Welcome

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Sign Out

Welcome to Dell

My Account

Place orders quickly and easily
View orders and track your shipping status
Enjoy members-only rewards and discounts
Create and access a list of your products
Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

US/EN

Cart

Your Dell.com Carts

Products
Solutions
Services
Contact Us

Support
Product Support
Manuals

ECS 3.6.2 Data Access Guide

Notes, cautions, and warnings
S3
- Amazon S3 API support in ECS
- S3 API supported and unsupported features
  - Behavior where bucket already exists
- Bucket policy support
- Object Tagging
- S3 Object Lock
  - Managing Object Lock
- Object lifecycle management
- S3 Extensions
- Metadata Search
- S3 and Swift Interoperability
- Create and manage secret keys
  - Create a key for an object user
    - Generate a secret key from the ECS Portal
    - Create an S3 secret key using the ECS Management REST API
  - Create an S3 secret key: self-service
    - Working with self-service keys
- Authenticating with the S3 service
- Using s3curl with ECS
- Use SDKs to access the S3 service
  - Using the Java Amazon SDK
    - ECS S3 APIs compatible with AWS Java SDK
    - AWS SDK APIs not supported in ECS S3 APIs
  - ECS Java SDK
    - Disabling request timeouts
      - Changing timeout parameters
- ECS S3 error codes
- Hadoop S3A for ECS
- Enabling data2 IP in ECS S3
Cloud DVR
- Cloud DVR overview
- Cloud DVR supported APIs
  - Cloud DVR API Examples
ECS IAM for S3
- ECS IAM overview
- ECS IAM identities
  - Tagging ECS IAM users and roles
- Backward compatibility
  - ECS legacy users
  - Access control
- ECS IAM API and SDK access
- AWS SDK APIs not supported in ECS IAM
- ECS IAM error codes
- ECS IAM supported condition keys
- ECS IAM limitations on entities and objects
- ECS IAM access management
- Secure Token Service
- ECS IAM SAML support
OpenStack Swift
- OpenStack Swift support in ECS
- OpenStack Swift supported operations
- Swift extensions
- Swift byte range extensions
- Retention
- File system enabled
- S3 and Swift interoperability
- OpenStack Swift authentication
- Authorization on Container
- ECS Swift error codes
EMC Atmos
- EMC Atmos API support in ECS
- Supported EMC Atmos REST API Calls
- Unsupported EMC Atmos REST API Calls
- Subtenant Support in EMC Atmos REST API Calls
- API Extensions
  - Appending data to an object
  - ECS support for retention and retention expiration periods for Atmos objects
- ECS Atmos error codes
CAS
- Setting up CAS support in ECS
- Cold Storage
- Compliance
- CAS retention in ECS
- Advanced retention for CAS applications: event-based retention, litigation hold, and the min/max governor
- Set up namespace retention policies
- Create and set up a bucket for a CAS user
- Set up a CAS object user
- Set up bucket ACLs for CAS
- ECS Management APIs that support CAS users
- Content Addressable Storage (CAS) SDK API support
  - CAS connection string
- ECS CAS error codes
- Enabling data2 IP in CAS
ECS Management REST API
- ECS Management REST API introduction
- Authenticate with the ECS Management REST API
ECS HDFS
- ECS HDFS Introduction
- Configuring Hadoop to use ECS HDFS
- Hadoop authentication modes
- Migration from a simple to a Kerberos Hadoop cluster
  - Hadoop Kerberos authentication mode
- File system interaction
- Supported Hadoop applications
- Integrate a simple Hadoop cluster with ECS HDFS
- Integrate a secure Hadoop cluster with ECS HDFS
Verify that AD/LDAP is correctly configured with a secure Hadoop cluster
Pig test fails: unable to obtain Kerberos principal
Permission denied for AD user
Permissions errors
Failed to process request
Enable Kerberos client-side logging and debugging
Debug Kerberos on the KDC
Eliminate clock skew
Configure one or more new ECS nodes with the ECS service principal
Workaround for Yarn directory does not exist error
Set up the Kerberos KDC
Configure AD user authentication for Kerberos
Secure bucket metadata
Hadoop core-site.xml properties for ECS HDFS
- Sample core-site.xml for simple authentication mode
Hadoop core-site.xml properties for ECS S3
- Sample core-site.xml for ECS S3
External key management
Document feedback

PDF

Loading, Please wait

Working with self-service keys

Examples provided here help you use the ECS Management REST API to create, read, and manage secret keys.

To perform operations with secret keys you must first authenticate with the Management API. The examples provided use the curl tool.

Log in as domain user
Generate first key
Generate second key
Check keys
Delete all secret keys

Log in as a domain user

You can log in as a domain user and obtain an authentication token that can be used to authenticate subsequent requests.

curl -ik -u user@mydomain.com:<Password> https://10.241.48.31:4443/login
HTTP/1.1 200 OK
Date: Mon, 05 Mar 2018 17:29:38 GMT
Content-Type: application/xml
Content-Length: 107
Connection: keep-alive
X-SDS-AUTH-TOKEN: BAAcaVAzNU16eVcwM09rOWd2Y1ZoUFZ4QmRTK2JVPQMAQQIADTE0MzAwNzQ4ODA1NTQDAC
51cm46VG9rZW46YWJmODA1NTEtYmFkNC00ZDA2LWFmMmMtMTQ1YzRjOTdlNGQ0AgAC0A8=

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<loggedIn>
<user>tcas@corp.sean.com</user>
</loggedIn>

Generate first key

You can generate a secret key.

