0% found this document useful (0 votes)

11 views

OBS Document en

Uploaded by

nncc.entel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

11 views

OBS Document en

Uploaded by

nncc.entel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 141

HUAWEI CLOUD Stack

6.5.1

OBS

Issue 01
Date 2019-06-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2019. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website: http://www.huawei.com
Email: [email protected]

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. i

HUAWEI CLOUD Stack
OBS Contents

Contents

1 Quick Start...................................................................................................................................... 1
1.1 Overview........................................................................................................................................................................ 1
1.2 Concepts......................................................................................................................................................................... 1
1.3 Creating a User............................................................................................................................................................... 2
1.4 Creating a Bucket........................................................................................................................................................... 2
1.5 Uploading Objects.......................................................................................................................................................... 6
1.6 Downloading Objects..................................................................................................................................................... 9
1.7 Deleting Objects........................................................................................................................................................... 11
1.8 Deleting a Bucket......................................................................................................................................................... 13
1.9 Reference...................................................................................................................................................................... 14

2 Infographics..................................................................................................................................15
3 User Guide.................................................................................................................................... 17
3.1 Object Storage Service (OBS)...................................................................................................................................... 17
3.1.1 Introduction............................................................................................................................................................... 17
3.1.1.1 What Is Object Storage Service?............................................................................................................................ 17
3.1.1.2 Related Concepts.................................................................................................................................................... 20
3.1.1.3 Product Advantages................................................................................................................................................ 22
3.1.1.4 Application Scenarios.............................................................................................................................................22
3.1.1.5 Implementation Principles...................................................................................................................................... 24
3.1.1.6 Relationships with Other Cloud Services............................................................................................................... 26
3.1.1.7 User Roles and Permissions................................................................................................................................... 28
3.1.1.8 Key Indicators.........................................................................................................................................................32
3.1.1.9 Restrictions............................................................................................................................................................. 33
3.1.1.10 Accessing and Using OBS....................................................................................................................................33
3.1.2 Operation Process...................................................................................................................................................... 34
3.1.3 Creating a Bucket...................................................................................................................................................... 37
3.1.4 Usage......................................................................................................................................................................... 41
3.1.4.1 Uploading an Object............................................................................................................................................... 41
3.1.4.2 Downloading an Object.......................................................................................................................................... 44
3.1.5 Bucket Management.................................................................................................................................................. 44
3.1.5.1 Modifying a Bucket Quota..................................................................................................................................... 44
3.1.5.2 Viewing Bucket Information.................................................................................................................................. 45

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. ii

HUAWEI CLOUD Stack
OBS Contents

3.1.5.3 Deleting Junk Data from a Bucket......................................................................................................................... 46

3.1.5.4 Deleting a Bucket................................................................................................................................................... 47
3.1.6 Object Management...................................................................................................................................................48
3.1.6.1 Creating a Folder.................................................................................................................................................... 48
3.1.6.2 Deleting a File or Folder.........................................................................................................................................49
3.1.6.3 Undeleting a File.................................................................................................................................................... 50
3.1.6.4 Accessing an Object Using Its URL.......................................................................................................................51
3.1.7 Permission Control.................................................................................................................................................... 52
3.1.7.1 About Bucket ACL................................................................................................................................................. 52
3.1.7.2 About Bucket Policy...............................................................................................................................................52
3.1.7.3 Relationship Between Bucket ACLs and Bucket Policies..................................................................................... 52
3.1.7.4 Configuring ACL Permissions for a Bucket...........................................................................................................53
3.1.7.5 Configuring a Bucket Policy.................................................................................................................................. 55
3.1.7.6 Configuring ACL Permissions for an Object......................................................................................................... 61
3.1.8 Versioning.................................................................................................................................................................. 64
3.1.8.1 About Versioning.................................................................................................................................................... 64
3.1.8.2 Enabling or Disabling Versioning for a Bucket......................................................................................................64
3.1.9 Logging......................................................................................................................................................................66
3.1.9.1 About Access Logging........................................................................................................................................... 66
3.1.9.2 Configuring Logging for a Bucket......................................................................................................................... 66
3.1.10 Lifecycle Management............................................................................................................................................ 68
3.1.10.1 About Lifecycle Management.............................................................................................................................. 68
3.1.10.2 Configuring a Lifecycle Management Rule......................................................................................................... 69
3.1.11 Static Website Hosting.............................................................................................................................................71
3.1.11.1 About Static Website Hosting...............................................................................................................................71
3.1.11.2 About Request Redirection...................................................................................................................................71
3.1.11.3 Configuring Static Website Hosting..................................................................................................................... 71
3.1.11.4 Redirecting Requests to Another Host..................................................................................................................75
3.1.12 Cross-Origin Resource Sharing............................................................................................................................... 76
3.1.12.1 About Cross-Origin Resource Sharing................................................................................................................. 76
3.1.12.2 Configuring CORS............................................................................................................................................... 76
3.1.13 URL Validation........................................................................................................................................................79
3.1.13.1 About URL Validation..........................................................................................................................................79
3.1.13.2 Configuring URL Validation................................................................................................................................ 79
3.1.14 FAQs........................................................................................................................................................................ 81
3.1.14.1 How Can a Non-OBS Administrator View a Bucket?..........................................................................................81
3.1.14.2 What About Details of Actions and Conditions?................................................................................................. 82
3.1.14.3 Logging In to OBS Console as a VDC Administrator or VDC Operator............................................................ 87
3.2 HDFS............................................................................................................................................................................ 87
3.2.1 Introduction............................................................................................................................................................... 87
3.2.1.1 Definition of HDFS................................................................................................................................................ 87
3.2.1.2 Related Concepts.................................................................................................................................................... 87

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. iii

HUAWEI CLOUD Stack
OBS Contents

3.2.1.3 Product Advantages................................................................................................................................................ 88

3.2.1.4 Application Scenarios.............................................................................................................................................88
3.2.1.5 Implementation Principles...................................................................................................................................... 89
3.2.1.6 User Roles and Permissions................................................................................................................................... 90
3.2.1.7 Accessing and Using.............................................................................................................................................. 90
3.2.2 Operation Process...................................................................................................................................................... 91
3.2.3 Creating a Namespace............................................................................................................................................... 92
3.2.4 Namespace Management........................................................................................................................................... 94
3.2.4.1 Viewing a Namespace.............................................................................................................................................94
3.2.4.2 Modifying Namespace Parameters......................................................................................................................... 96
3.2.4.3 Modifying Namespace QoS..................................................................................................................................103
3.2.4.4 Deleting a Namespace.......................................................................................................................................... 105

4 Best Practice................................................................................................................................ 106

4.1 Uploading and Downloading Files Using a Third-Party Client................................................................................. 106
4.2 Using a User-Defined Domain Name to Configure Static Website Hosting.............................................................. 113
4.3 Granting Employees Different Data Access Permissions...........................................................................................119
4.4 User Data Isolation Across VDCs.............................................................................................................................. 125
4.5 User Data Sharing Between Departments.................................................................................................................. 129

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. iv

HUAWEI CLOUD Stack
OBS 1 Quick Start

1 Quick Start

1.1 Overview
1.2 Concepts
1.3 Creating a User
1.4 Creating a Bucket
1.5 Uploading Objects
1.6 Downloading Objects
1.7 Deleting Objects
1.8 Deleting a Bucket
1.9 Reference

1.1 Overview
Object Storage Service (OBS) is an object-based storage service. It provides massive, secure,
highly reliable, and low-cost data storage capabilities.

You can create buckets, upload objects, download objects, delete objects, and delete buckets
on ManageOne Operation Portal. This document gives an introduction of OBS and describes
how to complete the following tasks using ManageOne.

You can find more details about OBS functions and FAQs on the homepage of OBS.

1.2 Concepts
You need to understand some basic concepts before using OBS.

OBS stores data as objects in buckets. An object is a basic unit of data storage in OBS. An
object is a combination of the file data and its metadata (related properties). Data uploaded to
OBS is stored in buckets as objects.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 1

HUAWEI CLOUD Stack
OBS 1 Quick Start

If you want to store files (objects) in OBS, upload the files to OBS buckets. After uploading a
file, you can configure access permissions for the object and bucket.
A bucket is a container for storing objects. You can own one or more buckets. For each
bucket, you can specify the region where the bucket and its objects reside, control access to
the bucket, and view access logs related to the bucket and its objects.
For more information about OBS, see OBS User Guide.
Click here to start learning.

1.3 Creating a User

Before using OBS, you need to obtain the VDC administrator account or VDC operator
account. If no accounts are available, contact the operation administrator to create a VDC and
VDC administrator, and then use the VDC administrator account to create a VDC operator.
For details, see Operation Help Center > Dividing Cloud Resources.

1.4 Creating a Bucket

After a role is registered, you can create a bucket. A bucket is a container for storing objects
in OBS. Each object is stored in a bucket. Before you store data in OBS, you need to create a
bucket. This section describes how to create a bucket.

Prerequisites
You have obtained a VDC administrator account or a VDC operator account for logging in to
ManageOne Operation Portal.

Context
Two types of administrators, OBS administrator and OBS limited administrator, can create
buckets.
For details about user roles and permissions, see 3.1.1.7 User Roles and Permissions.

Procedure
Step 1 Log in to ManageOne as a VDC administrator or VDC operator using a browser.
URL in non-B2B scenarios: https://Address for accessing ManageOne Operation Portal, for
example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal, for
example, https://tenant.demo.com
Step 2 Select your region and then project from the drop-down list on the top menu bar.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 2

HUAWEI CLOUD Stack
OBS 1 Quick Start

Step 3 On the navigation bar, click Console and choose Storage > Object Storage Service.

Step 4 Click Create Bucket in the upper right corner of the page.

Step 5 Set parameters as required.

Table 1-1 describes these parameters.

Figure 1-1 Creating a bucket as an OBS administrator

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 3

HUAWEI CLOUD Stack
OBS 1 Quick Start

Figure 1-2 Creating a bucket as an OBS limited administrator

Table 1-1 Parameters related to bucket creation

Parameter Description Example
Value

Region Region where the bucket will reside. cn-global-1

NOTE
l If OBS is available in only one region, this region is displayed by
default. If OBS is available in multiple regions, select a region.
l Specifically, you can select a region according to your cost plan
and where access requests are originated. It is recommended that
you select a nearby region for faster upload and download
speeds.
l Once a region is specified, it cannot be changed. All objects in
the bucket are stored in the data center of the region. Currently,
specifying a region for objects is not supported.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 4

HUAWEI CLOUD Stack
OBS 1 Quick Start

Parameter Description Example

Value

Bucket Name of the bucket to be created. obs-5268

Name Naming rules:
l Contains a maximum of 3 to 63 characters, including
lowercase letters, digits, hyphens (-), and periods (.) only.
l Cannot be an IP address.
l Cannot start or end with a hyphen (-) or period (.).
l Cannot contain two consecutive periods (.), for example,
my..bucket.
l Cannot contain periods (.) and hyphens (-) adjacent to
each other, for example, my-.bucket or my.-bucket.
l If the name contains a period (.), the security certificate
verification may be triggered when you access the bucket
or objects in the bucket.
NOTE
A bucket name must be globally unique. After a bucket is
created, the bucket name cannot be changed.

Quota Capacity quota of the bucket. 1 TB

Limited The available capacity quota of the to-be-created bucket is
(GB) displayed below the text box. The value of Quota Limited
(GB) cannot be greater than the available quota. If you select
No limit, the quota of the bucket will not be limited, but the
capacity of objects that can be uploaded to the bucket cannot
exceed the available capacity quota of the bucket.
NOTE
Only an OBS administrator can configure Quota Limited (GB).

Access Indicates how a user accesses the bucket. Enable

Mode l Exclusively used: By default, only the creator has the full
control over the bucket.
l Shared: All administrators and authorized users in the
VDC can access the bucket.
NOTE
Only an OBS limited administrator can configure the access mode.

Bucket Click Add. On the page that is displayed, select users as the bucket_ad
Manager administrators of the bucket. A maximum of 10 min
administrators can be added.
The added bucket administrators have the full control over
the bucket except configuring bucket policies.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 5

HUAWEI CLOUD Stack
OBS 1 Quick Start

NOTE

Step 6 Click Create Now.

----End

1.5 Uploading Objects

After a bucket is created, you can upload objects to the bucket. By uploading objects, you can
save local files or folders to OBS.

Prerequisites
l You have obtained a VDC administrator account or a VDC operator account for logging
in to ManageOne Operation Portal.
l At least one bucket has been created.
l If you want to use a user-defined key to encrypt objects to be uploaded, create a key
using KMS. Uploading KMS-encrypted objects is not supported in the Region Type III
scenario.

Context
l These files can be text, image, video, or any other types.
l A file up to 5 GB can be uploaded using OBS Console. A maximum of 100 files can be
uploaded at a time. A file larger than 5 GB can be uploaded using an API or a third-party
tool.
l A file name cannot exceed 1023 bytes. The total length of a file name is the sum of the
length of its own and the length of its upper-level directories. Levels of directories are
automatically separated by slashes (/). For example, if the upper-level folder of file01 is
folder01, the file name length is the length of folder01/file01.
l OBS supports server-side encryption with KMS-managed keys (DEW-KMS) using an
interface. The object to be uploaded can be encrypted on the server using the key
provided by the key management server. You need to create a key using KMS or use the
default key provided by KMS. Then you can use the key to encrypt the object on the
server when uploading the object OBS. After server-side encryption is enabled, data of
the object uploaded to OBS is encrypted on the server before being stored. When the
object is downloaded, data is decrypted on the server first.
l OBS does not allow cross-tenant or anonymous users to access objects encrypted using
KMS.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 6

HUAWEI CLOUD Stack
OBS 1 Quick Start

Step 3 On the navigation bar, click Console and choose Storage > Object Storage Service.

Step 4 Click the bucket.

Step 5 In the navigation tree on the left, click Objects.

Step 6 Click Upload File.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 7

HUAWEI CLOUD Stack
OBS 1 Quick Start

NOTE

You can also click the folder to be operated and then click Upload File.

Step 7 Click Add File or Add Folder, select the file or folder to be uploaded, and click OK.

NOTE

l You can also drag the file to the list directly.

l Do not upload a file larger than 5 GB or upload more than 100 files at a time. Otherwise, the upload
may fail.
l If a message is displayed, indicating that the service is busy when uploading the file, try again later.
l If an access denial message is displayed when you are uploading a file, the possible causes are as
follows:
– The access permissions for the bucket are restricted by the ACL. For example, the user has no
write permission for the bucket. For details about the ACL setting function of a bucket, see
3.1.7.4 Configuring ACL Permissions for a Bucket.
– The access permissions on the bucket are restricted by the bucket policy. For example, you
have no write permission on the bucket, or write operations cannot be performed on the bucket
in the current time segment. For details about bucket policies, see 3.1.7.5 Configuring a
Bucket Policy.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 8

HUAWEI CLOUD Stack
OBS 1 Quick Start

Step 8 Optional: Select KMS encryption and select a key name from the drop-down list.

OBS provides a default key named obs/default. You can use the default key or click Create
KMS Key to customize a key to encrypt and upload the object.

Step 9 Click OK to start the upload.

Step 10 View and manage the upload task.

If the task status is Succeeded, the object is uploaded successfully.

l You can also click Upload Task in the lower left corner of the page to view and manage
the uploaded task.
l You can click Suspend or Suspend All Tasks to suspend one or all tasks in Uploading
or Waiting state.
l If the upload task fails or the upload task is manually suspended, you can click Continue
to restart the upload.
NOTE

l You cannot suspend or continue the upload of a file less than or equal to 5 MB.
l Do not exit the console during the upload. Otherwise, the task will be interrupted and cannot be
restored.

----End

Follow-up Operations
After an object is successfully uploaded, you can view the encryption status of the object in
the object list. The status may be Encrypted or Unencrypted.

For an encrypted object, you can click the object name to view its Encryption Type, Key
Name, and Key ID.

NOTE

l The object encryption status cannot be changed.

l A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.

1.6 Downloading Objects

After uploading files to a bucket, you can download the files to a local host if necessary.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 9

HUAWEI CLOUD Stack
OBS 1 Quick Start

Prerequisites
l You have obtained a VDC administrator account or a VDC operator account for logging
in to ManageOne Operation Portal.
l At least one bucket has been created.
l At least one file has been uploaded.
l Ensure that DNS server IP addresses are correctly configured on the client environment
for OBS domain name resolution. Contact the administrator to obtain the IP addresses
from parameters TDNS-TNTP01-TENANT and TDNS-TNTP02-TENANT in the
parameter summary file xxx_export_all_EN.xlsm.
NOTE

l In an ECS environment, ensure that the DNS server IP address of the ECS is the same as that
of the VPC associated with the ECS.
l If you access OBS from the Internet, ensure that the DNS server IP address of the Internet has
been configured on the client.

Step 3 On the navigation bar, click Console and choose Storage > Object Storage Service.

Step 4 Click the bucket.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 10

HUAWEI CLOUD Stack
OBS 1 Quick Start

Step 5 In the navigation tree on the left, click Objects.

Step 6 In the row where the file resides, click Download and download the file as prompted.

----End

1.7 Deleting Objects

If objects stored in OBS are no longer needed, you can delete the objects to free up the storage
space. You can delete a single object or delete objects in batches.

Context
Deleting unnecessary objects saves space and costs.
Some files uploaded to OBS need to be periodically deleted. You can use the lifecycle
management function of OBS to periodically delete these files. For details about the lifecycle
management function, see 3.1.10 Lifecycle Management.

Procedure
Step 1 Log in to ManageOne as a VDC administrator or VDC operator using a browser.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 11

HUAWEI CLOUD Stack
OBS 1 Quick Start

URL in non-B2B scenarios: https://Address for accessing ManageOne Operation Portal, for
example, https://console.demo.com

URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal, for
example, https://tenant.demo.com

Step 2 Select your region and then project from the drop-down list on the top menu bar.

Step 3 On the navigation bar, click Console and choose Storage > Object Storage Service.

Step 4 Click the bucket.

Step 5 In the navigation tree on the left, click Objects.

Step 6 Select the file you want to delete, and click Delete on the right.

You can also select multiple files and click Delete above the list to batch delete them.

Step 7 Click OK to delete the file.

----End

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 12

HUAWEI CLOUD Stack
OBS 1 Quick Start

1.8 Deleting a Bucket

You can delete a bucket as required. If you want to use the same bucket name, do not delete
the bucket. You are advised to clear and retain the bucket.

Prerequisites
l You have obtained a VDC administrator account or a VDC operator account for logging
in to ManageOne Operation Portal.
l The bucket to be deleted is empty.
l You are the bucket owner.

Step 4 Click Delete in the row where the bucket to be deleted is located.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 13

HUAWEI CLOUD Stack
OBS 1 Quick Start

NOTE

l Before deleting a bucket, ensure that all objects in the bucket have been deleted.
l The interval between deleting a bucket and creating another bucket with the same name varies
according to application scenarios.

Step 5 Click OK to delete the bucket.

----End

1.9 Reference
The preceding sections describe how to perform basic tasks of OBS.
For more details about OBS, see Object Storage Service User Guide, which describes the
complete product functions and operation guide of the OBS Console.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 14

HUAWEI CLOUD Stack
OBS 2 Infographics

2 Infographics

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 15

HUAWEI CLOUD Stack
OBS 2 Infographics

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 16

HUAWEI CLOUD Stack
OBS 3 User Guide

3 User Guide

3.1 Object Storage Service (OBS)

3.2 HDFS

3.1 Object Storage Service (OBS)

3.1.1 Introduction

3.1.1.1 What Is Object Storage Service?

Definition
Object Storage Service (OBS) is a cloud storage service that provides capabilities for massive,
secure, reliable, and cost-effective data storage. With OBS, you can easily create, modify, and
delete buckets, as well as uploading, downloading, and deleting objects.

Object storage devices and services are becoming increasingly popular in research and
markets, providing a viable alternative to established block and file storage services. OBS is a
cloud storage service that can store unstructured data such as documents, images, and
audiovisual videos, combining the advantages of block storage (direct and fast access to
disks) and file storage (distributed and shared).

The OBS system and a single bucket do not have restrictions on the total data volume and
number of objects, providing users ultra-large capacity to store files of any type. OBS can be
used by common users, websites, enterprises, and developers.

