SEAGATE S3 Lyve Cloud Storage Embraces Hammerspace User Guide
- June 16, 2024
- Seagate
Table of Contents
- SEAGATE S3 Lyve Cloud Storage Embraces Hammerspace
- Lyve Cloud S3 Storage User Manual
- Quick Start Guide
- Using Account API
- Setting Expiration Duration
- Connecting S3 Clients
- Frequently Asked Questions (FAQ)
- Release Notes
- Product Features
- SETTINGS
- Home page
- Using Account
- Viewing permissions
- Description
- Actions
- References
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
SEAGATE S3 Lyve Cloud Storage Embraces Hammerspace
Lyve Cloud S3 Storage User Manual
Specifications
- Model: [Model Name]
Product Features
The Lyve Cloud S3 Storage offers the following features:
- Feature 1
- Feature 2
- Feature 3
- Feature 4
- …
Quick Start Guide
To quickly set up your Lyve Cloud S3 Storage, follow these steps:
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
S3 API Endpoints
The S3 API provides the following endpoints:
- Endpoint 1
- Endpoint 2
- Endpoint 3
- Endpoint 4
- …
Using Account API
To use the Account API, follow these steps:
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Administrator’s Guide – Introduction
The Administrator’s Guide provides detailed information on
managing the Lyve Cloud S3 Storage as an administrator.
Service Availability
The Lyve Cloud S3 Storage service is available [Service
Availability Details].
Administrator’s Guide – Bucket Management
The Administrator’s Guide provides instructions on managing buckets.
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Administrator’s Guide – Account Management
The Administrator’s Guide provides instructions on managing accounts.
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Setting Expiration Duration
To set the expiration duration, follow these steps:
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Administrator’s Guide – Audit Log Management
The Administrator’s Guide provides instructions on managing the audit log.
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Administrator’s Guide – Identity and Access Management (IAM)
The Administrator’s Guide provides instructions on Identity and Access
Management (IAM).
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Administrator’s Guide – Sub-Account Management
The Administrator’s Guide provides instructions on managing sub-accounts.
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Connecting S3 Clients
To connect S3 clients to the Lyve Cloud S3 Storage, follow these steps:
- Step 1: [Step 1 Description]
- Step 2: [Step 2 Description]
- Step 3: [Step 3 Description]
- …
Frequently Asked Questions (FAQ)
- Question 1: [Answer to Question 1]
- Question 2: [Answer to Question 2]
- Question 3: [Answer to Question 3]
- …
Release Notes
[Release Notes Details]
Lyve Cloud S3 Storage User manual
Model:
Hier klicken, um eine aktuelle Online-Version dieses Dokuments aufzurufen.
Auch finden Sie hier die aktuellsten Inhalte sowieerweiterbare Illustrationen,
eine übersichtlichere Navigation sowie Suchfunktionen.
Product Features
Lyve Cloud offers several features designed to support a variety of use cases.
Customers can easily store, analyze, and manage data on secure, cost-efficient
Seagate storage. Lyve Cloud provides an object storage solution that allows
customers to move data to and from storage buckets through an HTTPS protocol.
Admins can easily manage bucket access with user-specific access control
lists. With Lyve Cloud’s flexible application programming interface (API),
customers can plug in their favorite S3compatible applications to store data,
run big data analytics, audit storage activity, and manage users across the
platform.
Storage management
Lyve Cloud’s single-tier design breaks away from traditional storage classes
to provide uninterrupted data movement. Objects stored in Lyve Cloud can be
uploaded, downloaded, updated, and erased anytime. Using S3 Select API calls,
customers can easily connect to third-party clients to move and manage data.
Applications are authenticated to Lyve Cloud using an access key and secret
key provisioned at service account creation. Once authenticated, applications
will access buckets and objects using the defined permissions set in the
service account (read-only, write-only, or all operations).
All S3 API activity and actions within the Lyve Cloud console are tracked
withAudit logs . Audit logs record all S3-supported API calls and activities
on the console to access audit functions and track suspicious activity.
Lyve Cloud also offers features to help prevent unintended data modifications
and provide versioning. Using Object Immutability prevents objects from being
deleted or overwritten by any user, including the account owner, for a
specified retention duration. Object Immutability also supports Amazon S3
Object Lock to reinforce Write-Once-Read-Many (WORM) policies. Customers can
toggle on Object Immutability at bucket creation to enable this feature, which
also enables Versioning. Versioning allows customers to protect, recover, and
restore every iteration of an object stored in a bucket in case of accidental
deletions or failures. Versioning remains enabled even if Object Immutability
is later disabled.
Lyve Cloud offers Global Account Management to allow customers to create
buckets in different regions or create service accounts to access buckets in
different regions. For more information, seeS3 API endpoints. This provides
simplified management of multiple regions on the Lyve Cloud console and the
ability to increase redundancy and availability. For more information,
seeUnderstanding Global Accounts.
Customers also use Lyve Cloud Sub-Accounts to create, provision and manage
additional sub-accounts to maintain a multi-level account structure. Each sub-
account can function as its storage account with the ability to manage its
users, create buckets and upload data.
Learn more about Managing Lyve Cloud storage.
Storage Analy cs
Customers can now analyze, process, move, and transform massive amounts of data on Lyve Cloud using Lyve Cloud Analytics. This platform uses big data frameworks such as Apache Spark, Trino, and ML to satisfy a variety of use cases, including scheduling, monitoring, machine learning, and more. For more information, visit Getting Started with Analytics.
Lyve Cloud’s flexible backend was designed to complement various computing applications. As a vendoragnostic solution, Lyve Cloud can connect to public cloud environments such as AWS, Azure, and Google to utilize their analytics services on Lyve Cloud storage. This functionality allows businesses to consolidate, query, and analyse big data on cost-efficient Seagate storage. Customers can visit Lyve Cloud Marketplace to utilize validated Lyve Cloud partner solutions for computing, such as Zadara zCompute and Equinix Metal.
Access management and security
Access management
Account administrators have several tools to authorize access to Lyve Cloud
users.Identity and access management (IAM) allows Lyve Cloud Administrators to
manage users and their access to the console. Access is managed with user-
defined roles that offer varying levels of accessibility. IAM users can use
Configuring multi-factor authentication (MFA) for additional verification
during login.
Configuring Federated Login requires Security Assertion Markup Language (SAML) protocol to provide a single sign-on authentication method through an organization’s IDP (identity provider).
Security
Lyve Cloud offers security features to protect data in flight and at rest. To
ensure data is protected in flight, Lyve Cloud aligns with Transport Layer
Security (TLS) 1.2 protocol and leverages 256-bit Advanced Encryption Standard
(AES) Galois/Counter Mode (GCM) encryption, establishing secure communications
to the client. By default, all data is encrypted before it is stored.
Learn more by visiting the Data Security Overview and the Lyve Cloud Data Security Whitepaper.
Availability and durability
Lyve Cloud data centers are located in multiple geographic locations,
including Northern California, Virginia, and Singapore, with dedicated
operations staff to ensure the Lyve Cloud services are available with a
monthly uptime of 99.9%.
Product
1/4/24
9
Data durability refers to long-term data protection against bit rot or other forms of corruption over long periods. Due to Lyve Cloud’s industry-leading architecture, Lyve Cloud can achieve 11 9s of data durability making data loss statistically insignificant.
