Vault Console (Object Storage)
- 1 Overview
- 2 Getting Started
- 2.1 Password Reset Required
- 2.2 Generate Root Access Keys
- 2.3 Member Roles
- 2.4 Create Additional Member Accounts
- 2.5 Enable MFA
- 2.6 Working with Buckets and Objects
- 2.6.1 Create a Bucket
- 2.6.2 Test Bucket Privacy
- 2.6.3 Working with a Bucket
- 2.6.4 Bucket Versioning
- 2.6.5 Bucket Logging
- 2.6.6 Object Locking
- 2.6.7 Storing Objects in Buckets
- 2.6.8 View File Versions
- 2.6.9 Accessing Buckets from 3de Party Applications
- 2.7 Q & A - VAULT Object Storage
Overview
Partners and Clients can utilize Vault to manage and access their Object Storage via Zettagrid
Order Process
Order Storage via your Account Manager or support@zettagrid.com
Provide following details in ticket
Account ID (If current Zettagrid Client)
Storage Size (Min 10TB)
Vault login details will be supplied after order process!
Login Console https://zettagrid.poweredbywasabi.com/login
Getting Started
Use new login credentials recevied after order process.
When logging in the first time, a new member may be required to change their password.
Password Reset Required
When logging in the first time, a new member may be required to change their password.
Go to the Login page and enter your email address/username and password.
If required, please enter a new password.
Generate Root Access Keys
Click on “Settings”
Select “Access Keys”
Click on “Generate Access Key”
This will present you with the ability to Copy or Download these keys. Please store in a safe place as this is the only time these keys will be available.
Reset Root Access Keys
Click on “Settings”
Select “Access Keys”
Click on “Reset Access Key”
Warning: By performing a Root Access Key Reset, all current existing Root Access Keys will be deleted and replaced with a single new Root Access Key.
This will present you with the ability to Copy or Download these keys. Please store in a safe place as this is the only time these keys will be available.
Member Roles
Members have six different roles:
● Root – can perform all actions in the Zettagrid Vault Console including managing Root Access Keys and managing account Members.
● Administrator - can perform all actions in the Zettagrid Vault Console including managing account Members but cannot view Root Access Keys
● Full Access – can perform all S3 actions but cannot view Members or Root Access Keys Access Keys
● Full Access Limited – same functionality as Full Access but cannot perform S3 Delete actions
● Download Only – can view all S3 action including the ability to Download a file
● Read Only – can view all S3 actions and cannot Download a file
Managing Members - Root and Administrator Members can manage all aspects of their Members.
Create Additional Member Accounts
If additional access is required for management of your account you can create users under members.
Click on “Settings”
Select “Members”
Click on “Create Member”
Password Reset Required forces the Member to enter a new password upon logging in the first time.
Enable MFA
To enable MFA select settings and profile tab
Scroll down and “Turn On” MFA
Complete process below
Going forward, you will be required to enter a code for your Authenticator application to login.
Disable Multi-factor Authentication (MFA)
Follow same process but select “Turn Off”
Working with Buckets and Objects
Accounts can store objects (folders and files) in buckets. Once you create a storage bucket, you can upload objects into the bucket. You can create up to 1000 buckets per account.
Create a Bucket
On the Zettagrid Vault Console, click Create Bucket. If you are a new user, you may see a screen such as the one below.
In the “ Bucket Name” area, enter a unique DNS-compliant name for your new bucket. You should develop a naming strategy following these guidelines:
● The name must be unique across all existing bucket names. A bucket name must:
Be a valid DNS-compliant name
Begin with a lowercase letter or number, and
Consist of 3 to 63 lowercase letters, numbers, periods, and/or dashes. The name cannot contain underscores, end with a dash, have consecutive periods, or use dashes adjacent to periods. And, the name cannot be formatted as an IP address (123.45.678.90).
● Choose a bucket name that reflects the objects you will store in the bucket.
The bucket name is visible in the URL that points to the objects you will put in the bucket.
Select the region (geographic location) where you want the bucket to reside. The URL of the region you select is displayed with the region name.
Region will be locked down to Australia unless requested in other locations
At this point, you have several options before creating the bucket.
Bucket Versioning - Can be enabled after bucket creation
Is a way to maintain multiple variations of an object in the same bucket. You can then retrieve and restore any version of an object in the bucket. This provides protection against inadvertent removal of an object (such as by overwriting or expiration).
Bucket Logging - Can be enabled after bucket creation
Creates a text log file of all access to the bucket. You can specify the target bucket in which to store log files as well as a prefix to include in the log file name
Object Locking - Object Lock must be enabled at the time a bucket is created. Buckets using Object Lock must also have Versioning enabled. Can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.
Click Create to accept the information and create the bucket. A message at the top of your screen indicates that the bucket was created successfully. The new bucket is displayed on the Buckets View
Edit bucket properties via three dots icon at the end of the row to:
Delete or View/Edit Bucket
Test Bucket Privacy
Australia Sydney Zone
https://s3.ap-southeast-2.wasabisys.com/[bucket_name]
A private bucket that is NOT open to public access via Internet will return Access Denied:
Working with a Bucket
Bucket Properties
Bucket properties can be viewed via the three dots icon :
Several settings can be changed
Object Lock must be enabled at the time a bucket is created.
Bucket Versioning
Bucket Versioning Versioning is a way to maintain multiple variations of an object in the same bucket. When versioning is enabled, you can then retrieve and restore any version of an object in the bucket. This provides protection against inadvertent removal of an object (such as by overwriting or expiration).
