For some environments the impact of having the S3 Reverse Proxy offline for any amount of time for maintenance or due to a hardware outage is too high and in these cases we recommend that two systems be deployed and configured as a highly-available S3 proxy cluster configuration.
To get started, set up two QuantaStor systems (see Part One that covers setting up a basic QuantaStor proxy server). Next, we’ll go over a few steps to combine these two systems together to form a cluster to make the proxy a HA proxy.
Highly-Available S3 Reverse Proxy Setup Procedure
Step 1) Provision two QuantaStor servers for use as your S3 Reverse Proxy servers.
Step 2) Log in to the first server to create a Storage Grid and add the second QuantaStor server to the Grid. These options are in the toolbar under the Storage Management tab.
Step 3) Navigate to the Cluster Resource Management tab then create a ‘Site Cluster’. This establishes a cluster with a heartbeat between the two systems. Fast links are not required for this, 1GbE or 10GbE are both sufficient. A good name for the Site Cluster would be “s3proxy-cluster” or something like that.
Step 4) Next add a cluster virtual IP address (Site VIF) to the ‘Site Cluster’, this is also in the toolbar in the Cluster Resource Management tab. The IP you assign to this VIF is the one you associate the proxy server name FQDNs within your DNS server. This IP address will move back and forth between servers automatically should the server that has the VIF/IP go offline, be rebooted, or shutdown for maintenance.
Step 5) Last, create a S3 Proxy in the Cloud Integration tab on the first server, then repeat and do the same on the second server. If you have already done this step as part of the basic server setup procedure that’s ok, you don’t need to recreate the proxies.
- IMPORTANT: The S3 proxy on each of the two QuantaStor servers must have the same IBM COS endpoint FQDN and same proxy servername FQDN or else they won’t be identified as an HA pair. You might give them friendly names like “dal-proxy1” and “dal-proxy2”.
Testing the Highly-Available S3 Proxy
Testing the proxy connection can be done using the same technique outlined in the previous article by entering the assigned servername FQDN for the proxy into the web browser of a server or workstation that’s on-prem and has IBM CDL access. It should come back with a basic S3 authentication error, so if you see that you know the proxy is working.
Once that’s verified you should log in to your QuantaStor storage system (either one will work as they’re in a grid so you’ll see the same interface from both systems), then check to see which system currently has the Site VIF and reboot that system. While it’s rebooting, you should still have access via the proxy server’s FQDN as the Site VIF will immediately move to the other system.
Besides automatic failover in the event that a proxy server goes offline, the QuantaStor system is also actively pinging the endpoint every minute and should the server with the Site VIF lose access to the IBM COS endpoint while the other server still has access, it will preemptively move the Site VIF IP to the other system automatically.
If there are connectivity issues, a server outage, or anything that needs attention your QuantaStor systems will notify you but you must configure them via the ‘Alert Manager’ to send you emails or a Slack message should one of the systems need attention. From the main Storage Management tab just select Alert Manager from the toolbar and then configure one or more of the call-home mechanisms such as email or Slack webhook so you are notified should the systems need attention.
Have Questions or Need Assistance?
IBM Cloud and OSNEXUS support staff are available to help you configure and verify your setup. To get assistance, open an IBM support ticket through the portal to request assistance with escalation to OSNEXUS and a support engineer will assist.
Categories: Storage Appliance Hardware
Leave a Reply