Product
1/4/24
10
Quick Start Guide
Seagate on Vimeo: Lyve Cloud – Getting Started with Lyve Cloud
Understanding Account ID
Account ID is a unique identification that is associated with the Lyve Cloud account. An account ID is unique across all Lyve Cloud accounts globally and can include your company name, which is created during the onboarding process. The account ID helps to identify and distinguish resources in one account from the resources in another account.
While creating, the length of the account ID must be between 3 and 63 characters, where only lowercase characters, numbers, and “-” are allowed.
You cannot change the account ID once it is created.
The account ID is used to create the unique URL for the account’s console URL
with the following format: https://
A single URL is used to access the Lyve Cloud console, which is authenticated by the account ID.
Signing in to Lyve Cloud
To use the Lyve Cloud console, you must sign in using your account credentials. To sign in to Lyve Cloud, you will need a login URL, which contains a unique account ID. The account ID can include your company name chosen during onboarding. You cannot change the account ID once it is created. The account ID is unique across Lyve Cloud accounts.
A single URL is used to access Lyve Cloud console which is authenticated by
the account ID, and the URL has the following format:
https://
If you know the Lyve Cloud account login URL
After successful onboarding, you will receive a welcome email. This email contains the Lyve Cloud URL. Using this URL, you can sign in to Lyve Cloud by creating a password.
This URL is in the following format:
https://
Quick Start
1/4/24
11
or save this URL to log into the console.
If you do not know the Lyve Cloud account login URL
If you have not saved the URL:
https://
Login Sequence
You have an Account ID–Enter the Account ID on the login page, followed by the registered email address. An email with all the details of the Lyve Cloud account is sent, which contains the Lyve Cloud URL to log in.
Quick Start
1/4/24
12
You do not have an Account ID–You will receive your account ID by providing your registered email address. You must selectGet Help on the Login page. You are directed to enter your email address.
Quick Start
1/4/24
13
If the email address is not registered with Lyve Cloud, contact the support
team at support.lyvecloud@seagate.com.
Finding your Account ID in the Lyve Cloud console
If you have already signed in to the Lyve Cloud account, you can view the
Account ID from the Header pane. Select the username in the top right to view
the Account ID.
The following image highlights the Account ID in the console.
Using the Lyve Cloud console
The Lyve Cloud console includes three panes: the header pane, left menu, and main view.
Quick Start
1/4/24
14
The following image displays the three panes of the Lyve Cloud console.
Header pane: Select the Lyve Cloud logo to return to the dashboard. TheStart
Here button, Help link, user name, and icon are displayed on the top right
corner of the header pane. Open thSetart Here window to find quickstart
resources. View our documentation and training videos underHelp. To exit Lyve
Cloud, select the user name and then selectLogout.
Left menu: The left menu is organized as follows:
Home page: It is the landing page after you login to the console. It shows the
number of buckets, reports, and usage and more. For more information,
seeUnderstanding the home page dashboard below.
Marketplace : This section displays and provides more information on partner
solutions like Backup and Recovery, Surveillance, Compute, etc. that are
certified with Lyve Cloud.
STORAGE
Buckets: Allows you to create and manage buckets.
Permissions: Allows you to set the permissions for buckets.
Service Accounts: Generates access credentials that enable S3 applications to
perform S3 operations on the bucket.
IDENTITY & ACCESS
Quick Start
1/4/24
15
Users: Allows you to create users and set user roles.
MFA: Allows you to add an additional factor to the login to prevent
unauthorized access.
Federated Login: Allows you to enable federated single sign-on (SSO) from your
organization’s Identity Provider (IdP).
Notification Recipients: Allows you to add recipients to receive service and
other important Lyve Cloud notifications via email.
SETTINGS
Settings: Allows you to enable and disable audit logs. These logs are detailed
records of activities in the Lyve Cloud console and S3 API operations.
Billing: Allows you to see each months’ costs, and download and view previous
monthly invoices.
Support: Allows you to open new support tickets for any issues related to Lyve
Cloud services.
The non-administrator roles can only see a subset of the menu options.
Main view: Displays the information corresponding to the left menu item
selected.
Understanding the home page dashboard
After you log in to the Lyve Cloud console, you are taken to the dashboard’s
home page, and the headings on the page are displayed without data. However,
if you have created buckets and are storing data in the buckets, the dashboard
displays important details in the different sections.
The dashboard displays statistics of the storage system, usage, and estimated
cost. A graphical view of usage trends, bucket count, and average usage are
available.
Home page
Master Account home page
Quick Start
1/4/24
16
Buckets: Displays the total number of buckets.
Month-to-Date Usage: Displays the average usage of the account from the beginning of the month until the current date.
Estimated Cost: Displays the estimated monthly storage costs based on the current month’s usage trends. This cost is displayed in US dollars.
General Reports:
Daily Average Usage: Displays the daily average from a series of four usage
snapshots within a 24hour period of data stored in all the buckets.
Date range selection: Select a current month, last six months, or custom time
range to view usage trends.
This month is a default selection that displays the daily average usage trend
for the current month to date.
Selecting the Last 6 months shows the usage trend of the last six months. Each data point displays the monthly average for that month.
Quick Start
Selecting a Custom time range allows you to choose the monthly time range, and the data points display the monthly average usage.
1/4/24
17
Download the usage data in CSV format by selectingDownload. Use theDate range
selection to select the length of time of the report. This report shows the
Date, Region Name, Bucket Name, Usage(byte), Usage (GB) in the excel sheet.
Usage Report: Displays the usage of all the sub-accounts in the master
account. The Sub-accounts Usage graph displays the usage of each sub-account
on the same graph. The graph has different colour lines per account. Hovering
over a particular day/month (depending on view scale) displays a tooltip with
the time information for all selected accounts with the line colour, account
name, and usage value per sub-account account.
Accounts Summary: Displays the summary of each sub-account. Customers: Lists
the account ID of each sub-account in the master account.
Users: Lists the number of users for each sub-account.
Service Accounts: Lists the number of service accounts for each sub-account.
Buckets: Lists the number of buckets created by each sub-account.
Average Usage: Lists the average amount of data used per day for each sub-
account, from the beginning of the month to the current date.
Created On: Displays the date when the sub-account is added to the Lyve Cloud
master account.
Provisioning storage buckets
Seagate on Vimeo: Lyve Cloud – How to Create a Bucket
Create buckets
Begin by creating a bucket to add data. 1. On the left-hand menu,
selectBuckets, and then selectCreate Bucket . 2. Enter the Bucket Name and
Region. Select Create. (Optionally, enabe Object Immutability .)
After the bucket is created, it is listed on the Buckets page. For more
information, seeAdministrator’s Guide – Bucket Management.
Create bucket permissions
Next, create and apply permissions to at least one bucket. Permissions define
the type of operations that
applications perform on the bucket:Read, Write, or All Operations (read,
write, delete, and list).
1. On the left-hand menu, selectPermissions, and then selectCreate Bucket
Permission . 2. On the Create Bucket Permission dialog:
Name: Enter the name for permission. Permission names can contain any
alphanumeric characters, dashes (“-“), underscores (“_”), or spaces. Select
one of the following fromWhich buckets does this permission apply to?
