Skip to main content
Hitachi Vantara Knowledge

Configuring namespace access protocols

HCP supports the REST, S3 compatible, HSwift, WebDAV, CIFS, NFS, and SMTP protocols for access to namespaces. You use these protocols to add, view, modify, and delete namespace content. Additionally, you can use the S3 compatible API to create, view or change the versioning status of, and delete namespaces.

Each protocol is configured separately for each namespace. Any given protocol can be enabled on some namespaces and disabled on others unless protocol optimization is configured for cloud-only protocols.

This section of the help provides instructions for enabling and configuring each of the supported protocols.

Namespace access protocol configuration

Users and applications have access to the content stored in namespaces through these industry-standard protocols: REST, S3 compatible API, HSwift, WebDAV, CIFS, NFS, and SMTP. By default, when a namespace is created, the REST API is enabled. The other protocols are initially disabled. For any namespace access to occur, at least one protocol must be enabled.

For enhanced security, keep unused namespace access protocols disabled.

When you enable a namespace access protocol, you also need to configure it. Each protocol, with the exception of the REST, S3 compatible, HSwift, and WebDAV protocols, has its own set of configuration options. REST, the S3 compatible API, HSwift, and WebDAV share a set of these options. Some configuration options are common to multiple protocols; others are protocol specific.

NoteIf your system administrator has configured new namespaces to be optimized for cloud protocols only, you cannot configure new namespaces to use CIFS, NFS, WebDAV or SMTP without first disabling cloud optimization for the namespace. If you have already begun ingesting data in the namespace, you cannot disable cloud optimization.

Display the Protocols panel

To enable and configure the protocols for a namespace, you use the Protocols panel for that namespace in the Tenant Management Console. This panel has separate tabs for each protocol except REST, the S3 compatible API, HSwift, and WebDAV, which share a tab.

Before you begin

  • To view the Protocols panel, you need the monitor or administrator role.
  • To enable, disable, and configure namespace access protocols, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want to configure.

  3. In the row of tabs below the namespace name, click Protocols.

Changing the protocol optimization for a namespace

A namespace can be optimized for all namespace access protocols or for cloud protocols only. Optimization for all protocols is required if clients will be using the WebDAV, CIFS, NFS, or SMTP protocol to access the namespace.

Optimization only for cloud protocols increases the ingest rate for the namespace but also configures the namespace to ingest objects exclusively through the cloud protocols (REST, the S3 compatible API, and HSwift). This setting is recommended if clients will be using only cloud protocols to access the namespace.

Only cloud-optimized namespaces can allow erasure coding. Also, only cloud-optimized namespaces support multipart uploads with the S3 compatible API.

You can change the protocol optimization setting for a namespace from optimized only for cloud protocols to optimized for all protocols only if both of these are true:

  • The namespace does not contain any objects.
  • The namespace does not allow erasure coding.

You can change the protocol optimization setting from optimized for all protocols to optimized only for cloud protocols only if the namespace doesn't have any noncloud protocols enabled.

A system administrator can change a tenant from not being able to choose whether namespaces allow erasure coding to being able to do this. After this change occurs, when you enable cloud optimization for a preexisting namespace that was not cloud optimized and that did not allow erasure coding, the namespace is automatically configured to allow erasure coding.

NoteYou cannot make protocol optimization changes while an HCP system upgrade is in progress.

Before you begin

  • To view the protocol optimization setting for a namespace, you need the monitor or administrator role.
  • To change the protocol optimization setting for a namespace, you need the administrator role.

Procedure

  1. In the top-level menu of the Tenant Management Console, click Namespaces.

  2. In the list of namespaces, click the name of the namespace you want.

  3. In the namespace, click the Settings tab.

  4. In the namespace left-hand navigation bar, click Optimization.

  5. In the Optimization panel, select Optimized for all protocols or Optimized for cloud protocols only.

  6. Click Update Settings.

    If you selected Optimized for cloud protocols only, a confirming message appears.
  7. In the field in the message window, type YES (this is case sensitive) to confirm that you understand the consequences of your action.

