Data Domain Cloud isigaba : sihlanganisa isizinda sedatha ne-amazon aws S3

I-athikili elandelayo ikuhambisa ezinyathelweni ezidingekayo ukuze ulungiselele amakhono we-Data Domain cloud tier nge-amazon aws S3

Lo mhlahlandlela uhlukaniswe ikakhulukazi izingxenye ezi-4 eziyinhloko:
- Ukwengeza imininingwane edingekayo yomsebenzisi we-amazon aws kusuka ku-aws "IAM"- Ukungenisa isitifiketi se-CA ukuze unike amandla ukuxhumana phakathi kwe-Data Domain ne-S3
- Ukwengeza iyunithi yefu kusuka ku-Data Domain
- Ukuqanjwa kweyunithi yamafu
__Okokuqala :Yengeza "IAM"imininingwane yomsebenzisi__
Isinyathelo sokuqala sokuhlanganisa isigaba sefu se-Data Domain ne-amazon AWS S3 ukungeza izifakazelo zomsebenzisi we-AWS ezidingekayo ezivela ku-aws "IAM". Lezi mininingwane zomsebenzisi zizongeniswa ohlelweni lwesizinda sedatha ukuze kugunyazwe ukuxhumana ne-amazon S3
__Imininingwane yomsebenzisi we-AWS kufanele ibe nezimvume
- Dala futhi ususe amabhakede
- Engeza, lungisa, futhi ususe amafayela ngaphakathi kwamabhakede abawakhayo

**I-S3FullAccess **iyakhethwa, kodwa lezi izimfuneko eziyisisekelo :
- DalaBucket
- ListBucket
- DeleteBucket
- ListAllMyBuckets
- GetObject
- I-PutObject
- SusaObject
A. Iya kokuthi httpsaws.amazon.com/
bese ungena kukhonsoli ye-AWS noma udale i-akhawunti entsha uma kuyisikhathi sakho sokuqala:
B. Ekhoneni eliphezulu kwesokunxele khetha amasevisi, bese usesha i-IAM (AWS Identity and Access Management ), ukuze sikwazi ukudala nokuphatha abasebenzisi be-AWS namaqembu, futhi sisebenzise izimvume ukuze sivumele futhi sinqabele ukufinyelela kwabo kuzinsiza ze-AWS:
C. Ekhasini le-IAM khetha "abasebenzisi"kumenyu engakwesokunxele bese ukhetha "engeza umsebenzisi":
D. Nikeza umsebenzisi wakho omusha igama, isibonelo: "DD_S3_cloudtier"Khetha uhlobo lokufinyelela ukuze ulunikeze ukufinyelela ngokohlelo, bese uchofoza Okulandelayo:
E. Nikeza lo msebenzisi izimvume ezidingekayo ukuze asebenzise izinsiza ze-S3. Khetha engeza umsebenzisi eqenjini , bese ukhetha Dala iqembu:
F. Nikeza igama eliyingqayizivele leqembu. Isibonelo: "S3FullAccess_DD_cloudtier"bese usesha i-"AmazonS3FullAccess". Uma inketho ivela kumenyu yemiphumela ikhethe bese uchofoza okuthi Dala iqembu:
G. Uzokwaziswa ukuthi ubuyele kumenyu yangaphambilini. Khetha iqembu esisanda kulidala "S3FullAccess_DD_cloudtier"bese uchofoza Omaka Abalandelayo:
H. Kumenyu yokubuyekeza, hlola kabili ukuthi imininingwane oyifakile ilungile bese uchofoza okuthi "Dala umsebenzisi":
__ngi. sifinyelela ekhasini elibalulekile
Manje usunomsebenzisi "i-ID yokhiye wokungena"kanye "nokhiye wokufinyelela oyimfihlo". Uzozisebenzisa ukuhlanganisa i-Data Domain nezinsiza zakho ze-S3. Chofoza okuthi "landa .csv"bese ulondoloza leli fayela le-CSV endaweni evikelekile futhi ukopishe i-ID yokhiye wokufinyelela kanye nokhiye wokufinyelela oyimfihlo ngoba sizowasebenzisa Kusizinda Sedatha:
__Okwesibili: Ingenisa isitifiketi se-CA__