One or more existing buckets All buckets in this account with a prefix All
buckets in this account Select Actions to assign privileges asAll Operations ,
Read only, Write only. Select Create to save the permission for the bucket.
The Description of the permission assigned to the buckets is displayed.
3. Alternatively, you may import policy permission files to create new
permissions. SeeUsing policy permission files.
For more information on buckets, see Administrator’s Guide – Bucket
Management.
Create service accounts
Finally, after creating permissions for a bucket, create a service account to
allow applications to authenticate and use these permissions. Applications use
service account credentials in API calls to access buckets to add and delete
data.
1. On the left-hand menu, selectService Accounts, and then selectCreate
Service Account. 2. Enter the Service Account Name, and then select applicable
Permissions from the available list. 3. Select Create. A confirmation displays
the access key and secret key required to access the bucket. 4. Copy these
account credentials or download them in CSV or JSON format before you close
the dialog.
The access key and secret key cannot be retrieved later.
For more information on service accounts, seeAdministrator’s Guide – Account Management.
Understanding Global Accounts
Lyve Cloud Global Accounts let customers create buckets in different regions for increased provisioning and data access. For more information, seeCreating buckets .
Once you create buckets in different global accounts:
Quick Start
1/4/24
19
The Lyve Cloud console lists all the buckets created for an account. For more
information, seeListing buckets. Listing buckets using the S3 API displays the
buckets for the region that is specified in the API command. You can copy
objects between different Lyve Cloud regions using S3 API commands.
To access data from buckets created in different global regions: Make direct
requests to one of the Lyve Cloud S3 API endpoints. For more information on S3
access points, see S3 API endpoints.
Lyve Cloud does not provide an S3 API global endpoint to access data across
different global accounts. You must use the region specific endpoint to
provision storage.
Quick Start
1/4/24
20
S3 API Endpoints
The following table shows Lyve Cloud regions where Lyve Cloud is currently available and the endpoints for these regions.
Region
Endpoint
Comment
US-East-1 (N. Virginia)
US-West-1 (N. California)
APSoutheast-1 (Singapore)
EU-West-1 (London)
US-Central-2 (Texas)
https://s3.us-east-1.lyvecloud.seagate.com https://s3.us- west-1.lyvecloud.seagate.com https://s3.ap-southeast-1.lyvecloud.seagate.com https://s3.eu-west-1.lyvecloud.seagate.com https://s3.us- central-2.lyvecloud.seagate.com
Standard Region Standard Region Standard Region Standard Region Standard Region
Lyve Cloud supports path-style requests and virtual hosted-style requests available with AWS S3. Use the URL format to access a bucket using a path- style endpoint or virtual hosted-style endpoint.
Lyve Cloud does not provide an S3 API global endpoint to access data across different regions.
Region
Path-style endpoint
Virtual hosted-style endpoint
S3 API
1/4/24
21
Region
US-East-1 (Virginia)
Path-style endpoint
https://s3.us-east-1.lyvecloud.seagate. com/[bucket_name]
Virtual hosted-style endpoint
https://[bucket_name].s3.us-east-1.lyv ecloud.seagate.com
US-West-1 (California)
APSoutheast-1 (Singapore)
EU-West-1 (London)
https://s3.us-west-1.lyvecloud.seagate. com/[bucket_name] https://s3.ap- southeast-1.lyvecloud.sea gate.com/[bucket_name] https://s3.eu- west-1.lyvecloud.seagate. com/[bucket_name]
https://[bucket_name].s3.us-west-1.lyv ecloud.seagate.com
https://[bucket_name].s3.ap-southeast1.lyvecloud.seagate.com
https://[bucket_name].s3.eu-west-1.lyv ecloud.seagate.com
US-Central-2 (Texas)
https://s3.us-central-2.lyvecloud.seagat e.com/[bucket_name]
https://[bucket_name].s3.us-central-2.l yvecloud.seagate.com
S3 API
1/4/24
22
Using Account API
Account API allows you to access Lyve Cloud account information through an API
endpoint. The account API can be generated only by the account administrators.
You can perform all Lyve Cloud operations using the account API credentials.
What can I do with Account API?
Account API enables customers and sub-account administrators to leverage Lyve
Cloud account’s functionality programmatically.
You can perform the following actions using account API: Permissions: Create
permissions, List permissions, Get permissions by ID, Delete permissions by
ID, and Update permission Service Accounts: Create service account, List
service account, Get service account data by ID, Update service account,
Enable service account and Disable service account. Usage: Get current month
storage usage and historical storage usage by month.
For more information, see Lyve Cloud Account API version 2.
The API uses the secure HTTP/1.1 over TLS 1.2 protocol and operates mainly
with JSON-formatted messages. All API responses are assigned specific numeric
codes that help you quickly identify if a request to an endpoint is successful
or unsuccessful. For more information on error codes, seeList of API error
codes in the Account API version 2.
Genera ng Account API creden als
The credentials never expire when generating API credentials unless you
configure an expiration duration. You can change the default setting by
setting an expiry duration for all newly created API credentials; see Setting
expiration duration. This limits the validity of the Account API credentials,
which need to be changed again after the expiration. After the expiration
date, the secret credentials cannot be used for authentication but will stay
associated with the account until you delete or regenerate it. 1. On the
Header pane, select the username in the top right. 2. Select Generate Account
API Credentials . 3. Copy or download the Access Key and Secret Key after you
create the Account API credentials.
Using Account
1/4/24
23
Download the key in CSV or JSON format, as you cannot retrieve the secret key
details later.
The status of credentials will show as one of the following. The status is
based on the expiration duration. Expires in: XX days: You must generate the
API credentials to use the API after expiration. Never Expires: The security
credentials are not set, and these credentials will never expire. Expired: The
credentials have expired, and you cannot access the account API.
After the credentials are generated, use these credentials to generate a time-
bound token. This token is used to authenticate the Lyve Cloud Account API and
is passed as a Bearer header value.
You must attempt to generate credentials the second time if Account API
generation fails.
Using Account
1/4/24
24
Regenera ng Account API creden als
You can re-generate the credentials regardless of their expiration status. If
you already have active credentials and still regenerate new credentials, the
old credentials become inactive.
1. On the Header pane, select the username in the top right. 2. Select
Generate Account API Credentials ., and then selectRegenerate.
Dele ng Account API creden als
Once you delete the credentials, you can again generate new credentials.
However, any workload that uses these credentials will immediately lose access
to the resources.
1. On the Header pane, select the username in the top right. 2. Select
Generate Account API Credentials ., and then selectDelete.
Using Account
1/4/24
25
Using Account
1/4/24
26
Administrator’s Guide – Introduc on
This guide provides instructions on creating buckets and managing bucket
permissions and service accounts to authenticate and access data stored in the
buckets. It describes identity and access management (IAM) to manage access to
your Lyve Cloud resources. The Lyve Cloud console dashboard displays the
storage system’s overall statistics. See graphical views of usage trends,
numerical values of buckets, and average usage.
Console high-level workflow
This section explains the console workflow as determined by user roles. For
more information on your assigned role, see Administrator’s Guide – Identity
and Access Management (IAM).
There are three roles available in Lyve Cloud:
Administrator Storage Administrator Auditor
Administrator workflow (admin role)
Administrators can perform all actions available in the Lyve Cloud console.
