No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Object Storage Service (Compatible with Amazon S3 APIs) Administrator Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Access Security Policies

Configuring Access Security Policies

The secure access policies of the Object Storage Service include the TLS policy, IP address access key (AK) policy, AK policy, and IP address access policy.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Storage Settings > Object Storage Settings > Secure Access Policy.
  3. Choose the secure access policies you want to enable and set the parameters.

    • To implement suspension for a specific AK and a specific IP address, select Enable the IP Access Key Policy.

      Within a statistical period, if the number of access failures related to an AK with a specific IP address is greater than the value of threshold for access failures, and the percentage of the number of access failures to the total number of access attempts is greater than the value of threshold for the access failure rate, service denial is implemented for the AK and the IP address.

    • To implement suspension for a specific AK, select Enable the Access Key Policy.Within a statistical period, if the number of access failures related to an AK is greater than the value of the threshold for access failures, and the percentage of the number of access failures to the total number of access attempts is greater than the value of the threshold for the access failure rate, service denial is implemented for the AK. In this case, if the AK is shared by multiple users, suspension is triggered. Other users of the account cannot access the service during the suspension.
    • To implement suspension for a specific IP address, select Enable the IP Access Policy.

      Within a statistical period, if the number of access failures related to an IP address is greater than or equal to the threshold for access failures, and the percentage of the number of access failures to the total number of access attempts is greater than or equal to the threshold for the access failure rate, service denial is implemented for the IP address.

    • To ensure the confidentiality of communication and integrity of data transmission, select TLS Policy.

      By default, TLS Policy is selected and applied to the OSC and POE. If you want to modify the TLS policy, the OSC and POE are restarted, causing the related services to be interrupted for one minute. You are advised to perform the modification during off-peak hours.

    NOTE:

    When IP Access Key Policy, Access Key Policy, IP Access Policy, and TLS Policy are all selected, the policies are independent from each other.

    Table 15-4 provides parameters for each secure access policy.

    Table 15-4  Parameters for secure access policies

    Policy

    Parameter

    Description

    Value

    IP Access Key Policy

    Access Key Policy

    IP Access Policy

    Statistical Time Interval (second)

    Interval for counting the number of system access failures for users based on the user access key, user access IP address, or a combination of the user access key and user access IP address.

    • If within a statistical period, the number of access failures of an access key with a specific IP address is larger or equal to the value of the threshold for access failures, and the percentage of the number of access failures to the total number of accesses is larger or equal to the value of the threshold for access failure rate, service denial is implemented for the access key and the IP address.
    • If within a statistical period, the number of access failures related to an access key is larger or equal to the value of the threshold for access failures, and the percentage of the number of access failures to the total number of accesses is larger or equal to the value of the threshold for access failure rate, service denial is implemented for the access key.
    • If within a statistical period, the number of access failures of an IP address is larger or equal to the value of the threshold for access failures, and the percentage of the number of access failures to the total number of accesses is larger or equal to the value of the threshold for access failure rate, service denial is implemented for the IP address.

    Service denial duration = (Number of access failures/Threshold for access failures) x (Service denial time baseline). The Denial of Service (DoS) must not exceed 30 minutes. The value of Number of access failures/Threshold for access failures is rounded down.

    [Value range]

    1-300

    [Default value]

    1

    Service Denial Time Baseline (minute)

    Time baseline for OceanStor 9000 to deny services.

    [Value range]

    1-30

    [Default value]

    1

    Threshold for Access Failures

    Maximum allowed number of a user's access failures.

    [Value range]

    1-999999999

    [Default value]

    10

    Threshold for Access Failure Rate (%)

    Maximum allowed percentage of the number of access failures to the total number of access attempts by a user.

    [Value range]

    1-99

    [Default value]

    90

    TLS Policy

    Provisioning Orchestration Engine

    The Provisioning Orchestration Engine (POE) implements user management, including subscriber creation, subscribers' service suspension and resumption, subscriber deletion, and service subscription.

    [Value range]

    • TLS1.0 Policy
    • TLS1.1 Policy
    • TLS1.2 Policy

    [Default value]

    TLS1.2 Policy

    Object Storage Service Controller

    An Object Storage Service Controller (OSC) is an access point for object storage service. It provides an object storage service API. The OSC processes requests initiated by clients and sets up object transmission channels to implement access control over requests initiated by the clients. In addition, it manages metadata, collects information about user traffic and operations, and provides functions such as data routing, striping, and slicing.

    [Value range]

    • TLS1.0 Policy
    • TLS1.1 Policy
    • TLS1.2 Policy

    [Default value]

    TLS1.2 Policy

  4. Click Save and then click OK.
Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122523

Views: 11526

Downloads: 84

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next