VMware Cloud Director uses Object Storage Extension (OSE) to solve the aforementioned important issues. It helps service providers and customer administrators manage the availability and security of stored data and determine exactly who has access to it. OSE solves the security issues associated with data access and sharing by providing multiple solutions for both data protection and user access. In a substantive sense, the S3 (Simple Storage Service) interface has been added to VMware Cloud Directory, which as a service enables the storage of objects via a web interface.

WaveCom uses VMware Cloud Director Object Storage Extension (OSE), which provides S3 protocol-based storage space from a 5-node high availability and highly scalable software data warehouse (CEPH). SAS data storage with 10K rotation speed, with a parallel data download speed of 1.0-1.5GiB/s and a parallel upload speed of ~700 MiB/s, which clearly exceeds the capabilities of service providers located in the same region. In addition, WaveCom's OSE also allows to offer the S3 service provided by AWS.

From the customer's point of view, the main value proposition of an S3-type service is affordable and cost-effective tiered cloud storage so that customers don't overpay for latency-free storage of sensitive data, files, templates, etc. While also maintaining an instant standby secondary data store. Compared to NVMe storage, S3 storage is three times cheaper.

Customers can provision storage spaces (buckets) and directly upload/download objects through the user interface or use S3 APIs, file manager, file explorer software for this purpose. Objects can also be accessed via an S3 style URL for easy sharing.

You can create directories in Cloud Directory that can be used as an archive of vApps, virtual machines, ISO files, templates, etc. For example, the customer can record existing vApps in a special object bucket and later restore them to the virtual data centers of their organization.

The latest OSE version 2.2 also brought support for backup/restore configuration of Kubernetes clusters.

 

In order for the data to be protected in every way, there are several different options for OSE, and below we give a more detailed overview.

Data protection

Data in S3 storage is stored in S3 buckets, which need protection to prevent illegal access and data loss. In OSE, a versioning solution is used to protect important data.

Versioning

In other words, the history of version changes. Bucket objects can be modified or accidentally deleted. To track changes made to S3 objects or to restore an S3 object from deletion, versioning must be enabled. File versioning keeps the last saved changes in a separate file. It looks for changes to the file's content and checks that other metadata attributes are the same as the last uploaded file. If a file with similar content but a different name is uploaded, this file is considered new and will be displayed separately in the bucket. This functionality can be activated by all tenant users.

User access

Another important aspect of keeping important data in S3 storage is user access. As a tenant administrator, you can use the following tools to strictly control user access to data in your tenant organization bucket.

Cross-Origin Resource Sharing (CORS) – helps tenants access tenant organization data outside the organization domain. The functionality can be activated by the service provider or tenant administrator.

Access Control List (ACL) – is used to determine which user roles can read, write, and delete S3 bucket data.

Security Authorizations – S3 storage has the ability to provide users with security credentials that strengthen authentication with S3 storage. Each client storage administrator and user has access and a security key that can be used to access the contents of their bucket. A user's access and security key can be used to access bucket content from, for example, an S3 third-party client application.

User roles – in addition to VMware Cloud Director user roles, OSE offers an additional set of user roles specific to working with S3 storage. These roles clearly define what users in the customer's organization can do with S3 storage objects.

A client storage administrator is enabled by default with all of the following subordinate roles, but standard users are initially enabled with none of them. The following subordinate roles can be implemented to enable the use of OSE functions:

vApp Contributor – Captures and restores vApps.

Catalog Contributor – Creates, publishes, and imports catalogs.

Kubernetes Contributor – Backups and restores guest Kubernetes clusters.