| Table of Contents | ||
|---|---|---|
|
Content Gateway uses one storage domain within the storage cluster in order to persist meta information about all tenants and storage domains. Although there is no difference between storage domains to in the storage cluster, Content Gateway uses these two distinctions for domains: administrative domain, and tenant storage domain.
- administrative domain
Administrative Domainrefers to the domain used by Gateway
in orderto store meta information used in
the management ofmanaging tenants and all other storage domains, including itself, and should only be accessible to cluster administrators.
WhileIt is not recommended to use the administrative domain
can be usedto store general-purpose content
, this is not recommended since care must be taken not to. Do not interfere with the objects managed by the Gateway.
- tenant storage domain
Tenant Storage Domain(or
storage domainStorage Domain) refers to the domains that store content that is accessible to normal users and applications. All content within a tenant storage domain is potentially accessible to the users of that domain and there is no special Gateway content within it.
The requirements for the name of the administrative domain are that it must be:
globally unique for a set of tenant storage domains
defined in the
gateway.cfgfilecreated prior to using tenant storage domains
same for all Gateway servers servicing a set of tenant storage domains
| Info |
|---|
ImportantThe content within the administrative domain must be protected from access by users other than the cluster administrators. Thus, when this domain is created, an owner must be set and, optionally, an appropriate domain Policy should be defined for it. |
To facilitate the setup of the administrative domain, Gateway includes a command to properly create a locked-down domain . In order to use the command, edit to facilitate the setup of the administrative domain. Edit the gateway.cfg file's adminDomain parameter , define to use the command. Define the name for the administrative domain , and then run the initialization script:
| Code Block |
|---|
/opt/caringo/cloudgateway/bin/initgateway |
| Info |
|---|
| Note |
CautionRun once only. This command should be run only one time when installing the first Gateway server; it should not be run when installing subsequent servers. Run locally only. Do not , under any circumstances, run it run the command in a remote cluster to which you will replicate replicates the administrative domain via using a Feed. |
A domain named by the adminDomain parameter will be is created in the storage cluster with the owner set to the value admin@. Without additional action on the part of the cluster administrator, this domain is locked for all access and requires the use of an administrative override to log in order to log into the domain.
SeeĀ Restricting Domain Access for more about access control and administrative override.
If cluster administrators want to open the access of the administrative domain, they can Cluster administrators use the Policy and IDSYS documents for the domain and change the ownership by modifying the X-Owner-Meta metadata value if access of the administrative domain needs to be open.
| Infonote | |
|---|---|
| title | CautionTake care ifVerify access to the administrative domain is locked or unlocked. Content stored within the administrative domain controls access, policies, and management data for all tenants and storage domains. |
The name of the administrative domain must be unique for a set of tenant storage domains and must not be created more than once whether using an SCSP operation or by using the initgateway script. Once an administrative domain or a tenant storage domain has been created, the only proper way to instantiate the domain in another cluster is by using remote replication in Swarm.
See Replicating Domains to Other Clusters.children