 100) in the Quota field. Select the value format (either GiB or TiB). Refer to Quotas for more information. Once a quota is set, it can be reset to the default value of unlimited.
    • Encryption— Select this option to enable encryption on the performance tier.
    • Old Passphrase—Enter the current passphrase you want to change.
    • New Passphrase—Enter the new passphrase to be used to encrypt content encryption keys. (The passphrase string can take up to 255 characters. And, alphanumeric and special characters can be entered as part of the passphrase string.)
    • Confirm Passphrase—Re-enter the encryption passphrase.
    • Encryption Mode— Select the mode of key lifecycle management from one of the following options:
      • Static— A global, fixed key is used to encrypt all data.
      • Internal— Content encryption keys are generated and rotated on a specified period of days.
    • Key Rotation— Displays the number of key rotation interval days as N/A, or the number that was set for Internal Encryption Mode. If you selected Internal as the mode of key management, select the number of days for key rotation when a new key is to be generated. This option is available only for Internal encryption mode.

      NOTE: After encryption is enabled, all of the data that is backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Encryption is an irreversible process.

  4. Click Update.

To modify a performance tier via the CLI, complete the following steps

  1. Access the QoreStor CLI. Refer to Accessing the CLI commands for more information.
  2. Modify your performance tier using the command below. Refer to the QoreStor Command Line Reference Guide for more information.
    performance_tier --update  [--compression_mode <fast|best>] [--quota <Quota value in GiB or TiB>]
    performance_tier --encryption [--set <ON | OFF>] [--mode < static | internal >] [--interval <7 days to 70 years>]

Configuring Object Container

QoreStor's Object container provides an object storage interface which enables customers to write Object data(S3 format) directly to Qore. This allows solutions that leverage an S3-based connection to send data directly to a QoreStor instance instead of Amazon S3 with the added benefits of deduplication, encryption, replication and network optimized data transfer.

Object storage is configured by adding a container with the Object (S3 Compatible) protocol. Doing so will create the ObjectStorageGroup storage group. QoreStor supports only one object container at a time.

NOTE: Object containers internally use an RDA connection.

Creating an Object container

Adding an object container can be accomplished through the QoreStor UI or via the object_container command in the QoreStor CLI. Refer to the QoreStor Command Line Reference Guide for more information on the object_container command.

NOTE: QoreStor object container does not support object lifecycle management, which means transitioning storage classes or server side expiration of objects is not supported.

To create an object container

  1. In the navigation menu, click Containers.
  2. On the Containers pane, click Add Container. The Add Container dialog will be displayed.
  3. In the Protocol field, select Object (S3 Compatible). The Name and Storage Group are populated by default.
  4. Click Next.
  5. To apply encryption, select Encryption and enter the following:
    • Passphrase — the passphrase is user-defined and is used to generate a passphrase key that encrypts the file in which the content encryption keys are kept. The passphrase is a human readable key, which can be up to 255 bytes in length. It is mandatory to define a passphrase to enable encryption.

      NOTE: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable.

    • Confirm Passphrase — re-enter the passphrase used above.
    • Encryption Mode — Select either static or internal.
      • static - A global mode of key management in which a fixed key is used to encrypt all data.
      • internal - A mode of key lifecycle management in which the keys are periodically generated and rotated. The minimum key rotation period before the content encryption key can be rotated and a new key is generated is 7 days. This rotation period is user-configurable and can be specified in days.

    NOTE: Refer to Configuring and Using Encryption at Rest for more information about encryption.

  6. Optionally, configure a Quota by entering an amount and setting the unit (GiB or TiB). If no value is set, the quota will be unlimited.
  7. Optionally, select Use HTTP instead of HTTPS. To use an HTTP connection, you must also follow the steps below:
    1. On the QoreStor server, copy the aws.conf file to a new location:

      cp /etc/oca/aws.conf.oca /etc/oca/aws.conf

    2. Open the aws.conf file and update the endpoint connection protocol to http:

      vi /etc/oca/aws.conf

      Find the line containing AWS_ENDPOINT_PROTOCOL and set the value to http .

  8. NOTE: The QoreStor implementation of object storage uses a self-signed certificate. If your data management application requires third party certificates, you must use HTTP to connect to the object container.

  9. Click Next.
  10. Review the summary and click Finish.

When the process is completed and the object container has been added to QoreStor, you will see the storage group ObjectContainer and the container ObjectStorageGroup added to the Storage Groups and Container pages, respectively.  See the topics below for information on working with object storage.

Adding an object container through the command line

To add an object container, complete the following steps.

  1. Access the QoreStor CLI. Refer to Accessing the CLI commands for more information.
  2. Add an object tier using the command
    object_container --add [--quota <Quota value in GiB or TiB][--use_http <yes|no>]

    Refer to the QoreStor Command LIne Reference Guide for more information.

  3. To apply encryption to the data in this object tier, use the command:
    object_container --encryption [--set <ON | OFF>] [--mode <static|internal> <--interval <7 days to 70 years>]

    NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale. For more information about recommended guidelines for encryption, see Understanding Encryption at Rest

    NOTE: It is mandatory to define a passphrase to enable encryption. If the passphrase is compromised or lost, the administrator should change it immediately so that the content encryption keys do not become vulnerable.

    NOTE: After encryption is enabled, all of the data that is backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Note that encryption is an irreversible process.

    NOTE: When QoreStor is installed in Object direct mode, only Static encryption is supported.

    For more information, refer to the QoreStor Command Line Reference Guide.

  4. After creating an object container, you must configure user access for the container. By default, the backup_user account is configured with the object role and read/write access. To set the user policy for additional user accounts, use the command:
    object_container --policy [--set] [--policy_type <readonly|readwrite|none>] --name <user name> [--show] --name <user name>

    IMPORTANT: The backup_user and password are to be used as access key and secret key respectively when connecting to QoreStor from the S3 clients. The default values are:

    Access key: backup_user

    Secret key: St0r@ge!

    To see the S3 endpoint, use the command object_container CLI /opt/qorestor/bin/object_container --show --endpoint

    The endpoint is displayed in the format https://<QoreStor IP address>:9000

    Make sure port 9000 is allowed for access through the firewall.

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación