How to Secure and Simplify End User Access to Amazon S3 Object Storage for Remote Workers

AmazonS3As remote working settles into becoming more and more of a reality for many companies our experience is that many companies wish to facilitate direct end user access to Amazon’s Simple Object Storage, Amazon S3.

The reasons they want to do this are:

    1. Continue reading “How to Secure and Simplify End User Access to Amazon S3 Object Storage for Remote Workers”
Facebooktwitterredditpinterestlinkedinmailby feather

CISO Bulletin: Multi-Cloud Authorization With the Enterprise File Fabric™

In a recent post about authentication with the Enterprise File Fabric™  I briefly mentioned authorization and committed to a follow-up post on that topic.  This post explains how the the File Fabric’s authorization features are used to manage user access to directories and their contents on the storage that is attached to the File Fabric.  As we’ll see, the File Fabric can use the groups that are set up in  authentication system to create a unified security structure that spans all storage.  Additionally, for some resources,  the File Fabric can import and use established  user authorizations  and also allow the storage’s native access controls to govern users read and write actions.

Continue reading “CISO Bulletin: Multi-Cloud Authorization With the Enterprise File Fabric™”

Facebooktwitterredditpinterestlinkedinmailby feather

CISO Bulletin: Using Strategic Authentication Solutions With the Enterprise File Fabric™

The Enterprise File Fabric™ has a very good internal authentication system.  It uses a strong one way hash function, salts the passwords before it hashes them, and stores the hash values and not the passwords.  If the File Fabric was the only asset for which an enterprise required access control, then there would be no need for additional authentication options.

Continue reading “CISO Bulletin: Using Strategic Authentication Solutions With the Enterprise File Fabric™”

Facebooktwitterredditpinterestlinkedinmailby feather

File Fabric Group Collaboration Becomes Even Better With Keycloak

The Keycloak authentication system will be bundled with the next major release of the File Fabric.

Keycloak is an open source single sign-on  Identity Management and Access Management solution for applications and services.

We have integrated Keycloak in a way that makes it secure and convenient to use,  just like any of the File Fabric’s existing authentication mechanisms, but it is especially well suited for use with the File Fabric’s Business Groups feature.

Continue reading “File Fabric Group Collaboration Becomes Even Better With Keycloak”

Facebooktwitterredditpinterestlinkedinmailby feather

Using the SME Cloud Platform with OpenStack 1.60 and Keystone and SWAuth authentication Services

One of the Object Storage Clouds we supported early was OpenStack Swift, which continues to go from strength to strength.

We thought it was time to give a refresh update of how to setup SMEStorage SaaS with OpenStack Swift so that companies / users can easily test / work with their OpenStack Cloud using SMEStorage website and access clients prior to requesting access to our on-presmise Appliance with OpenStack support.

First a refresher on OpenStack authentication:

There are 3 modes of OpenStack authentication:

1. DevAuth: Mostly for development

2. SwAuth: swauth is purely swift authentication

3. Keystone: Keystone is for all OpenStack services and can be configured with just MySQl or it can be integrated with other Identity Management system

SME Supports swauth and Keystone.

For SWAuth

When using swauth we use the standard documented swift methods for authentication and getting the storage url ie as per:

curl -v -H 'X-Storage-User: <tenantName: userName>' -H 'X-Storage-Pass: password' http://IP Address:8080/auth/v1.0

When entering details into the Provider details page for OpenStack on SMEStorage you need to give the tenant name:username and the password. SME also requires a URL endpoint which should be in the format: http://IP Address:8080/auth/v1.0

We expect the following in the response headers

X-Storage-Url: http://storage server IP:PORT/v1/AUTH_xxxxxxxxxx
X-Storage-Token: AUTH_xxxxxxxxxx

We will use the URL and token to connect to OpenStack Swift storage
 

For Keystone:

Ideally Keystone should work as swauth but we have never seen this working correctly. To that end we access keystone making this http request:

curl -d '{"auth": {"tenantName": "username", "passwordCredentials":{"username": "thisisusername", "password": "your password"}}}' -H "Content-type: application/json" http://IP Address:5001/v2.0/tokens

We expect the response in the following JSON format and will take the public URL for swift service and the token to access your swift storage.

 "access": {
       "serviceCatalog": [
           {
               "endpoints": [
                   {
                       "adminURL": "http://IP:PORT/",
                       "internalURL": "http://IP:PORT/v1/AUTH_xxxxxxxxxx",
                       "publicURL": "http://IP:PORT/v1/AUTH_xxxxxxxxxx",
                       "region": "MyRegion"
                   }
               ],
               "endpoints_links": [],
               "name": "swift",
               "type": "object-store"
           },
       ..........
       ],
       .........
       "token": {
           "expires": "2012-09-05T15:34:18Z",
           "id": "TOKEN WE WILL USE",
           }
       }
       }
   }
}

When entering the provider details into SME we require the tenant name:username, password and keystone authorisation server ie. http://IP Address:5001/v2.0/tokens

If you  are unable to connect to the your OpenStack storage please send us the input from the above command and we will check.

Facebooktwitterredditpinterestlinkedinmailby feather