1. Once you sign in to the Lyve Cloud console, a dashboard is displayed. The
dashboard shows details of buckets and usage-related information. For more
information, seeUnderstanding the home page dashboard .
2. To manage Lyve Cloud storage:
A. Storage is managed and provisioned in buckets. For more information,
seeCreating buckets. B. Once you create a bucket, you must assign it
Permissions, and define what operations are
allowed for buckets. SeeCreating bucket access permissions. C. After you
assign permissions to a bucket, create a service account. Service accounts are
used by
applications to authenticate API calls accessing the bucket. For more
information, seeCreating service accounts.
3. Use Identity and Access Management (IAM) features to secure access to your
Lyve Cloud account. For more information, see Administrator’s Guide – Identity
and Access Management (IAM).
Storage management workflow (storage admin role)
Administrator’s Guide – Introduction
1/4/24
27
The storage admin user can perform all the storage operations as
anAdministrator user in Lyve Cloud, including managing buckets, managing
permissions, and creating service accounts. The storage admin user is
restricted from altering settings for Identity and Access Management (IAM) and
Lyve Cloud account billing.
Auditor workflow
Users with the Auditor role have read only access throughout the Lyve Cloud
console, and are not permitted to perform any storage operations or alter
settings.
Console session management
The user login session management increases the strength and security of the
Lyve Cloud session. To provide more secure access, non-persistent sessions
invalidate a Lyve Cloud console session cookie when the browser is closed.
By default, a user session timeout is 24 hours. Users are not required to log
in with their credentials for up to 24 hours only if the Lyve Cloud session is
active. The session is active after successful authentication by the user. The
Lyve Cloud console automatically signs out the user after 24 hours.
When users close and re-open the browser, they get a prompt for re-
authentication.
In summary, the Lyve Cloud console requires re-authentication in the following
cases: When you sign out of the Lyve Cloud session The browser is closed
without any active session, or the active Lyve Cloud tab is closed. The
authenticated session is more than 24 hours.
The Lyve Cloud console session remains active in the following cases: At least
one Lyve Cloud active session is open, and the authentication session is less
than 24 hours.
Supported browsers
The Lyve Cloud Console supports the following browsers:
Browser Google Chrome Mozilla Firefox
Version Last three versions Last three versions
Administrator’s Guide – Introduction
1/4/24
28
Browser Microsoft Edge Apple Safari
Version Last three versions Last three versions
Managing support ckets
If you experience a problem with Lyve Cloud, use the Support page to create a
support ticket. Please provide detailed information in the Subject and
Description fields, and attach any relevant references for the support team.
Detailed information helps us provide a more efficient and effective
resolution, as the ticket response time is based on its severity level which
is determined from the details provided.
Each support ticket is assigned a unique number. Use this ticket number to
track the progress of the reported issue, and update the support ticket by
adding a comment. Comments and resolutions are recorded in each ticket.
You can also send an email tosupport.lyvecloud@seagate.com to report an issue.
A support ticket is opened based on the issue reported in the email.
The support team reviews ticket details and updates the ticket status. New:
This status is assigned immediately when a ticket is created, and work is not
yet started. In Progress: This status indicates that the ticket is under
review, and a support engineer is investigating the issue.
After the ticket is updated, you will receive an email notification containing
the ticket number, subject, and changes made. You will receive an email
notification when a new ticket is opened, a ticket is updated, or an issue is
resolved and the ticket is closed.
The Support page lists the number of new and in progress tickets.
Note–Customers of a partner must report Lyve Cloud related issues to its
partner. If you purchase Lyve Cloud through a reseller or partner, you will
not have direct access to support. Please contact your reseller with all
support queries.
Role-based access for the support page
The following table describes access to the Support page features based on the
admin role.
Actions
Create ticket Edit ticket View ticket Add Comments View Comments
Admin
Storage Admin
Auditor (Read only) × × ×
Video: How to contact Lyve Cloud Support
Seagate on Vimeo: Lyve Cloud – How to Contact Lyve Cloud Support
Crea ng a support cket
To create a ticket:
1. On the left-hand menu, selectSupport. 2. On the Support page, selectCreate
New Ticket. 3. In the Create New Ticket dialog, enter the following:
Subject: Enter a subject for the support ticket. This is a mandatory field.
Description: Enter the ticket details. This is an optional field that allows
you to describe the problem summary. Attachments: Add documents that provide
more details about the issue. The file size must not exceed 4 MB. SelectUpload
and choose the file from the desired location to upload an attachment, then
select Open.
After the file is uploaded, it is listed under Attachments. To remove the
attachment, select the x to the right of the file name.
4. Select Create.
The new ticket displays in the ticket listing table.
Note–Once a ticket is saved, you cannot delete the attachments.
Edi ng a cket
You can edit new and in progress tickets. Editing a ticket allows you to edit
or add to the problem summary, description, customer name, and attachments.
To edit a ticket: 1. On the left-hand menu, selectSupport. 2. In the ticket
listing table, select a ticket number to edit that ticket. 3. On the Details
pane, selectEdit. 4. Edit any of the following fields:
Subject Description Attachments: You can add new attachments, but you cannot
delete attachments that were previously added. Add New Comment
A. To add comments, selectAdd New Comment. B. Enter a comment and select Add.
Administrator’s Guide – Introduction
1/4/24
31
5. Select Save.
Viewing cket details
To view a ticket: 1. On the left-hand menu, selectSupport. 2. On the Support
page, select the ticket number to view its details.
Service availability
The Lyve Cloud availability in the following image shows the calculated
service availability for the month.
Lyve Cloud service availability is calculated by subtracting the error rate
from 100% within a five-minute interval. If a customer does not make any
requests in a 5-minute interval, that interval is assumed to have an error
rate of 0%. The error rate is the total number of errors returned, divided by
the total number of requests during that 5-minute interval.
Error rate = number of errors ÷ number of request Availability = 100% – error
rate
Administrator’s Guide – Bucket Management
Lyve Cloud allows you to store objects (like files) in buckets (like folders).
Before you add or store any object, you must create a bucket. When you create
a bucket, you must specify the region where you want to create the bucket.
Role-based access to buckets
Bucket access levels are defined by the user roles. The following table
describes console access to bucket features based on the user’s role:
Actions
Create bucket Edit bucket Delete List and View
Admin
Storage Admin
Auditor (Read only) × × ×
Crea ng buckets
To create a bucket: 1. On the left-hand menu, selectBuckets. 2. On the Buckets
page, selectCreate Bucket .
Administrator’s Guide – Bucket Management
1/4/24
34
3. Enter the bucket name:
Remember the following while creating a bucket name: A. The bucket name must
be unique across all of Lyve Cloud. B. A bucket name containing a dot (.) is
not allowed. C. After you create a bucket, you cannot change the bucket name.
4. Select the region (metro) from the drop-down, where you want the bucket to
reside. For more information, see Understanding Global Accounts.
US – Virginia (us-east-1) US – California (us-west-1) AP – Singapore – (AP-
Southeast-1)
Note–You must create your first bucket in a region, using the console.
5. (Optional) Enable Object Immutability . For more information, seeUsing
object immutability.
If Object Immutability is not enabled when a bucket is created, you cannot
turn it on later. However, if you switch it on while creating a bucket, you
can later switch it off and on again as needed.