Kufanele ungenise isitifiketi se-CA ukuze unike amandla ukuxhumana phakathi kwesistimu yakho Yesizinda Sedatha ne-amazon S3

A. Ukuze ulande isitifiketi sempande ye-AWS, iya kokuthi httpswww.digicert.com/digicert-root-certificates.htm
bese ukhetha isitifiketi se-Baltimore CyberTrust Root:
- Uma isitifiketi sakho esilandiwe sinesandiso se-.CRT, kufanele siguqulelwe kusitifiketi esifakwe ikhodi ye-PEM. Uma kunjalo, sebenzisa i-OpenSSL ukuze uguqule ifayela lisuke kufomethi ye-.crt liye ku-.pem. Isibonelo, i-openssl x509 -inform der -in BaltimoreCyberTrustRoot.crt -out BaltimoreCyberTrustRoot.pem

- Ungazi okwengeziwe mayelana nendlela yokuguqula isitifiketi sibe yi-PEM kusuka kusihloko esilandelayo se-KB: httpssupport.emc.com/kb/488482
B. Enye inketho ukuya ekhasini elilandelayo httpsbaltimore-cybertrust-root.chain-demos.digicert.com/info/index.html
futhi ukopishe isitifiketi ukuze usinamathisele ohlelweni Lwesizinda Sedatha njengoba sizokwenza ngokulandelayo:
C. Iya ku-Data Domain GUI bese ulandela inqubo elandelayo:
- 1. Khetha Ukuphathwa Kwedatha >Isistimu Yefayela >Amayunithi Amafu

- 2. Kubha yamathuluzi, chofoza okuthi Phatha Izitifiketi. Ibhokisi elithi Phatha Izitifiketi ze-Cloud liyaboniswa

- 3. Chofoza Engeza

- 4. Khetha okukodwa kwalokhu ongakhetha kukho:
- Ngifuna ukulayisha isitifiketi njengefayela le-.pem

Phequlula bese ukhetha ifayela lesitifiketi

- Ngifuna ukukopisha nokunamathisela umbhalo wesitifiketi

Kopisha okuqukethwe kwefayela le-.pem kubhafa yakho yokukopisha

Namathisela ibhafa engxoxweni

Sesiqedile ngokwengeza isitifiketi se-CA. Okulandelayo sizokwengeza iyunithi yethu yefu ye-S3 kusuka ku-Data Domain GUI

__Okwesithathu: Ukwengeza iyunithi ye-cout ku-Data Domain__
Nakhu ukuqhathanisa okusheshayo kokunye umehluko phakathi kokukhishwa kwe-DDOS nezinketho zabo zesigaba samafu ezitholakalayo:
| Inguqulo ye-DDOS
||Amandla
|
|6.0
||
|
- Isekela kuphela isigaba "sesitoreji esimisiwe se-S3".
- Ayinayo indlela yokuqinisekisa yomhlinzeki wamafu
- Ayisekeli isici sikasayizi wento enkulu
|6.1
||
|
- Isekela amakilasi okugcina "okujwayelekile"kanye "neStandard-Infrequent Access (S3 Standard-IA)"- 6.1.1.5 >= : Iba nendlela yokuqinisekisa yomhlinzeki wamafu
- Isekela isici sosayizi wento enkulu
|6.2
||
|
- Isekela "Standard", "Standard-IA"kanye "One Zone-Infrequent Access (S3 One Zone-IA)"- ube nendlela yokuqinisekisa ifu
- Isekela isici sosayizi wento enkulu
__kusuka ku-GUI yesizinda Sedatha , landela le nqubo ukuze ungeze iyunithi yefu ye-S3
- 1. Khetha Ukuphathwa Kwedatha >Isistimu Yefayela >Amayunithi Amafu

- 2. Chofoza Engeza. Ingxoxo ethi Engeza Iyunithi Yefu iyaboniswa

- 3. Faka igama lale yunithi yamafu. Izinhlamvu ze-alphanumeric kuphela ezivunyelwe. Izinkambu ezisele engxoxweni ethi Engeza Iyunithi Yefu ziphathelene ne-akhawunti yomhlinzeki wamafu