As an Internet-oriented service, OBS provides web service interfaces over Hypertext Transfer
Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS). Users can use OBS
Console or a browser to access and manage data stored in OBS on any computer connected to
the Internet anytime, anywhere. In addition, OBS supports SDK and API interfaces, which
enable users to easily manage data stored in OBS and develop various upper-layer service
applications.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 17

HUAWEI CLOUD Stack
OBS 3 User Guide

Functions
OBS provides the following functions:
l Basic Bucket Operations
Create, view, and delete buckets in a specific region.
l Basic Object Operations
Create folders and manage objects, including uploading, downloading, and deleting
objects.
l Permission Control
Control access to OBS using bucket policies and bucket/object ACLs.
l Versioning
Multiple versions of an object can co-exist in a bucket.
l Logging
Bucket access requests can be recorded in logs for request analysis and log audit.
l Lifecycle Management
Lifecycle rules can be set for buckets so that expired objects are automatically deleted.
l Static Website Hosting
Website attributes can be set for buckets to implement static website hosting. Web page
redirection can be set to redirect bucket requests to the specified hosts.
l Cross-Origin Resource Sharing
Cross-Origin Resource Sharing (CORS) rules are supported, allowing resources in OBS
to be accessed across domains.
l URL Validation
URL validation is provided to prevent object links of OBS from being stolen by other
websites.

Comparison Between EVS, OBS, and SFS

Table 3-1 compares the three types of storage services (EVS, OBS, and SFS).

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 18

HUAWEI CLOUD Stack
OBS 3 User Guide

Table 3-1 Comparison between EVS, OBS, and SFS

Dimension EVS SFS OBS

Usage Provides persistent Provides ECSs with Provides REST

block storage for a high-performance APIs that are
compute services such shared file system compatible with
as ECS and BMS. EVS that supports on- Amazon S3. Users
disks feature high demand elastic can use browsers or
availability, high scaling. The file third-party tools to
reliability, and low system complies access OBS and use
latency. Users can with the standard REST APIs to
format, create file file protocol and perform secondary
systems on, and delivers scalable development on
persistently store data performance, OBS.
on the EVS disks. supporting massive
amount of data and
bandwidth-
demanding
applications.

Data access mode Data access is limited Data access is Data access on the
within the internal limited within the public network is
network of a data internal network of a allowed to meet
center. data center. requirements of
Internet
applications.

Sharing mode Supports EVS disk Supports data Supports data

sharing. sharing. sharing.
A shared EVS disk can A file system can be Allows anonymous
be attached to a mounted to a access and unlimited
maximum of 16 ECSs maximum of 256 access users.
in the cluster ECSs.
management system.

Storage capacity The maximum capacity The maximum The capacity is

of a single disk is 64 capacity of a single unlimited.
TB. file is 240 TB, and Therefore, advance
the file system planning is not
capacity can be required.
scaled to the PB
level.

Backend storage Supports Huawei SAN OceanStor 9000 FusionStorage OBS

storage, FusionStorage,
and heterogeneous
storage.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 19

HUAWEI CLOUD Stack
OBS 3 User Guide

Dimension EVS SFS OBS

Recommended Scenarios such as Scenarios such as Scenarios such as

scenario database, enterprise media processing big data storage,
office applications, and and file sharing. surveillance video
development and storage, and backup
testing. and archiving. It can
also provide storage
for other private
cloud services (such
as IMS).

3.1.1.2 Related Concepts

Bucket
A bucket is a container that stores objects in OBS. OBS provides flat storage in the form of
buckets and objects. Unlike the conventional multi-layer directory structure of file systems,
all objects in a bucket are stored at the same logical layer.
In OBS, each bucket name must be unique and cannot be changed. When a bucket is created,
its access control list (ACL) is generated by default. The items in the ACL include
permissions of authorized users such as the read (READ), write (WRITE), and full control
(FULL_CONTROL) permissions. Only authorized users can perform bucket operations, such
as creating, deleting, viewing, and configuring the bucket ACL. A user can create a maximum
of 100 buckets. However, the number and total size of objects in a bucket are not restricted.
Users do not need to worry about system scalability.
OBS is a service based on the REST (Representational State Transfer) style HTTP and
HTTPS protocols. You can locate resources using URL (Uniform Resource Locator).
Figure 3-1 illustrates the relationship between buckets and objects in OBS.

Figure 3-1 Relationship between buckets and objects

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 20

HUAWEI CLOUD Stack
OBS 3 User Guide

Object
An object is a basic data storage unit of OBS. It consists of file data and metadata that
describes the attributes. Data uploaded to OBS is stored into buckets as objects.
An object consists of data, metadata, and a key.
l A key specifies the name of an object. An object key is a string ranging from 1 to 1024
characters in UTF-8 format. Each object in a bucket must have a unique key.
l Metadata describes the object. Metadata contains system metadata and user metadata.
All the metadata is uploaded to OBS as key-value pairs.
– System metadata is automatically generated by OBS and is used for processing
object data. It includes object attributes such as Date, Content-length, Last-
modify, and Content-MD5.
– User metadata is specified by users to describe objects when they upload the
objects.
l Data is the content contained by an object.
Generally, objects are managed as files. However, OBS is an object-based storage service and
it does not involve the file and folder concepts. For easy data management, OBS provides a
method to simulate virtual folders. By adding a slash (/) in an object name, for example, test/
123.jpg, you can simulate test as a folder and 123.jpg as the name of a file under the test
folder. However, the key remains test/123.jpg.
On the OBS management console, users can directly use folders as they used to do.

AK/SK
Access Key ID (AK)/Secret Access Key (SK) is an authentication certificate pair. OBS
(compatible with Amazon S3 APIs) authenticates requests using AKs and SKs. Tenants and
users use AKs and SKs to access the system. OBS (compatible with Amazon S3 APIs)
identifies tenants and users based on the AKs and SKs.
l An AK corresponds to only one tenant or user. A tenant or user can have two AKs at the
same time. OBS (compatible with Amazon S3 APIs) identifies a tenant or user accessing
the system based on the AK.
l A tenant or user generates authentication information based on the SK and request
header. An SK corresponds to an AK.

Region
A region is where the OBS data center is located. When creating a bucket, the user can
specify a region where the bucket resides based on the expected cost, response latency, and
request source. The specified region cannot be changed after the bucket is created.
After a bucket is created, all objects uploaded to the bucket are stored in the data center of the
region.

Endpoint
Endpoint indicates the domain name used by OBS to provide services. OBS provides services
in HTTP RESTful API mode. Different domain names are required for accessing different
regions. The endpoints required for accessing the same zone through the intranet and extranet
are different.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 21

HUAWEI CLOUD Stack
OBS 3 User Guide

Quota
Quota restricts the resources that a user can use. Quota is the upper limit of available
resources and storage capacity.
OBS allows you to set quotas for tenants and buckets.
l Tenant quota: The administrator can set capacity quotas for tenants to limit the upper
limit of storage space that can be used by the tenants.
l Bucket quota: An OBS administrator can set a capacity quota for a bucket to limit the
upper limit of storage space of the bucket.

3.1.1.3 Product Advantages

OBS provides an open architecture, simplicity, self-service, high security and reliability.
l Open architecture
– It provides universal and standard APIs to be efficiently compatible with the users'
current applications.
– It provides REST APIs of Amazon S3 based on transmission protocols HTTP and
HTTPS, which are compatible with various applications and clients and support
storage of various formats of data including images, videos, audios, and files.
l Simple operations and self-service
– You can upload, download, and manage your data anytime and anywhere using a
browser or a self-developed client.
– The number and size of files are not limited. You can expand the storage capacity
unlimitedly based on your needs.
l Security and reliability
– Data encryption: The KMS key is used to encrypt data for upload and download.
– Data consistency scanning: Regular verification is performed at the background
without affecting services to detect disk data errors in advance, preventing data loss
due to silent corruption.
– Data chunk redundancy: Data chunks are stored redundantly on different disks. The
system checks data consistency and recovers damaged data automatically at the
background.
– Permission control: AKs and SKs are used to authenticate tenants and users.
– Versioning: Version management is available to prevent users from overwriting or
deleting data accidentally.
– Lifecycle management: Data lifecycle management is available. Rules can be made
to periodically delete objects from buckets and automatically delete expired data.

3.1.1.4 Application Scenarios

Backup and Active Archiving

OBS is a durable, scalable, and secure solution for backing up and archiving users' key data.
Its versioning function further protects data. Its high durability and secure infrastructure aim
to provide an advanced data protection and disaster recovery solution. Additionally, OBS
supports third-party backup and archiving software.
Figure 3-2 shows the architecture.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 22

HUAWEI CLOUD Stack
OBS 3 User Guide

Figure 3-2 Architecture in the backup and active archiving scenario

Video surveillance
OBS provides large storage capacity for video surveillance solutions and applies to massive
and unstructured video data to meet requirements for storing high quality video data.
Figure 3-3 shows the architecture.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 23

HUAWEI CLOUD Stack
OBS 3 User Guide

Figure 3-3 Architecture in the video surveillance scenario

3.1.1.5 Implementation Principles

Logical Architecture
Figure 3-4 shows the logical architecture of OBS.

Figure 3-4 Logical architecture of OBS

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 24

HUAWEI CLOUD Stack
OBS 3 User Guide

Table 3-2 OBS components

Component Component Description
Type Name

ManageOne IAM Provides Identity identification and access

unified management for OBS.
operation
Quota Provides quota management for OBS.
management

SDR SDR generates metering and billing CDRs for OBS.

ManageOne Performance Monitors performance indicators of the infrastructure

unified O&M management and analyzes monitoring data.

Log management Aggregates and queries the operation and running

logs of tenants.

Alarm Receives, stores, and centrally monitors and queries

management alarm data, helping O&M personnel quickly rectify
faults based on alarm information.

Cloud service OBS Console Provides the OBS management console.

LVS Provides first-level load balancing.

Infrastructure FusionStorage As the backend storage device, FusionStorage OBS

provides object storage functions.

Workflow
Figure 3-5 shows the OBS workflow.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 25

HUAWEI CLOUD Stack
OBS 3 User Guide

Figure 3-5 OBS workflow

1. The operation administrator creates resource management tenants and resource

administrators as well as configures quotas on ManageOne Operation Portal
(ManageOne operation management portal in B2B scenarios).
2. Resource administrators apply for object storage resources on OBS Console.
3. OBS Console invokes the S3 APIs of the FusionStorage OBS object and big data storage
device to create a bucket.

3.1.1.6 Relationships with Other Cloud Services

Figure 3-6 describes the relationships between OBS and other cloud services.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 26

HUAWEI CLOUD Stack
OBS 3 User Guide

Figure 3-6 Relationships between OBS and other cloud services

Table 3-3 Relationships between OBS and other cloud services

Cloud Description
Service
Name

Image OBS can provide backend storage for image files of IMS.
Manage
ment
Service
(IMS)

Key KMS provides central management and control capabilities of CMKs for
Manage Object Storage Service (OBS). It is perfectly suited for server-side encryption
ment on OBS.
Service
(KMS)

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 27

HUAWEI CLOUD Stack
OBS 3 User Guide

Cloud Description
Service
Name

Volume OBS provides backend storage for VBS users.

Backup
Service
(VBS)

Cloud OBS provides backend storage for CSBS users.

Server
Backup
Service
(CSBS)

3.1.1.7 User Roles and Permissions

ManageOne Operation Portal (ManageOne Operation Management Portal in B2B scenarios)
provides role management and access control functions for cloud services. Role management
refers to the management of users and user groups. Access control refers to the management
of their permissions.
For OBS, the access control refers to managing the access to OBS resources. Table 3-4 lists
OBS operation permissions. A user can be assigned one or more of the permissions.

Table 3-4 User Roles and Permissions

Role Name Role Source Permission Description

OBS VDC l VDC A user with these permissions

administrator administrator management can perform any operation on
permission OBS resources.
l All cloud
service
management
permission

VDC operator l VDC operator

permission
l All cloud
service
management
permission

Customized l VDC read-only

permission
l All cloud
service
management
permission

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 28

HUAWEI CLOUD Stack
OBS 3 User Guide

Role Name Role Source Permission Description

l One of VDC
management
permission,
read-only
permission, and
operator
permission
l OBS
management
permission
NOTE
If you want to
use the function
of uploading
objects in
encrypted mode,
select Key
Management
Service
Management
Permission.

OBS limited Customized l One of VDC A user with this permission can
administrator management perform any operations on OBS
permission, resources except for
read-only configuring quota and logging.
permission, and
operator
permission
l All cloud
service read-
only permission
l OBS limited
management
permission

OBS read- VDC read-only l VDC read-only A user with these permissions
only user administrator permission can query the usage of OBS
l All cloud resources. Specifically, the user
service read- can only read OBS resources.
only permission

Customized l Either VDC

management
permission or
operator
permission
l All cloud
service read-
only permission

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 29

HUAWEI CLOUD Stack
OBS 3 User Guide

Role Name Role Source Permission Description

Non-OBS Customized l One of VDC A user with these permissions

administrator management can view buckets, bucket
permission, metadata, and location
read-only information.
permission, and
operator
permission
l Management
permission of
other cloud
services than
OBS

Table 2 lists the operations that users in different roles can perform.

Table 3-5 User roles and permissions

Operation OBS OBS limited OBS read- Non-OBS
administrator administrator only user administrator

Listing buckets Yes Yes Yes No

Creating Yes Yes No No

buckets

Deleting Yes Yes No No

buckets

Obtaining basic Yes Yes Yes No

bucket
information

Obtaining Yes Yes Yes No

monitoring
statistics about
buckets

Managing Yes Yes No No

bucket ACLs

Managing Yes No No No
bucket quotas

Configuring the No Yes No No

bucket access
mode

Listing objects Yes Yes Yes No

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 30

HUAWEI CLOUD Stack
OBS 3 User Guide

Operation OBS OBS limited OBS read- Non-OBS

administrator administrator only user administrator

Listing objects Yes Yes Yes No

with multiple
versions

Uploading files Yes Yes No No

Creating folders Yes Yes No No

Deleting files Yes Yes No No

Deleting folders Yes Yes No No

Downloading Yes Yes Yes No

files

Canceling file Yes Yes No No

deletion

Deleting Yes Yes No No

fragments

Managing non- Yes Yes No No

exclusive
bucket policies

Managing Yes No No No
exclusive
bucket policies

Managing Yes Yes No No

object ACLs

Managing Yes Yes No No

versioning

Managing Yes No No No
logging

Managing Yes Yes No No

lifecycle rules

Managing static Yes Yes No No

website hosting

Viewing No No No Yes
buckets

Listing Yes Yes Yes No

namespaces

Creating a Yes Yes No No

namespace

Deleting a Yes Yes No No

namespace

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 31

HUAWEI CLOUD Stack
OBS 3 User Guide

Operation OBS OBS limited OBS read- Non-OBS

administrator administrator only user administrator

Obtaining basic Yes Yes Yes No

information
about a
namespace

Obtaining Yes Yes Yes No

monitoring data
of a namespace

Viewing Yes Yes Yes No

parameter
configurations

Modifying Yes Yes No No

parameter
configurations

Viewing QoS Yes Yes Yes No

configurations

Modifying QoS Yes Yes No No

configurations

Viewing the Yes Yes Yes No

namespace
quota

Setting the Yes No No No

namespace
quota

3.1.1.8 Key Indicators

Table 3-6 lists the key indicators of OBS.

Table 3-6 Key indicators of OBS

Indicator Value

Maximum number of buckets that a tenant 100

can create

Maximum number of cross-domain 100

resources that can be created by a tenant

Maximum number of lifecycle rules that can 100

be configured for a bucket

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 32

HUAWEI CLOUD Stack
OBS 3 User Guide

3.1.1.9 Restrictions
The restrictions on OBS are as follows:

l OBS is compatible with Amazon S3 standard interfaces.

l OBS is accessed based on domain names. Before using OBS, configure the IP address of
the DNS server on the client.
l A user cannot use the global domain name to access the buckets and objects in a non-
default region.
l When a third-party S3 client is used to access the OBS, only the domain name of the
default region and the global domain name can be used to create buckets. You are
advised to create buckets on the OBS Console.
l Even though a user is assigned all permissions of another tenant's buckets, the user's
permissions are still restricted by its role.
l OBS permission control and quota can be configured only in first-level VDCs.
l Each tenant can create a maximum of 100 buckets.
l The S3 tenant quota is updated every 5 minutes, and the bucket quota is updated every
10 seconds. If a file is uploaded to a bucket within ten seconds after another file being
uploaded successfully to the same bucket, the bucket quota will not be detected again.
l A file up to 5 GB can be uploaded using OBS Console. A file larger than 5 GB can be
uploaded using a third-party tool or self-developed tool based on the S3 interface.
l To ensure continuous object uploading experience, OBS does not require reserved
storage space but adopts an on-demand allocation. OBS does not check the uploaded
object size. Before the OBS quota is used up, the uploaded object may be greater than
the remaining quota.
l Before using OBS Console to download objects, import the purchased commercial
certificate or the certificate created by the storage administrator to the browser.
Otherwise, a security risk message may be displayed.
l When using Internet Explorer of any version, you cannot drag a file to upload it or
upload a folder. When using Firefox earlier than 52.0.1, you cannot drag a file to upload
it. When using Firefox earlier than 54.0.1, you cannot upload a folder.
l The file name cannot exceed 1023 bytes. The length of a file name is the sum of the
length of its own and the length of its upper-level directories, and cannot exceed 1023
bytes. Levels of directories are automatically separated by slashes (/).
l A maximum of 100 lifecycle rules can be configured for a bucket. After a lifecycle rule
is enabled and an object expires, the object may be automatically deleted within 48
hours.
l After logging in to the OBS Console, a non-OBS administrator can only view buckets of
a tenant. A non-OBS administrator can only view buckets of the current browser session.
If any of the following occurs, view the bucket again:
– The login times out.
– The browser is closed.
– The cache data of the browser is cleared.

3.1.1.10 Accessing and Using OBS

Two methods are available:

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 33

HUAWEI CLOUD Stack
OBS 3 User Guide

l Web UI
Log in to ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios) as
a tenant user and select the cloud service on the Console menu.
l API
If you want to integrate the cloud service into third-party systems for secondary
development, use the API mode.

3.1.2 Operation Process

Figure 3-7 shows the operation process of OBS.

Figure 3-7 Operation process of OBS

Table 3-7 lists the operators and user interfaces (UIs) required for each step.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 34

HUAWEI CLOUD Stack
OBS 3 User Guide

Table 3-7 Description about the operation process of OBS

Operation Description and Reference Operator and UI

Preparations Preparations before using OBS are ManageOne Operation

as follows: Portal (ManageOne
If no VDC operator account is Operation Management
available, contact the operation Portal in B2B scenarios):
administrator to create a VDC and Operation Administrator
VDC administrator, and then ManageOne Operation
create a VDC operator as the VDC Portal (ManageOne
administrator. Tenant Portal in B2B
For details, see Operation Help scenarios):
Center > VDC Tenant Modeling. l VDC administrator
l Agent administrator

Creating a bucket Create a bucket as the container of ManageOne Operation

OBS. Portal (ManageOne
3.1.3 Creating a Bucket Tenant Portal in B2B
scenarios):
l VDC administrator
l VDC operator
l Agent administrator

3.1.4 Usage Upload a local file to OBS for ManageOne Operation

storage. Portal (ManageOne
3.1.4.1 Uploading an Object Tenant Portal in B2B
scenarios):
l VDC administrator
l VDC operator
l Agent administrator

Download a file from OBS to a ManageOne Operation

local computer as required. Portal (ManageOne
3.1.4.2 Downloading an Object Tenant Portal in B2B
scenarios):
l VDC administrator
l VDC operator
l Agent administrator

Management Manage buckets, including ManageOne Operation

modifying bucket quotas, viewing Portal (ManageOne
basic bucket information, clearing Tenant Portal in B2B
fragments, deleting buckets, and scenarios):
accessing buckets using domain l VDC administrator
names.
l VDC operator
3.1.5 Bucket Management
l Agent administrator

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 35

HUAWEI CLOUD Stack
OBS 3 User Guide

Operation Description and Reference Operator and UI

Manage objects in a bucket, ManageOne Operation

including creating a folder, Portal (ManageOne
deleting a file or folder, canceling Tenant Portal in B2B
file deletion, and accessing an scenarios):
object using a URL. l VDC administrator
3.1.6 Object Management l VDC operator
l Agent administrator

Manage permissions to access ManageOne Operation

buckets and objects, including the Portal (ManageOne
bucket ACL permissions, bucket Tenant Portal in B2B
policies, and object ACL scenarios):
permissions. l VDC administrator
3.1.7 Permission Control l VDC operator
l Agent administrator

Introduces bucket versioning and ManageOne Operation

describes how to configure Portal (ManageOne
versioning for a bucket. Tenant Portal in B2B
3.1.8 Versioning scenarios):
l VDC administrator
l VDC operator
l Agent administrator

Introduces bucket logging and ManageOne Operation

describes how to configure Portal (ManageOne
logging for a bucket. Tenant Portal in B2B
3.1.9 Logging scenarios):
l VDC administrator
l VDC operator
l Agent administrator

Introduces bucket lifecycle ManageOne Operation

management and describes how to Portal (ManageOne
configure lifecycle management Tenant Portal in B2B
for a bucket. scenarios):
3.1.10 Lifecycle Management l VDC administrator
l VDC operator
l Agent administrator

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 36

HUAWEI CLOUD Stack
OBS 3 User Guide

Operation Description and Reference Operator and UI

Introduces static website hosting ManageOne Operation

and describes how to configure Portal (ManageOne
this function. Tenant Portal in B2B
3.1.11 Static Website Hosting scenarios):
l VDC administrator
l VDC operator
l Agent administrator

Describe how to configure cross- ManageOne Operation

origin resource access. Portal (ManageOne
3.1.12 Cross-Origin Resource Tenant Portal in B2B
Sharing scenarios):
l VDC administrator
l VDC operator
l Agent administrator

Introduces URL validation and ManageOne Operation

describes how to configure this Portal (ManageOne
function. Tenant Portal in B2B
3.1.13 URL Validation scenarios):
l VDC administrator
l VDC operator
l Agent administrator

3.1.3 Creating a Bucket

A bucket is a container that stores objects in OBS. You need to create a bucket before you can
store any data in OBS. This section describes how to create a bucket.

