Differences

This shows you the differences between two versions of the page.

--- standalone/drive [2019_08_07 23:07] – [Settings] added link to new troubleshooting page steven
+++ standalone:drive [2023_06_22 05:41] – external edit 127.0.0.1
@@ Line 60: / Line 60: @@
 for a configurable period. Files themselves are also cached when downloaded.
 Once files are created or modified the Upload Manager works in the background
-synchronizing them with the cloud storage.
+synchronizing them with cloud storage.
 See also [[https://blog.storagemadeeasy.com/drive-vs-explorer-the-case-for-using-both/|Object Storage Drive vs. Object Storage Explorer: The Case for Using Both]]
+### Costs
+You are responsible for the cost of the storage services (such as Amazon S3) used by deploying this solution. This includes any Windows compute instances to which the drive is deployed and any ingress, egress, and storage fees for metadata and data accessed through the solution.
+The S3 Drive uses the following service:
+  * [[https://aws.amazon.com/s3|Amazon S3]] - Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.
 ## FAQ
-Q. Can I access the drive from other applications?
+**Can I access the drive from other applications?**
-A. Yes, the drive will be available through an application’s Open File and Save
+Yes, the drive will be available through an application’s Open File and Save
 functions.
-Q. Can I access the drive from a command prompt or terminal?
+**Can I access the drive from a command prompt or terminal?**
-A. Yes, the drive can be accessed like a file system in this respect.
-Q. Does the drive cache?
+Yes, the drive can be accessed like a file system in this respect.
-A. Yes, the drive caches to speed up access. Cache settings can be managed
-under configuration settings.
-Q. Does the drive find new content that has been uploaded directly (not via
+**Does the drive cache?**
-the drive) to the object storage?
-A. Yes, the drive will show latest content on the storage provider instance
+Yes, the drive caches file content and folder metadata for performance. Cache settings can be managed under configuration settings.
+**Does the drive find new content that has been uploaded directly (not via
+the drive) to the object storage?**
+Yes, the drive will show latest content on the storage provider instance
 whether the content was uploaded through the drive or to the storage
 provider directly.
+**Why does the drive show 2TB available when I have unlimited cloud storage?**
+The drive shows the maximum space available of the drive used for the cache.
 ## Installation
@@ Line 89: / Line 101: @@
 Latest system requirements at [[:standalone/drive/relnotes|]].
+You must disable Antivirus scanning for the installation folder, cache and drive letter.
 A reboot will be required.
-## Advanced Functions and Configuration
-Access functions and options from the icon in the system tray (for Windows).
- * **Browse S3 Drive** - opens mapped drive in the Windows Explorer
- * **Refresh now** - invalidates folder listings and file content that may be cached.
- * **Start/Stop Drive** - starts or stops drive
- * **Manage uploads** - view uploads that are in-progress or scheduled
- * **Settings** - change configuration options
@@ Line 107: / Line 112: @@
 Authentication is specific to the storage provider, typically an id and password. An endpoint can be provided for private clouds.
- * **S3** - Access key ID and secret access key
- * **OpenStack Swift** - User name, password and either Tenant Name or Tenant Id. Contact your provider for more information.
  * **Azure** - Account name and either your primary or secondary key
  * **Google** - Open the [[https://console.cloud.google.com/projectselector/storage/settings|Cloud Storage Settings]] page in the [[https://console.cloud.google.com/|Google Cloud Platform Console]]; Select "Interoperability"; If you have not set up interoperability before, click "Enable interoperability access"; Click "Create a new key".
+ * **IBM Cloud Object Storage** - (IBM COS) Endpoint, Access key ID and secret access key. The endpoint must not include the bucket name.
+ * **OpenStack Swift** - User name, password and either Tenant Name or Tenant Id. Contact your provider for more information. The option "Use internal URLs when possible" is an optimization for Local Area Networks.
  * **Rackspace Files** - User name and API key
-For OpenStack Swift the option "Use internal URLs when possible" is an optimization for Local Area Networks.
+ * **S3** - AWS Access key (access key ID and secret access key). The endpoint must **not** include the bucket name. To create an access key for AWS see [[https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys|Understanding and getting your AWS credentials]]. For AWS the access key will look like "AKIAIOSFODNN7EXAMPLE" and the secret access key like ""wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE".
+### Security Recommendations
+Following the security principle of least privilege, we recommend that you use separate credentials for each end user. For the AWS Cloud for example this would mean an "IAM user" account for each end user. They should not be [[https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html|root users]]. They can be created within the same AWS Account or have separate accounts.
+Where supported you should further restrict access to only the operations required by the drive. For example, with Amazon S3 you can use a custom IAM policy that limits access to those operations required by the drive.  You should assign these permissions through groups and assign to users as needed. For example the group ```SME-Storage``` could be assigned the following policy:
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:PutObject",
+                    "s3:GetObject",
+                    "s3:ListAllMyBuckets",
+                    "s3:AbortMultipartUpload",
+                    "s3:RestoreObject",
+                    "s3:ListBucket",
+                    "s3:DeleteObject",
+                    "s3:GetBucketLocation",
+                    "s3:DeleteBucket"
+                ],
+                "Resource": "*"
+            }
+        ]
+    }
+To restrict the account's access to a specific bucket, you could use a policy like this:
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:GetBucketLocation",
+                    "s3:ListBucket"
+                ],
+                "Resource":"arn:aws:s3:::thisbucketonly"
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "s3:GetObject",
+                    "s3:DeleteObject",
+                    "s3:PutObject",
+                    "s3:AbortMultipartUpload",
+                    "s3:RestoreObject"
+                ],
+                "Resource": "arn:aws:s3:::thisbucketonly/*"
+            },
+            {
+                "Effect": "Allow",
+                "Action": "s3:ListAllMyBuckets",
+                "Resource": "*"
+            }
+        ]
+    }
+## Tray Functions and Configuration
+Access functions and options from the icon in the system tray (for Windows).
+ * **Browse S3 Drive** - opens mapped drive in the Windows Explorer
+ * **Refresh now** - invalidates folder listings and file content that may be cached.
+ * **Start/Stop Drive** - starts or stops drive
+ * **Manage uploads** - view uploads that are in-progress or scheduled
+ * **Settings** - change configuration options
 ### Settings
@@ Line 133: / Line 212: @@
  * **Delete cached files when Windows shuts down**: Clear cache. Does not preserve pending uploads.
  * **File cache folder**: You may change the location of the local cache.
 #### Connection Settings
@@ Line 140: / Line 218: @@
 {{ :standalone:drive:connection-settings.png?400 |}}
 ### Support