If you enable Object Immutability, you can also set a duration to retain the
objects. For more information, see Setting duration.
Administrator’s Guide – Bucket Management
1/4/24
35
6. After you create a bucket, it is listed on the Buckets page.
Note–Sometimes there may be a delay in creating a bucket.
Edi ng bucket proper es
The Buckets page displays the bucket list. It also displays the labels for
each bucket, such as Immutable, Versioned, and Logged. For more information on
the labels, seeUsing object immutability and Administrator’s Guide – Audit Log
Management.
To edit a bucket: 1. On the left-hand menu, selectBuckets. 2. On the Buckets
page, choose and select the name to edit. 3. Perform any of the following
actions in the bucket properties:
S3 endpoint URL allows copying the S3 endpoint URL to the clipboard. This URL
is used to access the bucket. For more information on the S3 endpoint URL
seeS3 API endpoints. Object Immutability : You may choose to switch off Object
Immutability if it is enabled. For more information, see Using object
immutability.
Set Duration: You can set duration only when Object Immutability is switched
on. Select the pencil icon to edit the retention duration. For more
information, seeSetting duration.
S3 API Audit Logs: Select the toggle switch to enable or disable the audit
logs for this bucket. For more information on audit logs, seeAdministrator’s
Guide – Audit Log Management. After you enable the audit logs for the selected
bucket, the bucket is labeled asLogged, and once you disable the audit logs,
the label is removed. Delete Bucket: Select Delete to delete a bucket.
Before deleting a bucket, please make sure to: Delete all data from the
bucket. Delete all permissions referencing this bucket. Deleting a bucket
associated with bucket permissions is allowed only if you have applied
permission to all buckets or all buckets with a prefix in the account. Verify
that the bucket is not set as the target bucket for Audit Logs.
Administrator’s Guide – Bucket Management
1/4/24
36
Lis ng buckets
To view the bucket list: 1. On the left-hand menu, select Buckets.
Note–This view displays the labels for each bucket, such as Immutable, and
Logged. For more information on the labels, seeUsing object immutability and
Administrator’s Guide – Audit Log Management.
By default, the Buckets page displays 10 buckets at a time. To increase or
decrease the number of buckets per page, select the Rows per page arrow and
select 10, 25, 50, or All. 2. Select the left or right arrow to move between
the pages.
The following table displays the description to the column names of the bucket list.
Column Name
Description
Column Name Name Region Usage Created On
Immutable, Versioned, Logged
Description
Displays the name of the bucket.
Displays the region where the bucket is residing. You can select the region
while creating a bucket. For more information, seeCreating buckets.
Displays the total amount of data stored in the bucket in KiB, MiB, or GiB.
Displays when the bucket was created in YYYY-MM-DD format.
Displays the bucket labels. Immutable: The label indicates that the bucket is
in compliance mode. To disable the compliance mode, seeEditing bucket
properties. Versioned: The label indicates that the bucket is versioned. The
bucket version is not suspended even after you disable the Object Immutability
Logged: The label indicates that audit logs are enabled for the bucket. To
disable the audit logs for buckets, seeEditing bucket properties.
For more information on these labels, seeUsing object immutability and
Administrator’s Guide – Audit Log Management.
Video: Lyve Cloud – How to Create a Bucket
Seagate on Vimeo: Lyve Cloud – How to Create a Bucket
Using object immutability
Object immutability prevents objects from being deleted or overwritten by any
user or application for a specified retention duration. This is especially
useful when you want to meet regulatory data requirements or other scenarios
where it is imperative that data cannot be changed or deleted. Object
immutability must be used when you are certain that you do not want anyone,
including the Administrator, to delete the objects during their retention
duration. When you switch on object immutability, you must also set the
duration and specify the defaretention period.
Video: Lyve Cloud – How to Prevent Objects From Being Deleted
Seagate on Vimeo: Lyve Cloud – How to Create a Bucket
How does versioning work in object immutability?
Administrator’s Guide – Bucket Management
1/4/24
38
Versioning allows saving multiple variants of an object in the same bucket. It
allows you to preserve, retrieve, and restore every version of an object
stored in the bucket. Versioning enables the recovery of objects from any
unintended or accidental user actions and application failures.
After switching on object immutability for a bucket, versioning is
automatically enabled, Lyve Cloud automatically creates and stores an object
version each time when:
A new object is uploaded An existing object is overwritten An object is
deleted
Note–Versioning may increase your storage capacity utilization.
For example, if you accidentally delete an object, instead of removing it
permanently from Lyve Cloud, this deleted object becomes the current object
version. You can then restore the previously available version.
When you create a bucket and switch on object immutability, you can switch off
object immutability afterwards. However, versioning cannot be suspended for
that bucket.
For example, if you accidentally delete an object, instead of removing it
permanently from Lyve Cloud, this deleted object becomes the current object
version. You can then restore the previously available version.
When you create a bucket and switch on object immutability, you can switch off
object immutability afterwards. However, versioning cannot be suspended for
that bucket.
Note–Switching on object immutability, the bucket is labelled as Immutable and Versioned. Switching off object immutability only removes the Immutable label.
Se ng dura on
The duration for immutability can be specified in days or years at the object
level. When you set the duration, objects remain locked and cannot be
overwritten or deleted. By default, the duration is set to 30 days. Setting
the duration applies to individual object versions, and different versions of
a single object can have different durations set.
For example, if you set duration to 10 days and then create an object A,
object A will have its retention duration set to 10 days. If you later change
the duration to 20 days and upload an object A again, in that case:
The retention duration for the first version of object A remains to 10 days.
The later version of the same object is set to 20 days.
Administrator’s Guide – Bucket Management
1/4/24
39
When you place an object in the bucket, Lyve Cloud calculates the retention
duration for an object version by adding the specified duration to the object
version’s creation timestamp. The calculated date is stored in an object’s
metadata and protects the object version until the retention duration ends.
When retention duration ends for an object, you can retain or manually delete
an object.
By default, object immutability is switched off, and you can switch it on only
while creating a bucket. Once object immutability is switched on, Lyve Cloud
automatically enables versioning for the bucket. For stepby-step instructions
see below.
To set object immutability:
Enable object immutability when creating a new bucket, see Creating buckets.
Optionally, check the Delete objects after the retention duration ends check
box.
Managing bucket access permissions
Permissions are used to control access to buckets and define which actions the
service accounts are allowed for a bucket. Bucket permission and Policy
permission are two options available for granting permission to your buckets.
Bucket permission: Bucket permission is used to setRead only, Write only, or
All operations permission for selected buckets. Using Bucket permission, you
can grant access permissions to your bucket and the objects in the bucket.
Only the admin and storage admin can associate permissions for the buckets.
The permissions attached to the bucket apply to all of the objects in the
bucket. For more information, see Creating bucket access permissions. Policy
permission: Policy permission is used for creating policy permission by
uploading a JSON file. You can also import a file which is compatible with the
AWS IAM policy file. Using the Policy permission, you can allow or deny
requests at a granular level based on the elements in the policy, resources,
and aspects or conditions of the request. For more information, seeCreating
policy permissions.
Role-based access to permission management
The following table describes access to permission management features based
on your role.