Prerequisites
You have obtained a VDC administrator account or a VDC operator account for logging in to
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).

Context
Two types of administrators, OBS administrator and OBS limited administrator, can create
buckets.
For details about user roles and permissions, see 3.1.1.7 User Roles and Permissions.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 37

HUAWEI CLOUD Stack
OBS 3 User Guide

URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal, for
example, https://tenant.demo.com
Step 2 Select your region and then project from the drop-down list on the top menu bar.

Step 3 On the navigation bar, click Console and choose Storage > Object Storage Service.

Step 4 In the upper right corner of the page, click Create Bucket and set related parameters. For
details, see Table 3-8.

Figure 3-8 Creating a bucket as an OBS administrator

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 38

HUAWEI CLOUD Stack
OBS 3 User Guide

Figure 3-9 Creating a bucket as an OBS limited administrator

Table 3-8 Parameters for creating a bucket

Parameter Description

Region Region where the bucket to be created resides.

NOTE
l If OBS is available in only one region, this region is displayed by default. If
OBS is available in multiple regions, select a region.
l Specifically, you can select a region according to your cost plan and where
access requests are originated. It is recommended that you select a nearby
region for faster upload and download speeds.
l Once a region is specified, it cannot be changed. All objects in the bucket are
stored in the data center of the region. Currently, specifying a region for
objects is not supported.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 39

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description

Bucket Name Name of the bucket to be created.

Naming rules:
l Contains a maximum of 3 to 63 characters, including lowercase
letters, digits, hyphens (-), and periods (.) only.
l Cannot be an IP address.
l Cannot start or end with a hyphen (-) or period (.).
l Cannot contain two consecutive periods (.), for example, my..bucket.
l Cannot contain periods (.) and hyphens (-) adjacent to each other, for
example, my-.bucket or my.-bucket.
l If the name contains a period (.), security certificate verification may
be triggered when you access the bucket or objects in the bucket.
NOTE
After a bucket is created, its name is globally unique and cannot be changed.

Quota Limited Capacity quota of the bucket.

(GB) The available capacity quota of the to-be-created bucket is displayed
below the text box. The value of Quota Limited (GB) cannot be greater
than the available quota. If you select No limit, the quota of the bucket
will not be limited, but the capacity of objects that can be uploaded to
the bucket cannot exceed the available capacity quota of the bucket.
NOTE
l Only an OBS administrator can configure Quota Limited (GB).
l The quota is not limited when the bucket is not associated with any region.

Access Mode Indicates how a user accesses the bucket.

l Exclusively used: By default, only the creator has the full control
over the bucket.
l Shared: All administrators and authorized users in the tenant can
access the bucket.
NOTE
Only an OBS limited administrator can configure the access mode.

Bucket Click Add. On the Add page that is displayed, select users as the
Manager administrators of the bucket. A maximum of 10 administrators can be
added.
The added bucket administrators have the full control over the bucket
except configuring bucket policies.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 40

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

l When a URL is used to access a bucket, the bucket name is a part of the URL. According to DNS
standards, a URL does not support uppercase letters and cannot be used to access a bucket whose
name contains uppercase letters. Therefore, a bucket name can contain only lowercase letters, digits,
hyphens (-), and periods (.) For example, if you attempt to access bucket MyBucket using a URL,
bucket mybucket will be accessed instead, causing an access error.
l An OBS administrator creates a shared bucket by default.
l When an exclusive bucket is created, the system automatically generates two exclusive bucket
policies by default. The two policies are displayed on the top of the bucket policy list to identify the
access mode of the bucket. An OBS administrator can view and manage exclusive bucket policies in
the bucket policy list. For details, see 3.1.7.5 Configuring a Bucket Policy.

Step 5 Click Create Now.

----End

3.1.4 Usage

3.1.4.1 Uploading an Object

This section describes how to upload a local file or folder to OBS through the Internet.

Prerequisites
l You have obtained a VDC administrator account or a VDC operator account for logging
in to ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).
l At least one bucket has been created.
l If you want to upload encrypted objects, you must have the management permission of
the key management service. For details, see the permission configuration of the user-
defined OBS administrator in 3.1.1.7 User Roles and Permissions.
l If you want to use a user-defined key to encrypt objects to be uploaded, create a key
using KMS. Uploading KMS-encrypted objects is not supported in the Region Type III
scenario.

Context
l Any types of files can be uploaded, such as the text, image, and video.
l A file up to 5 GB can be uploaded using OBS Console. A maximum of 100 files can be
uploaded at a time. A file larger than 5 GB can be uploaded using an API or a third-party
tool.
l The total length of a file name cannot exceed 1023 bytes. The total length of a file name
is the sum of the length of its own and the length of its upper-level directories. Levels of
directories are automatically separated by slashes (/). For example, if the upper-level
directory of file01 is folder01, the file name length is calculated based on folder01/
file01. In the Windows operating system, the length of a file name must be fewer than
260 characters and that of a directory name must be fewer than 248 characters.
l OBS supports server-side encryption with KMS-managed keys (SSE-KMS) using an
interface. The object to be uploaded can be encrypted on the server using the key
provided by the key management server. You need to create a key using KMS or use the
default key provided by KMS. Then you can use the key to encrypt the object on the
server when uploading the object OBS. After server-side encryption is enabled, data of

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 41

HUAWEI CLOUD Stack
OBS 3 User Guide

the object uploaded to OBS is encrypted on the server before being stored. When the
object is downloaded, data is decrypted on the server first.
l OBS does not allow cross-tenant or anonymous users to access objects encrypted using
KMS.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket where you want to upload the object.

Step 3 In the navigation tree on the left, click Objects.

Step 4 Click Upload File.

NOTE

You can also select a folder and click Upload File.

Step 5 Click Add File or Add Folder, select the file or folder to be uploaded, and click OK.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 42

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

l You can also drag the file to the list directly. When using Internet Explorer of any version, you
cannot drag a file to upload it or upload a folder. When using Firefox earlier than 52.0.1, you cannot
drag a file to upload it. When using Firefox earlier than 54.0.1, you cannot upload a folder.
l Do not upload a file larger than 5 GB or upload more than 100 files at a time. Otherwise, the upload
may fail.
l An uploaded folder is not created as an object but is displayed as a directory. The number of folders
is not calculated to the number of objects.
l If an access denial message is displayed when you are uploading a file, the possible causes are as
follows:
– The access permissions for the bucket are restricted by the ACL. For example, the user has no
write permission for the bucket. For details about how to configure an ACL for a bucket, see
3.1.7.4 Configuring ACL Permissions for a Bucket.
– The access permissions for the bucket are restricted by the bucket policies. For example, the
bucket cannot be written or the user does not have the write permission for the bucket. For
details about bucket policies, see 3.1.7.5 Configuring a Bucket Policy.

Step 6 Optional: Select KMS encryption and select a key name from the drop-down list.

OBS creates a default key named obs/default. You can use the default key or click Create
KMS Key to customize a key to encrypt and upload the object.

Step 7 Click OK to start the upload.

Step 8 View and manage the upload task.

If the task status is Succeeded, the object is uploaded successfully.

l You cannot suspend or continue the upload of a file less than or equal to 5 MB.
l Do not exit the console during the upload. Otherwise, the task will be interrupted and cannot be
restored.

----End

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 43

HUAWEI CLOUD Stack
OBS 3 User Guide

Follow-up Procedure
After an object is successfully uploaded, you can view the encryption status of the object in
the object list. The status may be Encrypted or Unencrypted.

For an encrypted object, you can click the object name to view its Encryption Type, Key
Name, and Key ID.

NOTE

l The object encryption status cannot be changed.

l A key in use cannot be deleted. Otherwise, the object encrypted with this key cannot be downloaded.

3.1.4.2 Downloading an Object

This section describes how to download a file from OBS to a local computer.

Prerequisites
l You have obtained a VDC administrator account or a VDC operator account for logging
in to ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).
l At least one bucket has been created.
l At least one file has been uploaded.
l If you want to upload encrypted objects, you must have the management permission of
the key management service. For details, see the permission configuration of the user-
defined OBS administrator in 3.1.1.7 User Roles and Permissions.
l Ensure that DNS server IP addresses are correctly configured on the client environment
for OBS domain name resolution. Contact the administrator to obtain the IP addresses
from parameters TDNS-TNTP01-TENANT and TDNS-TNTP02-TENANT in the
parameter summary file xxx_export_all_EN.xlsm.
NOTE

If you access OBS from the Internet, ensure that the DNS server IP address of the Internet has
been configured on the client.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 In the navigation tree on the left, click Objects.

Step 3 In the row where the file resides, click Download and download the file as prompted.

----End

3.1.5 Bucket Management

3.1.5.1 Modifying a Bucket Quota

This section describes how to modify a bucket quota.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 44

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 5 Click OK.

----End

3.1.5.2 Viewing Bucket Information

This topic describes how to view information about a bucket, including monitoring statistics
and basic information.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 45

HUAWEI CLOUD Stack
OBS 3 User Guide

Table 3-9 Bucket monitoring statistics

Parameter Description

Used storage capacity Total capacity used by objects in the bucket.

Number of objects Number of objects stored in the bucket, including all object
versions.

Step 4 In the Basic Information area, view basic information of the bucket.
Table 3-10 describes basic information about a bucket.

Table 3-10 Basic information about a bucket

Parameter Description

Bucket Name Name of the bucket

Region Name of the region where the bucket resides

Owner Username of the tenant who owns the bucket

Tenant ID ID of the tenant

Created Time when the bucket is created

Endpoint OBS provides an endpoint for each region, facilitating users to

access resources in each region.

Access Domain Name Domain name of the bucket, which is used when the bucket is
accessed by domain name directly.
The format of the domain name is bucket name.endpoint.
NOTE
If the DNS server IP address is not configured on the client, you can
change the access domain name of the bucket to endpoint/bucket name.

Quota Limited Available capacity quota of the bucket

----End

3.1.5.3 Deleting Junk Data from a Bucket

The fragment management function enables you to delete junk data generated due to object
upload failures.

Prerequisites
You have obtained a VDC administrator account or a VDC operator account for logging in to
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 46

HUAWEI CLOUD Stack
OBS 3 User Guide

Context
Data is uploaded to OBS in multipart mode. In the following common and other scenarios, an
upload fails and fragments are generated. You need to delete these fragments to free up
storage space.

l The network is in poor conditions, and the connection to the OBS server is interrupted
frequently.
l The upload task is manually suspended.
l The device is faulty.
l The device is powered off suddenly.

Fragments generated due to an upload failure are stored in OBS. You can delete the fragments
manually or continue the upload.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 In the row where the bucket resides, click Fragments.

NOTE

You can also perform the following operations:

1. Click the bucket.
2. In the navigation tree on the left, click Objects.
3. Click Fragments.

Step 3 Select the fragment that you want to delete and click Delete next to it.

You can also select multiple fragments and click Delete above the list to batch delete them.

Step 4 Optional: Select the fragment that you want to continue the upload and click Continue.

Step 5 Click OK.

----End

3.1.5.4 Deleting a Bucket

This section describes how to delete a bucket.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 47

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 2 In the row where the bucket resides, click Delete.

NOTE

l Before deleting a bucket, ensure that all objects in the bucket have been deleted.
l At least 30 minutes later after a bucket is deleted, you can create a bucket with the same name in
another VDC at least 30 minutes later.

Step 3 Click OK.

----End

3.1.6 Object Management

3.1.6.1 Creating a Folder

This section describes how to create a folder on OBS Console.

Context
There are no file and folder concepts in OBS. For easy data management, OBS provides a
method to simulate virtual folders. In OBS, a special object named folder name/ is added and
displayed as a folder on OBS Console. You can also upload an object by adding a folder on
OBS Console. The object name is a complete path with the folder directory. Levels of
directories are separated by slashed (/). OBS Console recognizes / and displays the object as a
folder. In this case, no special object named folder name/ is created.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Objects.

Step 4 Click Create Folder.

Step 5 In the Folder Name text box, enter a name for the folder.
l The name cannot contain special characters \/:*?"<>|.
l The name cannot start or end with a period (.)
l The name cannot exceed 1023 bytes.
The length of a folder name is the sum of the length of its own and the length of its
upper-level directories, and cannot exceed 1023 bytes. Levels of directories are
automatically separated by slashes (/). For example, if the upper-level directory of the
folder01 file is folder02, the file name length is calculated based on folder02/folder01/.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 48

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

l When a folder is created, it is created as an object and is added to the number of objects.
l If an access denial message is displayed when you are creating a folder, the possible causes are as
follows:
– The access permissions for the bucket are restricted by the ACL. For example, the user has no
write permission for the bucket. For details about how to configure an ACL for a bucket, see
3.1.7.4 Configuring ACL Permissions for a Bucket.
– The access permissions for the bucket are restricted by the bucket policies. For example, you
have no write permission on the bucket. For details about bucket policies, see 3.1.7.5
Configuring a Bucket Policy.

Step 6 Click OK.

----End

3.1.6.2 Deleting a File or Folder

This section describes how to delete a file or folder from OBS.

Precautions
After you delete a folder, objects in the folder will be unavailable. Before performing this
operation, ensure that the objects in the folder are no longer needed.

Context
l Deleting unnecessary objects saves space and costs.
l Some files or folders uploaded to OBS need to be periodically deleted. You can use the
lifecycle management function of OBS to periodically delete these files. For details, see
3.1.10 Lifecycle Management.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Objects.

Step 4 Select the file or folder you want to delete, and click Delete next to it.

You can also select multiple files and click Delete above the list to batch delete them.

Step 5 Click OK.

----End

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 49

HUAWEI CLOUD Stack
OBS 3 User Guide

Related Operations
If versioning is enabled, a deleted object will be removed to the Deleted Objects list and a
version with the deletion mark is automatically generated.

To delete a specific version permanently, click the object and select the target version from the
Versions list. If you delete an object version with the deletion mark, the object will be
recovered. For details, see 3.1.6.3 Undeleting a File.

3.1.6.3 Undeleting a File

This section describes how to restore a deleted file.

Prerequisites
l You have obtained a VDC administrator account or a VDC operator account for logging
in to ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).
l The versioning function is enabled and a file has been deleted. For details about how to
enable the versioning function, see 3.1.8 Versioning.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Objects.

Step 4 Click Deleted Objects.

Step 5 In the row where the file you want to restore resides, click Undelete on the right.

You can also click the file and delete the version with the deletion mark from the Versions
list. The object will be restored to the object list.

NOTE

If the file you want to restore is in a folder, click the folder. Open the folder, locate the row where the
deleted file resides, and click Undelete on the right.

Step 6 Optional: Select the file that you want to delete permanently and click Delete on the right to
permanently delete the object.

You can also click the file and delete the version without the deletion mark from the Versions
list to permanently delete the version.

NOTE

If all the versions of the deleted file are deleted with no historical version, you cannot undelete the file.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 50

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 7 Click OK.

----End

3.1.6.4 Accessing an Object Using Its URL

The object uniform resource locator (URL) (object sharing) function allows anonymous users
to access object data using object URLs.

Prerequisites
l You have obtained a VDC administrator account or a VDC operator account for logging
in to ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).
l At least one bucket has been created.
l At least one file has been uploaded and the file can be accessed only using the URL.
l Ensure that DNS server IP addresses are correctly configured on the client environment
for OBS domain name resolution. Contact the administrator to obtain the IP addresses
from parameters TDNS-TNTP01-TENANT and TDNS-TNTP02-TENANT in the
parameter summary file xxx_export_all_EN.xlsm.
NOTE

If you access OBS from the Internet, ensure that the DNS server IP address of the Internet has
been configured on the client.

Context
OBS does not allow anonymous users to access objects uploaded after being encrypted using
KMS.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Objects.

Step 4 Click the object.

Step 5 Click Object ACL.

Step 6 In Public Permissions, click Edit to grant the read permission of the object to anonymous
users.

Step 7 Click Save to save the ACL permission setting.

Step 8 View Link at the top of the page

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 51

HUAWEI CLOUD Stack
OBS 3 User Guide

The URL is displayed on the page, which is in the format of bucket name.endpoint/object
name. After sending the URL to an anonymous user, the anonymous user can access the
object by copying the URL to the web browser.

NOTE

If the DNS server IP address is not configured on the client, you can change the access domain name of
the bucket to endpoint/bucket name and then copy it to the browser for access.

----End

3.1.7 Permission Control

3.1.7.1 About Bucket ACL

OBS provides tenant-based ACLs to assign specific access permissions to tenants.
An ACL can manage all users' or a specific user's permissions to access a single bucket. The
permissions include object read, object write, ACL read, and ACL write. By default, only the
creator of a bucket can access the objects in the bucket. The creator can set access policies for
the bucket. For example, the creator can set a policy allowing all users to read the bucket.
ACLs are only used to grant permissions.

3.1.7.2 About Bucket Policy

A bucket owner can configure a bucket policy to manage access permissions for the bucket.
A bucket policy controls accesses to the bucket and objects in the bucket in a centralized
manner based on a variety of conditions, including the OBS operation, requester, resource,
and other elements (such as IP address) of a request. Permissions for a bucket apply only to
all the objects in the bucket.
Both individuals and companies can use bucket policies. When a company registers with
OBS, it creates a tenant. Thereafter, the company becomes synonymous with the tenant. The
tenant is financially responsible for the resources created by the company and its employees.
The tenant can grant bucket policy permissions and assign employees permissions based on a
variety of conditions. For example, the tenant can create a policy to:
l Grant users the permission to write a specific bucket.
l Grant users in a specific network the write permission.
Different from ACLs which can grant permissions only for individual objects, bucket policies
can grant or deny permissions for all objects in a bucket. A tenant can set permissions for any
number of objects in a bucket by sending one request. A tenant can use wildcards (similar to
regular expression operators) on Amazon resource names (ARNs) and other values, so that
the tenant can control access to a group of objects.
A bucket policy is specified by the bucket owner and it defines the access permissions for the
bucket. After a bucket policy is created, access requests to the bucket are controlled by the
bucket policy. The bucket policy controls access requests by allowing or denying the requests.

3.1.7.3 Relationship Between Bucket ACLs and Bucket Policies

Unlike ACLs which can grant permissions only for individual objects, bucket policies can
grant or deny permissions for all the objects in a bucket.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 52

HUAWEI CLOUD Stack
OBS 3 User Guide

If a bucket ACL and a bucket policy are used at the same time and they conflict with each
other, the bucket policy prevails.