  8. Click Update Settings.

IP addresses for namespace access

For each namespace access protocol, you have the option of allowing access only from specific IP addresses. For all but NFS, you can also deny access to the namespace from specific IP addresses.

TipFor enhanced security, restrict access to namespaces to as few IP addresses as possible.

The Tenant Management Console panels for the namespace access protocols each contain an Allow list and, except for the NFS panel, a Deny list. Each list has an associated field in which you type entries for it.

Add entries in Allow and Deny lists

Changes you make to either list of IP addresses take effect immediately.

Procedure

  1. In the field above the list, type the entry you want.

  2. Click Add.

Remove entries in Allow and Deny lists

To remove a single entry, click the delete control (GUID-159B6851-E11F-4AF8-90DA-1D18AA090E0B-low.png) for that entry.

To remove all entries, click Delete All.

Changes you make to either list of IP addresses take effect immediately.

Valid Allow and Deny list entries

Each entry in an Allow or Deny list can be one of:

  • An IP address
  • A comma-separated list of IP addresses
  • A range of IP addresses specified as ip-address/subnet-mask (for example, 192.168.100.197/255.255.255.0) or in CIDR format (for example, 192.168.100.0/24)

The CIDR entry that matches all IP addresses is 0.0.0.0/0.

Allow and Deny list handling

IP addresses can be included in neither, one, or both of the Allow and Deny lists for REST, the S3 compatible API, WebDAV, CIFS, and SMTP. They can be included or not included in the Allow list for the NFS protocol. The way HCP handles allowed and denied IP addresses differs depending on the protocol.

Allow and Deny list handling for REST, the S3 compatible API, and WebDAV

For HTTP and WebDAV, you can choose how HCP handles Allow and Deny list entries by selecting or deselecting Allow request when same IP is used in both lists in the HTTP(S) panel. The table below describes the effects of selecting or deselecting this option. Either action takes effect immediately.

Allow requests when same IP is used in both lists
List entriesSelectedNot selected

Allow list: empty

Deny list: empty

All IP addresses can access the namespace through REST, the S3 compatible API, and WebDAV.No IP addresses can access the namespace through REST, the S3 compatible API, or WebDAV.

Allow list: at least one entry

Deny list: empty

All IP addresses can access the namespace through REST, the S3 compatible API, and WebDAV.Only IP addresses in the Allow list can access the namespace through REST and WebDAV.

Allow list: empty

Deny list: at least one entry

All IP addresses not in the Deny list can access the namespace through REST, the S3 compatible API, and WebDAV. IP addresses in the Deny list cannot.No IP addresses can access the namespace through REST, the S3 compatible API, or WebDAV.

Allow list: at least one entry

Deny list: at least one entry

IP addresses appearing in both or neither of the lists can access the namespace through REST, the S3 compatible API, and WebDAV.Only IP addresses appearing in the Allow list and not in the Deny list can access the namespace through REST, the S3 compatible API, or WebDAV.
Allow and Deny list handling for CIFS

For CIFS, HCP handles Allow and Deny list entries as described in the table below.

List entriesEffect

Allow list: empty

Deny list: empty

All IP addresses can access the namespace through the CIFS protocol.

Allow list: at least one entry

Deny list: empty

Only IP addresses in the Allow list can access the namespace through the CIFS protocol.

Allow list: empty

Deny list: at least one entry

All IP addresses that are not in the Deny list can access the namespace through the CIFS protocol. IP addresses in the Deny list cannot.

Allow list: at least one entry

Deny list: at least one entry

IP addresses that appearing in the Allow list and the Deny list cannot access the namespace through the CIFS protocol.
Allow list handling for NFS

For NFS, if the Allow list in the NFS panel includes one or more IP addresses, those addresses have access to the namespace through NFS and all others don’t. If the list is empty, all IP addresses can access the namespace through NFS.

