Setting configuration options

You can set various options from the Grid Manager to configure and fine tune the operation of your StorageGRID system.

Endpoint domain names

If you plan to support S3 virtual hosted-style requests, you must configure the list of endpoint domain names that S3 clients connect to. Examples include s3.example.com, s3.example.co.uk, and s3-east.example.com.

Note: The configured server certificates must match the endpoint domain names.

Link costs

You can adjust link costs to reflect the latency between sites. When two or more data center sites exist, link costs prioritize which data center site should provide a requested service.

Grid options

Grid options apply to the compression, encryption, and hashing of stored objects and to S3 and Swift client operations.

Storage options

Storage options allow you to control object segmentation and to define storage watermarks to manage a Storage Node’s usable storage space.

Display options

Display options allow you to specify the timeout period for user sessions and to manage email notifications for alarms and AutoSupport.

Server certificates

You can upload two types of server certificates:

Note: Load balancer certificates are managed separately and are configured on the Load Balancer Endpoints page.

Compliance

You can enable compliance for your StorageGRID system if S3 tenant accounts need to comply with regulatory requirements when saving object data. When compliance is enabled globally and the active ILM policy includes one or more compliant ILM rules, S3 tenant users with the appropriate permissions can create compliant buckets, set and increase the retention period for bucket objects, specify how objects can be deleted at the end of their retention period, and optionally place all objects in the bucket under a legal hold or lift a legal hold.

For example, this tenant user is creating a compliant bucket named bank-records in the default us-east-1 region. Objects in this bucket will be retained for 6 years and then deleted automatically. This bucket is not currently under a legal hold.
screenshot showing example Create Bucket UI when compliance is enabled

Proxy settings

If you are using S3 platform services or Cloud Storage Pools, you can configure a non-transparent proxy server between Storage Nodes and the external S3 endpoints. If you send AutoSupport messages using HTTPS or HTTP, you can configure a non-transparent proxy server between Admin Nodes and technical support.


Proxy Settings Menu - Storage

Load balancer endpoints

Load balancer endpoints define Gateway Node and Admin Node ports that accept and load balance S3 and Swift requests to Storage Nodes. HTTPS endpoint certificates are configured per endpoint.

High availability groups

High availability (HA) groups allow multiple Admin Nodes and Gateway Nodes to maintain virtual IP addresses (VIPs) on the active node and switch to a backup node automatically if a node fails.

Each HA group operates as active-backup with a single node serving the traffic for all VIPs configured for the group. You must specify a preferred master node for the HA group. If the preferred master is online and functional, it serves the VIPs; otherwise, one of the other nodes is selected.

Optionally, you can configure a series of HA groups to achieve pseudo active-active HA.

Note: You can configure VIP addresses for high availability only on the Grid Network or the Client Network. The Admin Network does not support HA VIPs.

Untrusted Client Networks

If you are using a Client Network, you can help secure StorageGRID from hostile attacks by specifying that the Client Network on each node be untrusted. If a node's Client Network is untrusted, the node only accepts inbound connections on ports explicitly configured as load balancer endpoints.

For example, you might want a Gateway Node to refuse all inbound traffic on the Client Network except for HTTPS S3 requests. Or, you might want to enable outbound S3 platform service traffic from a Storage Node, while preventing any inbound connections to that Storage Node on the Client Network.