3.1.7.4 Configuring ACL Permissions for a Bucket

By default, OBS allows you to set ACL permissions for the bucket owners, anonymous users,
registered users, and log delivery users. This section describes how to configure ACL
permissions for a bucket.

Context
By configuring ACL permissions for an object, the object access permissions can be granted
to five types of users, as shown in Table 3-11.

Table 3-11 Authorized users in OBS

Authorized User Description

Bucket owner The bucket owner refers to the tenant that creates the bucket.
By default, the bucket owner has all access rights to the bucket. It
owns the read and write permissions of the bucket ACL
permanently and this status cannot be modified.
NOTE
If the read and write permission of the bucket ACL is removed, users cannot
obtain the object list in the bucket or upload objects to the bucket. You are
not advised to change the permissions of the bucket owner.

Anonymous users Anonymous users are users not registered with OBS.
If the permissions to access an object are granted to anonymous
users, everyone can access the object without identity
authentication.
NOTE
To ensure data security, do not use the bucket ACL to grant the bucket
access permissions to anonymous users.

Registered users Users registered with OBS.

Registered users can obtain the corresponding access permissions
only after being authenticated using AKs and SKs.

Specific users The bucket owner can specify resource management tenants that
can access the bucket.
After the permissions are granted to a tenant, all users who have the
OBS resource permissions of the tenant can access the bucket. To
grant different permissions to different users, you can set bucket
policies. For details, see 3.1.7.5 Configuring a Bucket Policy.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 53

HUAWEI CLOUD Stack
OBS 3 User Guide

Authorized User Description

Log delivery users Log delivery users deliver access logs of the bucket and objects.
OBS does not create or upload any file to a bucket automatically.
Therefore, if you want to record access logs for a bucket, you need
to grant the permission to log delivery users who will deliver the
access logs to your specified bucket. This user group is only used to
record internal logs of OBS.
NOTICE
After logging is enabled, the bucket write permission, as well as the ACL
read permission will be enabled automatically for log delivery users of the
target bucket. If you manually disable such permissions, bucket logging
fails.

OBS supports five types of bucket access permissions, which are described in Table 3-12.

Table 3-12 Access permissions supported by OBS

Category Permission Description

Bucket access Read Permission to obtain the object list and metadata of a
permissions bucket.

Write Permission to write a bucket. A user with the write

permission of a bucket can upload, overwrite, and
delete objects in the bucket.

ACL access Read Permission to view the ACL.

permissions The bucket owner always has this permission.

Write Permission to modify the ACL.

The bucket owner always has this permission.
NOTE
A user granted with this permission owns the full control
permission. Exercise caution when assigning this permission
to any user.

Full control Full control Permission to fully control a bucket and objects in the
bucket. A user granted with this permission possesses
all the permissions mentioned above.
NOTE
Users assigned this permission can fully control the bucket
and its objects. Exercise caution when assigning this
permission to any user.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 54

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Permissions.

Step 4 Click Edit to set ACL permissions for the owners, anonymous users, registered users, and log
delivery users for the object.
Step 5 Click Add. Enter the Tenant ID or Tenant Name of a specific user and set ACL permissions
for the user.
NOTE

l You can view the Tenant ID and Tenant Name on the My Account page after logging in to
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).
l If no ACL permission is specified for a new bucket, OBS automatically disables the access to the
bucket and objects in it by other users except the bucket owner.

Step 6 Click Save.

----End

Follow-up Procedure
You can click Delete to delete the permissions of a specific user if necessary.

3.1.7.5 Configuring a Bucket Policy

Bucket policies control the access to resources (bucket and objects) in OBS.

Precautions
Not all the users of a tenant can access the objects uploaded to an exclusive bucket by an
authorized user of the tenant. The bucket owner can access the objects only after it is
authorized to.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 55

HUAWEI CLOUD Stack
OBS 3 User Guide

Context
When an exclusive bucket is created, the system automatically generates two exclusive bucket
policies by default. The two policies are displayed on the top of the bucket policy list to
identify the access mode of the bucket. OBS administrators can view and manage exclusive
bucket policies in the bucket policy list.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Permissions.

Step 4 Click Bucket Policy.

Step 5 Click Add Bucket Policy.

Step 6 Configure a bucket policy. For details about the parameters, see Table 3-13.

Table 3-13 Parameters of configuring a bucket policy

Parameter Description

Policy Mode Indicates the mode of the bucket policy.

l Read-only mode: The authorized user has the read permission
on the specified object in the bucket.
l Read and write: The authorized user has the read and write
permissions on the specified object in the bucket.
l Customized: The permissions of the authorized user on the
bucket or objects are customized.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 56

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description

Effect Indicates the effect of the bucket policy.

l Allow: Indicates that access requests are allowed, if they
match the configurations of this bucket policy.
l Deny: Indicates that access requests are denied, if they match
the configurations of this bucket policy.
NOTE
This parameter is valid only when Policy Mode is set to Customized.

Principal Indicates the ID of the tenant or user on which the bucket policy
takes effect.
l Include: Specifies the user on which the bucket policy takes
effect.
l Exclude: Specifies the user on which the bucket policy does
not take effect.
l User: Select an existing user.
l Others: Enter a valid principal.
NOTE
You can click the user name in the upper-right corner of ManageOne
Operation Portal (ManageOne Tenant Portal in B2B scenarios) and
choose My Account to view the tenant ID and user ID.

Resource Indicates the resources that the bucket policy applies to.
Resources are separated by commas (,). A wildcard character (*)
indicates all resources in the bucket. If no resource is specified,
the policy applies to the bucket and all objects in the bucket.
l Include: Specifies the OBS resources on which the bucket
policy takes effect.
l Exclude: Specifies the OBS resources on which the bucket
policy does not take effect.
The resource type is related to the action:
l When a resource is an object or object set, only the actions
related to the object can be configured.
l When the resource is a bucket, only the actions related to the
bucket can be configured.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 57

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description

Action Indicates actions on which the bucket policy takes effect.

l Include: Specifies the actions on which the object policy takes
effect.
l Exclude: Specifies the actions on which the object policy does
not take effect.
l A combination of all operations supported by OBS can be
represented by string of case-insensitive characters. A
wildcard character (*) can be used, indicating all operations.
For example, Action":["s3:List*", "s3:Get*"]. Enter a value
based on site requirements. For details, see 3.1.14.2 What
About Details of Actions and Conditions?.
NOTE
This parameter is valid only when Policy Mode is set to Customized.

Condition Specify conditions under which the bucket policy takes effect.
For details, see 3.1.14.2 What About Details of Actions and
Conditions?.
NOTE
This parameter is valid only when Policy Mode is set to Customized.

Step 7 Click OK.

You can view the new bucket policy in the bucket policy list.

Step 8 Select a bucket policy and click Edit.

If the policy of an exclusive bucket is edited, the access mode of the exclusive bucket will
become shared and cannot be changed back to exclusive. Exercise caution when performing
this operation.

Step 9 Select a bucket policy that is no longer used and click Delete.

If the policy of an exclusive bucket is deleted, the access mode of the exclusive bucket will
become shared and cannot be changed back to exclusive. Data in the bucket may become
insecure or cannot be accessed. Exercise caution when performing this operation.

----End

Typical Scenarios
1. Grant permissions to an OBS tenant. In the following example, the tenant (whose ID is
783fc6652cf246c096ea836694f71855) needs to be assigned the permission to obtain the

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 58

HUAWEI CLOUD Stack
OBS 3 User Guide

log management information about bucket logging.bucket3. You need to manually

configure the parameters. For details, see Table 3-14.

Table 3-14 Parameter configuration

Parameter Value Description

Effect Allow Effect of the bucket policy.

Principal Other Enter the ID of the tenant

783fc6652cf246c096ea836 for which you want to
694f71855 assign the permission.

Action Advanced Obtains the bucket logging

GetBucketLogging information. The value
needs to be changed based
on site requirements.

Resource - If an action is related to a

bucket, this parameter can
be left blank, indicating
that the action is applied to
the bucket. For an object-
related action, this
parameter cannot be left
blank. A wildcard
character (*) represents all
objects in the bucket.

2. Grant permissions to an OBS user. In the following example, the user (whose ID is
71f3901173514e6988115ea2c26d1999) of the tenant (whose ID is
783fc6652cf246c096ea836694f71855) needs to be assigned the permission to obtain the
log management information about the logging.bucket3 bucket. You need to manually
configure the parameters. For details, see Table 3-15.

Table 3-15 Parameter configuration

Parameter Value Description

Effect Allow Effect of the bucket policy.

Principal Other The method of obtaining

783fc6652cf246c096ea836 the user ID is the same as
694f71855:user/ that of obtaining the tenant
71f3901173514e6988115e ID. Change the user ID
a2c26d1999 based on the actual
situation.

Action Advanced Obtains the bucket logging

GetBucketLogging information. The value
needs to be changed based
on site requirements.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 59

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Value Description

Resource - If an action is related to a

3. Limit the permissions of specific addresses to access specific buckets.

In the following example, address www.example.com needs to be restricted to access all
the objects in bucket mybucket. You need to manually configure the parameters. For
details, see Table 3-16.

Table 3-16 Parameter configuration

Parameter Value Description

Effect Deny Effect of the bucket policy.

Principal Other The value supports a

* wildcard character (*)
indicating that all users are
authorized.

Action Advanced The value supports a

* wildcard character (*)
indicating that all
operations can be
performed.

Resource - If an action is related to a

Condition l Condition operator: Conditional operator:

StringEquals indicates character string
l Key: Referer matching.
l Value: Key: indicates the link
www.example.com from which the request is
initiated.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 60

HUAWEI CLOUD Stack
OBS 3 User Guide

4. Limit the start time and end time of accessing objects in a bucket. In the following
example, the start time and end time of accessing all objects in bucket mybucket by all
users need to be set. You need to manually configure the parameters. For details, see
Table 3-17.

Table 3-17 Parameter configuration

Parameter Value Description

Effect Allow Effect of the bucket policy.

Principal Other The value supports a

* wildcard character (*)
indicating that all users are
authorized.

Action Advanced The value supports a

* wildcard character (*)
indicating that all
operations can be
performed.

Resource - If an action is related to a

Condition l Conditional operator: DateLessThan: indicates

DateLessThan, that the date is earlier than
DateGreaterThanEqu- a specific date.
als DateGreaterThanEquals:
l Key: CurrentTime, indicates that the date is
CurrentTime later than or equal to a
l Value: 2017-09-26, specific date.
2017-09-27 CurrentTime: indicates the
date when the request is
received by the server. The
date format must comply
with ISO 8601.

3.1.7.6 Configuring ACL Permissions for an Object

OBS allows you to configure ACL permissions for object owners, anonymous users,
registered users, and specific users. This section describes how to configure the ACL
permissions.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 61

HUAWEI CLOUD Stack
OBS 3 User Guide

Context
By configuring ACL permissions for an object, the object access permissions can be granted
to four types of users, as shown in Table 3-18.

Table 3-18 Authorized users in OBS

Authorized User Description

Object owners Object owners are the bucket creator and other users in the same
tenant with the bucket creator. Object owners always have the ACL
read and write permissions by default.

Anonymous users Anonymous users are users not registered with OBS.
If the access permissions for an object are granted to anonymous
users, everyone can access the object without identity
authentication.
NOTE
To ensure data security, you are not advised to grant object access
permissions to anonymous users by configuring ACL permissions.

Registered users Users registered with OBS.

Registered users can obtain the corresponding access permissions
only after being authenticated using AKs and SKs.

Specific users Specific users are the resource management tenants that are granted
the access permissions by the object owners.

OBS supports the following types of object access permissions, as described in Table 3-19.

Table 3-19 Access permissions supported by OBS

Category Permissi Description
on

Access to an Read Permission to obtain the content and metadata of an object

object

ACL access Read Permission to view the ACL of an object

permissions Object owners always have this permission.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 62

HUAWEI CLOUD Stack
OBS 3 User Guide

Category Permissi Description

Write Permission to modify the ACL of an object

Object owners always have this permission.
NOTE
A user granted with this permission owns the full control permission.
Exercise caution when assigning this permission to any user.

Full control Full Permission to fully control an object. A user granted with this
control permission possesses all the permissions mentioned above.
NOTE
A user granted with the full control permission can fully control an
object. Exercise caution when granting this permission to any user.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Objects.

Step 4 Click the object.

Step 5 Click Object ACL.

Step 6 Click Edit to set ACL permissions of the object for the owners, anonymous users, and
registered users.
Step 7 Click Add. Enter the Tenant ID or Tenant Name of a specific user and set ACL permissions
for the user.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 63

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

l You can view the Tenant ID and Tenant Name on the My Account page after logging in to
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).
l If no ACL permission is assigned for a new object, OBS automatically disables the access to the
object by users except the object owners.
l ACL permissions cannot be configured for an object encrypted using KMS.

Step 8 Click Save.

----End

Follow-up Procedure
You can click Delete to delete the permissions of a specific user if necessary.

3.1.8 Versioning

3.1.8.1 About Versioning

OBS can store multiple versions of an object. You can quickly search for and restore different
versions as well as restore data in the event of misoperations or application faults.

Versioning is an effective means to restore objects that are overwritten or deleted incorrectly.
By default, versioning is disabled for new buckets in OBS. New objects will overwrite the
existing objects with the same names as the new ones in a bucket.

When versioning is enabled:

l When an object is uploaded, OBS automatically allocates a unique version ID for the
object. Objects with the same name are stored in OBS with different version IDs.
l An object can be downloaded by specifying a version ID. By default, the latest object is
downloaded if no version ID is specified.
l To delete an object permanently, specify the version ID. A permanently deleted object
cannot be restored. If an object is deleted with no version ID specified, OBS will
generate a deletion mark with a unique version ID for the object but will not actually
delete the object.
l The latest objects in a bucket are returned by default after a GET Object request. You can
also send a request to obtain the bucket's objects with all version IDs.

When versioning is no longer required for objects in a bucket, you can disable it. Old version
data remains in OBS. You need to manually delete unnecessary old version data.

3.1.8.2 Enabling or Disabling Versioning for a Bucket

OBS can store multiple versions of an object. You can quickly search for and restore different
versions as well as restore data in the event of misoperations or application faults.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 64

HUAWEI CLOUD Stack
OBS 3 User Guide

Context
Once versioning is enabled, objects with the same name are stored in a bucket with different
version IDs.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Step 3 In Attributes, click the Versioning tab page.

Step 4 Select Enable to enable versioning for objects in the bucket.

Step 5 You can also select Suspend to disable versioning for objects in the bucket.
Disabling the versioning will not affect the existing historical versions of objects.
Step 6 Click OK.

----End

Follow-up Procedure
After versioning is enabled, you can go to the object details page to view, download or delete
versions of an object.
1. In the navigation tree on the left, click Objects.
2. Click the object.
3. On the Versions tab page, view all versions of the object.
4. Download and delete versions of the object.
– You can download a version of the object by clicking Download on the right of the
version.
– You can delete a version of the object by clicking Delete on the right of the version.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 65

HUAWEI CLOUD Stack
OBS 3 User Guide

If you delete the latest version, the most recent version will become the latest
version.

3.1.9 Logging

3.1.9.1 About Access Logging

You can enable the logging function for the analysis or audit purpose. Access logging enables
a bucket owner to analyze the property, type, or trend of requests to the bucket in depth. After
logging is enabled for a bucket, OBS automatically logs access requests to the bucket and
generates and writes log files into a specific target bucket.
OBS can record bucket access requests in logs for request analysis and log audit.
Logs stored in OBS occupy extra storage space quota. Therefore, OBS does not collect access
logs for a bucket by default.
After logging is configured, you can view the operation logs in the bucket that stores the logs.

3.1.9.2 Configuring Logging for a Bucket

This section describes how to configure the logging function for a bucket.

Context
Only the OBS administrator role can configure logging for a bucket. OBS restricted
administrator and read-only user roles can only view logs even when they are granted with the
permission.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Step 3 In Attributes, click the Logging tab page.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 66

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 4 Configuring logging.

1. Click Enable.
2. Select a bucket as the Target Bucket from existing buckets to store log files.
The log delivery users of the bucket will be automatically assigned with the ACL read
permission and bucket write permission.
NOTE

The target storage bucket cannot be an exclusive bucket.

3. Set Target Prefix to specify the prefix of the log names.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 67

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

After logging is enabled, generated logs are named in the following format:
<TargetPrefix>YYYY-mm-DD-HH-MM-SS-<UniqueString>
– <TargetPrefix> is the specified log name prefix.
– YYYY-mm-DD-HH-MM-SS indicates the date and time when the log is generated.
– <UniqueString> indicates a character string generated by OBS.
If <TargetPrefix> ends with a slash (/), logs generated in the bucket will be stored in a folder
named <TargetPrefix> to facilitate management.
For example:
– If Target Bucket is bucket and Target Prefix is bucket-log/, all logs will be stored in the
bucket-log/ folder in the target bucket. An example log file name is as follows:
2015-06-29-12-22-07-N7MXLAF1BDG7MPDV.
– If Target Bucket is bucket and Target Prefix is bucket-log, all logs are directly stored in the
target bucket. An example log file name is as follows: bucket-log2015-06-29-12-22-07-
N7MXLAF1BDG7MPDV.
The value of Target Prefix cannot exceed 254 bytes and consists of one or more folder names.
Folder names are separated by a slash (/). The naming rules are as follows:
– The target prefix cannot contain special characters \:*?"<>|.
– The target prefix cannot start with a slash (/) or contain more than two adjacent slashes (/).
– The target prefix and folder name cannot start or end with a period (.).

Step 5 Click OK.

----End

3.1.10 Lifecycle Management

3.1.10.1 About Lifecycle Management

Lifecycle management means periodically deleting objects from a bucket by configuring
rules.

Lifecycle management applies to the following scenarios:

l Some periodically uploaded files only need to be retained for one week or one month,
and can be deleted once they have expired.
l Some documents are frequently accessed in a period of time. After the period of time,
they will not be accessed and need to be deleted.

You can make lifecycle management rules to identify the objects and manage lifecycles of the
objects based on the rules.

Lifecycle management rules have two key elements:

l Configuration policy: You can specify the prefix of object names so that objects whose
names have this prefix are restricted by the rules. You can configure lifecycle
management rules for a bucket so that all objects in the bucket can be restricted by the
rules.
l Expiration time: You can specify the number of days since the last object update or a
date after which objects restricted by the rules should expire and be automatically
deleted.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 68

HUAWEI CLOUD Stack
OBS 3 User Guide

3.1.10.2 Configuring a Lifecycle Management Rule

This section described how to configure lifecycle management rules for a bucket to
periodically delete objects from the bucket.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Lifecycle Rules.

Step 4 Click Create.

Step 5 Configure a lifecycle management rule.

Basic Information:

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 69

HUAWEI CLOUD Stack
OBS 3 User Guide

l Status: If you select Enable, this lifecycle management rule is enabled.

l Rule Name: Enter a name for the rule. The value contains a maximum of 255 characters.
l Applies To: Indicates the rule configuration policy.
– Object name prefix: Objects that have the specified prefix will be managed by the
rule. A prefix cannot contain special characters \:*?"<>|, start with a slash (/), or
have two consecutive slashes (/).
– Bucket: All objects in the bucket will be managed by the rule.
NOTE

l If Object name prefix is selected and the specified prefix overlaps with the prefix specified in an
existing rule, OBS considers the two rules as one rule and disables the new rule. For example, if a
rule configured using the abc prefix exists in the system, you cannot configure a new rule containing
abc in its prefix.
l If a rule whose Applies To is set to Object name prefix has been configured, you cannot configure
a new rule whose Applies To is set to Bucket.
l If a rule whose Applies To is set to Bucket has been configured, you cannot configure a new rule
whose Applies To is set to Object name prefix.

Current Version and Historical Version:

l Expiration Time: Specifies whether the objects managed by the rule will be
automatically deleted after the last update.
l Delete After: Specifies the number of days after which objects will expire and be
automatically deleted.
NOTE

l Current Version and Historical Version are available only when Versioning is enabled. When
Versioning is enabled, uploading objects with the same name to the same path generates different
versions. The object uploaded the most recently is the Current Version, and the object uploaded
earlier is the Historical Version.
l You can configure either, both, or neither of the versions.