Allow and Deny list handling for SMTP

For SMTP, HCP handles Allow and Deny list entries as described in the table below.

List entriesEffect

Allow list: empty

Deny list: empty

All IP addresses can access the namespace through the SMTP protocol.

Allow list: at least one entry

Deny list: empty

Only IP addresses in the Allow list can access the namespace through the SMTP protocol.

Allow list: empty

Deny list: at least one entry

No IP addresses can access the namespace through the SMTP protocol.

Allow list: at least one entry

Deny list: at least one entry

Only IP addresses appearing in the Allow list and not in the Deny list can access the namespace through the SMTP protocol.

User authentication options

The REST, S3 compatible, HSwift, and CIFS protocols have the option to either require user authentication or support both authenticated and unauthenticated (anonymous) access. If a protocol requires authentication, users must present valid credentials in order to use the protocol. If a protocol supports both types of access, users can present credentials but are not required to.

With the REST, S3 compatible, HSwift, or CIFS protocol configured to support both authenticated and anonymous access:

  • If a user presents credentials, HCP tries to authenticate the user. If the credentials are valid, HCP continues processing the request. If the credentials are invalid, HCP rejects the request.
  • With REST and CIFS, if a user does not present credentials, HCP continues processing the request.
  • With the S3 compatible API, if a user presents the clear-text username all_users, HCP continues processing the request. If the user does not present either credentials or all_users, HCP rejects the request.

Configuring the REST, S3 compatible, HSwift, and WebDAV APIs

With the REST, S3 compatible, and HSwift APIs, users and applications can add, view, and delete objects and modify object metadata through a RESTful API. With the WebDAV API, users and applications can perform these activities through familiar directory structures.

REST, S3 compatible, HSwift, and WebDav API configuration

You use the HTTP(S) panel to enable and configure the REST, S3 compatible, HSwift, and WebDAV APIs for a namespace. To display this panel, on the left side of the Protocols panel, click HTTP(S).

Although you use a single panel to enable these protocols, you enable or disable them independently of each other.

Before you can enable the S3 compatible API for a namespace, ACLs must be enabled for the namespace.

The top of the HTTP(S) panel shows the URL for access to the namespace through the REST API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

NoteCertain countries prohibit the export of encryption technology. HCP systems shipped to restricted countries have the HTTPS option on the namespace protocols page disabled. If you do not see the checkbox to enable HTTPS and you are in a country where SSL encryption is permitted, please contact your HCP system administrator.

The HTTP(S) panel lets you:

  • Enable the REST API.
  • Enable the S3 compatible API.
  • Enable the HSwift API.
  • Enable the WebDAV API.
  • Specify whether the REST, S3 compatible, HSwift, and WebDAV APIs require the use of SSL security.
  • Specify whether the REST, S3 compatible, and HSwift APIs require user authentication for access to the namespace.
  • If the tenant supports user authentication with Active Directory, specify whether HCP supports AD single sign-on for REST, S3 compatible, and HSwift access to the namespace. This affects the Namespace Browser, HCP Search Console, and other HTTP-based applications that support Integrated Windows authentication.
  • Specify whether the WebDAV API requires basic authentication for access to the namespace.
  • If WebDAV basic authentication is enabled, specify the username and password against which HCP authenticates WebDAV access to the namespace.

    The username and password you specify for WebDAV basic authentication has no relationship to HCP or AD user accounts.

    TipBe sure to give WebDAV users the specified username and password.
  • Specify whether WebDAV dead properties can be stored as custom metadata. If they can be, they are stored in the annotation named default.
  • Specify the client IP addresses that have access to the namespace through the REST, S3 compatible, HSwift, and WebDAV APIs.

By default, when a namespace is first created, the REST API is enabled with authentication required. If the HCP system supports the use of SSL for data access, the REST API also requires the use of SSL security by default.