- 4. Ngomhlinzeki Wamafu, khetha I-Amazon Web Services S3 ohlwini lokudonsela phansi
- 5. Khetha ikilasi lesitoreji ohlwini lokudonsela phansi. Ngokusekelwe kunguqulo ye-DDOS uzothola izinketho ezahlukene ezisekelwe kuthebula elingenhla

Funda imininingwane eyengeziwe mayelana namakilasi esitoreji se-S3 asekelwayo kusukela kusixhumanisi esilandelayo ukuze ukhethe ikilasi lesitoreji elifaneleka kakhulu izidingo zakho zesipele:
httpsaws.amazon.com/s3/storage-classes/
- 6. Khetha indawo yeSitoreji efanele ohlwini lokudonsela phansi

- 7. Faka ukhiye wokungena womhlinzeki "njengombhalo wephasiwedi", lowo esiwuthole ku-amazon IAM esinyathelweni 1

- 8. Faka ukhiye oyimfihlo womhlinzeki "njengombhalo wephasiwedi", lowo esiwuthole ku-amazon IAM esinyathelweni 1

- 9. Qinisekisa ukuthi imbobo 443 (HTTPS) ayivinjwanga ezindongeni zomlilo. Ukuxhumana nomhlinzeki wefu we-AWS kwenzeka ku-port 443

- 10. Uma iseva elibamba ye-HTTP idingeka ukuze izungeze i-firewall yalo mhlinzeki, chofoza u-Lungisa Iseva elibamba ye-HTTP. Faka igama lomethuleli wommeleli, imbobo, umsebenzisi, nephasiwedi

- 11. uma une-DDOS >= 6.1.1.5 bese uchofoza inkinobho yokuqinisekisa ifu

Imininingwane eyengeziwe mayelana nethuluzi lokuqinisekisa ifu le-Data Domain ingatholakala lapha: httpssupport.emc.com/kb/521796
Uma inguqulo yakho ye-DDOS ingu-6.0 bese uchofoza engeza njengoba inketho yokuqinisekisa ifu ayitholakali kulokhu kukhishwa.

- 12. Chofoza Engeza. Iwindi eliyinhloko Lesistimu Yefayela manje libonisa ulwazi olufingqiwe lweyunithi entsha yamafu kanye nokulawula ukunika amandla nokukhubaza iyunithi yefu.

-
__Qaphela
Ungakwazi ukubuyekeza ukhiye wokufinyelela weyunithi yefu ye-S3 kanye ne-ID yokhiye wokufinyelela oyimfihlo kamuva kusuka ku-Data Domain GUI kalula uma kudingeka.

__Okwesithathu: Ukuqanjwa kweyunithi yamafu__
Uma sibuyela manje ku-amazon S3, sizothola ukuthi isistimu ye-Data Domain idale amabhakede angu-3 ale yunithi yamafu:
Isivumelwano sokuqanjwa kwamagama amabhakede angu-3 simi kanje:
- Iyunithi yezinhlamvu eyi-hexadecimal enezinhlamvu eziyi-16

- Umlingiswa wedeshi

- Olunye uchungechunge lwezinhlamvu eziyi-16 ze-hexadecimal,
*uchungechunge lwe-hexadecimal luhlukile kule yunithi yamafu*

- Omunye umlingiswa wedeshi

- Amabhakede azogcina ngochungechunge '-d0', '-c0'kanye '-m0'- Ibhakede eligcina ngochungechunge '-d0'lisetshenziselwa amasegimenti edatha

- Ibhakede eligcina ngochungechunge '-c0'lisetshenziselwa idatha yokumisa

- Ibhakede eligcina ngochungechunge '-m0'lisetshenziselwa imethadatha

Ukuze uthole imininingwane eyengeziwe mayelana nokuqanjwa kwamayunithi wamafu hlola isihloko esilandelayo se-KB: httpssupport.emc.com/kb/487833
Manje uqedile ngokwakha iyunithi yefu ye-S3 ehlanganiswe nesistimu yakho Yesizinda Sedatha, futhi usulungele ukuqala ukusebenzisa izinqubomgomo zokuhambisa idatha ukuze i-Mtrees yakho ithuthele idatha kuyunithi yesigaba sefu esanda kwakhiwa .