Versions Compared

Old Version 7

changes.mady.by.user Kyle Miller

Saved on

compared with

New Version Current

changes.mady.by.user Bala Harish A(AC)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
hiddentrue
Table of Contents
minLevel1
maxLevel2
outlinefalse
typelist
printablefalse

Starting with Gateway 7.3 and Content UI 7.3, the concept of a System domain has been introduced to provide legacy SCSP clients with the ability to access unnamed objects (Understanding Unnamed Objects) stored outside of all storage domains. The System domain feature allows taking advantage of Swarm's modern features such as metadata searching for unnamed and untenanted objects in a cluster. It provides better access control policy management and integration via the UI.

Info

System

domain

Domain vs

.

Default

domain

Domain

System domain is not the same as a default domain. For more information on Default domain, see Guidelines for managing Managing Domains.

With the System domain, the choices for connecting legacy SCSP clients with the storage are:

  1. direct network connection to all object storage nodes,

  2. through legacy SCSPproxy package, or

  3. through gateway running in legacy mode.

Direct network connection and SCSPproxy with legacy application clients:

...

  • continue to work without changing application code logic (except legacy auth/auth)

  • cannot use legacy HTTP digest auth/auth mechanism

  • storage-in-use and bandwidth metering is tracked by gateway

  • audit logging for all access

  • access control using gateway's policy mechanism

  • assured isolation from content within other storage domains

API and UI

The System domain is considered a child of the System tenant and is represented as a domain called "System" within the System tenant, both in the UI listing and in the Management API ("_system"). Metrics for the System domain roll up into the System tenant, together with metrics for all untenanted domains.

...

System domain also supports Collections.

...

Setting Up Access Permissions

The System domain has no owner and no one can be assigned to be the owner, so there is no default access policy for it. System domain management only allows setting IDSYS (IDSYS Document Format) and policy based access. Access to content in the System domain must be granted through the root and/or System domain-specific policies.

Info

Important

No user is able to perform SCSP operations with content in the System domain if no policy is added and no root policy exists granting access to the System domain.

...

Authentication tokens (Setting Tokens) are not supported for the System domain in the UI.

...

Configuring a Gateway as a System Domain-

...

Only Gateway (Legacy Mode)

Gateway can be configured to work in one of the following modes:

...

Content UI is only available through normal mode gateways and attempting to use the UI through a legacy-only mode gateway returns the following message in a browser:
This gateway is running in legacy mode. UI requests are not supported.

Info

Important

Attempting to use modern clients using tenanted objects within storage domains or named objects within buckets with a gateway configured in legacy mode is a misconfiguration. These clients need to use a separate gateway configured for normal mode operations.

...