There are three Versioning states a bucket can be in
Unversioned
Enabled
Suspended
Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket. The versioned objects that have been created will remain in the bucket. You will want to remove them specifically if they are no longer needed.
Enabling Bucket Versioning for Unversioned
Select a Bucket that is Unversioned from the Buckets List.
Click Properties.
Under Bucket Versioning, click on Enable Versioning.
Confirm that you want to Enable Versioning
Suspending Bucket Versioning for Versioned Buckets
Select a Bucket that is Versioned from the Buckets List.
Click Properties.
Under Bucket Versioning, click on Suspend Versioning
Confirm that you want to Suspend Versioning.
Bucket Logging
Bucket Logging creates a text log file of all access to the bucket. You can specify the target bucket in which to store log files as well as a prefix to include in the log file name.
Enabling Bucket Logging
Select a Bucket from the Buckets List that you want to enable Bucket Logging for.
Click Properties.
Slide the switch to enable Bucket Logging.
Enter a Logging Prefix to include in the log file name. Each log file will start with the characters you enter.
Select a Target Bucket in which to store log files.
Click Update to confirm your settings.
Object Locking
Object Locking can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. Object Locking must be enabled at Bucket Creation. Versioning must also be enabled on the bucket. Once enabled, Object Locking cannot be disabled.
Creating an Object Lock Bucket
Click Create Bucket from the Buckets list
Slide the switch next to Object Locking to enable Object Locking on this Bucket. (Note: Bucket Versioning will be enabled automatically)
Setting Object Locking Defaults
When Object Locking is enabled for a bucket, the Object Locking panel tab on the properties page for the bucket will have default settings that can be configured.
Select a Bucket from the Buckets List that you would like to configure Object Locking Defaults for. (Note: This Bucket must have had Object Lock enable at Bucket Creation.)
Click Properties
Slide the switch next to Enable Bucket-Level Object Retention. These settings will automatically apply to all new objects placed into the bucket after you apply the settings.
Configure a mode by selecting either Governance Mode or Compliance Mode.
-Configure the Retention Period (Time Scale and Retention Time)
Click Update.
Confirm
Objects placed in Governance Mode remain immutable until after they have reached the retain until date, unless a user has specific IAM permissions to alter the settings.
Objects placed in Compliance Mode remain immutable until after they have reached the retain until date. This cannot be reversed for any reason, by any user, regardless of user permissions.
View Object Lock information
Click on a Bucket
Click on an Object. The “Mode,” “Retain Until” date, and “Legal Hold” status are displayed.
If you want to modify the “Mode” and/or “Retain Until” date, click Edit (to the right of Object Locking). After making your change, click APPLY to save the Object Locking changes.
If object locking was not previously configured on the object:
You can click
Enable Object Locking and Configure the Mode
Legal Hold
You can toggle the Legal Hold on or off for the object. This will prevent anyone from Deleting the Object if enabled.
Storing Objects in Buckets
Follow the following steps to upload files via Vault:
Select the bucket you want to use
Click on Upload Files
Browse or drag and drop files
Click Start Upload to upload the objects.
Upload a file(s) by clicking the BROWSE FILES button. Then, navigate to find the file(s) you want to upload. You can use the Shift or Ctrl keys to select multiple files. (Continue with the next step.) If you choose the same file name from different folders, the file chosen last will be stored before the upload starts.
Avoid the use of the following special characters in a file name:
% (percent)
< (less than symbol)
> (greater than symbol)
\ (backslash)
# (pound sign)
? (question mark)
Certain file names may have non-ASCII characters that are 4 byte UTF8 characters (such as emojis). These characters are not support and will return a 400 error message to an application that tries to write a file with 4 byte UTF characters in the file name. We recommend renaming the affected files, if possible.
Remove files from upload list
To remove a file from the list before uploading, click X to the right of the file name. To remove all selected files before uploading, click Clear Files.
Click Start Upload to upload the objects.
A check appears to the right of each file name when it is successfully uploaded.
View File Versions
Toggle on “Show Versions” from the Objects list
Find the “versioned” objects in the Object list
Accessing Buckets from 3de Party Applications
Accessing your buckets via a 3de Party Application usually required the following
Bucket Name
S3 Compatible storage Service Point
Access and Security Keys
Example - CloudBerry Explorer
Zettagrid Vault - Service Point
Zettagrid Vault - Wasabi AP Southeast 2 (Sydney) | |
Zettagrid Vault - Wasabi AP Southeast 1 (Singapore) |
Confirming bucket/data location via Vault
Access and Security Keys
Information on how to generate new access keys can be found in the start of the document
Q & A - VAULT Object Storage
Object Storage charges?
No egress charges
No API Request charges
Object Storage 30 day Retention Policy may apply
(If stored objects are deleted before they have been stored with Vault for a certain number of days, a Timed Deleted Storage charge equal to the storage charge for the remaining days will apply.)
Minimum storage duration policy work
This policy is comparable to the minimum storage duration policies that exist with some AWS and other hyperscaler storage services.
30 days for customers using Zettagrid Vault
One of the big advantages with Zettgrid is the 30 Day vs 90 Day retention policy!
Clients are more likely to have additional cost with 90 Day than 30 Day retention.
EXAMPLE - To better understand how the minimum storage retention policy works, let’s consider an example (a 90 day policy is used in this example).
-An object is stored in Vault on day 1
-On day 16, this object is deleted from Vault
In this example, you will be billed for:
-15 days of Timed Active Storage
-75 days of Timed Deleted Storage
Can I purchase more than 10TB of VAULT?