We are glad to announce that Object Storage Extension (OSE) 2.1.1 is now generally available. This maintenance release adds to its predecessor OSE 2.1 the ability to utilize object lock and tagging for ECS 3.6.
Why is this important?
Previously, Cloud Director tenants using ECS were not able to apply object lock and tagging to their S3 buckets due to the used tenant user mapping. In OSE 2.1, an ECS object user is mapped to the tenant administrator account. The ECS object user is a global resource and is a user of the ECS data store. An object user can have privileges to read and write buckets, and objects within the namespace to which they are assigned. Thus, the inability to individually apply object lock and tagging to an S3 bucket.
How is now different?
User mapping in OSE 2.1.1 is achieved through utilizing the IAM service of ECS 3.6. The IAM mapping allows VMware Cloud Director (VCD) users to be mapped to ECS 3.6 users and users created in VCD to be available in ECS as well. The old ECS mapping using an object user didn’t allow this granularity, thus the inability for OSE to provide individual object lock and tagging in the previous releases.
How does the OSE 2.1.1 tenant user mapping work?
After you install and configure OSE 2.1.1 and then launch it in the Cloud Director provider portal, you will notice the following notification:
It helps you switch from the old tenant user mapping, using ECS object user to the new – ECS IAM user.
Note: The switch is optional and once applied cannot be reverted!
After you complete the switch, you can create Cloud Director users and sync them with your ECS 3.6. First, you need to apply the standard user creation procedure in Cloud Director.
Note: After the new user logs in to Cloud Director, a record for this user will be created in ECS 3.6.
Go to the ECS 3.6 Management Console, IAM section and check if this user appears for the tenant org namespace. The ID of the namespace can be taken from the Cloud Director Tenant list in the provider portal. This is how the synced-in Cloud Director user will look like in ECS 3.6.
Object Lock and Tagging for ECS 3.6
The object lock and tagging in OSE 2.1.1 for ECS 3.6 offers the same functionality as for Cloudian and AWS. You can apply an object lock to protect your bucket content from malicious or accidental deletion.
Object tagging allows you to categorize objects by applying a key and value. See an example below:
What else does OSE 2.1.1 offer?
Another benefit of the OSE 2.1.1 mapping for ECS 3.6 is that users can have their access keys rotated. OSE 2.1.1 keeps the old static access key for a user but also adds a new one that can be rotated. You can delete the old static access key if there are no client applications that are using it.
In addition to ECS 3.6 enhancements, OSE 2.1.1 supports 3 more operating systems: Photon OS 3+, Debian 10+, and Ubuntu 18+.
The installation of OSE can be made with a deb file (available from www.customerconnect.vmware.com). However, the installation process for the new operating systems remains the same.
Should I upgrade to OSE 2.1.1?
If you are using ECS 3.6, then upgrade to OSE 2.1.1 to fully utilize the enhancements it offers. If you are using another S3 storage vendor, then you can stick to OSE 2.1.
How to upgrade to OSE 2.1.1?
The upgrade process remains the same in this release. What you need to do is:
- Uninstall the previous OSE version. See Uninstall VMware Cloud Director Object Storage Extension.
- Prepare the database if running OSE 1.0 or 1.5. See Prepare the Database for Upgrade.
- Migrate data if you are using OSE 1.0 or 1.5. See Migrate VMware Cloud Director Object Storage Extension Data.
- Install and configure OSE 2.1.1. See Install VMware Cloud Director Object Storage Extension.