What is it?
IBM Cloud Object Storage is a storage service that can be used to store unstructured data and is designed for high durability, resiliency and security. The data is accessible using SDKs or by using the IBM user interface.
What can I do with IBM Cloud Object Storage?
You can use IBM Cloud Object Storage to access your unstructured data from anywhere in the world, via a self-service portal backed by RESTful APIs and SDKs. Depending on your needs, you can use it as a repository for backup and recovery, archive, media content repository, data lake for analytics, and as your storage service for cloud-native applications.
How secure is my data in IBM Cloud Object Storage?
IBM Cloud Object Storage is highly secure. Initially, only the bucket and object owners have access to the service instance they create. IBM Cloud Object Storage also supports user authentication to access data. You can use access control mechanisms such as bucket policies to selectively grant permissions to users and applications. You can securely upload/download your data to IBM Cloud Object Storage via SSL endpoints using the HTTPS protocol.
What kind of data can I store in IBM Cloud Object Storage?
You can store any kind of data, such as images, videos, documents, etc., in any format.
How is my data organized in IBM Cloud Object Storage?
Information stored in IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations. This service makes use of the distributed storage technologies provided by the IBM Object Storage System.
Does IBM Cloud Object Storage service offer a Service Level Agreement (SLA)?
For each five-minute period, an availability percentage is determined by dividing the number of service requests that results in an error code of either "Internal Service Error" or "Service Unavailable," by the total number of service requests within that period. Service requests with such error codes will be excluded if the error is related to an exclusion listed in section 3.1 of the IBM Cloud Service Description or if Client does not use published cross-region global endpoints with a cross-region offering. The monthly availability percentage is the average of the five-minute availability percentages for a contracted month.
|Object Storage Class Availability Level||Credit|
|< 99.95%||< 99.50%||< 99.95%||10%|
|< 99.95%||< 99.00%||< 99.95%||25%|
Client must submit an SLA claim by using the form in the IBM Cloud Service portal within 60 days after the end of a contracted month providing sufficient information to identify the storage account and/or storage buckets affected, received error messages, including date, time, and endpoint used to connect to Cloud Object Storage, and other information necessary to validate the claim, referencing IBM support tickets, as applicable. The credit will be the highest applicable compensation based on the applicable Availability Service Level during a contracted month and calculated using the monthly charges for such affected service. Credits cannot exceed 25% of such monthly charge. This SLA applies for IBM Cloud Object Storage offerings only and excludes OpenStack object storage offerings.
How many buckets can I provision?
You can provision 100 buckets per Cloud Object Storage service instance. If you need to provision more than this limit, please contact customer support.
Is there a size limit on the object I can upload and store?
You can upload objects up to 5TB in size. All object keys need to be no more than 1024 characters in length, and it's best to avoid any characters that might prove problematic within a web address (e.g. ?, =, <, etc.). Please, ensure to not use any information that can identify any user (natural person) by name, location or any other names (PII). There is no practical limit on the amount of storage you can use in a single storage instance, or within a single bucket for that matter. Each bucket can hold billions of objects.
Objects can't exceed 200 MB in size when you are using the console to upload unless the Aspera high-speed transfer is installed. Using the Aspera high-speed transfer, you can upload larger size objects in the background instead of in the active browser window. In addition, the transfers can be viewed, paused or canceled.
How do I decide between regional, cross region and single data center to store my data?
- Regional resiliency is for low latency. Your data is distributed across three IBM data centers within a single region.
- Cross-region resiliency is for mission-critical availability. Your data is stored in three IBM data centers across three or more different regions. Cross-region offers geographic resiliency and is available across multiple endpoints.
- Single data center is for when data locality is the top priority. Your data is stored within a single data center. Data is distributed across many physical storage appliances, but is contained within a single data center. These sites do not provide automated replication or backup in case of site destruction.
How do I determine what geographic location to store my data in?
You may want to consider several factors, in addition to deciding between regional and cross-region:
- You may want to pick a location based on your desire to reduce data access latency.
- You may want to pick a location to address legal and/or regulatory requirements.
- You may want to consider various pricing options.
- You may want to pick a location that is remote from your other operations, for redundancy.
Can I use IBM Cloud Object Storage even though I am not located in US or EU?
Yes, you can use IBM Cloud Object Storage from anywhere in the world. You just have to choose the location where you want to store your data when you create a bucket.
What storage classes does IBM Cloud Object Storage offer?
- Standard: Designed for storing frequently accessed data, providing higher performance at lower cost for use cases such as collaboration, analytics, active content repositories and sync-and-share applications. Ideal for data that is accessed multiple times a month.
- Vault: Use for storing your less frequently accessed data for functions such as tape replacement, backup and disaster recovery. Ideal for data that is accessed once a month or less.
- Cold Vault: Use for storing data that is minimally accessed for use cases such as archiving, digital asset preservation and long-term backup for compliance. Use for long-term retention of data that needs minimal access.
- Flex: Designed for workloads with unpredictable data usage patterns, for example, cloud-native applications or dynamic websites where data is “hot” today and “cold” tomorrow. This service has a cap on the combined capacity and retrieval charge, so you cost-effectively access and use your data as often as you need.
If I want to store my data using the Vault or Cold Vault storage class, do I need to create another account?
No. The storage classes are defined at the bucket level. Simply create a new bucket that is set to the desired storage class.
