ProfitBricks S3 Object Storage

From ProfitBricks Online Help
Jump to: navigation, search

Contents

What is Object Storage?

Object storage is a modern storage technology that can be found in private and public cloud storage applications.

In an object storage architecture, files are not stored and managed in hierarchies or blocks as is the case with file or block storage, but as objects. An object consists of the file itself, customisable metadata, and a unique identifier through which it is addressed.

Object storage is almost indefinitely scalable and can be accessed through APIs and internet protocols, which makes it well-suited for cloud storage solutions. The S3 API (Simple Storage Services) has been established as a global standard for object storage for years and allows for interoperability and compatibility across different object storage systems that adhere to this standard.

Object storage is best used for storing large chunks of unstructured, static data such as videos, images, music, and other files not intended for manipulation by frequent transactions. This includes archives, backups, log files, documents and any file type that you want to keep “as is” for later access.

What does the ProfitBricks S3 Object Storage Offer?

Object Storage

ProfitBricks S3 Object Storage offers you almost limitless cloud storage capacity, which you can manage and use with your ProfitBricks account. You can upload any file type.

Our object storage is currently available in Germany - which you can recognise by the region “de” in the object storage properties. Geo-redundant backups and auto-tiering will be available at a later date.

For information on pricing see our website.

S3

ProfitBricks S3 Object Storage offers the industry’s best compatibility with the S3 API, which guarantees a high level of interoperability with other object storage systems adhering to S3. Apart from the standard operations, which S3 entails, it allows a multitude of additional operations, such as:

  • Versioning,
  • Logging,
  • Object encryption,
  • Detailed access management by means of access control lists (ACLs),
  • Deleting multiple objects automatically,
  • Hosting a static website.

Endpoints

ProfitBricks S3 Object Storage:

http://s3-de-central.profitbricks.com:80

https://s3-de-central.profitbricks.com:443

Websites hosted on the ProfitBricks S3 Object Storage:

S3-website-de-central.profitbricks.com

Object Storage Management Console

The ProfitBricks object storage is based on S3 so that you can use any client application supporting S3 to access it. In order to make the management and use of our object storage as comfortable as possible, we offer you a graphical user interface - the Object Storage Management Console: Object-Storage-Management-Console.png

You can access the Object Storage Management Console through the DCD.

Limitations

The Object Storage Management Console does not support accessing public buckets or content that has been shared with you. We recommend using a third party application for this. The console can only be opened through the DCD and is available in English only.

Object Management

Object-management.png

Buckets

Buckets are logical containers in which you store all of your objects. Before you can upload objects to your object storage, you need to create a bucket first. The name of a bucket needs to be unique across the ProfitBricks S3 Object Storage, and it needs to meet certain criteria (naming rules). Once created, a bucket cannot be renamed. You can enable versioning and logging for a bucket. Permissions define who can access a bucket or object.

Folders Folder.png

Folders are logical containers in which objects can be stored similar to a hierarchical file system. A bucket can contain multiple folders at more than one level. A folder can contain further folders. A folder does not have any properties. Folders adhere to the same naming rules as objects. Once created, a folder cannot be renamed. Objects already uploaded to the object storage cannot be moved to another folder.

Objects Object-storage-management-console-file-icon.png

You can store objects, i. e. files, of any format in the ProfitBricks S3 Object Storage. Their format or content are not checked or validated. You can store objects in buckets and folders. The number of objects you can store is unlimited. The name of an object needs to adhere to certain naming rules. Permissions define who can access a bucket or object. Once uploaded, an object cannot be renamed or moved.

NOTE: Please note that the size of a single object you upload using the Object Storage Management Console may not exceed 5 GB. This limit does not apply to uploads through other applications.

Access Management

You can permit or deny access to a bucket or object by assigning permissions to users or entire user groups. They can have read or write access. Buckets and objects can be private so that the bucket owner alone has access, or they can be shared with the public (literally anyone) or select users. By default, buckets and objects are private.

NOTE: Please note that the content of a bucket can be viewed as a list as soon as the bucket is made public. This applies to all objects in it including private ones.

Object Storage Keys

ProfitBricks-S3-object-storage.png
In order to access the ProfitBricks S3 Object Storage every user needs an active object storage key. It consists of key and secret, both of which you can view in the DCD and copy-paste so that you can access your object storage through a third-party application.

When you log on to ProfitBricks S3 Object Storage through the DCD, the DCD manages all authentication and authorisation processes which allows you to access your object storage with just one click.


You can only log on to the ProfitBricks S3 Object Storage when you have the privilege to use the object storage and at least one active Object Storage Key. It is available to contract owners and administrators by default, whereas other types of users first need to be granted the privilege and have their object storage key activated.

A bucket owner can generate multiple object storage keys and allow other users (or automated scripts, for that matter) access to the object storage. When users log on to an object storage using another bucket owner’s “additional” object storage key, the bucket owner’s credentials are applied to the logon automatically and they are granted full access as such.

Apart from automation purposes this might be useful if you intend to let other users access your object storage for a limited period of time after which you simply delete the additional key to deny those users further access.

Another feature in the DCD allows contract owners and administrators to access the object storage accounts of their contract members as the respective bucket owners with full access rights.

