Zextras Powerstore: Secondary volumes on Amazon S3

From ZeXtras Suite Wiki

Jump to: navigation, search
Language: English  • español • português
ZxPowerStore logo box.png
Available since version: 1.3.0
Latest Version: 2.12.2
Released on: January 2nd, 2019
Compatibility List
Admin Guide
FAQ
Troubleshooting
ZspPowerstore logo box.png
Warning.png Warning!

This page is now outdated will be deleted soon - the updated information about this topic can be found here.

Zextras Powerstore and S3 buckets

Starting from Zextras Suite 2.4.0, secondary volumes created with Zextras Powerstore can now be hosted on S3 buckets, effectively moving the largest part of your data to a secure and durable cloud storage.

S3-compatible services

While any storage service compatible with the Amazon S3 API should work out of the box with Zextras Powerstore, Amazon S3 and DellEMC ECS are the only officially supported platforms at the moment.

Local Cache

This feature requires a local directory to be used for item caching, which must be readable and writable by the "zimbra" user.

Such directory must be created manually and its path must be entrered in the "Powerstore" section of the ZeXtras Administration Zimlet in the Zimbra Administration Console.

Warning.png Warning!

Failing to correctly set the cache directory will cause items to be unretrievable, meaning that users will get a "No such BLOB" error when trying to access any item stored on an S3 volume.

Bucket setup

Zextras Powerstore doesn't need any dedicated setting or configuration on the S3 side, so setting up a bucket for your volumes is pretty easy - creating a dedicated user, bucket and access policy is not required but strongly suggested as it's much easier to manage.

All you need to start storing your secondary volumes on S3 is:

  • An S3 bucket. You need to know the bucket's name and region in order to use it.
  • A user's Access Key and Secret.
  • A policy which grants the user full rights on your bucket.

Check out the information in the Amazon S3 Tips section below for specific information about Amazon S3

S3 Buckets

Instead of adding the bucket's data each time you add a new secondary volume, you can save it on the Zimbra Administration Console at Configure > Global Settings > S3 Buckets.

PowerstoreManageBuckets SMALL.gif

Creating a secondary volume on S3

  • Click on the "Powerstore" entry of the ZeXtras Administration Zimlet in the Zimbra Administration Console.
  • Under the "Secondary Volumes" list, click on "Add"

Powerstore s3 add 1.png

  • Select "S3 bucket"

Powerstore s3 add 2.png

  • Enter the volume's name and prefix, then either add a bucket's information or load those from the ones saved in the Global Settings. Define whether to use the Infrequent Access storage class and if so set its size threshold.

Powerstore s3 add 3.png

  • Define whether the new volume is set as Current or not and click "Finish" to create the new volume.

Powerstore s3 add 4.png

Amazon S3 tips

Bucket

Storing your secondary Zimbra volumes on Amazon S3 doesn't have any specific bucket requirements, albeit we suggest to create a dedicated Bucket disabling Static Website Hosting for an easier management.

User

In order to obtain an Access Key and the related Secret, a "Programmatic Access" used is needed: we suggest to create a dedicated one in Amazon's IAM Service for an easier management.

Rights Management

In Amazon's IAM you can set access policies for your users. It's mandatory that the user your Access Key and Secret belong to has a set of appropriate rights both on the bucket itself and on its content - granting full rights such as in the following example is suggested for an easier management:

{
    "Version": "[LATEST API VERSION]",
    "Statement": [
        {
            "Sid": "[AUTOMATICALLY GENERATED]",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "[BUCKET ARN]/*",
                "[BUCKET ARN]"
            ]
        }
    ]
}

WARNING - This is not a valid configuration policy. Don't copy and paste it in your user's settings as it won't be validated.

If you only wish to grant minimal permissions, change the "Action" section to:

"Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:AbortMultipartUpload"
              ],

The bucket's ARN is expressed according to Amazon's standard naming format: arn:partition:service:region:account-id:resource - for more information abuout this topic please check Amazon's documentation.

Bucket paths and naming

Files are stored in a bucket according to a well-defined path, which can be customized at will in order to make your bucket's contents easier to understand even on multiserver environments with multiple secondary volumes:

/Bucket Name/Destination Path/[Volume Prefix-]serverID/

The Bucket Name and Destination Path are not tied to the volume itself, and there can be as many volumes under the same destination path as you wish.

The Volume Prefix, on the other hand, is specific to each volume and it's a quick way to differentiate and recognize different volumes within the bucket.

Infrequent Access storage class

Zextras Powerstore is compatible with the "Amazon S3 Standard - Infrequent access" storage class, and will set any file larger than the "Infrequent Access Threshold" value to this storage class.

For more information about Infrequent Access please refer to the official Amazon S3 Documentation.

Personal tools