Can I change the storage class on a bucket? For example, if you have production data in "standard," can we easily switch it to "vault" if we are not using it frequently to reduce costs?
Changing of storage class requires you to manually move or copy the data from one bucket to another bucket with the desired storage class.
How secure is my data?
IBM Cloud Object Storage is highly secure. Initially, only the bucket and object owners have access to the cloud object storage service instance they create. The service supports user authentication to access data; you can use access control mechanisms such as bucket policies to selectively grant permissions to users and applications. You can securely upload/download your data via SSL endpoints using the HTTPS protocol.
If you need extra security, you can use the Key Protect Service or the Server-Side Encryption with Customer-Provide Keys (SSE-C) option to encrypt data stored at rest. IBM Cloud Object Storage provides the encryption technology for both Key Protect and SSE-C. Both of these options provide server-side encryption.
How can I control access to data stored in IBM Cloud Object Storage?
You can use Identity and Access Management (IAM) to access controlling mechanisms in order to secure your data. IAM policies enable organizations with multiple employees to create and manage multiple users under a single IBM Cloud account. With IAM policies, companies can grant IAM users control of their Cloud Object Storage service instance, buckets, etc.
How durable is IBM Cloud Object Storage?
IBM Cloud Object Storage is designed to provide 99.999999999 percent durability of objects over a given year. In addition, the data is split using Dispersal Algorithms (IDAs) into unrecognizable “slices” that are distributed across a network of data centers, making transmission and storage of data inherently private and secure. No complete copy of the data resides in any single storage node.
Does IBM Cloud Object Storage provide encryption at rest and in motion?
Yes. Data at rest is encrypted with automatic server-side Advanced Encryption Standard (AES) 256-bit encryption and Secure Hash Algorithm (SHA)-256 hash. Data in motion is secured by using built-in, carrier-grade Transport Layer Security/Secure Sockets Layer (TLS/SSL) encryption.
What is the typical encryption overhead if I want to encrypt my data?
Server-side encryption is always ON for customer data and encryption is not a big portion of the processing cost of Cloud Object Storage.
Can I provide my own keys for encryption?
Yes. IBM Cloud supports two ways of providing your own key for encrypting your data at rest:
- Key-Protect – You can provide your own key during bucket creation using Key Protect. You can manage the lifecycle of your keys in IBM Cloud. Learn more.
- SSE-C – You can provide your own key for encryption. IBM Cloud does not save your key within IBM Cloud Object Storage. The onus is on you to manage your own key and provide it during the storing and retrieving of data.
I am a non-CPA (Custom Private Addressing) customer. How can I use IBM Cloud Object Storage over Direct Link?
- Client connects to Direct Link as usual;
- By default, Direct Link clients cannot access Cloud Object Storage on the private services network. They will have to create a route on their vRouter to traverse the private network and reach the private endpoint for Cloud Object Storage on the services network;
- Client needs to provision 1x or 2x Vyattas;
- Use cloud object private endpoints to access IBM Cloud Object Storage.
How much does IBM Cloud Object Storage cost?
IBM Cloud Object Storage is designed for you to pay as you go without any minimum cost. Please refer to the pricing section for details.
How is IBM calculating and tracking my Cloud Object Storage usage?
Cloud Object Storage offers four different storage classes: Standard, Vault, Cold Vault and Flex. For each of the storage classes, some or all of the following metrics are collected and aggregated across all the Cloud Object Storage instances in the account.
IBM will track and meter the storage (in gigabytes) used to store data objects. The cost for total storage during a billing period is the sum of the daily average storage cost for all days. The average storage usage for a given day is calculated by collecting usage data points at least every two hours during the day and then averaging all the data points.
Public outbound bandwidth
IBM will track and meter the public outbound bandwidth (in Gigabytes) when accessing the data objects through the public endpoints. The public outbound bandwidth for a billing period is calculated as the sum of all collected usage data points. The usage data points that include the bandwidth consumed during the measurement period are collected at least once every hour.
IBM will track and meter the total data retrieval (in gigabytes) when accessing the data objects through both public and private endpoints. The data retrieval for a billing period is calculated as the sum of all collected usage data points. The usage data points that include the data retrieval occurred during the measurement period are collected at least once every hour.
Class A API calls
IBM will track and meter the PUT, COPY, POST and LIST operations when manipulating the data objects. The Class A API calls for a billing period are calculated as the sum of all collected usage data points and that sum is rounded to the nearest thousand. The usage data points that include the calls made during the measurement period are collected at least once every hour.
Class B API calls
IBM will track and meter the GET and other operations for accessing the data objects. The Class B API calls for a billing period are calculated as the sum of the all collected usage data points and are rounded to the nearest ten thousand. The usage data points that include the calls made during the measurement period are collected at least once every hour.
Flex Max Cap (only for Flex class)
For Flex-class storage, IBM will track the Flex Max Cap charge that is calculated with the Flex Cap price during storage in the Flex class for a billing period. If the Flex Max Cap charge is less than the combined cost of storage and retrieval, only the Flex Max Cap charge is billed to the account and the combined storage and retrieval charges are not billed. Otherwise, combined storage and retrieval charges are billed.
Get started on IBM Cloud Object Storage
IBM Cloud Object Storage offers scalable cloud storage, designed for high durability, resiliency and security.