Considerations for the S3 compatible API

There are several items to consider when using the S3 compatible API:

  • You can enable the S3 compatible API for a namespace only while ACLs are enabled for the namespace.
  • For users and applications to be able to perform most bucket-level operations with the S3 compatible API, the HCP management API must be enabled for the tenant.
  • For a user or application to be able to create and manage namespaces with the S3 compatible API, the applicable user or group account must have the allow namespace management property enabled.

Enabling REST, S3 compatible, HSwift, and WebDAV access to a namespace

The HTTP(S) panel has two sections for enabling and configuring the REST, S3 compatible, HSwift, and WebDAV APIs. This procedure is for the Settings section.

Procedure

  1. Take either or both of these actions:

    • To open the HTTPS port for REST, S3 compatible, HSwift, and WebDAV access to the namespace with SSL security, select Enable HTTPS.

      Certain countries prohibit the export of encryption technology. HCP systems shipped to restricted countries have the HTTPS option on the namespace protocols page disabled. If you do not see the checkbox to enable HTTPS and you are in a country where SSL encryption is permitted, please contact your HCP system administrator.

    • To open the HTTP port for REST, S3 compatible, HSwift, and WebDAV access to the namespace without SSL security, select Enable HTTP.
    These two options are independent of each other. If you select only Enable HTTPS, data sent through the REST, S3 compatible, HSwift, and WebDAV APIs is always secure. If you select both options, users and applications can send both secure and unsecure data through the REST, S3 compatible, HSwift, and WebDAV APIs.
    NoteTo enable access to the namespace through the REST, S3 compatible, HSwift, or WebDAV API, you also need to select Enable REST API, Enable Hitachi API for Amazon S3, Enable HSwift API, or Enable WebDAV API, respectively. Opening the HTTPS and HTTP ports does by itself enable these protocols.
  2. Enable the REST API.

    1. Select Enable REST API.

      This option is available only if Enable HTTP or Enable HTTPS is already selected.

      Above the Enable REST API option, the panel shows the URL for access to the namespace through the REST API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

    2. To specify REST authentication requirements, below the Enable REST API option, select either Authenticated access only or Anonymous and authenticated access.

    3. (Optional) Select or deselect Enable Active Directory single sign-on to allow or disallow, respectively, single sign-on to the namespace with Active Directory authentication.

      This option appears only if the tenant supports AD for user authentication.

      The option to enable AD single sign-on for REST is synchronized with the same option for the S3 compatible API. Enabling or disabling either enables of disables the other, respectively.

      To help ensure that AD single sign-on is available for those namespaces that need it, enable it only for those namespaces.

      After this option is disabled, you can reenable it only while HCP can communicate with AD.

  3. Enable the S3 compatible API.

    1. Select Enable Hitachi API for Amazon S3.

      This option is available only if Enable HTTP or Enable HTTPS is already selected.

      Above the Enable Hitachi API for Amazon S3 option, the panel shows the URL for access to the namespace through the S3 compatible API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

    2. To specify S3 compatible authentication requirements, below the Enable Hitachi API for Amazon S3 option, select either Authenticated access only or Anonymous and authenticated access.

    3. Optionally, select or deselect Enable Active Directory single sign-on to allow or disallow, respectively, single sign-on to the namespace with Active Directory authentication.

      This option appears only if the tenant supports AD for user authentication.
  4. Enable the HSwift API.

    1. Select Enable HSwift API.

      This option is available only if Enable HTTP or Enable HTTPS is already selected.

      Above the Enable HSwift API option, the panel shows the URL for access to the namespace through the HSwift API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

    2. To specify HSwift authentication requirements, below the Enable HSwift API option, select either Authenticated access only or Anonymous and authenticated access.

    3. (Optional) Select or deselect Enable Active Directory single sign-on to allow or disallow, respectively, single sign-on to the namespace with Active Directory authentication.

      This option appears only if the tenant supports AD for user authentication.
  5. Enable the WebDAV API.

