Starting with Gateway 7.3 and Content UI 7.3, the concept of a System domain has been introduced to provide legacy SCSP clients with the ability to access unnamed objects (https://perifery.atlassian.net/wiki/spaces/public/pages/2443810982) stored outside of all storage domains. The System domain feature allows taking advantage of Swarm's modern features such as metadata searching for unnamed and untenanted objects in a cluster. It provides better access control policy management and integration via the UI.

With the System domain, the choices for connecting legacy SCSP clients with the storage are:

1. direct network connection to all object storage nodes,

2. through legacy SCSPproxy package, or

3. through gateway running in legacy mode.

Direct network connection and SCSPproxy with legacy application clients:

• continue to work in existing deployment without code modifications

• can use legacy HTTP digest auth/auth mechanism with storage nodes

• storage-in-use metering is tracked by gateway

• bandwidth metering is not tracked by gateway

• no audit log tracking by gateway

• can interfere with tenanted content within storage domains – depends on specific application

Legacy application clients connecting through gateway:

• continue to work without changing application code logic (except legacy auth/auth)

• cannot use legacy HTTP digest auth/auth mechanism

• storage-in-use and bandwidth metering is tracked by gateway

• audit logging for all access

• access control using gateway's policy mechanism

• assured isolation from content within other storage domains

API and UI

The System domain is considered a child of the System tenant and is represented as a domain called "System" within the System tenant, both in the UI listing and in the Management API ("_system"). Metrics for the System domain roll up into the System tenant, together with metrics for all untenanted domains.

Open

Buckets cannot be created in the System domain, but it presents the Content IDs pseudo-bucket. Upload to Content IDs the same way as to any other domain.

Open

System domain also supports Collections.

Setting Up Access Permissions

The System domain has no owner and no one can be assigned to be the owner, so there is no default access policy for it. System domain management only allows setting IDSYS (https://perifery.atlassian.net/wiki/spaces/public/pages/2443816826) and policy based access. Access to content in the System domain must be granted through the root and/or System domain-specific policies.

Authentication tokens () are not supported for the System domain in the UI.

Configuring a Gateway as a System Domain-Only Gateway (Legacy Mode)

Gateway can be configured to work in one of the following modes:

• Normal mode with tenanted named and unnamed objects

• Legacy mode with unnamed untenanted objects only. (new with v7.3)

This is configured using the following setting. The default value is 'false' and the gateway runs in normal mode if unset.
[gateway]
legacyOnlyMode = true/false

Legacy mode allows configuring a gateway as a System domain-only gateway for use by legacy SCSP clients so unnamed objects in the System domain can be accessed. Gateway disregards a client's specification domain and communicates solely to the System domain in the back-end storage cluster when operating in this mode.

Content UI is only available through normal mode gateways and attempting to use the UI through a legacy-only mode gateway returns the following message in a browser:
This gateway is running in legacy mode. UI requests are not supported.