HGST s3 object storage and UPDATE4

[valerio.minetti]

Hello,
we are trying to connect our hgst active archive ( rel easiscale 4.2.1 ) object storage to veeam in order to use it as a capacity tier for our backup.
given that the storage is working and network has no issues ( i'm able to mount buckets with some s3 clients from the vm i'm using as gateway server for this new repository ) i've tried to create an object storage repository from veeam console.
sadly i't fails few seconds after giving me a notice on storage ssl certificate

Amazon REST error: 'We encountered an internal error. Please try again.. Code: InternalError', error code: 500. Other: Resource: ''

This hardware supports only v2 api signing, do veeam support this old version too?

[veremin]

We use api version 4, so that must be the reason. Version 2 is a bit old and does not seem to be recommended any longer. Thanks!

[geselembemberez]

This locks out plenty of people using on-premise S3 storage systems using v2 signature version only. How is it possible to formally add a feature request about this?

Also: what is the "region" parameter for the S3 compatible storage used for? In non-AWS storages shouldn't that option be useless? Thank you very much for your assistance.

[valerio.minetti]

Indeed a feature request would be needed in my case: we have 1PB object archive and i can't use it because of this api signing protocol.
which is the best way to submit this kind of request?

[veremin]

How is it possible to formally add a feature request about this?

The forum is the best place to submit this type of request. However, while selecting the signature version we followed industry best practices, which recommend avoiding v2 protocol due to critical security vulnerabilities - so currently, there are no plans to implement v2 authentication support in our product. Can you check if you object storage vendor has a firmware update perhaps? I mean, some vulnerabilities of v2 were known back in 2009.

Also: what is the "region" parameter for the S3 compatible storage used for?

While most of S3-compatible object storage have region hard coded to the default value, some use custom region value. So, we had to provide customers with the ability to specify a custom region string to achieve wider compatibility with all S3-compatible object storage devices out there.

Thanks!

[valerio.minetti]

Can you check if you object storage vendor has a firmware update perhaps? I mean, some vulnerabilities of v2 were known back in 2009.

I agree with you, unfortunately hgst has no plan to produce such firmware upgrade and their salesmen tried to make us buy a new device that is v4 compliant instead.

Maybe we should just retarget this unit to different uses and buy another one ( but not from this vendor ) as backup storage.

so currently there are plans to implement v2 authentication support in our product.

i guess u meant "there are no plans to implement v2 auth", am i right?

[veremin]

i guess u meant "there are no plans to implement v2 auth", am i right?

Sorry, my bad. It should have been "no plans to implement v2 authentication support". Thanks!