StorageFabric Demo Scenario

View Pre-Configured Providers and Data Buckets

The StorageFabric Demo system is preconfigured with multiple cloud storage providers, along with an AWS and a Google Virtual Bucket for your use.

To view the configuration, use the following steps.

1 Login to the configuration manager web interface.

To login to the Configuration Manager Web interface:

• Open a browser, and visit the Configuration Manager URL provided to you, for example, https://sf-demo.privatemachines.com:5600

• On the Login Page, enter the user name and password provided to you.

• Click Login.

2 View configured providers and data buckets.

To see the providers configured in your demo system.

• Expand BACKENDS and click the Providers link from the left-hand-side navigation menu.

To see the Virtual Buckets configured in your demo system.

• Expand STORAGE and click the Virtual Buckets link from the left-hand-side navigation menu.

Upload and Download Data Securely via the StorageFabric Gateway

In this section, we will use a standard off-the-shelf S3 client and upload/download data securely to both Amazon and Google Virtual Bucket.

1 Create a Client Access Key.

To create a Client Access Key:

• Login to the Configuration Manager Web interface.

• From the left navigation menu, expand IDENTITY and click Client Access Keys.

• Select the tab Create Client Access Key.

• Click on the button Create Client Access Key.

A new client access and secret key will be displayed at the top. Note down the ClientAccessKeyID and ClientSecretAccessKey displayed. We use use these later in Step 3.

2 Download an install a S3 client.

In this demo, we will use the S3 Browser tool. Any other S3-compatible client tools can be used with StorageFabric. For more advanced users, CLIs, python and Java SDKs are also supported as described in the full product documentation. Other off-the-shelf tools, such as CloudBerry Explorer can also be used.

For this demo:

• Download, install, and run the S3 Browser tool from the S3 Browser download page

3 Configure S3 client.

Next, configure the S3 Browser client for StorageFabric

• From the top menu, select Accounts->Add new account.

In the Add New Account dialog:

• Enter StorageFabric Demo for the account name.

• Select S3 Compatible Storage for the Account Type.

• Enter the StorageFabric Gateway URL provided to you for the REST Endpoint. For example, sf-demo.privatemachines.com:8000. Note: Do not enter the https:// prefix.

• For Access Key ID, enter the ClientAccessKeyID generated in Step 1 above.

• For Secret Access Key, enter the ClientSecretAccessKey generated in Step 1 above.

• Check the box Use secure transfer (SSL/TLS).

• Click the button Add new account.

• Then, click on Save Changes.

Once the new account is added, you should see virtual-bucket-1 and virtual-bucket-2 in the client.

4 Upload/Download files securely.

To upload files to any of the Virtual Buckets, simply drag and drop files into the desired bucket.

To download a file, right click on the file name and select Download.

You are now simultaneously accessing both Amazon and Google over a single interface. The StorageFabric Gateway is transparently taking care of all the data encryption and decryption, cloud-compatibility, etc.

Manage Clients Access Control

To briefly showcase access control, we will limit our client from the previous section with read-only access to the Data Buckets.

1 Assign readonly role to client access key.

• Login to the Configuration Manager Web interface.

• From the left navigation menu, expand ACCESS CONTROL and click Client Access Key Roles.

• Select the tab Add Role to Client Access Key.

• For Access Key ID, enter the ClientAccessKeyID generated in the previous section.

• For Role Name, enter readonly.

• For Context, enter { “providers” : “^.*$”, “buckets” : “^.*$”, “paths” : “^.*$” }

• Click Add Role.

2 Remove admin role from client access key.

• From the left navigation menu, expand ACCESS CONTROL and click Client Access Key Roles.

• Locate the row with your ClientAccessKeyID and the admin role.

• Click on the Trash icon in the same row. You will be taken to the Remove a role from a Client Access Key tab.

• Click Remove Role.

3 Check client permissions.

To check new client permissions:

• Move to your S3 Browser client window.

• Try to upload a file into one of your buckets.

You will see an Access Denied error. Note that it may take a minute for permissions to propagate.

4 Restore read-write permissions.

To restore read and write client permissions:

• From the left navigation menu, expand ACCESS CONTROL and click Client Access Key Roles.

• Select the tab Add Role to Client Access Key.

• For Access Key ID, enter the ClientAccessKeyID generated in the previous section.

• For Role Name, enter admin.

• For Context, enter { “providers” : “^.*$”, “buckets” : “^.*$”, “paths” : “^.*$” }

• Click Add Role.

You can upload files again via your S3 browser client app. Note that it may take a minute for permissions to propagate.

Use Key Management Integration

StorageFabric uses a multi-level key hierarchy to protect data. For details, see the full product documentation. Although StorageFabric has built-in key management, integration with on-prem, custom key management solutions is easy. In this section, we will see how to use your custom keys for data encryption.

In this guide, we will use the the full product documentation. You can also add encryption keys via the WEB interface.

1 Generate an Encryption Key.

Use the following command to generate a new Bucket Encryption Key

openssl enc -salt -aes-256-cbc -k $(openssl rand -base64 32) \
    -P -md sha256 | grep key= | cut -d'=' -f 2

A new Bucket Encryption Key will be generated and displayed, similar to the following

444E5DD41F7F168B4AB4675C5D73F903F9899276574D4C397BB83D57F22F55DC

Alternatively, follow instructions for your key management solution, to generate a AES256 Bucket Encryption Key. Convert your key, if required, to a 64-characters long hex string as shown in the example above.

2 Create a Client Access Key for API access.

To create a Client Access Key:

• Login to the Configuration Manager Web interface as the admin user.

• From the left navigation menu, expand IDENTITY and click Client Access Keys.

• Select the tab Create Client Access Key.

• Click on the button Create Client Access Key.

A new client access and secret key will be displayed at the top. Note down the ClientAccessKeyID and ClientSecretAccessKey displayed.

3 Add Encryption Key to StorageFabric.

Use the following CURL command to add the custom encryption key for the Virtual Bucket virtual-bucket-1.

curl -X PATCH \
    https://sf-demo.privatemachines.com:5600/api/buckets/virtual-bucket-1 \
    -u CLIENTACCESSKEYID:CLIENTSECRETACCESSKEY \
    --data add-encryption-key="444E5DD41F7F168B4AB4675C5D73F903F9899276574D4C397BB83D57F22F55DC"

In the above command replace:

• sf-demo.privatemachines.com:5600 with your StorageFabric Configuration Manager URL.

• CLIENTACCESSKEYID and CLIENTSECRETACCESSKEY with the ClientAccessKeyID and ClientSecretAccessKey from Step 2.

• virtual-bucket-1 with your desired Virtual Bucket Name.

• 12899…D55D6 with your custom encryption key in hex format.

Once your new encryption key is added, it will be used henceforth for data encryption. Note that it may take a minute for key changes to propagate.

To view your newly added encryption key, use:

curl -X GET https://storagefabric-configuration.com:5600/api/buckets/ \
        -u CLIENTACCESSKEYID:CLIENTSECRETACCESSKEY

Again, replacing CLIENTACCESSKEYID and CLIENTSECRETACCESSKEY with the ClientAccessKeyID and ClientSecretAccessKey from Step 2.

Exploring Further

This demo guide showcases a very small subset of StorageFabric features. To explore further, you may be interested to learn the full product documentation and utilize the online Quick-Start Guides and the full product documentation.

Further links,

• the full product documentation

• the full product documentation

• the full product documentation