S3 Global Namespace

Describes what is meant by S3 global namespace.

Introduction

S3 global namespace is a subset of the global namespace that comprises the native S3 storage(S3 storage on fabrics) and external S3 storage that are part of the global namespace.

A S3 client can authenticate all the S3 storage across fabrics in the S3 global namespace, by using a single set of access key/secret key.

A S3 client uses keys to connect to a S3 server. When the S3 GNS is explicitly enabled, the S3 client can choose any S3 server out of all the available native s3 servers to connect, and the same pair of keys should be valid on all of the native S3 servers. This is achieved by way of replicating the required tables across connected native fabrics. Enabling of s3 global namespace can be done from the command line.

The S3 global namespace also provides a unified control plane for all native S3 storage (S3 storage on fabrics) accessed from DFUI.

For the incoming s3 client requests intended for a remote/external s3 server, there are two ways the request can be handled:

  • by redirecting the request to the correct s3 server
  • by returning http forward error and letting the client to connect to the target s3 server directly.

Data Fabric works in redirection mode for S3 client - native/fabric S3 storage communication. Data Fabric redirects an incoming S3 client request made to a native S3 server on another fabric in the same global namespace. Once the redirection is successful,the communication between the S3 client and the native S3 server on the other fabric takes place directly.

Data Fabric works in forwarding mode for S3 client - external S3 storage communication.

NOTE
Data Fabric serves only as a unified data plane for external S3 servers that are imported into the global namespace. The control plane for the external S3 servers is accessible by using the respective interface or utility provided by the individual external S3 server. For example, bucket management can be performed on AWS S3 by using the AWS Management Console or AWS CLI.

Enable S3 global namespace

By default, S3 global namespace is disabled on a global namespace.

When you enable S3 global namespace, the access keys, secret key and IAM policies from the primary fabric are replicated across all fabric storage or native S3 storage. The keys and IAM policies that exist on the non-primary fabrics in the S3 global namespace are overwritten on enabling S3 global namespace.

CAUTION
Enabling of S3 global namespace is a disruptive operation and must be performed only when it is feasible to have a single set of keys and policies across all the native S3 object stores/servers in your global namespace.

Use the clustergroup s3gns enables3gnscommand to enable S3 global namespace on the S3 storage across fabrics in your global namespace.