For example, the following files were saved in OBS on January 7, 2017:

l log/test1.log
l log/test2.log
l doc/example.doc
l doc/good.txt
The following files were saved in OBS on January 10, 2017:

l log/clientlog.log
l log/serverlog.log
l doc/work.doc
l doc/travel.txt
If the Delete After of objects prefixed with log/ is set to 1 day on January 10, 2017, objects
log/clientlog.log, log/serverlog.log, log/test1.log, and log/test2.log will be deleted from OBS
on January 12, 2017.

NOTE

The deletion of an object may be delayed after the object expires. Generally, the delay does not exceed
48 hours.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 70

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 6 Click OK.

----End

Follow-up Procedure
You can edit, delete, and disable the configured rule later if necessary.

3.1.11 Static Website Hosting

3.1.11.1 About Static Website Hosting

Static websites contain static web pages and some scripts that can run on clients. With this
function, visitors can access managed static websites using customized domain names.

The following functions are added to the static website hosting to meet various requirements:
l Configure, view, and disable static website hosting on static websites.
l Configure, view, and delete the homepage and error pages.
l Configure, view, and delete redirection rules.
l Configure, view, and delete request redirection tasks.

3.1.11.2 About Request Redirection

When using static website hosting, you can configure request redirection to redirect specific
or all requests.

If the structure, address, or file name extension of a website is changed, users will fail to
access the website using the old address (such as the address saved in folder of favorites), and
the 404 error message is returned. After redirection is configured for a website, users who
access the domain name can be redirected to the specified page to avoid 404 access errors.

Typical application scenarios include:

l Redirecting all requests to another website.

l Redirecting specific requests based on redirection rules.

3.1.11.3 Configuring Static Website Hosting

This section describes how to configure a bucket to work in static website hosting mode and
use a user-defined domain name to access the hosted static website.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 71

HUAWEI CLOUD Stack
OBS 3 User Guide

To ensure that a hosted static website can be accessed by all users, grant the Read
permission of the bucket storing static website files to anonymous users and configure a
bucket policy allowing anonymous users to access static website files in the bucket,
ensuring that the users have sufficient access permissions for desired objects. For details
about how to configure permissions, see 3.1.7.6 Configuring ACL Permissions for an
Object.

l Ensure that DNS server IP addresses are correctly configured on the client environment
for OBS domain name resolution. Contact the administrator to obtain the IP addresses
from parameters TDNS-TNTP01-TENANT and TDNS-TNTP02-TENANT in the
parameter summary file xxx_export_all_EN.xlsm.
NOTE

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Static Website Hosting.

Step 4 Click the Static Website Hosting tab page and select Use this bucket to host a website.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 72

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 5 In the textbox of Default Home Page, set the default homepage.
Home Page: specifies the default homepage of the static website. When OBS Console is used
to configure static website hosting, only HTML web pages are supported. When APIs or
SDKs are used to configure static website hosting, OBS does not have such a restriction but
the Content-Type of objects must be specified.
OBS only allows files such as index.html in the root directory of a bucket to function as the
default homepage. That is, do not set the default homepage with a multi-level directory
structure (for example, /page/index.html).
Step 6 Optional: Configure Default 404 Error Page.
Default 404 Error Page: specifies the error page returned when an error occurs during static
website access.
When OBS Console is used to configure static website hosting, only HTML web pages are
supported. When APIs or SDKs are used to configure static website hosting, OBS does not
have such a restriction but the Content-Type of objects must be specified.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 73

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

When an error occurs during the access to a static website and you have configured a customized error
document for the website, the browser displays the error message and ignores the error document
returned by the OBS.
l Internet Explorer
Open Internet Explorer, choose Internet Options, and select Advanced. Find display friendly
HTTP error information and deselect the option. If the configured 404 error page contains more
than 512 characters, you do not need to set this option.
l Google Chrome and Firefox
This problem is caused by the browser settings and does not need to be modified.

Step 7 Optional: Configure Redirection Rule.

Requests that comply with the redirection rules are redirected to a specific host or page.

Redirection rules are compiled in the JSON or XML format. Each rule contains a Condition
and a Redirect. The following is an example:
[
{
"Condition": {
"KeyPrefixEquals": "folder1/"
},
"Redirect": {
"HostName": "www.example.com"
}
},
{
"Condition": {
"KeyPrefixEquals": "folder2/"
},
"Redirect": {
"ReplaceKeyPrefixWith": "folder3/"
}
}
]

In the previous template, there are two redirection rules:

l Requests prefixed with folder1/ are automatically redirected to host www.example.com.

l Requests prefixed with folder2/ are automatically redirected to the object prefixed with
folder3/. For example, if object folder2/work.txt in OBS is redirected as folder3/
work.txt and redirection rules are enabled, access requests to folder2/work.txt will be
automatically directed to folder3/work.txt.

Step 8 Click OK.

After the static website hosting settings take effect in OBS, you can use the following domain
names to access the static website: If you successfully access the website using the following
domain names, static website hosting is successfully configured.
https://bucket name.static website hosting domain name
http://bucket name.static website hosting domain name

----End

Related Operations
You can select Disable website hosting to disable static website hosting when needed.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 74

HUAWEI CLOUD Stack
OBS 3 User Guide

3.1.11.4 Redirecting Requests to Another Host

This section describes how to configure request redirection to redirect all requests of a bucket
to another bucket or URL.

To ensure that a hosted static website can be accessed by all users, grant the Read permission of the
bucket storing static website files to anonymous users and configure a bucket policy allowing
anonymous users to access static website files in the bucket, ensuring that the users have sufficient
access permissions for desired objects. The configuration of static website hosting takes effect within
two minutes after the configuration.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Static Website Hosting.

Step 4 Click the Static Website Hosting tab page and select Redirect requests.

Step 5 In the textbox of Redirect to, enter the bucket access domain name or URL.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 75

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

l After changing the destination address for redirection, you must manually clear the browser cache so
that requests will be redirected to the new destination address.
For example, if the original destination address for redirection is www.example.com, the system
automatically jumps to www.example.com after you access the static website hosting address (or
replicate the address to another browser). After changing the destination address for redirection to
www.test.com, you must clear the browser cache. By doing so, when you access the static website
hosting address, the system automatically jumps to www.test.com. Otherwise, the system will still
jump to www.example.com.
l If the redirection address is enabled, you must manually clear the browser cache before disabling the
static website hosting function.

Step 6 Click OK.

----End

3.1.12 Cross-Origin Resource Sharing

3.1.12.1 About Cross-Origin Resource Sharing

Cross-origin resource sharing (CORS) is a browser-standard mechanism provided by the
World Wide Web Consortium (W3C). It defines the interaction methods between client-side
web applications in one origin and resources in another origin. In general web page requests,
website scripts and contents in one origin cannot interact with those in another origin because
of Same Origin Policies (SOPs).
OBS supports CORS rules and allows resources in OBS to be accessed across origins.
OBS CORS is used in the following scenarios:
l JavaScript and HTML5 are used to establish web applications that can directly access
resources in OBS without the need of a proxy server for transfer.
l External web pages, style sheets, and HTML5 applications are hosted in different
origins. Web fonts or pictures in OBS need to be shared by multiple websites.
The configuration of CORS takes effect within 2 minutes.

3.1.12.2 Configuring CORS

This section describes how to configure CORS.

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 76

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 3 In the navigation tree on the left, click Static Website Hosting.

Step 4 Click CORS Rule.

Step 5 Click Add.

NOTE

You can configure up to 100 CORS rules.

Step 6 In the CORS Rule dialog box, configure Allowed Origin, Allowed Method, Allowed
Header, Exposed Header, and Cache Duration (s).

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 77

HUAWEI CLOUD Stack
OBS 3 User Guide

Table 3-20 Parameters of a CORS rule

Parameter Description

Allowed Origin Specifies the origin of cross-origin requests. That is, requests from the
origin can access the bucket. This parameter is mandatory.
You can enter multiple origins. Enter one origin at one line, and at
most one wildcard character (*) is allowed for one origin. For
example:
www.example.com
*.obs.example.com
http://www.example.com
https://www.example.com

Allowed Method Specifies the method of cross-origin requests, that is, the operation
type of buckets and objects. This parameter is mandatory. The
methods include GET, POST, PUT, DELETE, and HEAD.

Allowed Header Specifies the allowed header of cross-origin requests. This parameter
is optional. Only CORS requests matching the allowed header are
valid.
You can enter multiple allowed headers (one per line) and each line
can contain one wildcard character (*) at most. Spaces and special
characters including &:< are not allowed.

Exposed Header Specifies the supplemented header in CORS responses, providing

additional information for clients. This parameter is optional.
You can enter multiple exposed headers (one per line). Spaces and
special characters including *&:< are not allowed.

Cache Duration Specifies the duration that your browser can cache CORS responses,
(s) expressed in seconds. The default value is 100. The default value is
100. This parameter is mandatory.

Step 7 Click OK.

When Rule added successfully is displayed in the upper part of the page, the CORS
configuration is successful and will take effect in two minutes.

After CORS is successfully configured, only the addresses specified in Allowed Origin can
access the bucket in OBS using the method specified in Allowed Method. For example, if
you configure CORS parameters of bucket testbucket as follows: Allowed Origin:
www.examlple.com; Allowed Method: GET; Allowed Header: left blank; Exposed
Header: left blank; Cache Duration (s): 100, only GET requests from www.example.com are
allowed to access the bucket, there is no requirement for the request headers, and the clients
where the requests are generated can cache the requests for 100 seconds.

----End

Related Operations
You can click Edit or Delete to edit or delete a configured CORS rule based on site
requirements.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 78

HUAWEI CLOUD Stack
OBS 3 User Guide

NOTE

After the Cache Duration (s) is modified, you need to manually clear the browser cache for the
modification to take effect.

3.1.13 URL Validation

3.1.13.1 About URL Validation

To reduce costs, some websites steal links from other websites to enrich their own contents.
Stealing links not only damages interests of the original websites but also increases workloads
on the original websites' servers. To resolve this problem, URL validation emerges.
In HTTP, a website can detect the web page that accesses a target web page using the Referer
field. As the referer field can trace sources, specific techniques can be used to block or return
to specific web pages if the pages are not from the website. URL validation checks whether
the Referer field in requests matches the whitelist or blacklist by setting Referer. If the field
matches the whitelist, the requests are allowed. Otherwise, the requests are blocked or specific
pages are displayed.
OBS supports URL validation based on Referer in HTTP headers to prevent a user's data in
OBS from being stolen by other users. OBS supports both whitelist and blacklist settings.

3.1.13.2 Configuring URL Validation

In OBS, you can configure blacklisted URLs and whitelisted URLs at the same time to
prevent link theft.

Prerequisites
You have obtained a VDC administrator account or a VDC operator account for logging in to
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).

Procedure
Step 1 Log in to OBS Console as a VDC administrator or a VDC operator. For details, see Logging
In to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the bucket.

Step 3 In the navigation tree on the left, click Static Website Hosting.

Step 4 Click the URL Validation tab page.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 79

HUAWEI CLOUD Stack
OBS 3 User Guide

l Referrer format: You can enter website domain names as referrers. Referrers are
separated by newline characters. An example is provided as follows:
www.example.com
http://www.example1.com
https://www.example2.com

l When Whitelisted Referers is empty while Blacklisted Referers is not, all websites
except specified ones in the blacklist are allowed to access data in the bucket.
l When Whitelisted Referers is not empty while Blacklisted Referers is empty or not
empty, only specified websites in the whitelist are allowed to access data in the bucket.
NOTE

If the content of Whitelisted Referrers is the same as that of Blacklisted Referrers, the blacklist
takes effect. For example, if both Whitelisted Referrers and Blacklisted Referrers are set to
http://www.example.com, the access request is blocked.
l If both Whitelisted Referrers and Blacklisted Referrers are left blank, all websites can
access data in the bucket by default.
l Before determining whether a user has the four types of permissions (read, write, ACL
read, ACL write) for a bucket or objects in the bucket, check whether the user complies
with the URL validation principles of the Referrer field.

Step 5 Set Whitelisted Referrers or Blacklisted Referrers as required.

An example is provided as follows:

l If Whitelisted Referrers of bucket test-111 is set to http://example.com and

Blacklisted Referrers is empty, only requests whose Referer is http://example.com
can access data in the bucket.
l If Blacklisted Referrers of bucket test-111 is set to http://example.com and
Whitelisted Referrers is empty, all requests except the requests whose Referer is
http://example.com can access data in the bucket.
NOTE

If you need to download objects in the bucket on ManageOne Operation Portal (ManageOne Tenant
Portal in B2B scenarios), configure the domain name (for example, https://console.xxx.com) of
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios) in Blacklisted Referrers.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 80

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 6 Click OK.

----End

3.1.14 FAQs

3.1.14.1 How Can a Non-OBS Administrator View a Bucket?

A non-OBS administrator can perform allowed operations on a bucket, such as uploading and
downloading files, only after it logs in to ManageOne Operation Portal (ManageOne Tenant
Portal in B2B scenarios) and views the bucket.

Prerequisites
l You have obtained the non-OBS administrator account and password for logging in to
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).
l You have obtained the name of the to-be-viewed bucket and had the read or write
permission for this bucket.

Procedure
Step 1 Use a browser to log in to ManageOne as a non-OBS administrator.
l URL in non-B2B scenarios: https://address to access ManageOne Operation Portal, for
example, https://console.demo.com
URL in B2B scenarios: https://address to access ManageOne Tenant Portal, for
example, https://tenant.demo.com
l Account password: username and password of the non-OBS administrator

Step 2 Select your region and then project from the drop-down list on the top menu bar.

Step 3 On the navigation bar, click Console and choose Storage > Object Storage Service.

Step 4 In the upper right corner of the page, click View Bucket.

Step 5 Enter the name of the bucket you want to view.

NOTE

l Only the buckets of the current tenant can be viewed. Buckets cannot be viewed across tenants.
l Historical bucket viewing records can only be saved in the current tab page. If you change the tab
page or log out, you need to query the buckets again.

Step 6 Click OK to complete viewing the bucket.

----End

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 81

HUAWEI CLOUD Stack
OBS 3 User Guide

3.1.14.2 What About Details of Actions and Conditions?

According to different objects on which actions work, actions are classified into three types:
General, Object, and Bucket. Table 3-21 provides the details.

Table 3-21 Actions

Type Action Description

General * The value supports a wildcard character

(*) indicating that all operations can be
performed.

Get* Indicates that all GET operations can be

performed.

Put* Indicates that all PUT operations can be

performed.

List* Indicates that all LIST operations can be

performed.

Object GetObject Obtains the object and its metadata.

GetObjectVersion Obtains the object of a specific version

and its metadata.

PutObject Performs PUT upload, POST upload,

multipart upload, initialization of
uploaded parts, and merging of parts.

GetObjectAcl Obtains the object ACL information.

GetObjectVersionAcl Obtains the ACL information about the

object of a specific version.

PutObjectAcl Sets the object ACL.

PutObjectVersionAcl Sets the ACL for the object of a specific

version.

DeleteObject Deletes an object.

DeleteObjectVersion Deletes the object of a specific version.

ListMultipartUpload- Lists uploaded parts.

Parts

AbortMultipartUpload Aborts a multipart upload task.

Bucket DeleteBucket Delete a bucket.

ListBucket Lists objects in the bucket, and gets the

bucket metadata.

ListBucketVersions Lists versioning objects in a bucket.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 82

HUAWEI CLOUD Stack
OBS 3 User Guide

Type Action Description

ListBucketMultipartUp- Lists multipart upload tasks.

loads

GetBucketAcl Obtains the bucket ACL information.

PutBucketAcl Sets a bucket ACL.

GetBucketCORS Obtains the bucket CORS information.

PutBucketCORS Sets bucket CORS.

GetBucketVersioning Obtains the bucket versioning

information.

PutBucketVersioning Sets versioning.

GetBucketLocation Obtains the bucket location.

GetBucketPolicy Obtains the bucket policy configuration

information.

DeleteBucketPolicy Deletes a bucket policy.

PutBucketPolicy Sets a bucket policy.

GetBucketLogging Obtains the bucket log management

information.

PutBucketLogging Sets bucket log management.

GetBucketWebsite Obtains the static website configuration

information about a bucket.

PutBucketWebsite Sets static website hosting for a bucket.

DeleteBucketWebsite Deletes the static website hosting

configuration of a bucket.

GetLifecycleConfigura- Obtains the lifecycle rule of a bucket.

tion

PutLifecycleConfigura- Sets the lifecycle rule for a bucket.

tion

Table 3-22 lists the general types of conditions that you can specify in a bucket policy.

Table 3-22 Condition operators

Type Keyword Description

String StringEquals Strict matching. Short version: streq

StringNotEquals Strict negated matching. Short version:

strneq

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 83

HUAWEI CLOUD Stack
OBS 3 User Guide

Type Keyword Description

StringEqualsIgnoreCase Strict matching, ignoring case. Short

version: streqi

StringNotEqualsIgnoreCase Strict negated matching, ignoring case.

Short version: strneqi

StringLike Loose case-sensitive matching. The values

can include a multi-character match
wildcard (*) or a single-character match
wildcard (?) anywhere in the string. Short
version: strl

StringNotLike Negated loose case-sensitive matching.

The values can include a multi-character
match wildcard (*) or a single-character
match wildcard (?) anywhere in the string.
Short version: strnl

Numeric NumericEquals Strict matching. Short version: numeq

NumericNotEquals Strict negated matching. Short version:

numneq

NumericLessThan Indicates that the date is earlier than a

specific date. Short version: numlt

NumericLessThanEquals Indicates that the date is earlier than or

equal to a specific date. Short version:
numlteq

NumericGreaterThan Indicates that the date is later than a

specific date. Short version: numgt

NumericGreaterThanEquals Indicates that the date is later than or equal

to a specific date. Short version: numgteq

Date DateEquals Strict matching. Short version: dateeq

DateNotEquals Strict negated matching. Short version:

dateneq

DateLessThan Indicates that the date is earlier than a

specific date. Short version: datelt

DateLessThanEquals Indicates that the date is earlier than or

equal to a specific date. Short version:
datelteq

DateGreaterThan Indicates that the date is later than a

specific date. Short version: dategt

DateGreaterThanEquals Indicates that the date is later than or equal

to a specific date. Short version: dategteq

Boolean Bool Strict Boolean matching

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 84

HUAWEI CLOUD Stack
OBS 3 User Guide

Type Keyword Description

IP address IpAddress Approved based on the IP address or

range

NotIpAddress Denial based on the IP address or range

A condition can contain either of the two types of keys: general keys and action-specific keys.
For details, see Table 3-23 and Table 3-24.

Table 3-23 General keys

Key Type Description

CurrentTime Date Indicates the date when the request is

received by the server. The date format
must comply with ISO 8601.

EpochTim Numeric Indicates the time when the request is

received by the server, which is
expressed as seconds since 1970-01-01
00:00:00 UTC, regardless of the leap
seconds.

SecureTransport Bool Indicates whether the request uses SSL

encryption.

SourceIp IP address Indicates the source IP address from

which the request is sent.

UserAgent String Indicates the client software agent of the

request.

Referer String Indicates the link from which the request

is initiated.

Table 3-24 Action-specific keys

Action Key Description

ListBucket prefix Type: String. Lists objects that begin with the
specified prefix.

delimiter Type: String. Groups objects in a bucket.

max-keys Type: Numeric. Sets the maximum number of

objects returned. Returned objects are listed in
alphabetic order.

ListBucketVersions prefix Type: String.

delimiter Type: String.

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 85

HUAWEI CLOUD Stack
OBS 3 User Guide

Action Key Description

max-keys Type: Numeric.

PutBucketAcl acl The value of Canned ACL in header x-amz-acl

when modifying bucket ACL permissions can be
private, public-read, public-read-write,
authenticated-read, bucketowner-read,
bucket-owner-full-control, or log-
deliverywrite.

PutObject acl The value of Canned ACL in header x-amz-acl

when uploading objects can be private, public-
read, public-read-write, authenticated-read,
bucketowner-read, bucket-owner-full-control,
or log-deliverywrite.

copysource Type: String. Specifies the names of the source

bucket and source object during object
replication. The format is /bucketname/
keyname.

metadatadirectiv Type: String. Specifies whether the metadata of

e the new object is copied from the source object
or replaced with metadata provided in the
request. Values include COPY or REPLACE.

