If you have your own S3 storage (S3 Object Storage) supported by DRACOON, such as NetApp, you can connect it to DRACOON under Settings > Storage.
Topics of this article
Overview: S3 storage and DRACOON
- With S3 storage, a hybrid cloud solution can be implemented with DRACOON, where all files are no longer physically located in the DRACOON storage (in the cloud), but in your own S3 storage, while DRACOON is operated as a separate SaaS application that references the connected S3 storage. In DRACOON itself only the metadata of the files are stored.
- All official DRACOON clients and SDKs automatically support direct upload and direct download for S3 storage. By the direct upload files land with the upload in DRACOON without detours in your connected S3 storage, without being stored before in the DRACOON storage (in the cloud) temporarily. The file contents are not routed via DRACOON during the transfer (upload and download) - DRACOON as a cloud provider has no access to the file contents in the connected S3 storage at any time, which represents an additional security aspect. Another advantage: If the S3 storage is located directly on your premises, your users can upload to or download from DRACOON (i.e. your S3 storage) at full LAN speed, e.g. within your premises, and there is no need to transfer large amounts of data to the Internet..
- In addition, DRACOON provides support for S3 object tags, which can be applied to files in DRACOON, e.g. to implement storage policies on S3 storage.
In conjunction with e.g. NetApp, S3 Object Tags enable a previously unimagined flexibility in data storage. In DRACOON, any Object Tags (keywords) you have defined in the NetApp Policy Engine can be specified and assigned to specific data spaces. NetApp then applies the defined storage rules, depending on the keyword.
- For example, data from particularly sensitive data rooms can be automatically stored in a data center with the highest security level, or in a specific location on Earth..
- Another option is geo-redundant data storage. In this case, the client is always offered the nearest cheapest storage node for the download and upload of the objects..
- Archiving policies can also be applied via S3 object tags. This means, for example, that S3 objects can only be deleted after 10 years and are archived in an audit-proof manner until the end of this period..
- The S3 Object Storage must be publicly accessible on the Internet to be used with DRACOON.
- An existing DRACOON environment can be converted to S3 storage at any time. As soon as a S3 storage was connected to DRACOON, all data already existing in DRACOON are moved automatically into the S3 storage - if the DRACOON environment contains already very many files, this migration into the S3 storage can take several days. During the migration DRACOON can be used further without restrictions - DRACOON recognizes automatically with the file access during the migration, which files were migrated already into the S3 memory and which are still in the DRACOON memory.
- Note: If a DRACOON environment was converted to S3 storage, this can no longer be undone! DRACOON displays a corresponding warning before the final conversion, which must be confirmed.
Connect S3 storage to DRACOON
An S3 storage solution must fulfill certain technological requirements, so that it can be connected to DRACOON.
DRACOON currently officially supports the following S3 Object Storage solutions: NetApp StorageGRID (version 11.1 or higher), Amazon Web Services (AWS), IBM Cloud Object Storage, Open Telekom Cloud, OpenIO (version 18.04 or higher)
Who is allowed to connect S3 storage to DRACOON?
To connect an S3 storage solution to DRACOON, only users with the Role Configuration manager are allowed to do so.
Instructions for connecting supported S3 storage solutions to DRACOON:
Use S3 Object Tags in DRACOON
Once an S3 storage has been connected to DRACOON, the use of S3 Object Tags can be activated in DRACOON.
Who is allowed to enable the use of S3 Object Tags in DRACOON and define them?
To enable the use of S3 Object Tags and their definition in DRACOON only users with the role Configuration manager are allowed to do so.