New Feature: Binary Data Storage Options - 'Bring Your Own Bucket'
Last updated
Last updated
Binary storage is used for storing large files. At Enate, we employ it to store raw communications, communication attachments, files attached to work items, and files exported from Advanced Search views.
Enate is always provisioned with the primary binary storage configured in an Enate Azure tenant. You can see details of your Binary Storage locations in the 'Azure Binary Storage' section of the System Settings in Builder.
However, you can now if you wish choose to change where your binary data is stored, and switch this to be your own Azure tenant.
Important note: Changing your Binary storage location will not transfer your existing data to the new location. You should exercise extreme care when making this change, in order to avoid irrevocable loss of binary data. You should contact Enate's Customer Success team if you wish to make such a change, so the activity can be carried out with our team's advice.
To enable this feature of setting your own storage locations, you will need to perform activities outside Enate as well as within this section of Builder. You will need to do the following:
Create two Azure Storage Accounts in two separate Azure Regions within your Azure tenant. We recommend that one of these regions is Europe West to maximise performance.
Create an Azure App Registration that is granted access to these storage accounts.
Configure Enate to use these storage accounts rather than the Enate Default.
NOTE: If your organisation is not proficient at managing Azure storage then you should NOT adopt this option. Deletion or corruption of data in these storage accounts will result in immediate and irrevocable data loss.
To add a new Storage Location in Enate, click the '+' icon in the Azure Binary Storage section in Builder's system settings. This will show a popup where details of the new Storage location you have set up in Azure should be entered:
The general data asked for is as follows:
Name
A Name for this Binary Storage Location
Description
A Description for this Binary Storage Location
Primary Endpoint
The first Azure storage location primary endpoint URL
Secondary Endpoint
The second Azure storage location primary endpoint URL
Container Name
The exact container name of first Azure storage account. NOTE: both the first and second storage account must have the same container name.
Key Size
This will be used to encrypt and decrypt binary data.
Encryption Key (plus Confirmation)
This secret key will be used to encrypt and decrypt binary data.
Important Note: Once you set the encryption key and key size here, they cannot be changes. You must ensure that you securely save the encryption key as it cannot be modified later.
In addition to these General settings, there is also information to fill in on the Azure details tab:
Tenant ID or Domain
Get this from the registered app 'Host Name' in the overview menu in Azure
Application ID
Get this from the registered app 'Application (client) ID' in the overview menu in Azure
Authentication with Certificate / with Client Secret
You can generate a secret in the Azure app registration certification and secret section, however Enate recommends using the Certificate approach here.
You can generate Certificates or upload an existing on by selecting the 'Authentication ith Certificate' option on the Azure details tab. This will bring up a further popup to allow you to generate or upload a certificate:
If you fill in the Subject here and click on Submit, a certificate will be generates and you will be given a Download link to allow you to download the public key certificate.
You should upload this Certificate in the Azure app registration 'certificate and secret' section.
Note: You need to make sure that you upload the certificate / create the secret in Azure App Registration before saving, as the configuration will not save until it can successfully test that all the information provided is correct.
Alternatively you can Upload an existing certificate if you have one.
Once you have entered all required information you can Test your connection and, once successfully tested, save it.
Once you have successfully created your own Azure storage locations and linked it to your Enate instance, yo can choose to set that location as your primary storage location. You will be met with a popup asking you to confirm your decision, and reminding you that your existing data will NOT be automatically transferred to the new location.
Access to being able to modify these settings should be tightly controlled. Access is managed via the 'Binary Storage' access option within Builder User Roles setup, under the 'Edit System Settings' section:
When dealing with storage locations and encryption keys for Binary data, there are a number of important points to keep in mind:
Only one single Binary Storage location can be active at one time.
You cannot be make any updates to or delete any Enate-managed Binary Storage.
The Encryption Key and Size cannot be changed after creating
While you can switch between binary storage configurations, this will NOT automatically migrate any of your existing data, so you must exercise extreme caution when choosing this option.
You can only delete a Storage location if that configuration has yet to ever be used (And you cannot do this at all with any Enate-managed storage locations).
Management of your Certificates / Secrets with regards to e.g. expiry of these is completely managed be you, and no management of these is provided by Enate.
To reiterate: If you are thinking of changing you Binary Storage location settings, we stringly recommend that you contact Enate's Customer Success team, so the activity can be carried out with our team's advice.