    1. Select Enable WebDAV API.

      This option is available only if Enable HTTP or Enable HTTPS is already selected.

      Above the Enable WebDAV API option, the panel shows the URL for access to the namespace through the WebDAV API. If the HTTPS port is open or if neither the HTTPS or HTTP port is open, this URL starts with https. If only the HTTP port is open, the URL starts with http.

    2. Select Enable WebDAV basic authentication.

    3. In the Username field, type the user name to use for basic authentication.

      User names must be from one through 64 characters long and can contain any valid UTF-8 characters but cannot start with an opening square bracket ([). White space is allowed. User names are not case sensitive.
    4. In the Password field, type the password to use for basic authentication.

      Passwords can be up to 64 characters long, are case sensitive, and can contain any valid UTF-8 characters, including white space. The minimum password length is the same as the minimum password length for HCP user accounts, which is configurable. To be valid, a password must include at least one character from two of these three groups: alphabetic, numeric, and other.

      If you’re modifying settings in the HTTP(S) panel and you leave the Password field empty, the previously set password remains in effect.

    5. In the Confirm Password field, type the password again.

      TipBe sure to tell WebDAV users the username and password you specify.
    6. (Optional) Enable WebDAV users to store dead properties as custom metadata by selecting Use custom metadata to store WebDAV properties.

  6. Click Update Settings.

    If you selected Enable HTTP and also selected Enable REST API, Enable Hitachi API for Amazon S3, Enable HSwift API, or Enable WebDAV API, a confirming message appears.
  7. Click Update Settings.

Set the IP addresses to be allowed or denied access

The HTTP(S) panel has two sections for enabling and configuring the REST, S3 compatible, HSwift, and WebDAV APIs. This procedure is for the Allow/Deny section.

  • Optionally, in the Allow/Deny section, specify IP addresses to be allowed or denied access to the namespace through the REST, S3 compatible, HSwift, and WebDAV APIs.
  • To specify how HCP should handle IP addresses that appear in both or neither of the Allow and Deny lists, select or deselect Allow request when same IP is used in both lists. Changes to this option take effect immediately.

Configuring the CIFS protocol

With the CIFS protocol, users and applications can add, view, and delete objects and modify object metadata through familiar directory structures.

CIFS protocol configuration

You use the CIFS panel to enable and configure the CIFS protocol for a namespace. To display this panel, on the left side of the Protocols panel, click CIFS.

The top of the CIFS panel shows the string to use to identify the namespace when mapping it to a network drive or adding it as a network place on a CIFS client.

The CIFS panel lets you:

  • Enable the CIFS protocol.
  • Specify whether the CIFS protocol requires user authentication for access to the namespace. HCP uses Active Directory to authenticate CIFS users. This authentication is possible only if the tenant is configured to support AD authentication.
    NoteIf the HCP system does not support Active Directory and CIFS is enabled for the namespace, the namespace is exposed as a share in the Windows workgroup specified in the HCP system configuration. However, if the CIFS protocol is configured to require authentication, the namespace cannot be accessed through the workgroup.
  • Specify the client IP addresses that have access to the namespace through CIFS.
  • Change CIFS case sensitivity

When you reconfigure the CIFS protocol while it’s already enabled, the changes you make don’t affect current CIFS mounts of the namespace. To force the changes to take effect, you can take either of these actions:

  • Disable and then reenable the protocol. This causes all CIFS clients to lose their connections to the namespace. When they reconnect, the changes will be in effect.
  • Direct all clients with current CIFS mounts to disconnect from the namespace and then to either reboot or wait five minutes for cached connections to be released before reconnecting.

CIFS case sensitivity

The Windows operating system is case preserving but not case sensitive. The HCP CIFS implementation, by default, is both case preserving and case sensitive. One result of this discrepancy is that Windows applications that do not observe differences in case may not be able to access HCP objects by name.

