Mercurial > hg > orthanc-book
comparison Sphinx/source/plugins/object-storage.rst @ 884:6316d139b4a9
typos
author | Alain Mazy <am@osimis.io> |
---|---|
date | Fri, 21 Oct 2022 16:35:56 +0200 |
parents | d04096c1afd7 |
children | dff54191a382 |
comparison
equal
deleted
inserted
replaced
883:cd6f9323c33a | 884:6316d139b4a9 |
---|---|
261 | 261 |
262 When the ``HybridMode`` is set to ``WriteToFileSystem``, it means that new files received | 262 When the ``HybridMode`` is set to ``WriteToFileSystem``, it means that new files received |
263 are store on the file system. When accessing a file, it is first read from the file system | 263 are store on the file system. When accessing a file, it is first read from the file system |
264 and, if it is not found on the file system, it is read from the object-storage. | 264 and, if it is not found on the file system, it is read from the object-storage. |
265 | 265 |
266 The ``WriteToFileSystem`` hybrid mode is usefull for storing recent files on the file system for | 266 The ``WriteToFileSystem`` hybrid mode is useful for storing recent files on the file system for |
267 better performance and old files on the object-storage for lower cost and easier backups. | 267 better performance and old files on the object-storage for lower cost and easier backups. |
268 | 268 |
269 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it means that new files received | 269 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it means that new files received |
270 are store on the object storage. When accessing a file, it is first read from the object storage | 270 are store on the object storage. When accessing a file, it is first read from the object storage |
271 and, if it is not found on the object-storage, it is read from the file system. | 271 and, if it is not found on the object-storage, it is read from the file system. |
272 | 272 |
273 The ``WriteToObjectStorage`` hybrid mode is usefull mainly during a migration from file system to | 273 The ``WriteToObjectStorage`` hybrid mode is useful mainly during a migration from file system to |
274 object-storage, e.g, if you have deployed a VM in a cloud with local file system storage and want | 274 object-storage, e.g, if you have deployed a VM in a cloud with local file system storage and want |
275 to move your files to object-storage without interrupting your service. | 275 to move your files to object-storage without interrupting your service. |
276 | 276 |
277 Moving files between file-system and object-storage | 277 Moving files between file-system and object-storage |
278 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | 278 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
279 | 279 |
280 When the ``HybridMode`` is set to ``WriteToFileSystem``, it is sometimes usefull to move old files | 280 When the ``HybridMode`` is set to ``WriteToFileSystem``, it is sometimes useful to move old files |
281 to the object-storage for long term archive or to `pre-fetch`` files from object-storage to file | 281 to the object-storage for long term archive or to `pre-fetch` files from object-storage to file |
282 system for improved performances e.g when before opening the study in a viewer. | 282 system for improved performances e.g when before opening the study in a viewer. |
283 | 283 |
284 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it is usefull to move file from the | 284 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it is useful to move file from the |
285 file system to the object storage to perform a full data migration to object-storage. | 285 file system to the object storage to perform a full data migration to object-storage. |
286 | 286 |
287 To move files from one storage to the other, you should call the plugin Rest API:: | 287 To move files from one storage to the other, you should call the plugin Rest API:: |
288 | 288 |
289 $ curl -X POST http://localhost:8042/move-storage \ | 289 $ curl -X POST http://localhost:8042/move-storage \ |
358 | 358 |
359 Once you use client-side encryption, you'll basically store packets of meaningless bytes on the cloud infrastructure. | 359 Once you use client-side encryption, you'll basically store packets of meaningless bytes on the cloud infrastructure. |
360 So, if an "api-key" leaks or if the storage is misconfigured, packets of bytes will leak but not PHI since | 360 So, if an "api-key" leaks or if the storage is misconfigured, packets of bytes will leak but not PHI since |
361 no one will be able to decrypt them. | 361 no one will be able to decrypt them. |
362 | 362 |
363 Another advantage is that these packets of bytes might eventually not be considered as PHI anymore and eventually | 363 Another advantage is that these packets of bytes might eventually not be considered as PHI anymore and potentially |
364 help you meet your local regulations (Please check your local regulations). | 364 help you meet your local regulations (Please check your local regulations). |
365 | 365 |
366 However, note that, if you're running entirely in a cloud environment, your decryption keys will still | 366 However, note that, if you're running entirely in a cloud environment, your decryption keys will still |
367 be stored on the cloud infrastructure (VM disks - process RAM) and an attacker could still eventually gain access to this keys. | 367 be stored on the cloud infrastructure (VM disks - process RAM) and an attacker could still eventually gain access to this keys. |
368 | 368 |
369 If Orthanc is running in your infrastructure with the Index DB on your infrastructure, and files are store in the cloud, | 369 If Orthanc is running in your infrastructure with the Index DB on your infrastructure, and files are stored in the cloud, |
370 the master keys will remain on your infrastructure only and there's no way the data stored in the cloud could be decrypted outside your infrastructure. | 370 the master keys will remain on your infrastructure only and there's no way the data stored in the cloud could be decrypted outside your infrastructure. |
371 | 371 |
372 Also note that, although the cloud providers also provide client-side encryption, we, as an open-source project, | 372 Also note that, although the cloud providers also provide client-side encryption, we, as an open-source project, |
373 wanted to provide our own implementation on which you'll have full control and extension capabilities. | 373 wanted to provide our own implementation on which you'll have full control and extension capabilities. |
374 This also allows us to implement the same logic on all cloud providers. | 374 This also allows us to implement the same logic on all cloud providers. |