Discussions related to using object storage as a backup target.
Post Reply
valerio.minetti
Novice
Posts: 4
Liked: 1 time
Joined: Oct 10, 2017 11:29 am
Contact:

HGST s3 object storage and UPDATE4

Post by valerio.minetti »

Hello,
we are trying to connect our hgst active archive ( rel easiscale 4.2.1 ) object storage to veeam in order to use it as a capacity tier for our backup.
given that the storage is working and network has no issues ( i'm able to mount buckets with some s3 clients from the vm i'm using as gateway server for this new repository ) i've tried to create an object storage repository from veeam console.
sadly i't fails few seconds after giving me a notice on storage ssl certificate

Amazon REST error: 'We encountered an internal error. Please try again.. Code: InternalError', error code: 500. Other: Resource: ''

This hardware supports only v2 api signing, do veeam support this old version too?
veremin
Product Manager
Posts: 20415
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: HGST s3 object storage and UPDATE4

Post by veremin » 1 person likes this post

We use api version 4, so that must be the reason. Version 2 is a bit old and does not seem to be recommended any longer. Thanks!
geselembemberez
Lurker
Posts: 1
Liked: never
Joined: Jan 29, 2019 8:41 am

Re: HGST s3 object storage and UPDATE4

Post by geselembemberez »

This locks out plenty of people using on-premise S3 storage systems using v2 signature version only. How is it possible to formally add a feature request about this?

Also: what is the "region" parameter for the S3 compatible storage used for? In non-AWS storages shouldn't that option be useless? Thank you very much for your assistance.
valerio.minetti
Novice
Posts: 4
Liked: 1 time
Joined: Oct 10, 2017 11:29 am
Contact:

Re: HGST s3 object storage and UPDATE4

Post by valerio.minetti »

Indeed a feature request would be needed in my case: we have 1PB object archive and i can't use it because of this api signing protocol.
which is the best way to submit this kind of request?
veremin
Product Manager
Posts: 20415
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: HGST s3 object storage and UPDATE4

Post by veremin »

How is it possible to formally add a feature request about this?
The forum is the best place to submit this type of request. However, while selecting the signature version we followed industry best practices, which recommend avoiding v2 protocol due to critical security vulnerabilities - so currently, there are no plans to implement v2 authentication support in our product. Can you check if you object storage vendor has a firmware update perhaps? I mean, some vulnerabilities of v2 were known back in 2009.
Also: what is the "region" parameter for the S3 compatible storage used for?
While most of S3-compatible object storage have region hard coded to the default value, some use custom region value. So, we had to provide customers with the ability to specify a custom region string to achieve wider compatibility with all S3-compatible object storage devices out there.

Thanks!
valerio.minetti
Novice
Posts: 4
Liked: 1 time
Joined: Oct 10, 2017 11:29 am
Contact:

Re: HGST s3 object storage and UPDATE4

Post by valerio.minetti » 1 person likes this post

Can you check if you object storage vendor has a firmware update perhaps? I mean, some vulnerabilities of v2 were known back in 2009.
I agree with you, unfortunately hgst has no plan to produce such firmware upgrade and their salesmen tried to make us buy a new device that is v4 compliant instead.

Maybe we should just retarget this unit to different uses and buy another one ( but not from this vendor ) as backup storage.
so currently there are plans to implement v2 authentication support in our product.

i guess u meant "there are no plans to implement v2 auth", am i right?
veremin
Product Manager
Posts: 20415
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: HGST s3 object storage and UPDATE4

Post by veremin »

i guess u meant "there are no plans to implement v2 auth", am i right?
Sorry, my bad. It should have been "no plans to implement v2 authentication support". Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 9 guests