Skip to main content
Hitachi Vantara Knowledge

Storing objects on extended storage tiers

Each extended storage pool consists of one or more extended storage component access points (mount points, buckets, or containers) that are used to access the same type of extended storage. To store objects in a given extended storage pool, HCP uses all of the storage that’s accessed using all of the extended storage component access points that are contained in that pool. You can add access points to an extended storage pool at any time, thereby increasing the capacity of the pool.

The service plan for a namespace defines one or more storage tiers for that namespace, and specifies the rules that determine which tier is used to store each object in that namespace at any given point in the object lifecycle. Each extended storage tier that’s defined for a namespace typically consists of only one extended storage pool, but a tier can be configured to use multiple storage pools. To store objects on a given extended storage tier, HCP uses all of the storage that’s accessed using the extended storage component access points contained in the storage pools that are configured for that tier.

Considerations for tiering objects from primary storage to HCP S Series or extended storage

When moving an object to a storage tier that includes only HCP S Series or extended storage pools, the Storage Tiering service moves only the object data onto the HCP S Series or extended storage that’s used for the new tier.

NoteFor the purpose of storage tiering, HCP treats parts of multipart objects, chunks for erasure-coded objects, and chunks for erasure-coded parts of multipart objects as individual objects.

HCP keeps all metadata, including custom metadata, for an object on primary running storage. The system metadata for an object points to each specific NFS volume and each specific S Series or extended storage bucket or container that’s used to store the data for that object. Primary storage keeps metadata even if S Series storage is used as an ingest tier alternative to running storage instead of as a storage tier.

All objects added to a namespace are first written to the ingest tier defined in their namespace service plan. However, HCP can read the data for an object directly from any storage component the object may later be tiered too.

The service plan for a given namespace defines one or more storage tiers for that namespace and specifies a separate DPL setting for each tier, including the ingest tier. When an object is moved from one storage tier to another, all copies of the object data are removed from the previous tier, and the object is then stored only on the new tier. The DPL for the new tier is the total number of copies of the object data that must be stored on that tier. The DPL is also the total number of copies of the object data that must be stored in the HCP repository. (For a metadata-only tier, the DPL is zero.)

When the Storage Tiering service moves an object in a given namespace from a storage tier that includes only ingest tier storage pools to a tier that includes only extended storage pools, the Storage Tiering service removes all existing copies of the data for that object from the ingest tier storage and stores the specified number of copies of the object data only on the extended storage that’s represented by the pools that are configured for the new storage tier.

The Storage Tiering service moves all copies of the data for an object to HCP S Series or extended storage only if all of these are true:

  • The cryptographic hash algorithm for the object has been stored in both the primary and secondary metadata for the object
  • The object is not still open for write.
  • The object is not a part of an in-progress multipart upload.
  • If the namespace containing the object is being replicated and the target tier is extended storage, the object has already been replicated. The Storage Tiering service can move objects to HCP S Series storage before the objects are replicated.
  • The namespace containing the object has a service plan that defines a storage tier that includes only HCP S Series or extended storage pools, and the object meets the criteria for being moved to that tier.

An HCP system can have a full copy of the data for an object that is subject to erasure coding but that has not yet been erasure coded. The Storage Tiering service can tier the data for such an object to HCP S Series or spindown storage but not to extended storage.

While the data for an object is stored only on HCP S Series or extended storage:

  • If the object is deleted, the data that’s on HCP S Series or extended storage is also deleted
  • If the object is an old version that’s pruned, the version data that’s stored on HCP S Series or extended storage is also deleted
  • If the object is shredded, the data that’s stored on HCP S Series or extended storage is not shredded

Encryption and compression of objects in storage pools

The configuration of an HCP S Series or extended storage pool specifies whether the object data should be encrypted and/or compressed when it is stored on the storage that is used for that pool. Encryption can be enabled only if it was enabled when HCP was first installed. If encryption was not enabled during installation, the System Management Console does not have an option to encrypt data.

If the encryption option is selected for an HCP S Series or extended storage pool, the Storage Tiering service encrypts object data before writing it to the storage that is used for that pool. When reading encrypted data from an HCP S Series or extended storage pool, HCP automatically decrypts the data.

If an extended storage tier contains multiple external storage pools, HCP evenly distributes object data that is stored on that tier across all of those pools. For this reason, each storage pool that is configured for a given extended storage tier should be configured to use the same encryption setting (enabled or disabled).

To encrypt object data for S Series or extended storage, the Storage Tiering service uses the currently active PGP encryption key.

If compression is selected for an HCP S Series or extended storage pool, the Storage Tiering service compresses the object data before writing it to the storage that is used for that pool. When reading compressed data from an HCP S Series or extended storage pool, HCP automatically decompresses the data.

This compression activity is separate from the activity of the Compression/Encryption service. If an HCP object has been compressed by the Compression/Encryption service, HCP must decompress it before the Storage Tiering service can compress the object data and write it to HCP S Series or extended storage.

If an extended storage tier contains multiple storage pools, HCP evenly distributes object data that is stored on that tier across all of those pools. For this reason, each extended storage pool that is configured for a given storage tier should be configured to use the same compression setting (enabled or disabled).

If you change the encryption or compression setting for a given HCP S Series or extended storage pool, the change affects only the data that is stored after you make the change. HCP does not change the data that is already stored on the storage that is used for the pool. As a result, an HCP S Series or extended storage pool may contain both encrypted and unencrypted data and both compressed and uncompressed data at the same time.

Downloading an encryption key

You use the Storage Certificates & Keys page of the System Management Console to download an encryption key.

Procedure

  1. In the System Management Console, click the Storage tab at the top of the page.

    The Storage Overview page opens.

  2. On the side pane, click the Certificates & Keys tab. The Storage Certificates & Keys page opens.

  3. In the Encryption Keys pane, click Download Key ( Download icon) next to the key that you want to download.

    For an encryption key, the download requires you to specify a password. HCP uses this password to encrypt the key before downloading it.

    The Download Encryption Key dialog box opens.

  4. In the Secret Key password field, type a password for the key. The password can contain any valid UTF-8 characters, including white space.

  5. In the Confirm Password field, type the password again. Then click Download.

  6. Save the key file.

Uploading an encryption key

You use the Storage Certificates & Keys page of the System Management Console to upload a storage encryption key. This operation is available only if the cluster does not contain any objects. The operation is used for disaster recovery.

Procedure

  1. In the System Management Console, click the Storage tab at the top of the page.

    The Storage Overview page opens.
  2. On the side pane, click the Certificates & Keys tab.

    The Storage Certificates & Keys page opens.

  3. In the Encryption Keys pane, click Upload Key. The Upload Key dialog box opens.

    1. In the Secret Key Password field, enter the password for the key.

    2. For the Key File field, click Browse and select the PGP private key file that you want to upload.

    3. Click Upload Key.

      The dialog box closes. At the top of the Storage Certificates & Keys page, a success or error message is displayed.

 

  • Was this article helpful?