PutObjectAcl acl The value of Canned ACL in header x-amz-acl

when uploading objects can be private, public-
read, public-read-write, authenticated-read,
bucketowner-read, bucket-owner-full-control,
or log-deliverywrite.

GetObjectVersion VersionId Type: String. Indicates the object version.

GetObjectVersio- VersionId Type: String.

nAcl

PutObjectVersio- VersionId Type: String.

nAcl
acl The value of Canned ACL in header x-amz-acl
when uploading objects can be private, public-
read, public-read-write, authenticated-read,
bucketowner-read, bucket-owner-full-control,
or log-deliverywrite.

DeleteObjectVer- VersionId Type: String. Indicates the object version.

sion

Issue 01 (2019-06-30) Copyright © Huawei Technologies Co., Ltd. 86

HUAWEI CLOUD Stack
OBS 3 User Guide

3.1.14.3 Logging In to OBS Console as a VDC Administrator or VDC Operator

----End

3.2 HDFS

3.2.1 Introduction

3.2.1.1 Definition of HDFS

Definition
Hadoop Distributed File System (HDFS) is a highly reliable, high-performance, and scalable
distributed file system. It is one of the major components of the open-source Hadoop. It is
designed to store massive volumes of data and provide high-throughput data access. It is
applicable to big data storage and large-scale dataset applications.
HDFS allows you to manage and access data in a Hadoop distributed file system. You can use
a distributed file system with unlimited capacity and performance expansion, single
namespace, multiple sharing, high reliability, and high performance without modifying
existing big data analysis applications.
HDFS meets the big data computing and storage requirements of the customers in the Internet
and finance industries. It applies to scenarios where massive data is stored and offline
computing is performed. HDFS satisfies the requirements for distributed storage performance,
capacity, and reliability in distributed computing services such as Hadoop.

Functions
HDFS provides basic namespace operations, including creating, viewing, modifying, and
deleting namespaces.

3.2.1.2 Related Concepts

Namespace
A namespace is the basic unit of HDFS. User files and directories are stored in namespaces.
HDFS supports the traditional hierarchical file structure. Users or applications can create

HUAWEI CLOUD Stack
OBS 3 User Guide

directories and save the files in these directories. The hierarchy of the HDFS namespace is
similar to that of most existing file systems. Users can create, delete, move, or rename files.

Quota
Quota restricts the resources that a user can use. Quota is the upper limit of available
resources and storage capacity.

An OBS administrator can set a capacity quota for a namespace to limit the upper limit of
storage space that can be used by the namespace.

QoS
(Quality of Service) QoS allows you to effectively use existing resources to deliver high-
quality services for key applications. By configuring QoS, users can control the resources in a
better way with reduced costs and high customer satisfaction.

3.2.1.3 Product Advantages

HDFS features an open architecture, simple self-service, and high reliability.

l Open architecture
– It provides universal and standard APIs to be efficiently compatible with the users'
current applications.
– It provides big data storage compatible with HDFS interfaces, supporting
interconnection with solutions, and providing various upper-layer service
applications.
l High performance and scalability
– The HDFS big data storage adopts a fully symmetric architecture and supports
flexible and seamless expansion.
– HDFS provides high throughput, high IOPS, and low latency for application loads.
In addition, its performance increase linearly with the capacity, meeting the
requirements for higher capacity and storage performance when service increases.
l Security and reliability
– Access keys and permission control are used to ensure secure data access, data
transmission, and validation.
– It supports high-reliability networking across multiple regions and adopts Erasure
Code (EC) data storage, ensuring high data reliability.

3.2.1.4 Application Scenarios

Big Data Storage

In big data storage scenarios, applications have high requirements on data access throughput
and latency performance. HDFS provides high throughput and low latency access capabilities.
Data does not need to be migrated to local devices of computing resources. Therefore, HDFS
is recommended for data storage in this scenario.

HUAWEI CLOUD Stack
OBS 3 User Guide

3.2.1.5 Implementation Principles

Architecture
Figure 3-10 shows the HDFS logical architecture.

Figure 3-10 HDFS Logical Architecture

Table 3-25 HDFS Component Details

Component Component Description

Type Name

ManageOne IAM Provides identity identification and access

unified management for HDFS.
operation

ManageOne Performance Monitors performance indicators of the infrastructure

unified O&M management and analyzes monitoring data.

Log management Aggregates and queries the operation and running

logs of tenants.

Alarm Receives, stores, and centrally monitors and queries

management alarm data, helping O&M personnel quickly rectify
faults based on alarm information.

Cloud service OBS Console Provides the HDFS management console.

Infrastructure FusionStorage HDFS backend storage device. It provides big data

storage related functions.

HUAWEI CLOUD Stack
OBS 3 User Guide

Workflow
Figure 3-11 shows the HDFS workflow.

Figure 3-11 HDFS Workflow

1. The operation administrator creates resource management tenants and resource

administrators as well as configures quotas on ManageOne Operation Portal
(ManageOne operation management portal in B2B scenarios).
2. A resource administrator applies for big data storage resources on the OBS management
console.
3. The OBS management console invokes the APIs of FusionStorage objects and Big Data
storage to create namespaces.

3.2.1.6 User Roles and Permissions

For details about the roles and permissions of the HDFS and OBS shared users, see 3.1.1.7
User Roles and Permissions

3.2.1.7 Accessing and Using

Two methods are available:

HUAWEI CLOUD Stack
OBS 3 User Guide

l Web UI
Log in to ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios) as
a tenant user and select the cloud service on the Console menu.
l API
If you want to integrate the cloud service into a third-party system for secondary
development, you can access the cloud service using API. For details, see Operation
Help Center.

3.2.2 Operation Process

Figure 3-12 shows the HDFS operation process.

Figure 3-12 HDFS Operation Process

Table 3-26 lists the operators and user interfaces (UIs) for each step.

HUAWEI CLOUD Stack
OBS 3 User Guide

Table 3-26 HDFS operation process description

Operation Description and Reference Operator and UI

Preparations Before using the HDFS, ensure that: ManageOne Operation

If no VDC operator account is available, Portal (ManageOne
contact the operation administrator to create a Operation Management
VDC and VDC administrator, and then the Portal in B2B scenarios):
VDC administrator can create a VDC operation administrator
operator. ManageOne Operation
For details, see Operation Help Center > Portal (ManageOne
VDC Tenant Modeling. Tenant Portal in B2B
scenarios):
l VDC administrator
l Agent administrator

Creating a Create a namespace to store directories and ManageOne Operation

namespace files of HDFS users. Portal (ManageOne
Tenant Portal in B2B
scenarios):
l VDC administrator
l VDC operator
l Agent administrator

Managing a Manage namespaces, including viewing ManageOne Operation

namespace namespaces, modifying namespace Portal (ManageOne
parameters, modifying namespace QoS, Tenant Portal in B2B
deleting namespaces, and accessing scenarios):
namespaces using domain names. l VDC administrator
l VDC operator
l Agent administrator

3.2.3 Creating a Namespace

A namespace is the basic unit of HDFS. You need to create a namespace before storing data in
HDFS.

Prerequisites
You have obtained a VDC administrator account or a VDC operator account for logging in to
ManageOne Operation Portal (ManageOne Tenant Portal in B2B scenarios).

Context
A storage domain contains a maximum of 64 namespaces.

HUAWEI CLOUD Stack
OBS 3 User Guide

Procedure
Step 1 Access OBS Console as a VDC administrator or VDC operator. For details, see Logging In
to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the Namespace tab.

Step 3 In the upper right corner of the page, click Create Namespace and set related parameters.
For details, see Table 3-27.

Table 3-27 Parameters for creating a namespace

Parameter Description

Region Region where the namespace will reside.

NOTE
l If OBS is available in only one region, this region is displayed by default. If
OBS is available in multiple regions, select a region.
l You can select the region where the namespace will reside based on the cost
and request source. You are advised to select a nearby region based on your
service scenario to improve file reading and writing speed.
l Once a region is specified, it cannot be changed. All files in the namespace are
stored in the data center where the region is located. Currently, specifying a
region for files is not supported.

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description

Namespace Name of the namespace.

Name Naming rules:
l Contains a maximum of 3 to 63 characters, including lowercase
letters, digits, hyphens (-), and periods (.) only.
l Cannot be an IP address.
l Cannot start or end with a hyphen (-) or period (.).
l Cannot contain two consecutive periods (.), for example, my..bucket.
l Cannot contain periods (.) and hyphens (-) adjacent to each other, for
example, my-.bucket or my.-bucket.
l If the name contains a period (.), security certificate verification may
be triggered when you access the bucket or objects in the bucket.
NOTE
After the namespace is created, it is globally unique and cannot be modified.

Quota Limited Capacity quota limit for the new namespace.

(GB) Value range: 1 to 8589934591.
NOTE
l You can also select No limit. Then the system will not limit the namespace
quota, but the actual file capacity cannot exceed the available capacity quota
of the storage cluster.
l The quota is not limited when the namespace is not associated with any
region.

Step 4 Click Create Now.

----End

3.2.4 Namespace Management

3.2.4.1 Viewing a Namespace

This topic describes how to view the general information about a namespace, including
monitoring data and basic information.

Procedure
Step 1 Access OBS Console as a VDC administrator or VDC operator. For details, see Logging In
to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 Click the Namespace tab.

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 3 Click the namespace that you want to view.

Step 4 In the Monitoring Statistics area, view the monitoring data of the namespace.
Table 3-28 shows the monitoring data of the namespace.

Table 3-28 Monitoring data of the namespace

Parameter Description

Used Storage Capacity Storage space occupied by directories and files stored in the
namespace.

Files Total number of directories and files stored in the

namespace.

Step 5 In the Basic Information area, view the basic information about the namespace.
Table 3-29 describes the basic information about the namespace.

Table 3-29 Basic information about the namespace

Parameter Description

Namespace Name Name of the namespace.

Region Name of the region where the namespace resides.

Owner Name of the tenant who owns the namespace.

Tenant ID ID of the tenant

Created Time when the namespace is created.

Endpoint OBS provides an endpoint for each region, facilitating users to

access resources in each region.

Access Domain Name Domain name address of the namespace, which can be applied
to the scenario where the namespace is accessed directly
through the domain name.
The format of the domain name is as follows: Namespace
name .Endpoint.

Quota Limited Available capacity quota in the namespace.

Status Availability status of the namespace. The value can be

Available or Unavailable.

Number of Bound IP Number of IP addresses bound to the namespace. The value is

Addresses an integer ranging from 0 to 5.
NOTE
If the number of IP addresses bound to a namespace is 0, the
namespace is unavailable. As a result, the Hadoop cluster service
cannot use the namespace.

----End

HUAWEI CLOUD Stack
OBS 3 User Guide

3.2.4.2 Modifying Namespace Parameters

This topic describes how to modify namespace parameters.

Procedure
Step 1 Access OBS Console as a VDC administrator or VDC operator. For details, see Logging In
to OBS Console as a VDC Administrator or a VDC Operator.

Step 2 Click the Namespace tab.

Step 3 Use either of the following methods to access the page for modifying configuration
parameters:
l Click Parameter Management in the row where the namespace resides.
l Click the namespace of which you want to modify parameters, and then click the
Parameter Management tab.

Step 4 Click Edit Parameter to modify the configuration parameters of the namespace.

Table 3-30 describes the basic parameters.

Table 3-30 Basic configuration parameters of a namespace

Parameter Description Default Value

Enable Block Indicates whether to enable the Block Token. Yes

Token
Authentication

Enable Permission Indicates whether to enable the permission check. Yes

Check

Enable ACL Indicates whether to enable the ACL check. Yes

Umask Default permission for creating files and 022

directories.
The value is a three-digit number with each digit
less than or equal to 7. For example: 022.

Super User Group Specifies the name of the super user group. supergroup
The naming rule is as follows:
l The length is 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description Default Value

Duration of Files Indicates the period of time for which files are 0
Stored in the retained in the recycle bin. After this period of
Recycle Bin time, the junk files will be deleted. If the value is
0, the file recycling mechanism is disabled.
Unit: day, hour, minute
Value range:
l 0 to 2982616 days
l 0 to 71582788 hours
l 0 to 4294967295 minutes

Interval for Indicates the interval for checking files in the 0

Checking Files in recycle bin. The interval must not exceed the
the Recycle Bin. period of time for which files are retained in the
recycle bin. Every time when the checkpoint
program runs, a new checkpoint is created and
checkpoints created before the file is stored in the
recycle bin are removed.
Unit: day, hour, minute
Value range:
l 0 to 2982616 days
l 0 to 71582788 hours
l 0 to 4294967295 minutes

User Name Map Kerberos authorization users to local user DEFAULT

Mapping (Auth to names. No more than 128 users can be mapped.
local) For example:
RULE:[1:$1@$0](ambari-qa-
[email protected])s/.*/ambari-qa/

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description Default Value

RPC Encryption Sets whether the RPC channel of each module in Privacy
the Hadoop is encrypted. The setting takes effect
globally.
There are three RPC encryption modes:
l Privacy: Indicates that channel encryption is
enabled. The authentication, integrity, and
privacy functions are enabled.
l Integrity: Indicates that encryption is disabled
and the authentication and integrity functions
are enabled.
l Authentication: Indicates that encryption is
disabled. Only authentication packets are
required. Integrity and privacy are not
required.
NOTICE
After the configuration is modified, you need to restart
the HDFS service and upper-layer services that depend
on the HDFS, and rolling restart is not supported.
Services will be interrupted during the restart.
Therefore, exercise caution when performing this
operation.

Proxyuser Indicates the user who can proxy other user None
rights.
The naming rules of proxy users are as follows:
l The length is 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).

Hosts Indicates the source hosts of proxy users. None

Enter the names, IPv4 addresses, IPv6 addresses,
IPv4 addresses/masks, or IPv6 addresses/masks.
The rules are as follows:
l A name contains 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).
l Names or IP addresses are separated by
commas (,). A maximum of 32 names or IP
addresses can be entered. The asterisk (*) can
be used to match all names or IP addresses.

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description Default Value

Groups Indicates the user groups that proxy users can None
proxy.
Naming rules:
l A name contains 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).
l Names are separated by commas (,). A
maximum of 32 names can be entered. The
asterisk (*) can be used to match all names.
NOTE
You need to configure at least one of Groups and
Users.

Users Indicates the users that proxy users can proxy. None
Naming rules:
l A name contains 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).
l Names are separated by commas (,). A
maximum of 32 names can be entered. The
asterisk (*) can be used to match all names.
NOTE
You need to configure at least one of Groups and
Users.

Table 3-31 describes the authentication mode parameters.

Table 3-31 Namespace authentication mode parameters

Parameter Description Default Value

Authentication Authenticates users to prevent unauthorized users Security Mode

Mode from accessing the cluster.
l Security Mode: The cluster uses the Kerberos
protocol for identity verification.
l Normal Mode: Different components of the
cluster use the native open source
authentication mechanisms.

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description Default Value

Super User The system automatically uses the encrypted None

Credential credential information for authentication without
the need of entering the user password.
If you want to use the namespace in security
mode, you need to import the super user
credential of the namespace. Otherwise, services
cannot be provided. If the namespace already has
a super user credential, this operation will
overwrite the existing super user credential.
The credential file is a binary file whose size does
not exceed 256 KB.

Click to select a file and click Upload File to

import the file.
NOTE
l This parameter is valid only when Authentication
Mode is Security Mode.
l You can click Delete to delete the credentials that
are no longer needed.

Kerberos Indicates the configuration file of the Kerberos None

Configuration authentication protocol.
Use this operation to import the Kerberos
configuration for a namespace if you want to use
the big data storage in security mode. Otherwise,
the storage system cannot provide services. If the
Kerberos configuration file has already been
imported to the namespace, this operation will
overwrite the existing configuration file.
The extension of the configuration file is .conf,
and the file size does not exceed 50 KB.

Click to select a file and click Upload File to

import the file.
NOTE
l This parameter is valid only when Authentication
Mode is Security Mode.
l You can click Delete to delete the files that are no
longer needed.

Table 3-32 describes the parameters of the LDAP mapping policy.

HUAWEI CLOUD Stack
OBS 3 User Guide

Table 3-32 Parameters of the namespace LDAP mapping policy

Parameter Description Default Value

LDAP Mapping Indicates whether to enable the LDAP mapping. Not selected.
Policy NOTE
When Enable LDAP Mapping is selected, the
following parameters are valid.

Primary LDAP Indicates the primary LDAP server address. None

Server Address The value can be in the form of an IP address, IP
address:port number, domain name, or domain
name:port number. The address length cannot
exceed 248 characters. The port number ranges
from 0 to 65535.

Secondary LDAP Indicates the secondary LDAP server address. None

Enable SSL Indicates whether to use SSL when connecting to No

the LDAP server.

SSL Certificate Indicates the SSL certificate file used for None
connecting to the LDAP server.
The certificate file name extension is .pem. The
file size does not exceed 4 KB.

Click to select a file and click Upload File to

import the file.
NOTE
l This parameter is valid only when Enable SSL is
set to Yes.
l You can click Delete to delete the files that are no
longer needed.

LDAP Directory Searches for the node where the users and groups None
are located.
The value is a string of no more than 128
characters.

LDAP Login User User name for logging in to the LDAP server. None
The naming rule is as follows:
l The length is 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description Default Value

LDAP Login Password for logging in to the LDAP server. None

Password The value is a string of no more than 128
characters.

LDAP Member ID Indicates the attribute of an LDAP group user. member

Field The value is a string of no more than 128
characters.

LDAP Member Indicates the filter criteria for querying LDAP &
Query Filter group users. (objectClass=us
Criteria The value is a string of no more than 128 er)
characters. (sAMAccountN
ame={0})

LDAP Group ID Indicates the attribute of an LDAP group. cn

Field The value is a string of no more than 128
characters.

LDAP Group Indicates the filter criteria for querying LDAP objectClass=gro
Query Filter groups. up
Criteria The value is a string of no more than 128
characters.

Timeout Threshold Indicates the period of time after which the 10000 ms
for Connecting to connection to the LDAP server times out.
LDAP Value range: 0 to 4294967295.
Unit: ms

Timeout Threshold Indicates the period of time after which the LDAP 10000 ms
for Reading Data server reading data times out.
Value range: 0 to 4294967295.
Unit: ms

Interconnection Indicates whether to interconnect with No

with FusionInsight FusionInsight.

Table 3-33 describes the parameters of the local mapping policy.

Table 3-33 Local mapping policy parameters of a namespace

Parameter Description Default Value

Local Mapping Indicates whether to enable local mapping. Not selected.

Policy NOTE
When Enable Local Mapping is selected, the
following parameters are valid.

HUAWEI CLOUD Stack
OBS 3 User Guide

Parameter Description Default Value

Mapping Group Specifies the name of the local mapping group. None
Name Naming rules:
l The length is 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).
NOTE

– You can click Add Group or to add or

delete a local mapping group.
– The name of each mapping group must be
unique.

Username Specifies the names of users in the local mapping None

group.
Naming rules:
l The length is 3 to 32 characters.
l A name contains uppercase letters, lowercase
letters, digits, underscores (_), and hyphens
(-).
l The name can start with a hyphen or digit and
cannot start with a hyphen (-).
NOTE

You can click Add User or to add or delete a user.

You can add a maximum of 512 users.

Step 5 Click OK.

----End

3.2.4.3 Modifying Namespace QoS

This topic describes how to modify the QoS parameters of a namespace.

Context
If QoS has already been configured for the namespace, this operation will overwrite the
existing QoS.

HUAWEI CLOUD Stack
OBS 3 User Guide

Procedure
Step 1 Access OBS Console as a VDC administrator or VDC operator. For details, see Logging In
to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click the Namespace tab.

Step 3 Use either of the following methods to access the page for modifying QoS parameters:
l Click QoS Management in the row where the namespace resides.
l Click the namespace of which you want to modify QoS parameters, and then click the
QoS Management tab.
Step 4 Click Edit QoS to modify the QoS parameters of the namespace.
Table 3-34 describes the QoS parameters.

Table 3-34 Namespace QoS parameters

Parameter Description Default Value

Read Bandwidth Indicates the read bandwidth requested by users. 0

(KB/s) l If this value is not 0, the value of Total
Bandwidth (KB/s) must be 0.
l If the value is 0, it indicates that there is no
limit.
Value range: 0 to 90173050474390.

