VMware Cloud Provider Object Storage Extension

How to connect custom S3 storage to VMware Cloud Director Object Storage Extension

VMware Object Storage Extension (OSE) is a plugin that helps you attach S3 compatible storage to VMware Cloud Director. The currently supported S3 object storage platforms are Cloudian Hyperstore, Dell ECS, and Amazon S3.

To expand the integration of compatible S3 storage platforms with Cloud Director, OSE has introduced OSIS (Object Storage Interoperability Service).

The Object Storage Interoperability Service helps you attach your custom S3 storage to Cloud Director and use it to backup your critical unstructured data, vApps, and Catalogs. Since OSE 2.1, you can also use it for backing up and restoring your Kubernetes clusters!

Figure 1: OSE Architecture and Network Connections

Let’s see how this works.

OSIS Implementation Process

Suppose you have decided to integrate your custom S3 object storage with Cloud Director. In that case, you need to have the OSIS adapter developed for the S3 storage that you use, then deploy OSIS and configure Object Storage Extension to connect to OSIS. Cloud Director tenants can consume the vendor Object Storage in a unified manner, regardless of the type of object storage platform that has been implemented.

See the OSIS workflow in the following diagram.

OSIS Implementation Workflow
Figure 2: OSIS Integration Workflow

OSIS Development Requirement

The OSIS adapter needs to be developed as an API service available to VMware Cloud Director Object Storage Extension. You can implement OSIS in any programming language and deploy it to any server environment. The only requirement for OSIS is network connectivity. It should be deployed in an intranet that the OSE server can connect to it, and OSIS can connect to the storage platform. See the diagram below.

OSIS Network Diagram
Figure 3: OSE Network Diagram

OSIS Development Process

OSIS needs to be built up programmatically and implement the following mandatory APIs.

The APIs are needed to exchange tenant and user information as OSIS connects the S3 storage and OSE.

Let’s now see the complete list of mandatory APIs that OSIS needs to implement.

HTTP Method Request URI Description
HEAD /api/v1/tenants/{tenantId} Checks whether the tenant exists.
PATCH /api/v1/tenants/{tenantId} Updates Cloud Director tenant ID of the S3 storage platform tenant.
GET /api/v1/tenants Gets the tenant.
POST /api/v1/tenants Lists the tenants of the S3 storage platform.  
GET /api/v1/tenants/query Queries the tenants of the S3 storage platform.  
GET /api/v1/users/query Queries users of the platform tenant.  
POST /api/v1/tenants/{tenantId}/users Creates a user in the platform tenant.  
GET /api/v1/tenants/{tenantId}/users Lists users of the platform tenant.  
GET /api/v1/tenants/{tenantId}/users/{userId} Gets the user with user ID of the tenant.  
PATCH /api/v1/tenants/{tenantId}/users/{userId} Sets enable or disable status in the tenant.  
DELETE /api/v1/tenants/{tenantId}/users/{userId} Deletes the user in the platform tenant.  
GET /api/v1/users/{canonicalUserId} Gets the user with user canonical ID.
GET /api/v1/s3credentials/query Queries S3 credentials of the platform user.  
GET /api/v1/tenants/{tenantId}/users/{userId}/s3credentials Lists S3 credentials of the platform user.  
POST /api/v1/tenants/{tenantId}/users/{userId}/s3credentials Creates S3 credential for the platform user.  
GET /api/v1/s3credentials/{accessKey} Gets S3 credential of the platform user.
GET /api/v1/s3capabilities Gets S3 capabilities of the platform.  
GET /api/info Gets the REST services information.  

There are optional APIs that the service could also implement depending on your needs. If not implemented, the associated options will remain hidden in Cloud Director.

Here is the complete list of optional APIs that OSIS can also implement.

HTTP Method Request URI Description
GET /api​/v1​/tenants​/{tenantId}   Get a tenant in the platform
DELETE /api/v1/tenants/{tenantId} Delete a tenant in the platform  
HEAD /api/v1/tenants/{tenantId}/users/{userId} Check whether the user exists  
PATCH /api/v1/s3credentials/{accessKey} Enable or disable S3 credential for the platform user  
DELETE /api/v1/s3credentials/{accessKey} Delete the S3 credential of the platform user  
GET /api/v1/usage Get the usage of the platform tenant or user  
GET /api/v1/bucket-list Get the bucket list of the platform tenant  
GET ​/api​/v1​/bucket-logging-id   Get the bucket logging id of the platform  
GET /api/v1/anonymous-user Get the anonymous user id and name of the platform.  
GET /api/v1/console Get the console URI of the platform or platform tenant  

OSIS Tenant and User Mapping

Tenant and user mapping is a starting point in OSIS development. OSIS works as a broker between OSE and the custom S3 storage. It provides unified administrative interfaces for OSE to consume the S3 storage like user management, credential management, etc. Also, it maps the OSIS data model with the S3 storage data model.

In other words, OSE is only aware of OSIS data models, but not storage platform data models.

OSIS server accepts Cloud Director tenant/user model from OSE and returns platform tenant/user model to OSE. The mapping from Cloud Director to the storage platform is designed and maintained by the OSIS implementation.

The tenant and user mapping need to be developed according to the specifics of the storage platform. For more information on how to map the OSIS tenant and user model with the storage ones, see for reference: Object Storage Interoperability Service (OSIS) Development Guide.

Here is an example of OSIS tenant and user mapping with CEPH.

OSIS TENANT CEPH USER
tenant_id tenant, user_id
active suspended
cd_tenant_ids display_name.cdtids
name tenant

OSIS USER CEPH USER
user_id user_id
canonical_user_id uid
tenant_id tenant
cd_user_id display_name.cduid
cd_tenant_id display_name.cdtid
username display_name.un
active suspended
email email
role caps

OSIS Reference Project

To help you design and deploy your OSIS adapter, there is a reference OSIS implementation, which integrates CEPH (an open-source distributed storage) with OSE.

The reference project can be accessed here. It includes information on how to design, build, and configure your OSIS adapter for the CEPH storage. Have a look at the documentation of the project to deploy your OSIS adapter and start using CEPH with OSE.

Additional Resources

For more information on how to develop and deploy an OSIS adapter, check the following information: Object Storage Interoperability Service (OSIS) Development Guide

For more information on OSE, check its official documentation.

Have more questions? Contact us at [email protected].