For example, suppose a Windows application adds a file named File.txt to the namespace by using the CIFS protocol. CIFS preserves case, so the namespace then contains an object named File.txt. Now suppose the application tries to retrieve that object using the name file.txt. CIFS is case sensitive, so it passes the request to HCP with only the name file.txt. It doesn’t include any case variations on the name, such as File.TXT, FILE.txt, or File.txt. As a result, HCP cannot find the object.

If you have Windows applications that ignore case, you may want HCP to ignore case as well. You can change the CIFS protocol configuration in either of two ways to meet this need:

  • Make CIFS case forcing

    With this behavior, CIFS changes names to all upper- or lowercase in the requests it passes to HCP. To Windows applications, then, HCP appears to be case-insensitive. An application that stores File.txt and then retrieves File.TXT will get the right object back.

    The drawback to this method is that applications using other namespace access protocols must accommodate this behavior. For example, suppose CIFS changes names to all uppercase. If an application using the CIFS protocol stores an object named File.txt, applications using the case-sensitive HTTP, WebDAV, and NFS protocols need to retrieve the object as FILE.TXT.

  • Make CIFS case insensitive

    With this behavior, CIFS preserves case as objects are stored in the namespace but passes through every case variation possible when applications make other requests for objects.

    For example, suppose an application using the CIFS protocol requests an object named FILE.txt. CIFS passes the request through with the names File.txt, FILE.txt, fiLe.TXT, and so on. HCP then returns the first object it finds with a name that matches any of these.

    The major drawback to this method is that performance is slowed by the need to check for matches to multiple case variations. A second drawback is that if the namespace contains multiple objects with names that vary only in case, HCP may return the wrong object.

If you make CIFS both case forcing and case insensitive, it is case forcing when storing objects and case insensitive on requests for existing objects.

Enabling CIFS access to a namespace

The CIFS panel has three sections for enabling and configuring the CIFS protocol.

Settings section

  1. Select Enable CIFS.

  2. To specify CIFS authentication requirements, select either Authenticated access only or Anonymous and authenticated access.

  3. Click Update Settings in the Settings section.

Allow/Deny section

Optionally, in the Allow/Deny section, specify IP addresses to be allowed or denied access to the namespace through CIFS.

CIFS case sensitivity

The Windows operating system is case preserving but not case sensitive. The HCP CIFS implementation, by default, is both case preserving and case sensitive. One result of this discrepancy is that Windows applications that do not observe differences in case may not be able to access HCP objects by name.

For example, suppose a Windows application adds a file named File.txt to the namespace by using the CIFS protocol. CIFS preserves case, so the namespace then contains an object named File.txt. Now suppose the application tries to retrieve that object using the name file.txt. CIFS is case sensitive, so it passes the request to HCP with only the name file.txt. It doesn’t include any case variations on the name, such as File.TXT, FILE.txt, or File.txt. As a result, HCP cannot find the object.

If you have Windows applications that ignore case, you may want HCP to ignore case as well. You can change the CIFS protocol configuration in either of two ways to meet this need:

  • Make CIFS case forcing

    With this behavior, CIFS changes names to all upper- or lowercase in the requests it passes to HCP. To Windows applications, then, HCP appears to be case-insensitive. An application that stores File.txt and then retrieves File.TXT will get the right object back.

    The drawback to this method is that applications using other namespace access protocols must accommodate this behavior. For example, suppose CIFS changes names to all uppercase. If an application using the CIFS protocol stores an object named File.txt, applications using the case-sensitive HTTP, WebDAV, and NFS protocols need to retrieve the object as FILE.TXT.

  • Make CIFS case insensitive

    With this behavior, CIFS preserves case as objects are stored in the namespace but passes through every case variation possible when applications make other requests for objects.

    For example, suppose an application using the CIFS protocol requests an object named FILE.txt. CIFS passes the request through with the names File.txt, FILE.txt, fiLe.TXT, and so on. HCP then returns the first object it finds with a name that matches any of these.