Actions Create permission Edit Delete
Admin
Storage Admin
Auditor (Read only)
×
×
×
Administrator’s Guide – Bucket Management
1/4/24
40
Actions Status List and view
Admin
Storage Admin
Auditor (Read only)
×
Crea ng bucket access permissions
You can create bucket permissions without any buckets in the account only if
you apply permission to all buckets in the account or all buckets with a
prefix.
To create bucket permissions: 1. On the left-hand menu, selectPermissions. 2.
On the Permissions page, selectCreate bucket permission. 3. In the Create
bucket permission dialog, enter the following:
Name: Enter a name for the permission. Which buckets does this permission
apply to?: Select any one from the following:
One or more existing buckets: Choose one or more buckets from the Buckets
list.
Buckets: The buckets field is displayed on when you select one or more
existing buckets.
All buckets in this account with a prefix:
The bucket names must use the same few initial characters. For example, if
four unique buckets for customer01 are created, such as customer01rawdata,
customer01zipdata, customer01media and customer01, enter a prefix of the
bucket names to assign and apply the permission. In this case, use the same
beginning characters for each bucket for our prefix, customer01.
Note
Only one prefix is allowed for a single permission. The prefix field allows a
maximum of 64 characters.
All buckets in the account: Apply permission to all current and future buckets
in the account.
Actions: Select actions to assign privileges as:
All Operations : Allows all operations in all buckets meeting the conditions
defined under Which buckets this permission applies to?. Read only: This
option allows you to perform a read only operation on one or more selected
buckets and its objects. Write only: This option allows you to write objects
into the selected buckets without reading them back.
Once you select the desired options, the description of the permissions is
displayed for that bucket permission. 4. Select Create to save the permission
for a bucket.
The permissions list page displays all permissions. To manage permissions,
seeEditing bucket permissions and Deleting bucket permissions.
Crea ng policy permissions
Lyve Cloud allows the migration of AWS IAM policy files to the Lyve Cloud
policy permission, making it simple to start working with service accounts
based on existing policies. A policy file uses a JSON file format that is
compatible with an AWS IAM policy.
Administrator’s Guide – Bucket Management
1/4/24
42
Working with policy files allows you to specify the Condition element. Query
the exact request values to determine when a policy is in effect, or list
specific actions such asAction: [“s3:GetObject”,”s3:PuObject”] and specify the
Resource element for several buckets and objects. For more information,
seeExample policy permission file.
How to get an IAM policy file from AWS
You must manually copy policy permission details from AWS IAM policy to use in
Lyve Cloud:
1. Login to AWS Management Consoleusing the credentials. 2. Select Services
on the top left to view the list of services. 3. Select IAM in Security,
Identity, & Compliance. 4. Under Access Management, selectPolicies and use the
search field to find the relevant policy to copy
the policy details. 5. Select the JSON tab, copy the policy details into a new
file, and then save it as a JSON file.
Using policy permission files
The following table lists the mandatory, optional, and invalid elements in a
policy permission file.
Note
Invalid elements must be removed from the file before importing, as these
elements are not used in the Lyve Cloud policy permission file. Remove tags
from elements available in AWS IAM policy, as tags cannot be used in the
policy permission file.
Elements Statement Resource Effect Action
Mandatory/Optional/Invalid Mandatory Mandatory Mandatory Mandatory
Description
Contains a single statement or an array of individual statements.
Specifies object(s) or bucket(s) that is related to the statement.
Allows or denies access to the resource.
Describes specific action(s) that will be allowed or denied.
Elements Version
Condition
Mandatory/Optional/Invalid Mandatory
Optional
Description
It defines the version of the policy language and specifies the language
syntax rules that are to be used to process a policy file.
Allows you to specify conditions when a policy is in effect.
The Condition element includes expressions that match the condition keys and
values in the policy file against keys and values in the request.
Specifying invalid condition keys returns an error. For more information,
seeKnown Issues.
Sid
Optional
Id Principal
Optional Invalid
NotPrincipal
Invalid
NotAction
Invalid
A statement ID.
The statement ID must be unique when assigned to statements in the statement
array. This value is used as sub ID for policy document’s ID.
A policy identifier, such as UUID (GUID).
Specifies the service account that is allowed or denied to access a resource.
The service accounts that are not specified, are allowed or denied access to
the resource.
Specifies that it matches everything except the specified list of actions.
If this element is part of the permission file, you need to replace it with
the Action element.
Administrator’s Guide – Bucket Management
1/4/24
44
Elements NotResource
Mandatory/Optional/Invalid Invalid
Description
Specifies that it matches every resource except the available specified list.
If this element is part of the permission file, you need to replace it with
the resource element.
Example policy permission file
In the following example, the policy permission has three statements:
Statement1 : Allows object listing with a prefix David in the bucket mybucket
. It is done using a Condition element. Statement2 : Allows read and write
operations for objects with the prefix David in bucket mybucket . Statement3 :
Denies delete object operation for two resources:
All the objects in mybucket/David/ All the objects in
mycorporatebucket/share/marketing/
{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “statement1”, “Action”: [“s3:ListBucket”], “Effect”: “Allow”, “Resource”: [“arn:aws:s3:::mybucket”], “Condition”: {“StringLike”: {“s3:prefix”: [“David/”]}} }, { “Sid”: “statement2”, “Action”: [ “s3:GetObject”, “s3:PutObject” ], “Effect”: “Allow”, “Resource”: [“arn:aws:s3:::mybucket/David/”] }, { “Sid”: “statement3”, “Action”: [“s3:DeleteObject”], “Effect”: “Deny”, “Resource”: [“arn:aws:s3:::mybucket/David/”, “arn:aws:s3:::mycorporatebucket/share/marketing/”] } ] }
Use the following policy to limit the bucket access to specific IP’s:
Administrator’s Guide – Bucket Management
1/4/24
45
{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “Sid-1”, “Action”: [“s3:”], “Effect”: “Deny”, “Resource”: [“arn:aws:s3:::mybucket”], “Condition”: {“NotIpAddress”: {“aws:SourceIp”: [“134.204.220.36/32”]}} }, { “Sid”: “Sid-2”, “Action”: [ “s3:” ], “Effect”: “Allow”, “Resource”: [“arn:aws:s3:::mybucket”, “arn:aws:s3:::mybucket/*”] } ] }
To create policy permission:
1. On the left-hand menu, selectPermissions. 2. On the Permissions page,
selectCreate Policy Permission. 3. In the Create Policy Permission dialog:
Enter a name. Edit the description if desired. Drag and drop a policy
permission file, or browse to upload a file. Once the new policy permission
file is available, download or replace the existing file.
[ INSERT create-policy-permission-01.png ] 4. Select Create.
You might encounter errors if the policy permission file (JSON) has any
additional or missing elements. The following is the list of possible error
messages. Read them carefully and update the policy permission file
accordingly.
Error Message File Import Failed: Invalid JSON file. File Import Failed: Effect field is required. File Import Failed: Resource field is required.
Resolution Check the JSON file structure.
Administrator’s Guide – Bucket Management
1/4/24
46
Error Message
File Import Failed: Action field is required.
File Import Failed: Statement is required.
File Import Failed: Version field value is empty.
ARedsdotlhuitsioenlement to the policy permission file.
File Import Failed: Action canot be empty.
File Import Failed: Resource canot be empty.
File Import Failed: Condition canot be empty.
