Migrating Applications from Direct-to-Swarm

This section describes how to adapt native Swarm storage applications to use Content Gateway.

Requirements

  • Supply storage domain name in all requests

  • Use HTTP basic authentication instead of digest

  • Use Gateway ACL system instead of native Swarm auth/auth

  • Do not use Integrity Seal hash-type upgrade through Gateway

Tip

When integrating with Gateway, applications do not need to handle the HTTP 100-continue or redirect semantics Swarm clients must include: the Gateway operates as a reverse proxy and correctly use 100-continue when communicating with Swarm and hides all redirects from the upstream client.

Domains

Because Gateway is performing access control and validation for all operations, every content request must identify the storage domain for which the request is destined. The order of precedence for specifying the storage domain is:

  1. Query argument: domain=X, else

  2. HTTP X-Forwarded-Host header, else

  3. HTTP request Host header value.

While some native integrations with Swarm are rigorous in specifying the storage domain, Swarm is permissive of requests not specifying one. Swarm also has additional precedence rules for assigning the storage domain; these are not compatible with requests handled through Gateway. When using Gateway, an application must specify the storage domain explicitly using one of the listed methods.

Authentication

It is common to require client applications to authenticate requests because Gateway is often deployed in access-controlled environments. While applications that previously integrated with Swarm may not have chosen to include provisions for authenticating requests.

Deprecated

The native Swarm auth/auth feature is deprecated and was removed as of June 2017. security.noauth = False must be added to continue using the native auth/auth if using Swarm's native auth/auth for applications.

Applications can interoperate with Gateway and Swarm by implementing the Gateway ACL system or using a library that provides for an automatic selection. Unless an application manipulates the access control policies within Swarm, no additional changes are required when integrating with Gateway. Applications that do manipulate these policies need to be adapted for Gateway's enhanced access control mechanism.

SSL

Content Gateway provides system administrators with the capability of encrypting client communications with SSL. Applications are recommended to provide for HTTPS communications when integrating with Gateway. Since many HTTP libraries already provide this capability, it is likely that applications need to add a configuration provision to use HTTPS versus HTTP.

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.