Flow Capture Hybrid S3 Hosting

Flow Capture Hybrid S3 allows you to own/hold the files generated by Flow Capture for playback in your own S3 storage account. Our Flow Capture Autodesk S3 account will still run all compute aspects and manage all remaining infrastructure, but we utilise the storage of your customer-provided S3 account. 

This document will outline the pre-requisites and requirements, as well as some of the issues that will need to be considered.

Prerequisites:

  1. An AWS account already setup with Amazon
  2. Appropriate permission in the AWS account to enable creation of an S3 bucket, using a Flow Capture provided CloudFormation template.

How it works:

The customer account will have an AWS S3 bucket that is referenced by the Flow Capture application. Whenever Flow Capture is creating a new item for storage, the Flow Capture application will determine where that should be stored. If a Hybrid S3 environment is configured at either the Company or Production level, then Flow Capture will store both the original assets and those transcoded for playback in the provisioned S3 bucket. All files are stored encrypted at rest on these buckets using SSE encryption, as defined by the CloudFormation template.
It is important to understand that with this configuration we move into a shared responsibility model with Hybrid S3. This means that the customer shoulders a significant responsibility to ensure access to the S3 bucket is restricted as is appropriate. 
Flow Capture cannot be held responsible for access to assets via the customer AWS account. In order to assist with this, we provision a second S3 access logging bucket - this tracks all access to the files stored on S3. 
It is highly recommended that access to the account hosting the S3 bucket is restricted.

Implementation Process:

  1. Flow Capture will setup an initial discussion with the customer to identify the correct people (technical teams/security teams) to setup the Flow Capture Hybrid S3 solution.
  2. Flow Capture will provide an AWS CloudFormation template for review/sign off by the customer's relevant security teams.
  3. Flow Capture and the technical teams have a screen-share deployment call where Flow Capture or the technical team will run the CloudFormation template in the customer S3 account.
  4. Flow Capture provisions the S3 bucket into Flow Capture for a Customer Test Production
  5. Customer acceptance testing of Hybrid S3
  6. Flow Capture provisions S3 configuration for Customer “Company”
  7. Migration of existing assets from Flow Capture hosted S3 to Hybrid S3 (If included in contract)

Frequently Asked Questions

What costs will I incur?
Your Hybrid S3 solution will incur costs on your Amazon S3 storage . In general, you can expect to incur storage charges of approximately the size of the original file, plus for each proxy file we generate. As people download files from the system these will be stored for download for a short period of time. The temporary download files  are automatically removed after 14 days by S3. You will also incur costs associated with transfer. You do not incur any compute costs associated with this feature.
Does Flow Capture store a copy of my files anywhere else?
Yes and no, Flow Capture is a complex system and we use S3 buckets during upload and various processing actions users may complete in day to day usage.
In particular during the ingest of assets into Flow Capture we will hold a copy of your assets to enable us to process the file into web playable formats. Once your asset has been successfully processed we will not have any copies of your assets.
During any watermarking process we will hold parts of your asset to enable us watermark the file. As soon as that process is completed we will no longer have a copy of it.
During playback of an asset we will hold segments of your file in short-term high performing storage. These are encrypted with DRM at this stage, and are persisted for a maximum of six hours. There may also be drm-encrypted segments held by CDN servers throughout the network. Access to these is strictly controlled by Flow Capture API server.
Can I store other files in the S3 bucket?
No. The Flow Capture application expects to have complete control over the bucket. Do not store any other files on that bucket. Various lifecycle rules are applied during deployment to ensure any temporary files that are created are removed, we would hate for your file to be automatically “cleaned” up.
Can I download directly from the bucket?
By running a hybrid S3 solution we enter into shared-responsibility for the security of your assets. It is highly recommended that all download actions are undertaken using Flow Capture only. Talk to us about our high-performing transfer solutions for ways of using the original and transcode files that are held on the hybrid S3 bucket.
What happens if I leave Flow Capture?

Your S3 bucket will be fully accessible by you. The original files that you have uploaded into Flow Capture onto your Hybrid S3 bucket will be available for you to download and use. The proxy files that we generate for playback are double encrypted and require the Flow Capture technology to play correctly. These will still be on the bucket but will not be useful for you.