curl -ks -H "X-SDS-AUTH-TOKEN: BAAcaVAzNU16eVcwM09rOWd2Y1ZoUFZ4QmRTK2JVPQMAQQIADTE0MzAw
NzQ4ODA1NTQDAC51cm46VG9rZW46YWJmODA1NTEtYmFkNC00ZDA2LWFmMmMtMTQ1YzRjOTdlNGQ0AgAC0A8=" 
-H "Content-Type: application/json" -X POST -d "{}" 
https://10.241.48.31:4443/object/secret-keys | xmllint --format -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<user_secret_key>
  <link rel="self" href="/object/user-secret-keys/tcas@corp.sean.com"/>
  <secret_key>7hXZ9/EHTVvmFuYly/z3gHpihXtEUX/VZxdxDDBd</secret_key>
  <key_expiry_timestamp/>
  <key_timestamp>2018-03-05 17:39:13.813</key_timestamp>
</user_secret_key>

Generate second key

You can generate a second secret key and set the expiration for the first key.

curl -ks -H "X-SDS-AUTH-TOKEN: BAAcaVAzNU16eVcwM09rOWd2Y1ZoUFZ4QmRTK2JVPQMAQQIADTE0MzAwN
zQ4ODA1NTQDAC51cm46VG9rZW46YWJmODA1NTEtYmFkNC00ZDA2LWFmMmMtMTQ1YzRjOTdlNGQ0AgAC0A8=" 
-H "Content-Type: application/json" -X POST -d "{\"existing_key_expiry_time_mins\": \"10\"}" 
https://10.241.48.31:4443/object/secret-keys | xmllint --format -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<user_secret_key>
  <link rel="self" href="/object/user-secret-keys/tcas@corp.sean.com"/>
  <secret_key>l3fPCuFCG/bxoOXCPZoYuPwhXrSTwU0f1kFDaRUr</secret_key>
  <key_expiry_timestamp/>
  <key_timestamp>2018-03-05 17:40:12.506</key_timestamp>
</user_secret_key>

Check keys

You can check the keys that you have been assigned. In this case, there are two keys with the first having an expiration date/time.

curl -ks -H "X-SDS-AUTH-TOKEN: BAAcaVAzNU16eVcwM09rOWd2Y1ZoUFZ4QmRTK2JVPQMAQQIADTE0MzAw
NzQ4ODA1NTQDAC51cm46VG9rZW46YWJmODA1NTEtYmFkNC00ZDA2LWFmMmMtMTQ1YzRjOTdlNGQ0AgAC0A8=" 
https://10.241.48.31:4443/object/secret-keys | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<user_secret_keys>
  <secret_key_1>7hXZ9/EHTVvmFuYly/z3gHpihXtEUX/VZxdxDDBd</secret_key_1>
  <secret_key_2>l3fPCuFCG/bxoOXCPZoYuPwhXrSTwU0f1kFDaRUr</secret_key_2>
  <key_expiry_timestamp_1>2018-03-05 17:50:12.369</key_expiry_timestamp_1>
  <key_expiry_timestamp_2/>
  <key_timestamp_1>2018-03-05 17:39:13.813</key_timestamp_1>
  <key_timestamp_2>2018-03-05 17:40:12.506</key_timestamp_2>
  <link rel="self" href="/object/secret-keys"/>
</user_secret_keys>

Delete all secret keys

If you need to delete your secret keys before regenerating them. You can use the following.

curl -ks -H "X-SDS-AUTH-TOKEN: BAAcaVAzNU16eVcwM09rOWd2Y1ZoUFZ4QmRTK2JVPQMAQQIADTE0MzAw
NzQ4ODA1NTQDAC51cm46VG9rZW46YWJmODA1NTEtYmFkNC00ZDA2LWFmMmMtMTQ1YzRjOTdlNGQ0AgAC0A8=" 
-H "Content-Type: application/json" -X POST -d "{}" https://10.241.48.31:4443/object/secret-keys/deactivate

Data is not available for the Topic

Rate this content

All fields are required unless marked otherwise.

Accurate

not accurate

somewhat accurate

mostly accurate

accurate

very accurate

Useful

not useful

somewhat useful

mostly useful

useful

very useful

Easy to understand

not easy

somewhat easy

mostly easy

easy

very-easy

Was this article helpful?

Yes

Send us feedback (Optional)

0/3000 characters

Comments cannot contain these special characters: <>()\

Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.

Please provide ratings (1-5 stars).

Please select whether the article was helpful or not.

Comments cannot contain these special characters: <>()\

US/EN

Site Map

Account

My Account
Order Status
Profile Settings
My Products
Make a Payment
Dell Rewards Balance

Support

Support Home
Contact Technical Support
Returns

Connect with Us

Community
Contact Us
X (Twitter)
LinkedIn
Instagram
YouTube

Site Map

US/EN

Our Offerings

Artificial Intelligence
Products
Solutions
Services
Deals

Our Company

Who We Are
Careers
Dell Technologies Capital
Investors
Newsroom
Perspectives
Recycling
ESG & Impact
Customer Stories

Our Partners

Find a Partner
Find a Reseller
OEM Solutions
Partner Program

Resources

Blog
Dell Rewards
Events
Email Sign-Up
Dell Learning Center
Glossary
Privacy Center
Resource Library
Security & Trust Center
Trial Software Downloads

Dell Technologies
Dell Premier
Dell Financial Services

Terms of Sale
Privacy Statement
Do Not Sell or Share My Personal Information
Cookies, Ads & Emails
Legal & Regulatory
Accessibility
Anti-Slavery, Human Trafficking & Child Labor