Starting with Gateway 7.3 and Content UI 7.3, the concept of a System domain has been introduced in order to provide legacy SCSP clients with the ability to access unnamed objects that are (Understanding Unnamed Objects) stored outside of all storage domains. The System domain feature allows you to take taking advantage of Swarm's modern features such as metadata searching for unnamed and untenanted objects in your a cluster. It provides better access control policy management and integration via the UI.

With the System domain, the choices for connecting legacy SCSP clients with the storage are:

1. direct network connection to all object storage nodes,

2. through legacy SCSPproxy package, or

3. through gateway running in legacy mode.

Direct network connection and SCSPproxy with legacy application clients:

• continue to work in existing deployment without code modifications

• can use legacy HTTP digest auth/auth mechanism with storage nodes

• storage-in-use metering is tracked by gateway

• bandwidth metering is not tracked by gateway

• no audit log tracking by gateway

• could

  can interfere with tenanted content within storage domains – depends on specific application

Legacy application clients connecting through gateway:

• continue to work without changing application code logic (except legacy auth/auth)

• cannot use legacy HTTP digest auth/auth mechanism

• storage-in-use and bandwidth metering is tracked by gateway

• audit logging for all access

• access control using gateway's policy mechanism

• assured isolation from content within other storage domains

API and UI

The System domain is considered a child of the System tenant and is represented as a domain called "System" within the System tenant, both in the UI listing and in the Management API ("_system"). Metrics for the System domain roll up into the System tenant, together with metrics for all untenanted domains.Image Removed

...

You Buckets cannot create buckets be created in the System domain. However, but it presents the Content IDs pseudo-bucket. You can upload Upload to Content IDs the same way as to any other domain.Image Removed

...

System domain also supports Collections.Image Removed

...

Setting Up Access Permissions

The System domain has no owner and no one can be assigned to be the owner, so there is no default access policy for it. System domain management only allows you to set IDSYS setting IDSYS (IDSYS Document Format) and policy based access. Access to content in the System domain must be granted through the root and/or System domain-specific policies.

...

Authentication tokens (Setting Tokens) are not supported for the System domain in the UI.Image Removed

...

Configuring a Gateway as a System Domain-

...

Only Gateway (Legacy Mode)

Gateway can be configured to work in one of the following modes:

• Normal mode with tenanted named and unnamed objects

• Legacy mode with unnamed untenanted objects only. (new with v7.3)

This is configured using the following setting. If unset, the The default value is 'false' and the gateway will run runs in normal mode if unset.
[gateway]
legacyOnlyMode = true/false

Legacy mode allows you to configure configuring a gateway as a System domain-only gateway for use by legacy SCSP clients so unnamed objects in the System domain can be accessed. When operating in this mode, gateway Gateway disregards a client's specification domain and communicates solely to the System domain in the back-end storage cluster when operating in this mode.

Content UI is only available through normal mode gateways and attempting to use the UI through a legacy-only mode gateway will return this returns the following message in the a browser:
This gateway is running in legacy mode. UI requests are not supported.

...