AWS has achieved incredible traction with services such as S3 for a wide variety of cloud application and service provider businesses. However, for many service providers and enterprise corporations who require an on-premises deployment model in order to maintain control over sensitive data, for performance optimization, or for reasons of security or compliance – Scality’s new S3 Connector for the RING provides an optimal solution. The S3 Connector offers a solution that is application-compatible with AWS S3 at both the data API level and also with the rapidly evolving AWS multi-tenancy model termed IAM (Identity and Access Management).
Our S3 Connector is designed to fit seamlessly into mission-critical enterprise environments, which bring a unique set of requirements for deployment of petabyte-scale storage solutions:
- Easy Deployment
- Secure multi-tenancy and data-at-rest
- Federated Authentication/SSO with Enterprise directory services
- Integration with enterprise utilization reporting and management systems
For ease of deployment, we’re packaging and delivering all of the S3 Connector services as Docker Containers, which makes deployment fast and essentially achieves “zero configuration”. This eliminates the need to install packages and manually edit configuration files, dramatically reducing the barrier for enterprises to adopt and deploy Software Defined Storage (SDS).
To attain the other enterprise goals, we’re introducing a new release of the S3 Connector with several key capabilities. First is enhanced support of the AWS IAM model for secure multi-tenancy, including new support for IAM Groups, Roles, and IAM Policies. This builds on existing support for IAM Accounts and Users, key/pairs and advanced Signature v4 authentication. Through IAM and the S3 Connector, customers can deploy a comprehensive and capable multi-tenancy model that can be deployed both by service providers and enterprises to consolidate multiple use-cases and applications securely.
In addition to IAM, we’re introducing a new secure data-at-rest encryption capability, integrated into the S3 API. This is a transparent Bucket-level encryption feature, which encrypts objects upon write, and decrypts upon read. Integration with a customer-provided Key Management Service (KMS) ensures that the system never stores sensitive encryption keys, and that the security admin maintains full control. This enables a great solution for storing sensitive data such as financial documents, healthcare records, or anything else that can be protected from security threats.
For many enterprises, the use of popular directory services such as the ubiquitous Microsoft Active Directory Server (AD) is a cornerstone of their user/group credentials management. The S3 Connector now supports federation of authentication with AD, through a SAML 2.0 compatible “Identity Provider” (IdP). A very common IdP is Microsoft Active Directory Federation Services (ADFS), but many other commercial offerings provide similar SAML federation capabilities. This enables the S3 Connector to provide Single Sign-On (SSO) services for client applications that authenticate through AD, seamlessly!
The Scality S3 Connector is designed to leverage the core properties of the underlying Scality RING, including seamless scalability to Petabytes of data, billions of objects (and beyond) with very high-levels of durability, high-performance and a very low Total Cost of Ownership. Furthermore, just as with the RING – the S3 Connector is hardware-agnostic, providing customers with the freedom to choose the optimal deployment platform (and OS) that fits their current and future business requirements.