Moxion Hybrid S3 Hosting
Moxion Hybrid S3 allows you to own/hold the files generated by Moxion for playback in your own S3 storage account. Our Moxion Autodesk S3 account will still run all compute aspects and manage all remaining infrastructure, but we utilise the storage of your customer-provided S3 account.
This document will outline the pre-requisites and requirements, as well as some of the issues that will need to be considered.
- An AWS account already setup with Amazon
- Appropriate permission in the AWS account to enable creation of an S3 bucket, using a Moxion provided CloudFormation template.
How it works:
The customer account will have an AWS S3 bucket that is referenced by the Moxion application. Whenever Moxion is creating a new item for storage, the Moxion application will determine where that should be stored. If a Hybrid S3 environment is configured at either the Company or Production level, then Moxion will store both the original assets and those transcoded for playback in the provisioned S3 bucket. All files are stored encrypted at rest on these buckets using SSE encryption, as defined by the CloudFormation template.
It is important to understand that with this configuration we move into a shared responsibility model with Hybrid S3. This means that the customer shoulders a significant responsibility to ensure access to the S3 bucket is restricted as is appropriate.
Moxion cannot be held responsible for access to assets via the customer AWS account. In order to assist with this, we provision a second S3 access logging bucket - this tracks all access to the files stored on S3.
It is highly recommended that access to the account hosting the S3 bucket is restricted.
- Moxion will setup an initial discussion with the customer to identify the correct people (technical teams/security teams) to setup the Moxion Hybrid S3 solution.
- Moxion will provide an AWS CloudFormation template for review/sign off by the customer's relevant security teams.
- Moxion and the technical teams have a screen-share deployment call where Moxion or the technical team will run the CloudFormation template in the customer S3 account.
- Moxion provisions the S3 bucket into Moxion for a Customer Test Production
- Customer acceptance testing of Hybrid S3
- Moxion provisions S3 configuration for Customer “Company”
- Migration of existing assets from Moxion hosted S3 to Hybrid S3 (If included in contract)
Frequently Asked Questions
What costs will I incur?
Your Hybrid S3 solution will incur costs on your Amazon S3 storage . In general, you can expect to incur storage charges of approximately the size of the original file, plus for each proxy file we generate. As people download files from the system these will be stored for download for a short period of time. The temporary download files are automatically removed after 14 days by S3. You will also incur costs associated with transfer. You do not incur any compute costs associated with this feature.
Does Moxion store a copy of my files anywhere else?
Yes and no, Moxion is a complex system and we use S3 buckets during upload and various processing actions users may complete in day to day usage.
In particular during the ingest of assets into Moxion we will hold a copy of your assets to enable us to process the file into web playable formats. Once your asset has been successfully processed we will not have any copies of your assets.
During any watermarking process we will hold parts of your asset to enable us watermark the file. As soon as that process is completed we will no longer have a copy of it.
During playback of an asset we will hold segments of your file in short-term high performing storage. These are encrypted with DRM at this stage, and are persisted for a maximum of six hours. There may also be drm-encrypted segments held by CDN servers throughout the network. Access to these is strictly controlled by Moxion API server.
Can I store other files in the S3 bucket?
No. The Moxion application expects to have complete control over the bucket. Do not store any other files on that bucket. Various lifecycle rules are applied during deployment to ensure any temporary files that are created are removed, we would hate for your file to be automatically “cleaned” up.
Can I download directly from the bucket?
By running a hybrid S3 solution we enter into shared-responsibility for the security of your assets. It is highly recommended that all download actions are undertaken using Moxion only. Talk to us about our high-performing transfer solutions for ways of using the original and transcode files that are held on the hybrid S3 bucket.
What happens if I leave Moxion?
Your S3 bucket will be fully accessible by you. The original files that you have uploaded into Moxion onto your Hybrid S3 bucket will be available for you to download and use. The proxy files that we generate for playback are double encrypted and require the Moxion technology to play correctly. These will still be on the bucket but will not be useful for you.