Write Bandwidth Indicates the write bandwidth requested by users. 0

(KB/s) l If this value is not 0, the value of Total
Bandwidth (KB/s) must be 0.
l If the value is 0, it indicates that there is no
limit.
Value range: 0 to 90173050474390.

Total Bandwidth Indicates the total read/write bandwidth requested 0

(KB/s) by users.
l If this value is not 0, the values of Read
Bandwidth (KB/s) and Write Bandwidth
(KB/s) must be 0.
l If the value is 0, it indicates that there is no
limit.
Value range: 0 to 90173050474390.

IOPS (KB/s) Indicates the read and write times every second of 0
every KB of a disk.
Value range: 0 to 90173050474390.

Number of Indicates the number of concurrent connections. 0

Concurrent If the value is 0, it indicates that there is no limit.
Connections
Value range: 0 to 92337203685775800.

HUAWEI CLOUD Stack
OBS 3 User Guide

Step 5 Click OK.

----End

3.2.4.4 Deleting a Namespace

You can delete a namespace that is no longer needed.

Procedure
Step 1 Access OBS Console as a VDC administrator or VDC operator. For details, see Logging In
to OBS Console as a VDC Administrator or a VDC Operator.
Step 2 Click Delete in the row where the namespace resides.
NOTE

l If the namespace is in use or has files, you can clear the namespace or delete the namespace forcibly
as prompted.
l A namespace of the same name can be created in another VDC only after the namespace is deleted
for at least 30 minutes.

Step 3 Confirm the deletion and click OK.

----End

HUAWEI CLOUD Stack
OBS 4 Best Practice

4 Best Practice

4.1 Uploading and Downloading Files Using a Third-Party Client

4.2 Using a User-Defined Domain Name to Configure Static Website Hosting
4.3 Granting Employees Different Data Access Permissions
4.4 User Data Isolation Across VDCs
4.5 User Data Sharing Between Departments

4.1 Uploading and Downloading Files Using a Third-Party

Client
Service Scenario
A user stores a large number of service images and video data on a local computer. To ensure
data security, users can use a third-party client to upload the data to a bucket and download
the data.
Figure 4-1 shows the service scenario.

Figure 4-1 Service scenario diagram

HUAWEI CLOUD Stack
OBS 4 Best Practice

Bucket Description
A bucket is a container that stores objects in OBS. OBS provides flat storage in the form of
buckets and objects. Unlike the conventional multi-layer directory structure of file systems,
all objects in a bucket are stored at the same logical layer.

In OBS, each bucket name must be unique and cannot be changed. When a bucket is created,
its access control list (ACL) is generated by default. The items in the ACL include
permissions of authorized users such as the read (READ), write (WRITE), and full control
(FULL_CONTROL) permissions. Only authorized users can perform bucket operations, such
as creating, deleting, viewing, and configuring the bucket ACL. A user can create a maximum
of 100 buckets. However, the number and total size of objects in a bucket are not restricted.
Users do not need to worry about system scalability.

As OBS is based on REST HTTP and HTTPS, you can use uniform resource locators (URLs)
to locate resources.

Introduction to AK/SK
Access Key ID (AK)/Secret Access Key (SK) is an authentication certificate pair. OBS
(compatible with Amazon S3 APIs) authenticates requests using AKs and SKs. Tenants and
users use AKs and SKs to access the system. OBS (compatible with Amazon S3 APIs)
identifies tenants and users based on the AKs and SKs.

l AK: One AK belongs to only one tenant or user, but one tenant or user can have two
AKs. OBS (compatible with Amazon S3 APIs) identifies a tenant or user accessing the
system based on the AK.
l SK: An SK together with a request header is used to generate authentication information.
An SK corresponds to an AK.

Requirement Analysis
The analysis based on user requirements is as follows:

1. OBS is an object-based massive storage service that provides secure, reliable, and low-
cost data storage capabilities. It is suitable for storing files of any type and size.
2. Users can use a third-party client to upload images and videos to buckets and download
them to a local computer. It meets users' requirements for storage and usage.
3. This document uses the third-party client OBS Browser as an example.

Configuration Roadmap
Users can upload files to a bucket on OBS Console and download the files using access keys.
The configuration roadmap is as follows:

1. Create a bucket.
2. Add access keys.
3. Connect to OBS using OBS Browser.
4. Upload files to the bucket using OBS Browser.
5. Download the file to a local computer using OBS Browser.

Figure 4-2 shows the configuration process based on the preceding analysis.

HUAWEI CLOUD Stack
OBS 4 Best Practice

Figure 4-2 Configuration process

Procedure
Step 1 Create a bucket.
1. Log in to ManageOne as a VDC administrator or VDC operator using a browser.
URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal, for
example, https://tenant.demo.com
2. Select your region and then project from the drop-down list on the top menu bar.
3. On the navigation bar, click Console and choose Storage > Object Storage Service.
4. Click Create Bucket in the upper right corner of the page.

HUAWEI CLOUD Stack
OBS 4 Best Practice

5. Set bucket parameters.

Table 4-1 describes related parameters.

Table 4-1 Parameters for creating a bucket

Parameter Description

Region Region where the bucket to be created resides.

NOTE
If OBS is available in only one region, this region is displayed by
default. If OBS is available in multiple regions, select a region.

Bucket Name Enter obs-61a7 as the name of the bucket to be created.

Quota Limited Select No Limit. The quota of the bucket will not be limited,
(GB) but the capacity of objects that can be uploaded to the bucket
cannot exceed the available capacity quota of the bucket.

6. Click Create Now.

Step 2 Add access keys.
1. In the upper right corner of the page, click the username and choose My Settings.
2. Click the Manage Access Key tab page.

HUAWEI CLOUD Stack
OBS 4 Best Practice

3. Click Add Access Key.

NOTE

A maximum of two valid access keys can be added for each user.
4. Click OK to download the credentials.csv access key file to the local computer.
NOTE

The access key file can be downloaded only once. Keep it secure.

Step 3 Connect to OBS using OBS Browser.

1. Open the credentials.csv file and record the AK and SK.
2. Log in to the HUAWEI CLOUD official website, search for OBS Browser, and
download it as prompted.
3. Decompress the OBSBrowser.zip package and double-click obs.exe to open the OBS
Browser.
4. Enter the account information and click OK.

The key account information to be entered is as follows:

– Account Name
An account name is a unique identifier of an OBS Browser account, different from
the account registered with OBS.
– Service
When the third-party client connects to OBS, select Other object storage services.
You can also specify the IP address of the storage server based on the client status.
Enter an IP address or domain name in the following format: server IP address or

HUAWEI CLOUD Stack
OBS 4 Best Practice

domain name:server port number (The HTTPS port number is 443 and the HTTP
port number is 80.)
– Access Key ID/Secret Access Key
Enter the AK/SK recorded in Step 3.1.
– Access Path
You can enter the bucket name or object path. After the login is successful, the
bucket or object is accessed.
– Remember my secret access key
This option is selected by default. If you deselect it, you must input the secret
access key each time when you log in to OBS Browser.
Step 4 Upload files to the bucket using OBS Browser.
1. Click the bucket name. On the object list page that is displayed, click Upload > Upload
File.

2. Click Select File to add the file to be uploaded to the file list, and click OK.

HUAWEI CLOUD Stack
OBS 4 Best Practice

3. Click the task management icon in the upper right corner of the page to view the
download progress.

Step 5 Download the file to a local computer using OBS Browser.

1. Click the bucket name to go to the object list page. Select the file to be downloaded and
click Download.

HUAWEI CLOUD Stack
OBS 4 Best Practice

2. Click the task management icon in the upper right corner of the page to view the file
download progress.

----End

4.2 Using a User-Defined Domain Name to Configure

Static Website Hosting
OBS allows you to access static websites hosted by OBS using user-defined domain names.
This topic uses a specific practice as an example to describe how to use a user-defined domain
name to configure static website hosting. For better understanding, you may need to learn
some basic concepts and operations about the static website hosting in OBS. For details, see
Static Website Hosting.

Service Scenario
An enterprise has a large number of files to archive but it does not want to invest much in
storage resources. Therefore, the enterprise subscribes to OBS for hosting static websites and
expects to access the static resources using user-defined domain names, as shown in Figure
4-3.

HUAWEI CLOUD Stack
OBS 4 Best Practice

Figure 4-3 Using a user-defined domain name to access static websites

Data Planning
Table 4-2 describes the data to be planned before the configuration.

Table 4-2 Data planning

Data to Be Description Example
Planned

User-defined The user defines a domain name. www.example.com

domain name

Bucket name The bucket name must be consistent with www.example.com

the user-defined domain name.

Static website Indicates the index page that is returned index.html

homepage when you access a static website, that is,
the homepage.

404 error page When the static website path is incorrect, error.html
the 404 error page is returned.

The contents of index.html are as follows:

<html>
<head>
<title>Hello OBS!</title>
<meta charset="utf-8">
</head>
<body>
Welcome to use OBS static website hosting.
This is the homepage.
</body>
</html>

The contents of error.html are as follows:

HUAWEI CLOUD Stack
OBS 4 Best Practice

<html>
<head>
<title>Hello OBS!</title>
<meta charset="utf-8">
</head>
<body>
Welcome to use OBS static website hosting.
 This is the 404 error page.
</body>
</html>

Configuration Roadmap
You need to create a bucket with the user-defined domain name in OBS Console to store static
website resources. Then enable static website hosting of the bucket, and create and configure
domain name hosting through the domain name registration provider. The procedure is as
follows:

1. Register a domain name.

2. Create a bucket.
3. Upload static website files to the bucket.
4. Configure static website hosting.
5. Create and configure domain name hosting.
6. Verify the configuration.

Procedure
Step 1 Register a domain name.

If you have a registered domain name, skip this step.

If you do not have a registered domain name, register one with a registration provider of your
choice. In this scenario, the example domain name www.example.com is used. In practice,
replace the domain name with the one you actually planned.

Step 2 Create a bucket.

The bucket name must be consistent with the user-defined domain name. Take the
www.example.com domain name in the data plan as an example. You need to create a bucket
named www.example.com by performing the following steps:

1. Log in to ManageOne as a VDC administrator or VDC operator using a browser.

URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal, for
example, https://tenant.demo.com
2. Select your region and then project from the drop-down list on the top menu bar.
3. On the navigation bar, click Console and choose Storage > Object Storage Service.
4. In the upper right corner of the page, click Create Bucket and set related parameters.
For details, see Table 4-3.

HUAWEI CLOUD Stack
OBS 4 Best Practice

Table 4-3 Parameters for creating a bucket

Parameter Description

Region Region where the bucket to be created resides.

NOTE
If OBS is available in only one region, this region is displayed by
default. If OBS is available in multiple regions, select a region.

Bucket Name Enter the name of the to-be-created bucket, which is

www.example.com in this example.

Quota Limited (GB) Select No Limit. The quota of the bucket will not be limited,
but the capacity of objects that can be uploaded to the bucket
cannot exceed the available capacity quota of the bucket.

5. Click Create Now to complete the creation.

Step 3 Upload static website files to the bucket.
Prepare the static website files to be uploaded and repeat the following steps on OBS Console
until all static website files are uploaded to the bucket.

NOTE

You cannot upload folders, upload a file larger than 5 GB, or batch upload files through OBS Console.

1. Click bucket www.example.com.

2. In the navigation tree on the left, click Objects.
3. Click Upload File.
4. Select the file you want to upload and click Open.
NOTE

The website homepage file (index.html) and 404 error page (error.html) must be stored in the root
directory of the bucket.

HUAWEI CLOUD Stack
OBS 4 Best Practice

5. Click the uploaded file.

6. Click Object ACL.
7. In the Public Permissions area, click Edit on the right of Anonymous User.
8. In the Access to Object column, select Read.

9. Click Save.
Step 4 Configure static website hosting.
After uploading static website files, perform the following steps to set the bucket to the static
website hosting mode.
NOTE

You can also redirect all the static websites to another bucket or domain name. For details, see
Redirecting Requests to Another Host.

1. Click the bucket name to go to the bucket overview page.

2. In the navigation tree on the left, click Static Website Hosting.
3. Click the Static Website Hosting tab page.
4. Select Use this bucket to host a website, set Default Home Page to index.html, and
set Default 404 Error Page to error.html according to data planning.

HUAWEI CLOUD Stack
OBS 4 Best Practice

NOTE

You can also configure redirection rules based on service requirements to implement website
content redirection. For details, see Configuring Static Website Hosting.
5. Click OK. The configuration is complete.
Step 5 Create and configure domain name hosting.
Add an alias record to the domain name resolution of the domain name registration provider,
mapping to the static website domain name hosted by the bucket.
For example, the bucket www.example.com is located in the CN South-Guangzhou region,
and the added CNAME record is www.example.com CNAME www.example.com.obs-
website.cn-south-1.myhwclouds.com.
Step 6 Verify the configuration.
Enter www.example.com in the address bar of the browser to check whether the default
homepage can be accessed.
If the following information is displayed, the configuration is successful.

HUAWEI CLOUD Stack
OBS 4 Best Practice

In the web browser, enter a static file access address that does not exist in the bucket, such as
www.example.com/imgs, to check whether the 404 error page can be returned.
If the following information is displayed, the configuration is successful.

----End

4.3 Granting Employees Different Data Access

Permissions
By default, only resource owners can access OBS resources. Other users do not have OBS
access permissions without authorization. OBS offers multiple methods to help you assign
permissions to different users. Resource owners can formulate different access control
schemes based on service requirements to ensure data security.
In the private cloud scenario, roles and bucket policies are used to manage the permissions. A
role is used to manage access permissions of users or user groups. A bucket policy is used to
manage the permissions to access the bucket and objects in the bucket. They can be used
together to manage user access to object storage resources. For details about OBS user roles
and permissions management, see 3.1.1.7 User Roles and Permissions.

Service Scenario
A company department expects that internal data can be isolated between different
employees. That is, employees can only see and perform operations on the buckets and
objects they are authorized to.

Requirement Analysis
When creating a user in a VDC in the private cloud scenario, the creator is asked to select a
role for the user. Users of such roles as the preset VDC administrator and user-defined OBS

HUAWEI CLOUD Stack
OBS 4 Best Practice

administrator have the same permissions with the OBS administrator. They cannot be
restricted to access bucket resources even if bucket policies intend to. In addition, the
capability of creating buckets in a VDC is defined by role. Therefore, roles and bucket
policies must be used together to control permissions of the employees.

Configuration Roadmap
Create a VDC with a default VDC administrator and a few non-OBS administrator users who
do not have any OBS permissions. Non-OBS administrator users must be authorized by the
VDC administrator if they want to have specific OBS permissions. By default, the VDC
administrator authorizes non-OBS administrator users to use specific buckets, but prohibits
the users from creating a bucket, changing the capacity quotas of the buckets, and accessing
other buckets. The process is as follows:
1. Create a non-OBS administrator role.
2. Create a VDC and a default VDC administrator.
3. Create non-OBS administrator users in the VDC.
4. Create a bucket and configure a bucket policy to grant permissions to non-OBS
administrators.

Procedure
Step 1 Create a non-OBS administrator role.
1. Log in to ManageOne as an operation administrator using a browser.
– URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Operation
Management Portal, for example, https://admin.demo.com
– The default username of the operation administrator is bss_admin..
2. Choose Tenant > Role Management from the drop-down list box in the upper left
corner of the navigation bar.
3. In the upper right corner of the page, click Create Role.

HUAWEI CLOUD Stack
OBS 4 Best Practice

4. In the VDC area, select Query Permission.

5. In the All Cloud Services area, disable Have All Cloud Service Query Permission.
6. In the ECS area, select Management Permission.
NOTE

You can select any management permissions as required except those in the OBS area.
7. Click Create.

Step 2 Create a VDC and a default VDC administrator.

1. Log in to ManageOne as an operation administrator using a browser.
– URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com

HUAWEI CLOUD Stack
OBS 4 Best Practice

URL in B2B scenarios: https://Address for accessing ManageOne Operation

Management Portal, for example, https://admin.demo.com
– The default username of the operation administrator is bss_admin..
2. Select Tenant > Tenant Management from the drop-down list box in the upper left
corner of the navigation bar.
3. Click Create Tenant in the upper right corner.
4. Create VDC obs_tenant_01 and default VDC administrator vdc_admin_01 as
prompted.

Step 3 Create non-OBS administrator users in the VDC.

1. Log in to ManageOne as a VDC administrator using a browser.
– URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal,
for example, https://tenant.demo.com
– Username and password: username and password of the VDC administrator
2. Select your region and then project from the drop-down list on the top menu bar.
3. Select VDC > VDC Management from the drop-down list box in the upper left corner
of the navigation bar.
4. Select the VDC.

HUAWEI CLOUD Stack
OBS 4 Best Practice

5. Click the User tab page.

6. Click Create User in the upper right corner.
7. Create non-OBS administrator user test_1 as prompted.

8. Repeat Step 3.6 to Step 3.7 to create more non-OBS administrator users.
Step 4 Create a bucket and configure a bucket policy to grant permissions to the non-OBS
administrator users.
You can configure bucket access permissions for the users. In this way, different employees in
the same department can have different access permissions.
1. Log in to ManageOne as a VDC administrator using a browser.
– URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal,
for example, https://tenant.demo.com
– Username and password: username and password of the VDC administrator
2. Select your region and then project from the drop-down list on the top menu bar.
3. On the navigation bar, click Console and choose Storage > Object Storage Service.
4. In the upper right corner of the page, click Create Bucket to create bucket obs-1234 and
configure bucket parameters.

HUAWEI CLOUD Stack
OBS 4 Best Practice

5. In the bucket list, click the new bucket.

6. In the navigation tree on the left, click Permissions.
7. Click Bucket Policy.
8. Click Add Bucket Policy to configure the permissions of a non-OBS administrator user
to access the specified bucket.
The following figure shows how to configure a policy for non-OBS administrator user
test_1 to access bucket obs-1234 and all objects in the bucket.

9. Repeat Step 4.4 to Step 4.8 to configure read-only access policies for other buckets of
other non-OBS administrators.

HUAWEI CLOUD Stack
OBS 4 Best Practice

NOTE

After the bucket policies are configured, non-OBS administrator users can use ManageOne
Operation Portal (ManageOne Tenant Portal in B2B scenarios) or a third-party client to view the
buckets they are authorized to. The users cannot obtain, view, or configure other buckets they are
not authorized to.

----End

4.4 User Data Isolation Across VDCs

OBS is compatible with the Amazon S3 protocol which does not support multi-level VDCs.
Therefore, OBS quota configuration and permission control can be configured only in first-
level VDCs.

Service Scenario
A company provisions second-level VDCs to its internal departments and requires that data
isolation between different employees and different departments. That is, employees can only
view buckets and objects authorized to them and cannot perform operations on other buckets
and objects.

Requirement Analysis
A first-level VDC needs to be created for each department. Object storage buckets need to be
created in the VDCs and be authorized to department users through the bucket policy to
control user permissions for buckets.

Configuration Impact
l OBS Console does not support bucket access across first-level VDCs. After a bucket is
authorized to a user, the user can access the bucket only through API or third-party
clients.
l The bucket administrator can view all buckets and objects in the VDC. (As shown in the
preceding figure, the administrator A can access buckets 01 and 02 and objects in the
buckets.) Therefore, a first-level VDC needs to be created for each department.

Configuration Roadmap
1. Create a VDC.

HUAWEI CLOUD Stack
OBS 4 Best Practice

2. Create a bucket.

3. Configure a bucket policy.

4. Verify the permission.

Procedure
Step 1 Create a VDC.
1. Log in to ManageOne as an operation administrator using a browser.
– URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Operation
Management Portal, for example, https://admin.demo.com
– The default username of the operation administrator is bss_admin..
2. Select Tenant > Tenant Management from the drop-down list box in the upper left
corner of the navigation bar.
3. Click Create Tenant in the upper right corner.
4. Create VDC obs_tenant_01 and default VDC administrator vdc_admin_01 as
prompted.

5. Repeat Step 1.4 to create a first-level VDC for each tenant.

HUAWEI CLOUD Stack
OBS 4 Best Practice

Step 2 Create a bucket.