File Import Failed: Effect value is invalid.
File Import Failed: Action value < action> is not valid.
File Import Failed: Resource value < resource> is not valid.
File Import Failed: Conditionname is not valid:
File Import Failed: Conditionkey is not valid:
Add a value to this element.
Add a valid value to this element. Choose a valid condition name, such as
StringLike . Choose a valid condition key, such as s3:prefix .
Edi ng bucket permissions
Edit existing permissions to change selected buckets and their associated
actions.
To edit permissions: 1. On the left-hand menu, selectPermissions. 2. On the
Permissions page, select the ellipsis of the permission to modify, and
selectEdit.
To modify Policy Permission-type permissions:
In the Edit Policy Permission dialog, edit the following: Name
Name Description Policy File: Download or replace the existing file.
To modify Bucket Permission-type permissions:
In the Edit Policy Permission dialog, edit the following: Name Which buckets
this permission applies to? Actions
4. Select Save.
These changes take effect as soon as the updated permission is saved, and any
subsequent application API calls will be affected.
Dele ng bucket permissions
Note–Permissions used by any service accounts cannot be deleted.
To delete permissions: 1. In the menu, select Permissions. 2. On the
Permissions page, select the ellipsis (…). 3. Select Delete, and then selectOK
in the confirmation.
After you delete a permission, you cannot restore. However, you can create a
new permission and reuse that permission name.
Administrator’s Guide – Bucket Management
1/4/24
48
Viewing permissions
By default, the Permissions page displays 10 permissions at a time. You can
sort the columns in the table.
To view all permissions: 1. In the left-hand navigation, select Permissions .
The following table describes the columns used to list permissions.
Column Name Name Description
Type
Service Accounts
Creation On
Description
Displays name of the permission.
Displays the permission description.
Displays the type of permission created. The type can bePolicy permission and
Bucket permission.
Displays the number of service accounts using that specific permission. You
can hover the mouse on the number to view the names of the attached service
account and the question mark icon to view the tooltip.
Displays the date and time when the permission was created in the year, day,
month YY:DD:MM AM/PM format.
2. Select the arrow next toRows per page to change the number of permissions to list per page.
Administrator’s Guide – Bucket Management
1/4/24
49
Administrator’s Guide – Account Management
Service accounts allow applications to authenticate and access Lyve Cloud
buckets and objects. The appropriate access and secret keys are generated when
you create a service account. This information must be saved during the
account creation, as you cannot recover key details afterwards. You must
create buckets and assign permission to buckets before creating a service
account. For more information, see Creating buckets and Creating bucket access
permissions.
Role-based access to manage service accounts
The following table describes access to service account features based on your
role.
Actions
Create service account Edit Clone Delete Status List and view Service account
expiration
Admin
Storage Admin
×
Auditor (Read only)
×
× × × ×
Crea ng service accounts
You must have at least one associated permission before creating a service
account. To set the duration of keys generated after service account creation,
you must first configure the expiration period. If the expiration duration is
not set, the service account will not have an expiration set, and the secret
credentials will never expire. For more information, seeSetting expiration
duration.
Administrator’s Guide – Account
1/4/24
50
To create a service account: 1. On the left-hand menu, select Service
Accounts. 2. Enter the Service Account Name.
A. Select Permissions from the available list, and select Create. B. On the
Service Accounts page, select Create Service Account.
Note–Selecting permissions with different Actions (All operations, read only),
the action with the least priority is applied to the account.
Note–When you configure the expiration duration, the Secret Key Expiration
Duration displays the days when the secret key expires. Otherwise, the
expiration duration is displayed as Never. To change the expiration duration,
seeSetting expiration duration. If an administrator configures a new
expiration duration during the same time frame as the storage
administrator creates a service account, the storage administrator receives an
information message about the new expiration duration.
3. A confirmation displays the access key and secret keys required to access
the bucket.
Important–Before closing the dialogue, you must copy or download the service
account credentials containing the access and secret keys. Download the key in
CSV or JSON format, as the secret key details cannot be retrieved later. The
following image displays a generated access key and secret key.
Note–Once you create the service account, it may take a few minutes to
replicate across other regions. If you cannot access your storage in a
particular region, try after some time.
Note–Sometimes there may be a delay in creating a service account.
Viewing service accounts
The service account list displays the Access Key, expiration period, and the
status of the service account.
The ‘Expires in’ column displays any of the following: Expired: If the service
account is already expired. Never Expires: The expiration period for the
service account is not configured. Value: Displays the remaining days for the
service account to expire.
To view the service account list, selectService Accounts on the left-hand
menu.
You can view the list of service accounts. You can increase the number of
service accounts per page. You can change the name fromService_Account_1 to
Service_Account_01. You can add permission3 (new permission) to permission0,
permission1 and permission2 (existing). Or you can remove permission0
(existing) from the available list.
You can perform the following operations by selecting the ellipses for each
service account:
Edit service account Disable service account Clone service account Delete
service account
Edi ng service accounts
Editing allows you to edit the service account name and permissions. Editing does not generate a new secret key (credentials) for a service account. To generate new credentials, you must create a new or clone an existing service account. While editing the service account, the access key and expiration period
Administrator’s Guide – Account
1/4/24
53
for the service account is displayed. However, you cannot edit them. The
expiration period is set when you create a service account. For more
information on the expiration period, see Configuring expiration period.
Note–You cannot edit a service account if the expiration period is over..
If you edit Service_Account_1:When you save this service account, the name and
permission of the service account are changed. However, the secret credentials
and expiration period remain the same as the original.
To edit a service account:
1. On the left menu, selectService Accounts. 2. On the Service Accounts page,
select the service account to modify and then selecEt dit. 3. In the Edit
Service Account dialog, you can edit the service account name and modify
permissions. 4. Select or deselect the permissions to associate with the
service account, and scroll to view all
available permissions for the account.
Administrator’s Guide – Account
1/4/24
54
5. Select Save to save changes for the service account.
Changing the status of a service account
The service account is enabled by default. You can disable the service account
anytime. Disabling a service account prevents you from using the secret key to
authenticate.
Note–You cannot change the status of the service account if the expiration
period is over..
To change the status of a service account: 1. On the left-hand menu,
selectService Accounts to view the list of service accounts. 2. Set Status to
Enabled or Disabled to change the account status.
Administrator’s Guide – Account
1/4/24
55
Dele ng a service account
Before you delete a service account, you can disable the key, and once you are
sure that the service account is no longer needed, you can then delete the
key. Deleting a service account permanently prevents you from using the secret
key to authenticate.
To delete a service account: 1. On the left-hand menu, selectService Accounts.
2. On the Service Accounts page, selectDelete. 3. Select Yes to delete the
service account.
You cannot restore a deleted account. However, you can reuse the service
account name to recreate a new service account.
Cloning a service account
Cloning a service account is a quick and easy way to create a duplicate
service account. The values of the service account, like the service account
name, associated permissions, etc., are the same as the original service
account. However, it generates new access and secret keys. The name of the
service account appears as a Copy of
To clone a service account: 1. On the left-hand menu, selectService Accounts
to view the list of service accounts. 2. Select the ellipses to clone the
service account. 3. Select Clone, and edit the required fields of the service
account.
New secret credentials are generated once you create a service account. For
more information, see Creating service accounts.
