Mercurial > hg > orthanc-book
comparison Sphinx/source/plugins/object-storage.rst @ 884:6316d139b4a9
typos
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Fri, 21 Oct 2022 16:35:56 +0200 |
| parents | d04096c1afd7 |
| children | dff54191a382 |
comparison
equal
deleted
inserted
replaced
| 883:cd6f9323c33a | 884:6316d139b4a9 |
|---|---|
| 261 | 261 |
| 262 When the ``HybridMode`` is set to ``WriteToFileSystem``, it means that new files received | 262 When the ``HybridMode`` is set to ``WriteToFileSystem``, it means that new files received |
| 263 are store on the file system. When accessing a file, it is first read from the file system | 263 are store on the file system. When accessing a file, it is first read from the file system |
| 264 and, if it is not found on the file system, it is read from the object-storage. | 264 and, if it is not found on the file system, it is read from the object-storage. |
| 265 | 265 |
| 266 The ``WriteToFileSystem`` hybrid mode is usefull for storing recent files on the file system for | 266 The ``WriteToFileSystem`` hybrid mode is useful for storing recent files on the file system for |
| 267 better performance and old files on the object-storage for lower cost and easier backups. | 267 better performance and old files on the object-storage for lower cost and easier backups. |
| 268 | 268 |
| 269 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it means that new files received | 269 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it means that new files received |
| 270 are store on the object storage. When accessing a file, it is first read from the object storage | 270 are store on the object storage. When accessing a file, it is first read from the object storage |
| 271 and, if it is not found on the object-storage, it is read from the file system. | 271 and, if it is not found on the object-storage, it is read from the file system. |
| 272 | 272 |
| 273 The ``WriteToObjectStorage`` hybrid mode is usefull mainly during a migration from file system to | 273 The ``WriteToObjectStorage`` hybrid mode is useful mainly during a migration from file system to |
| 274 object-storage, e.g, if you have deployed a VM in a cloud with local file system storage and want | 274 object-storage, e.g, if you have deployed a VM in a cloud with local file system storage and want |
| 275 to move your files to object-storage without interrupting your service. | 275 to move your files to object-storage without interrupting your service. |
| 276 | 276 |
| 277 Moving files between file-system and object-storage | 277 Moving files between file-system and object-storage |
| 278 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | 278 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 279 | 279 |
| 280 When the ``HybridMode`` is set to ``WriteToFileSystem``, it is sometimes usefull to move old files | 280 When the ``HybridMode`` is set to ``WriteToFileSystem``, it is sometimes useful to move old files |
| 281 to the object-storage for long term archive or to `pre-fetch`` files from object-storage to file | 281 to the object-storage for long term archive or to `pre-fetch` files from object-storage to file |
| 282 system for improved performances e.g when before opening the study in a viewer. | 282 system for improved performances e.g when before opening the study in a viewer. |
| 283 | 283 |
| 284 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it is usefull to move file from the | 284 When the ``HybridMode`` is set to ``WriteToObjectStorage``, it is useful to move file from the |
| 285 file system to the object storage to perform a full data migration to object-storage. | 285 file system to the object storage to perform a full data migration to object-storage. |
| 286 | 286 |
| 287 To move files from one storage to the other, you should call the plugin Rest API:: | 287 To move files from one storage to the other, you should call the plugin Rest API:: |
| 288 | 288 |
| 289 $ curl -X POST http://localhost:8042/move-storage \ | 289 $ curl -X POST http://localhost:8042/move-storage \ |
| 358 | 358 |
| 359 Once you use client-side encryption, you'll basically store packets of meaningless bytes on the cloud infrastructure. | 359 Once you use client-side encryption, you'll basically store packets of meaningless bytes on the cloud infrastructure. |
| 360 So, if an "api-key" leaks or if the storage is misconfigured, packets of bytes will leak but not PHI since | 360 So, if an "api-key" leaks or if the storage is misconfigured, packets of bytes will leak but not PHI since |
| 361 no one will be able to decrypt them. | 361 no one will be able to decrypt them. |
| 362 | 362 |
| 363 Another advantage is that these packets of bytes might eventually not be considered as PHI anymore and eventually | 363 Another advantage is that these packets of bytes might eventually not be considered as PHI anymore and potentially |
| 364 help you meet your local regulations (Please check your local regulations). | 364 help you meet your local regulations (Please check your local regulations). |
| 365 | 365 |
| 366 However, note that, if you're running entirely in a cloud environment, your decryption keys will still | 366 However, note that, if you're running entirely in a cloud environment, your decryption keys will still |
| 367 be stored on the cloud infrastructure (VM disks - process RAM) and an attacker could still eventually gain access to this keys. | 367 be stored on the cloud infrastructure (VM disks - process RAM) and an attacker could still eventually gain access to this keys. |
| 368 | 368 |
| 369 If Orthanc is running in your infrastructure with the Index DB on your infrastructure, and files are store in the cloud, | 369 If Orthanc is running in your infrastructure with the Index DB on your infrastructure, and files are stored in the cloud, |
| 370 the master keys will remain on your infrastructure only and there's no way the data stored in the cloud could be decrypted outside your infrastructure. | 370 the master keys will remain on your infrastructure only and there's no way the data stored in the cloud could be decrypted outside your infrastructure. |
| 371 | 371 |
| 372 Also note that, although the cloud providers also provide client-side encryption, we, as an open-source project, | 372 Also note that, although the cloud providers also provide client-side encryption, we, as an open-source project, |
| 373 wanted to provide our own implementation on which you'll have full control and extension capabilities. | 373 wanted to provide our own implementation on which you'll have full control and extension capabilities. |
| 374 This also allows us to implement the same logic on all cloud providers. | 374 This also allows us to implement the same logic on all cloud providers. |