Skip to main content

Exploring different use-cases for OCI Object Storage Gateway deployments


This post will cover different approaches to deploy Object Storage Gateway. You can call Object Storage gateway as a bridge that will connect your on-premise environment with Object Storage. It enables File-to-object transparency. 

Object Storage buckets are mounted as nfs mount points in your on-prem environment. Substantial information is available on Object storage gateway and links are shared in this post.


Let's jump to understanding different approaches to deploy Object Storage Gateway.

My observations when implementing below POCs-

1. Object Storage gateway can be deployed either on-prem or on OCI. It can be downloaded for free here

2. SSDs drives and XFS (Extended File system) for mounting are recommended for storing storage gateway - metadata, cache and logs.

3. OSG does not support Windows operating environment.

4. If installing OSG on-prem, make sure you have proper access control onto storage gateway server and secure it with mfa.

5. If installing OSG on-cloud you can have Open VPN/IP-Sec to add another layer of security and OSG server can be placed in your private subnet.

6. Filesystem created on OSG management URL automatically creates a bucket. This bucket will be created and placed as per your inputs provided for compartment, username, API Signing Key (private key and its fingerprint)

7. Finally, an interesting discussion with me and Anil on securing Oracle object storage on Oracle Cloud Customer Connect -

https://cloudcustomerconnect.oracle.com/posts/cd615cf2eb


References -

https://www.oracle.com/cloud/storage/storage-gateway-faq.html

https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm#:~:text=The%20Object%20Storage%20service%20can,from%20within%20the%20cloud%20platform.

http://dineshbandelkar.com/how-to-setup-oci-storage-gateway/

https://docs.oracle.com/en-us/iaas/api/#/en/objectstorage/20160918/

https://docs.oracle.com/en-us/iaas/Content/StorageGateway/Reference/bestpracticesusingstoragegateway.htm





Sr. No.SummaryDecription
1Stored OS Username and Password1st Authentication Factor On-prem.
22-FA with Google AuthenticatorVerification code sent on sysadmin mobile device for authentication on-prem
3On-prem NFS Shareon-prem NAS device protected by exportfs rules storing backups
4Securing Data in-transitUse of openssl encryption for applications files and Use of rman based encryption for db backups
5OCI DatacenterOracle Cloud Jeddah Region as secondary backup location
6VCN - virtual Cloud NetworkVCN consist of public and private subnet
7Security list for public subnetOpen Port for OpenVPN
8Open VPN serverPublic facing VPN Server for accessing OCI resources.
9Security list for private subnetOpen port for object storage gateway mgmt console and Open port for nfs port
10Object Storage Gateway ServerObject storage gateway server compute instance in private subnet. Creates filesystem which is mapped to auto-created bucket.
11Object StorageObject storage bucket automatically gets created when creating filesystem on Object storage server
Sr. No.SummaryDecription
1Stored OS Username and Password1st Authentication Factor On-prem.
22-FA with Google AuthenticatorVerification code sent on sysadmin mobile device for authentication on-prem
3On-prem NFS Shareon-prem NAS device protected by exportfs rules storing backups
4Fortigate Firewall(CPE) Public IPCustomer Premise Equipment that is one point of IP-Sec VPN Connectivity.
5IP-Sec VPN connectionPre-shared key authentication with DRG on OCI
6Static Routing Method/BGPManual/automatic routing for IP-SEC VPN connectivity.
7OCI DatacenterOracle Cloud Jeddah Region as secondary backup location
8DRGDynamic Routing Gateway configured on OCI
9Object Storage Gateway Server"Object storage gateway server compute instance in private subnet.Creates filesystem which is mapped to auto-created bucket."
10Object StorageObject storage bucket automatically gets created when creating filesystem on Object storage server
Sr. No.SummaryDecription
1Stored OS Username and Password1st Authentication Factor On-prem.
22-FA with Google AuthenticatorVerification code sent on sysadmin mobile device for authentication on-prem
3On-prem NFS Shareon-prem NAS device protected by exportfs rules storing backups
4Open VPN Client-saved profileProfile saved on staging server for OPEN VPN
5Object storage gateway setupOSG installed on-prem on a staging server.
6Securing Data in-transit"a. Use of openssl encryption for applications files. b. Use of rman based encryption for db backups"
7OCI DatacenterOracle Cloud Jeddah Region as secondary backup location
8VCN - virtual Cloud NetworkVCN consist of public and private subnet
9Security list for public subnetOpen Port for OpenVPN
10Open VPN serverPublic facing VPN Server for accessing OCI resources.
11Object StorageObject storage bucket automatically gets created when creating filesystem on Object storage server

Comments

Post a Comment

Popular posts from this blog

Logfile locations in EBS r12.1 and EBS r12.2

Startup/shutdown Apps tier services are started and stopped frequently and we must know logfiles when troubleshooting startup/shutdown issues. $INST_TOP/logs/appl/admin/log $INST_TOP/logs/appl/admin/log Apache OHS being part of opmn in r12.1 has continued in r12.2. Logfile locations for troubleshooting have been changed $INST_TOP/logs/ora/10.1.3/Apache/error_log[timestamp] $INST_TOP/logs/ora/10.1.3/opmn/HTTP_Server~1.log $IAS_ORACLE_HOME/instances/*/diagnostics/logs/OHS/*/*log*   OPMN Logfile locations for r12.1 and r12.2 have been changed $INST_TOP/logs/ora/10.1.3/opmn/opmn* $IAS_ORACLE_HOME/instances/*/diagnostics/logs/OPMN/opmn/* Oacore oacore in r12.1 is oc4j component and part of 10gAS. However, in r12.2, oacore is now a managed server for weblogic server $LOG_HOME/ora/10.1.3/j2ee/oacore/oacore*/ $LOG_HOME/ora/10.1.3/j2ee/oacore/oacore*/ $LOG_HOME/ora/10.1.3/opmn/oacore*/oacor...
1 comment
Read more

Query to Check AD and TXK code levels in your EBS environment

Below query can be very handy in finding out current AD and TXK code levels. col ABBREVIATION for a10 set lines 1000 col NAME for a50 col CODELEVEL for a20 SELECT ABBREVIATION,NAME,codelevel FROM AD_TRACKABLE_ENTITIES WHERE abbreviation in ('txk','ad'); ABBREVIATI NAME                                                CODELEVEL ---------- -------------------------------------------------- ------------ ad           Oracle Applications DBA                             C.11 txk         Oracle Applications Technology Stack    ...
1 comment
Read more

Compile all JSP files in Oracle ebs r12.2

Before you start compiling jsps and following below steps, I recommend understanding some key differences between 11i, r12.1 and r12.2 when it comes to compiling jsps. Please follow below link and then proceed further - One-stop shop to Compile JSPs in 11i, r12.1 and r12.2 1. Take a backup of _pages directory that will be modified due to jsp compilation - $ cd $EBS_APPS_DEPLOYMENT_DIR/oacore/html/WEB-INF/classes/ $ cp -R _pages _pages29dec2019 $ ls -ld _pages* drwxr-xr-x 5 applmgr oinstall 249856 Dec 29 16:36 _pages drwxr-xr-x 5 applmgr oinstall 249856 Dec 29 16:56 _pages29dec2019 2. Stop apache, oacore and oafm services - adapcctl.sh stop admanagedsrvctl.sh stop oacore_server1 admanagedsrvctl.sh stop oafm_server1 3. Compile the jsps manually using the below command - $ cd $FND_TOP/patch/115/bin/ $ perl $FND_TOP/patch/115/bin/ojspCompile.pl --compile --flush -p              4. Check class file last mo...
Post a Comment
Read more