    The major drawback to this method is that performance is slowed by the need to check for matches to multiple case variations. A second drawback is that if the namespace contains multiple objects with names that vary only in case, HCP may return the wrong object.

If you make CIFS both case forcing and case insensitive, it is case forcing when storing objects and case insensitive on requests for existing objects.

Configuring the NFS protocol

With the NFS protocol, users and applications can add, view, and delete objects and modify object metadata through familiar directory structures.

NFS protocol configuration

You use the NFS panel to enable and configure the NFS protocol for a namespace. To display this panel, on the left side of the Protocols panel, click NFS.

The top of the NFS panel shows the string to use to identify the namespace when mounting it on an NFS client.

The NFS panel lets you:

  • Enable the NFS protocol.
  • Specify default values for POSIX UIDs and GIDs.
  • Specify the client IP addresses that have access to the namespace through NFS.

Enabling NFS access to a namespace

The NFS panel has two sections for enabling and configuring the NFS protocol.

Settings section

  1. Select Enable NFS.

  2. (Optional) In the UID field, type a different UID to be displayed for objects that don’t have an explicit POSIX UID.

    Valid values are integers greater than or equal to zero.
  3. (Optional) In the GID field, type a different GID to be displayed for objects that don’t have an explicit POSIX GID.

    Valid values are integers greater than or equal to zero.
  4. Click Update Settings.

Allowed IP Addresses section

To set the IP addresses to be allowed access to the namespace through NFS, optionally, specify IP addresses in the Allowed IP Addresses section.

Configuring the SMTP protocol

With the SMTP protocol, HCP can automatically archive emails forwarded by email servers.

SMTP protocol configuration

HCP provides SMTP support for Microsoft® Exchange email servers. For information about which Microsoft Exchange email servers are qualified for use with the SMTP protocol, check the HCP release notes for the version of HCP that you have installed.

You use the SMTP panel to enable and configure the SMTP protocol for a namespace. To display this panel, on the left side of the Protocols page, click SMTP.

The top of the SMTP panel shows the string to use to identify the namespace when configuring Microsoft Exchange to archive email to the namespace.

The SMTP panel lets you:

  • Enable the SMTP protocol
  • Specify the email server IP addresses that have access to the namespace through SMTP
  • Specify where and in what format email objects are stored
  • Specify whether to store email attachments separately

The SMTP protocol always stores attachments along with the email they accompany. The HDDS and HCP search facilities and the metadata query engine index the attachments along with the email.

You can choose to additionally store attachments separately from the email they accompany. With this option, searches return not only the original email with the attachments but also the attachments as separate objects.

When attachments are stored only with the email they accompany, searches return only the email objects. You then need to retrieve the email objects and separate the attachments yourself.

Storing attachments as separate objects can have a significant impact on performance and storage space.

Enabling SMTP access to a namespace

The SMTP panel has three sections for enabling and configuring the SMTP protocol.

Settings section

  1. Select Enable SMTP.

  2. Click Update Settings in the Settings section.

Allow/Deny section

Optionally, in the Allow/Deny section, specify IP addresses of email servers to be allowed or denied access to the namespace through SMTP.

Emails section

  1. Click Emails.

  2. In the Email Location field, type the path for the directory in which you want email objects stored.

    This is the full path starting after the root directory (that is, rest or data). Be sure to start and end the path with a forward slash (/), like this:
    /email/company_all/
    If any part of the specified directory path doesn’t exist, HCP creates it.
  3. In the Format field, select either .eml or .mbox.

    The one you choose depends on the application you use to read the stored email.
  4. To store email attachments separately from the emails they’re attached to, select Separate attachments from parent email.

    ImportantStoring attachments separately from the email they accompany can have a significant impact on performance and storage space. Unless you have a specific reason to do so, do not enable this option.
  5. Click Update Settings in the Emails section.

 

  • Was this article helpful?