Users

By default, the ProfitBricks S3 Object Storage is available to contract owners and administrators, whereas other types of users first need to be granted the respective privilege and have their object storage key activated. When you log on to your object storage, you are the bucket owner with full access. Roles and permissions to your buckets and objects make them available to other users.

Providing another user with an object storage key to your object storage allows this user to access your object storage using your credentials, granting this user full access.

Another DCD feature allows contract owners and administrators to access the object storage accounts of their contract members on behalf of them, granting them full access as the bucket owner.

NOTE: Before you delete a user or all of their object storage keys from your ProfitBricks account, please ensure - by applying the appropriate permissions - that anything stored in the user’s ProfitBricks S3 Object Storage is accessible for further use or deletion. Private content that has not been deleted prior to the deletion of the user or all of their object storage keys cannot be accessed and will be charged continually. In this case, please contact our support team.

S3 IDs

Depending on the S3 client application you use for accessing your ProfitBricks S3 Object Storage, there are different ways of sharing your bucket contents. Besides using roles and pre-defined access profiles (“canned ACLs”) for managing access to your buckets, you can use “S3 identifiers” (S3 IDs) to share contents with another user (“ACL sharing”, “S3 sharing”). These S3 identifiers are:

  • Contract User ID: The contract user ID consists of contract number and user ID (contract number|user UUID). This ID is used for sharing buckets with other users of the ProfitBricks S3 Object Storage (across contracts) through the Object Storage Management Console.
  • Canonical User ID: The canonical user ID is the ID the ProfitBricks S3 Object Storage assigns to a user.
  • E-Mail Address: Some S3 clients are capable of identifying an S3 object storage user by their e-mail address so that all you need to provide is the user’s e-mail address to share your buckets with them.
TIP: S3 clients supporting the “display name” function will display the e-mail address of an S3 user for better readability.

See also: Retrieving S3 IDs

Access Control and Permissions

The object storage access management is organised as follows:

  • Roles (“Grantees”) - S3-defined user types to which permissions are assigned
  • Access rights (“Permissions”) - Access rights that are available for assignment to roles
  • Pre-configured access profiles (“canned ACLs”) - a pre-defined set of access rights that can be assigned to roles.
You can either assign permissions or canned ACLs. By default, newly created buckets and objects are “private”.

Bucket owners always have full access to their buckets and their content.

Roles (“Grantees”)

Grantee Bucket Object
Public
  • All users including those outside ProfitBricks S3 Object Storage
Authenticated Users
  • All users of ProfitBricks S3 Object Storage (all contracts)
Log Delivery (Group)
  • Group required for Logging (in combination with the canned ACL “Log Delivery Write”).
n/a
Select users
  • User of ProfitBricks S3 Object Storage (across contracts) added by the bucket owner or another authorized user; This role is used to share buckets with a particular user or a group of users by making use of ACL sharing which requires the Object Storage User ID (contract number|UserID).

Permissions

Permission Bucket Object
Read access (Readable)
  • view content of a bucket as a list; cannot open or download objects
  • view and download object
Write access (Writable)
  • upload and delete objects
n/a
Read access for permissions (ACP Readable)
  • view the permissions of a bucket or object
Write access for permissions (ACP Writable)
  • view and edit the permissions of a bucket or object

Pre-configured Access Profiles (“Canned ACLs”)

Canned ACL Bucket Objekt
Private (Standard)
  • Bucket owner has full access
Public Read
  • Bucket owner has full access.
  • Everybody (incl. users outside the ProfitBricks S3 Object Storage) has read access.
NOTE: Please note that the content of a bucket can be viewed as a list when it is made public. This applies to all objects in a bucket including private ones.
Public Read Write
  • Bucket owner has full access,
  • Everybody has read and write access to the bucket. They can view the contents of a bucket, download and upload as well as delete objects.
n/a
Authenticated Read
  • Bucket owner has full access,
  • All users of ProfitBricks S3 Object Storage have read access
Log Delivery Write
  • Bucket owner has full access,
  • The Log Delivery Group has write access and can view the permissions of a bucket. This canned ACL is required in order to store the log files that are generated when logging is enabled in the bucket.
n/a
Bucket Owner Read
n/a
  • Object owner has full access.
  • Bucket owner has read access.
Bucket Owner Full Control
n/a
  • Object owner and bucket owner have full access.

Security

Object-storage-management-console-encrypting-objects.png
ProfitBricks S3 Object Storage protects your data on several levels. The storage policy we’ve chosen for our object storage covers the highest data protection level possible, so that technical failures of any kind will not result in data loss.

Your connection to the object storage is SSL-encrypted. Moreover, you can store uploaded objects using server-side encryption. That means, objects can be stored in our object storage in an encrypted form. They are decrypted automatically when they’re downloaded.


S3 allows for a comprehensive access management at the bucket and object level, which allows you to define precisely who may access what. By default, newly created buckets and objects are “private” - only the bucket owner can access them. In order to protect your content from unauthorized access, it is recommended to make only those buckets or objects public that you really wish to share with everybody.

Managing your ProfitBricks S3 Object Storage in DCD

=> Managing your ProfitBricks S3 Object Storage in DCD

Using the ProfitBricks S3 Object Storage

=> Using the ProfitBricks S3 Object Storage
Personal tools
Namespaces

Variants
Actions
Online Help
Introduction
First Steps in the Data Center Designer
Elements and Functions
Information
Tutorials
FAQ
DevOps Central Website
Tools