Versions Compared

Old Version 4

changes.mady.by.user Kyle Miller

Saved on

compared with

New Version 5

changes.mady.by.user Kyle Miller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • administrative domain refers to the domain used by Gateway in order to store meta information used in the management of tenants and all other storage domains, including itself, and should only be accessible to cluster administrators. While It is not recommended to use the administrative domain can be used to store general-purpose content, this is not recommended since care must be taken not to . Do not interfere with the objects managed by the Gateway.

  • tenant storage domain(or storage domain) refers to the domains that store content that is accessible to normal users and applications. All content within a tenant storage domain is potentially accessible to the users of that domain and there is no special Gateway content within it.

The requirements for the name of the administrative domain are that it must be:

  • globally unique for a set of tenant storage domains

  • defined in the gateway.cfg file

  • created prior to using tenant storage domains

  • same for all Gateway servers servicing a set of tenant storage domains

Info

Important

The content within the administrative domain must be protected from access by users other than the cluster administrators. Thus, when this domain is created, an owner must be set and, optionally, an appropriate domain Policy should be defined for it.

To facilitate the setup of the administrative domain, Gateway includes a command to properly create a locked-down domain . In order to use the command, edit to facilitate the setup of the administrative domain. Edit the gateway.cfg file's adminDomain parameter , define in order to use the command. Define the name for the administrative domain , and then run the initialization script:

...

Info

Caution

Run once only. This command should be run only one time when installing the first Gateway server; it should not be run when installing subsequent servers.

Run locally only. Do not , under any circumstances, run it run the command in a remote cluster to which you will replicate replicates the administrative domain via using a Feed.

A domain named by the adminDomain parameter will be is created in the storage cluster with the owner set to the value admin@. Without additional action on the part of the cluster administrator, this domain is locked for all access and requires the use of an administrative override in order to log into the domain.

SeeĀ Restricting Domain Access for more about access control and administrative override.

If cluster administrators want to open the access of the administrative domain, they can Cluster administrators use the Policy and IDSYS documents for the domain and change the ownership by modifying the X-Owner-Meta metadata value if access of the administrative domain needs to be open.

Info

Caution

Take care if Verify access to the administrative domain is locked or unlocked. Content stored within the administrative domain controls access, policies, and management data for all tenants and storage domains.

...