Service account se ngs
Adding the expiration duration to the service account enhances the security
level of the service account. The existing Service Accounts are set asNever
Expires. By default, the key never expires when creating a service account
unless you configure an expiration duration. You can change the default
setting by setting an expiry duration for all newly created service accounts;
seeSetting expiration duration. This limits the validity of the service
account, which needs to be changed again after the expiration duration. After
the expiration date, the secret key cannot be used for authentication but will
stay associated with the service account until you delete it. If you disable
or delete a service account, any workload that uses the service account will
immediately lose access to the resources.
As a best practice, change your secret keys regularly. You can create a new
secret key by doing the following:
Create a new service account or Clone the service account. Disable the old
service account. Confirm that the old key is no longer in use. Delete the old
service account.
Se ng expira on dura on
Setting an expiration duration enables you to enforce additional security. The
more often you change the service account keys, the less likely it is to be
leaked. Hence, periodically invalidating your service account keys and
creating new keys adds to security.
The Service Account Expiration defaults toOff (disabled). The service account
key never expires when creating a service account without setting an
expiration period. You can turnOn (enable) the expiration and set the duration
in days or years. All service accounts created after you turn on have an
expiration period. For example, if you set the expiration duration as 365
days, any service account created after setting the duration has an expiration
period of 365 days.
Based on the specified days, the service account expires at the end of the
expiration date at 23:59:59 PM, regardless of the time the service account is
created. For example, Setting the expiration duration to 30 days on the 1st of
the month at 10:15:00 AM, the service account expires on day 30 at 23:59:59
PM.
To set expiration duration:
1. On the left-hand menu, selectSettings. 2. Enable the Service Account
Expiration toggle. 3. Enter the number of Day(s) or Years to set the
expiration duration, and selectSave.
After the configuration is complete, all new service accounts created will
have an expiration duration. Once it expires, you cannot perform any actions;
however, you can only delete the service account.
You can configure the expiration duration as 90 days and create a service
account. The Secret Key Expiration Duration in the create service account
dialogue is set to 90 days. This value is displayed on pages where you create
a service account, edit a service account, and list the service account. All
service accounts created after configuring expiration duration will be, by
default, set to 90 days.
After 90 days, the service account status will appear asExpired.
Administrator’s Guide – Audit Log Management
Audit logs are detailed records of activities in the Lyve Cloud console and S3
API operations. Audit logs are used to access audit functions and track any
suspicious activity.
When you enable audit logging, all audit logs are written to the selected
target bucket. The target bucket must be immutable, which keeps audit logs
immutable. For more information, seeUsing object immutability. You cannot
switch off object immutability for the target bucket. You can maintain three
types of audit logs:
S3 API audit logs: This log records all supported S3 API calls. For more
information, seeSupported S3 API calls.
S3 API audit logs are recorded in the S3-
IAM audit logs are recorded in the IAM-
The console audit log is recorded in the console-
Note–Switching on Console Audit Logs enables both the Console audit logs and
IAM audit logs that are written to the target bucket.
Administrator’s Guide – Audit Log
1/4/24
59
The audit log files have TIMESTAMP format: yyyy-MM-dd-HH-mm-ss’ and are set to
the UTC zone.
Audit log files keep sufficient information to establish which events
occurred, when they occurred, and who caused them. Administrators can manually
delete these audit log files after the specified retention duration ends. This
helps you to manage the buckets cost-effectively. For more information,
seeUsing object immutability.
Lyve Cloud periodically saves audit logs for specified buckets. The maximum
size of a log file is 500 MB. If the file size reaches 500 MB, that log file
is saved, and the logs continue to be written in a new file. Log files are
saved to the target bucket as console audit log files, IAM audit logs, or S3
API logs.
Role-based access to permission
The following table describes access to enable and disable audit logs based on
your role.
Actions
Enable/disable S3 API audit logs
Enable/disable account audit logs
Edit audit log target bucket
Admin
Storage Admin × × ×
Auditor (Read only) ×
×
×
Administrator’s Guide – Audit Log
1/4/24
60
Actions
View audit log settings
Admin
Storage Admin ×
Auditor (Read only)
Video: Lvye Cloud – How to manage audit log se ngs in the Lyve Cloud console
Seagate on Vimeo: Lyve Cloud – How to manage audit log settings in the Lyve
Cloud console
S3 API audit logs
S3 API audit logs keep detailed records of activity in the Lyve Cloud console
as well as S3 API operations. To enable S3 API audit logs, you must select
buckets to be logged from the target buckets available in the account.
Example S3 API audit log
The following is an example of an S3 API audit log file.
{ “serviceAccountCreatorId”: “john.doe@email.com”, “auditEntry”: {
“api”: { “name”: “PutObject”, “bucket”: “bucket-1”, “object”:
“values-v2.yaml”, “status”: “OK”, “statusCode”: 200, “timeToResponse”:
“2246401314ns” }, “time”: “2021-01-22T10:49:30.699378337Z”, “version”: “1”,
“requestID”: “165C883E70C2A5D0”, “userAgent”: “aws-sdk-java/1.12.25
Linux/4.15.0-135-generic OpenJDK_64-Bit_Server_VM/11.0.12+7 java/11.0.12
vendor/O racle_Corporation cfg/retry- mode/legacy”, “remotehost”: “127.0.0.1”,
“deploymentid”: “ef46b1cb-6be1-4aa2-9c14-e7ffbc11986b”, “requestHeader”:{
“User-Agent”: “aws-sdk-java/1.12.25 Linux/4.15.0-135-generic
OpenJDK_64-Bit_Server_VM/11.0.12+7 java/11.0.12 vend or/Oracle_Corporation cfg
/retry-mode/legacy”,
Administrator’s Guide – Audit Log
1/4/24
61
“X-Amz-Date”: “20210122
References
- agate.com
- Hosted Libraries | Google for Developers
- ate.com
- cdn.auth0.com
- jsDelivr - A free, fast, and reliable CDN for JS and open source
- Seagate Lyve Cloud
- Download
- EAgate.com is for sale | HugeDomains
- Secure Managed WordPress Hosting - Gate.com
- Secure Managed WordPress Hosting - Gate.com
- Lyve Cloud Documentation
- Harmony HIll School, Inc
- The Tudors
- Polyfill.io
- profiles.cyberduck.io.s3.amazonaws.com/S3%20(HTTPS).cyberduckprofile
- SAML Tokens - samltool.io
- SAML Tokens - samltool.io
- The Leader in Mass Data Storage Solutions | Seagate Australia / New Zealand
- Lyve Cloud Status
- Amazon S3 — Cyberduck Help documentation
- Lyve Cloud Account API version 2
- console.aws.amazon.com/console/home?region=us-east-1
- Seagate Lyve Cloud
- ListParts - Amazon Simple Storage Service
- Uploading and copying objects using multipart upload - Amazon Simple Storage Service
- Add an Account to the OMA App by Scanning the QR Code
- SecLists/Passwords/Common-Credentials/10k-most-common.txt at master · danielmiessler/SecLists · GitHub
- Managing service accounts
- Using multi-factor authentication (MFA)
- Help
- Lyve Cloud - How to Manage Users and Assign Roles on Vimeo
- rclone config delete
- rclone copy
- rclone copyto
- rclone delete
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>