1. Log in to ManageOne as a VDC administrator using a browser.
– URL in non-B2B scenarios: https://Address for accessing ManageOne Operation
Portal, for example, https://console.demo.com
URL in B2B scenarios: https://Address for accessing ManageOne Tenant Portal,
for example, https://tenant.demo.com
– Username and password: username and password of the VDC administrator
2. Select your region and then project from the drop-down list on the top menu bar.
3. On the navigation bar, click Console and choose Storage > Object Storage Service.
4. In the upper right corner of the page, click Create Bucket to create bucket obs-1234 and
configure bucket parameters.

5. Repeat Step 2.4 to create a bucket for each user of the department in the new first-level
VDC.
Step 3 Configure a bucket policy.
1. In the bucket list, click the new bucket.
2. In the navigation tree on the left, click Permissions.
3. Click Bucket Policy.
4. Click Add Bucket Policy to configure the access policy for a specified user in the
department to a specified bucket.
For example, to grant the read and write permissions to bucket obs-1234 and all objects
in the bucket to user A of department 01, configure the bucket policy as follows:

HUAWEI CLOUD Stack
OBS 4 Best Practice

Table 4-4 Configuring a bucket policy

Parameter Configuration

Policy Mode Select Read and write.

You can also select Customized to customize the access
policy.

Principal Select Include and Others, and enter the name of the
authorized user.
The format of an authorized user is tenant ID:user/user ID,
for example: 94f48e2d3dc04e9cab130ba912ed4efc:user/
393e529610ec4fd8871dbce4cdde5856.
NOTE
The tenant ID and user ID are the information of the authorized
user. Log in to ManageOne Operation Portal (ManageOne Tenant
Portal in B2B scenarios), click the user icon in the upper right
corner, and choose My Settings from the displayed menu. On the
My Settings page, view the tenant ID and user ID.

Resource Select Include and enter the name of specified bucket and
all objects in the bucket.
Resources are separated by commas (,). All objects in the
bucket in the format of Bucket name/* are supported. If no
resource is specified, the policy applies to the bucket and all
objects in the bucket.

5. Repeat Step 3.4 to configure bucket access policies for other users of department 01 and
other departments.

Step 4 Verify the permission.

HUAWEI CLOUD Stack
OBS 4 Best Practice

If the authorized user can use the access key to access the object storage service and upload an
object to and download an object form the bucket, the bucket is authorized successfully. For
details, see 4.1 Uploading and Downloading Files Using a Third-Party Client.

----End

4.5 User Data Sharing Between Departments

Service Scenario
Data needs to be shared between departments. Users of other departments are allowed to
download the shared data, but are not allowed to write or delete the shared data. This reduces
the risks of deleting or modifying the shared data by mistake.

Requirement Analysis
Department A and department B belong to different first-level VDCs. Example: Department
A shares data in the bucket to users in department B for download. This section describes how
to perform permission control on shared data based on the principle of least privilege.

Configuration Roadmap
In this scenario, department A administrator can use the bucket policy to control permissions
of users in department B so that they can download but cannot modify or delete the shared
data. Figure 4-4 illustrates the configuration process.

HUAWEI CLOUD Stack
OBS 4 Best Practice

Figure 4-4 Configuration process

Procedure
Step 1 Create a bucket.
1. Log in to the HUAWEI CLOUD console as an administrator of department A. For
details, see 3.1.14.3 Logging In to OBS Console as a VDC Administrator or VDC
Operator.
2. Click Create Bucket in the upper right corner of the page.
3. Set bucket parameters and create bucket obs-1234 as prompted.

HUAWEI CLOUD Stack
OBS 4 Best Practice

Step 2 Configure the upload permission for users in department A.

If the role of users in department A is an OBS administrator or OBS limited administrator,
skip this step and go to Step 3.
1. In the bucket list, click the new bucket.
2. In the navigation tree on the left, click Permissions.
3. Click Bucket Policy.
4. Click Add Bucket Policy to configure the access policy for users in department A to a
specified bucket.
For example, to grant user test_1 in department A read and write permissions to bucket
obs-1234 and all objects in the bucket, configure the bucket policy as follows:

HUAWEI CLOUD Stack
OBS 4 Best Practice

Table 4-5 Configuring a bucket policy

Parameter Configuration

Policy Mode Select Read and write.

Principal Choose Include and User, and then select the name of the
authorized user.

Step 3 Configure the download permission for users in department B.

If the role of users in department B is an OBS administrator or OBS limited administrator,
skip this step and go to Step 4.
1. In the bucket list, click the new bucket.
2. In the navigation tree on the left, click Permissions.
3. Click Bucket Policy.
4. Click Add Bucket Policy to configure the access policy for users in department B to a
specified bucket.
For example, to grant user test_2 in department B the permission to download bucket
obs-1234 and all objects in the bucket, configure the bucket policy as follows:

HUAWEI CLOUD Stack
OBS 4 Best Practice

Table 4-6 Configuring a bucket policy

Parameter Configuration

Policy Mode Select Customized.

Effect Select Allow.

HUAWEI CLOUD Stack
OBS 4 Best Practice

Parameter Configuration

Action Select Include, and select Get* and List* under General in
Action.

Step 4 Disable the write and delete permissions for users in department B.
1. In the bucket list, click the new bucket.
2. In the navigation tree on the left, click Permissions.
3. Click Bucket Policy.
4. Click Add Bucket Policy to configure the access policy for users in department B to a
specified bucket.
For example, to disable user test_2 in department B to write or delete bucket obs-1234
and all objects in the bucket, configure the following bucket policy parameters:

HUAWEI CLOUD Stack
OBS 4 Best Practice

Table 4-7 Configuring a bucket policy

Parameter Configuration

Policy Mode Select Customized.

Effect Select Deny.

Action Select Include, and then select the following six actions of
Object from the drop-down box:
– PutObject
– PutObjectAcl
– PutObjectVersionAcl
– DeleteObject
– DeleteObjectVersion
– AbortMultipartUpload

Step 5 A user in department A uploads data.

The user in department A can upload data through OBS Console, OBS Browser, and
API&SDK. This section takes the operations on OBS Console as an example to describe how
to upload data.

1. Log in to OBS Console as an authorized user in department A.

2. In the bucket list, click the new bucket.
3. In the navigation tree on the left, click Objects.
4. Click Upload File.
5. Click Add File, select data as objects, and upload the objects to the new bucket.
You can click Task Management in the lower part of the page to view the upload
progress and result.

Step 6 Users in department B verify the permission.

HUAWEI CLOUD Stack
OBS 4 Best Practice

After the permission is granted, users in department B can be authenticated using APIs,
SDKs, or third-party clients. This section takes OBS Browser as an example to present how to
verify that users in department B can only read the shared data.
1. Log in to OBS Browser as a department B user. For details, see Connect to OBS using
OBS Browser.
2. Click Add Bucket.
3. Select Add External Bucket and enter the name of the authorized bucket.
4. Click OK to add an external bucket.
5. Upload a file to the bucket. For details, see Upload files to the bucket using OBS
Browser.
– If the upload is successful, the write and delete permissions fail to be configured.
Check whether the bucket policy is correctly configured.
– If the upload fails, the write and delete permissions are successfully configured. Go
to Step 6.6.
6. Download a file from the bucket. For details, see Download the file to a local computer
using OBS Browser.
– If the download fails, the download permission configuration fails. Check whether
the bucket policy is correctly configured.
– If the download is successful, the download permission is configured successfully.
Go to Step 6.7.
7. Select a file to be deleted and click More > Delete on the right.
– If the file is deleted, the write and delete permissions fail to be configured. Check
whether the bucket policy is correctly configured.
– If the deletion fails, the write and delete permissions are successfully configured.

----End

Best Practices of OceanStor Dorado Oriented To Oracle Database Deploymen...
No ratings yet
Best Practices of OceanStor Dorado Oriented To Oracle Database Deploymen...
81 pages
OceanStor 5300 V3&5500 V3&5600 V3&5800 V3&6800 V3&6900 V3 Storage System V300R001 Maintenance Guide 06
No ratings yet
OceanStor 5300 V3&5500 V3&5600 V3&5800 V3&6800 V3&6900 V3 Storage System V300R001 Maintenance Guide 06
359 pages
HUAWEI CLOUD Stack 6.5.0 Solution Description 03
100% (1)
HUAWEI CLOUD Stack 6.5.0 Solution Description 03
539 pages
Obs SDK Java Devg
No ratings yet
Obs SDK Java Devg
124 pages
Obs Productdesc en PDF
No ratings yet
Obs Productdesc en PDF
57 pages
HUAWEI CLOUD Stack 6.5.0 License Guide 04
No ratings yet
HUAWEI CLOUD Stack 6.5.0 License Guide 04
76 pages
Obs Productdesc en
No ratings yet
Obs Productdesc en
25 pages
OceanStor 6.1.6 REST Interface Reference
No ratings yet
OceanStor 6.1.6 REST Interface Reference
3,690 pages
Software Patterns Made Easy
From Everand
Software Patterns Made Easy
Justice Nanhou
No ratings yet
Viral Ipod Video
From Everand
Viral Ipod Video
MUHAMMAD NUR WAHID ANUAR
No ratings yet
ManageOne 6.5.1 Cloud Service Parameter Description 06
No ratings yet
ManageOne 6.5.1 Cloud Service Parameter Description 06
268 pages
Ges Api
No ratings yet
Ges Api
731 pages
03 Storage Services
No ratings yet
03 Storage Services
34 pages
Alibaba Cloud Object Storage Service: Quick Start
No ratings yet
Alibaba Cloud Object Storage Service: Quick Start
27 pages
Dorado V6 Series 6.1.x Basic Storage Service Configuration Guide for File
No ratings yet
Dorado V6 Series 6.1.x Basic Storage Service Configuration Guide for File
685 pages
Mastering Python Advanced Concepts and Practical Applications
From Everand
Mastering Python Advanced Concepts and Practical Applications
Aissa Younes
No ratings yet
Purchasing Power Parities and the Real Size of World Economies: A Comprehensive Report of the 2011 International Comparison Program
From Everand
Purchasing Power Parities and the Real Size of World Economies: A Comprehensive Report of the 2011 International Comparison Program
The World Bank
No ratings yet
SoftWare Repository For Container (SWR) 23.3.5 API Reference (For Huawei Cloud Stack 8.2.1)
No ratings yet
SoftWare Repository For Container (SWR) 23.3.5 API Reference (For Huawei Cloud Stack 8.2.1)
122 pages
10K Blueprint
From Everand
10K Blueprint
Cian O Farrell
5/5 (2)
Cloud Computing : Beginners And Intermediate User Guide
From Everand
Cloud Computing : Beginners And Intermediate User Guide
David comer
No ratings yet
Obs Bestpractice en
No ratings yet
Obs Bestpractice en
86 pages
ManageOne 6.5.1 Operation Portal Northbound API Reference 07
No ratings yet
ManageOne 6.5.1 Operation Portal Northbound API Reference 07
1,444 pages
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
From Everand
Blog Smarter, Not Harder: SEO, Blogging, and AI Strategies to Skyrocket Your Traffic
Jay Nans
No ratings yet
IMaster NCE Optical Resource Assurance APP V100R19C00 User Guide 01
No ratings yet
IMaster NCE Optical Resource Assurance APP V100R19C00 User Guide 01
341 pages
OceanStor Dorado 6.x & OceanStor 6.x Host Connectivity Guide for Connecting to Linux Hosts Using NFS over RDMA
No ratings yet
OceanStor Dorado 6.x & OceanStor 6.x Host Connectivity Guide for Connecting to Linux Hosts Using NFS over RDMA
51 pages
Mastering Windows Automation with AHK 2.0
From Everand
Mastering Windows Automation with AHK 2.0
John Nunez
No ratings yet
Oceanstor s2600 InstallationGuide
No ratings yet
Oceanstor s2600 InstallationGuide
184 pages
OceanStor Dorado 6.1.3 Command Reference
No ratings yet
OceanStor Dorado 6.1.3 Command Reference
1,939 pages
4. Cloud Storage Solution Design
No ratings yet
4. Cloud Storage Solution Design
42 pages
A To Z of Internet: Everything You Wanted to Know
From Everand
A To Z of Internet: Everything You Wanted to Know
Bittu Kumar
No ratings yet
OceanStor S2600T&S5500T&S5600T&S5800T&S6800T Storage System V200R001 Command Reference 06
No ratings yet
OceanStor S2600T&S5500T&S5600T&S5800T&S6800T Storage System V200R001 Command Reference 06
487 pages
Plain JavaScript: Learning the Front-End
From Everand
Plain JavaScript: Learning the Front-End
Roger Beans-Rivet
No ratings yet
Huawei OceanStor Dorado V6 All Flash Storage Systems Technical White Paper
No ratings yet
Huawei OceanStor Dorado V6 All Flash Storage Systems Technical White Paper
199 pages
IoT Api
No ratings yet
IoT Api
1,052 pages
OceanStor Dorado 3000 6.x Installation Guide
No ratings yet
OceanStor Dorado 3000 6.x Installation Guide
155 pages
The IPhone 12 Pro Photography User Guide: Your Guide For Smartphone Photography For Taking Pictures Like A Pro Even As A Beginner
From Everand
The IPhone 12 Pro Photography User Guide: Your Guide For Smartphone Photography For Taking Pictures Like A Pro Even As A Beginner
Wendy Hills
No ratings yet
Starting Your Own Yahoo Store
From Everand
Starting Your Own Yahoo Store
MUHAMMAD NUR WAHID ANUAR
No ratings yet
1. OceanStor Dorado V6 6.0.0 Documentation Introduction
No ratings yet
1. OceanStor Dorado V6 6.0.0 Documentation Introduction
31 pages
Manual Camra Huawei
No ratings yet
Manual Camra Huawei
153 pages
Main Content
No ratings yet
Main Content
1,883 pages
FE Mechanical Exam Prep Complete Study Guide for the Fundamentals of Engineering with Practice Questions and Proven Strategies to Conquer the Exam
From Everand
FE Mechanical Exam Prep Complete Study Guide for the Fundamentals of Engineering with Practice Questions and Proven Strategies to Conquer the Exam
Tony Boyd
No ratings yet
Huawei Cloud Stack 8.3.0 Solution Description 011
No ratings yet
Huawei Cloud Stack 8.3.0 Solution Description 011
1,580 pages
OceanStor S2600 Command Reference
No ratings yet
OceanStor S2600 Command Reference
274 pages
The Future of Learning: Revolutionizing Education Through Generative AI: AI Books, #11
From Everand
The Future of Learning: Revolutionizing Education Through Generative AI: AI Books, #11
Mohammad
No ratings yet
Optical Doctor System Feature Description 02-20140630-C
No ratings yet
Optical Doctor System Feature Description 02-20140630-C
122 pages
Keyboard Shortcuts for Mac
From Everand
Keyboard Shortcuts for Mac
Jordan Kennedy
No ratings yet
OceanStor Dorado 6.x & OceanStor 6.x Host Connectivity Guide For VMware ESXi
No ratings yet
OceanStor Dorado 6.x & OceanStor 6.x Host Connectivity Guide For VMware ESXi
149 pages
OceanStor Dorado 6.1.8 Upgrade Guide
No ratings yet
OceanStor Dorado 6.1.8 Upgrade Guide
276 pages
A Report on Huawei Cloud Services.....
No ratings yet
A Report on Huawei Cloud Services.....
4 pages
Huawei OceanStor 2600 V3 Storage System Product Description
100% (1)
Huawei OceanStor 2600 V3 Storage System Product Description
142 pages
OceanStor Dorado 6.1.3 Documentation Introduction
No ratings yet
OceanStor Dorado 6.1.3 Documentation Introduction
35 pages
Python Graphics
From Everand
Python Graphics
Williams Asiedu
No ratings yet
OceanStor Dorado 6.1.x Initialization Guide
No ratings yet
OceanStor Dorado 6.1.x Initialization Guide
249 pages
HCIP-Cloud Service Solutions Architect V3.0 Lab Guide
No ratings yet
HCIP-Cloud Service Solutions Architect V3.0 Lab Guide
303 pages
vha-api
No ratings yet
vha-api
239 pages
sfs-usermanual
No ratings yet
sfs-usermanual
130 pages
Huawei OceanStor 9000 V5 Scale-out NAS Technical White Paper
No ratings yet
Huawei OceanStor 9000 V5 Scale-out NAS Technical White Paper
37 pages
OceanStor S2600T&S5500T&S5600T&S5800T&S6800T Storage System V200R002 Online Capacity Expansion 01
No ratings yet
OceanStor S2600T&S5500T&S5600T&S5800T&S6800T Storage System V200R002 Online Capacity Expansion 01
226 pages
OceanStor SNS2124&SNS2224&SNS2248&SNS3096&SNS5192&SNS5384 V100R002C00SPC600 Upgrade Guide 01
No ratings yet
OceanStor SNS2124&SNS2224&SNS2248&SNS3096&SNS5192&SNS5384 V100R002C00SPC600 Upgrade Guide 01
28 pages
OceanStor 2000, 5000, 5000F, 6000, And 6000F Series V500R007C73 Command Reference
No ratings yet
OceanStor 2000, 5000, 5000F, 6000, And 6000F Series V500R007C73 Command Reference
1,811 pages
Fqa On Eoffice: Frequently Asked Questions
No ratings yet
Fqa On Eoffice: Frequently Asked Questions
5 pages
HK902S - Managing HPE 3PAR StoreServ I
No ratings yet
HK902S - Managing HPE 3PAR StoreServ I
2 pages
Neha Saxena Resume Format
No ratings yet
Neha Saxena Resume Format
2 pages
Cache Memory: S. Dandamudi
No ratings yet
Cache Memory: S. Dandamudi
56 pages
SQL_Server_2008_ephrem
No ratings yet
SQL_Server_2008_ephrem
15 pages
Servicedesk Plus Installation Best Practices Guide
No ratings yet
Servicedesk Plus Installation Best Practices Guide
5 pages
Introduction To SQL
No ratings yet
Introduction To SQL
84 pages
Grade 10 Ict Note
No ratings yet
Grade 10 Ict Note
6 pages
SSIS Design Pattern - Incremental Loads: Andy Leonard
No ratings yet
SSIS Design Pattern - Incremental Loads: Andy Leonard
55 pages
Overview of Storage in Windows Server 2016
No ratings yet
Overview of Storage in Windows Server 2016
49 pages
Quiz
No ratings yet
Quiz
51 pages
Grafana
50% (2)
Grafana
57 pages
000 423
No ratings yet
000 423
6 pages
[Ebooks PDF] download Data cleaning First Edition Association For Computing Machinery. full chapters
No ratings yet
[Ebooks PDF] download Data cleaning First Edition Association For Computing Machinery. full chapters
38 pages
Data Warehouses
No ratings yet
Data Warehouses
6 pages
Ce 1216 Stud
No ratings yet
Ce 1216 Stud
202 pages
EMC MirrorView Knowledgebook - FLARE 30-A Detailed Review
No ratings yet
EMC MirrorView Knowledgebook - FLARE 30-A Detailed Review
79 pages
Guided Buying Solution
No ratings yet
Guided Buying Solution
20 pages
Data Engineer - Ireland
No ratings yet
Data Engineer - Ireland
3 pages
Databases
No ratings yet
Databases
58 pages
UNIT 1 - Database System Architecture
No ratings yet
UNIT 1 - Database System Architecture
12 pages
Information Technology: Sample Assignment 1B Database Design and Normalisation
No ratings yet
Information Technology: Sample Assignment 1B Database Design and Normalisation
4 pages
Vivekanand Reddy Malipatel Resume
No ratings yet
Vivekanand Reddy Malipatel Resume
1 page
How To Delete A Node From Oracle RAC 19C
No ratings yet
How To Delete A Node From Oracle RAC 19C
21 pages
Data Domain Products - Overview (Customer Presentation)
No ratings yet
Data Domain Products - Overview (Customer Presentation)
27 pages
NDG Linux Essentials 2.0 Chapter 13 Exam Answers: Dmesg
No ratings yet
NDG Linux Essentials 2.0 Chapter 13 Exam Answers: Dmesg
4 pages
Assignment
No ratings yet
Assignment
3 pages
Data Versioning Principles Best Practices
No ratings yet
Data Versioning Principles Best Practices
21 pages
Studi Kasus SQL Injection Vulnerabilities Assessment
No ratings yet
Studi Kasus SQL Injection Vulnerabilities Assessment
1 page
Linux On eMMC - Optimizing For Performance
No ratings yet
Linux On eMMC - Optimizing For Performance
37 pages